[jboss-cvs] JBossAS SVN: r114584 - projects/security/security-negotiation/branches/security-negotiation-2.2.5.Final_BZ-1040008/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Tue Dec 10 09:03:05 EST 2013
Author: tfonteyn
Date: 2013-12-10 09:03:05 -0500 (Tue, 10 Dec 2013)
New Revision: 114584
Modified:
projects/security/security-negotiation/branches/security-negotiation-2.2.5.Final_BZ-1040008/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/SPNEGOLoginModule.java
Log:
[bz-1040008] SPNEGOLoginModule does not always respect removeRealmFromPrincipal - one-off for EAP 6.1.0
Modified: projects/security/security-negotiation/branches/security-negotiation-2.2.5.Final_BZ-1040008/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/SPNEGOLoginModule.java
===================================================================
--- projects/security/security-negotiation/branches/security-negotiation-2.2.5.Final_BZ-1040008/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/SPNEGOLoginModule.java 2013-12-10 13:55:29 UTC (rev 114583)
+++ projects/security/security-negotiation/branches/security-negotiation-2.2.5.Final_BZ-1040008/jboss-negotiation-spnego/src/main/java/org/jboss/security/negotiation/spnego/SPNEGOLoginModule.java 2013-12-10 14:03:05 UTC (rev 114584)
@@ -40,6 +40,7 @@
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
+import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.Oid;
import org.jboss.security.SimpleGroup;
@@ -319,6 +320,7 @@
{
private final NegotiationContext negotiationContext;
+ private boolean DEBUG = log.isDebugEnabled();
public AcceptSecContext(final NegotiationContext negotiationContext)
{
@@ -327,7 +329,6 @@
public Object run()
{
- boolean DEBUG = log.isDebugEnabled();
try
{
// The message type will have already been checked before this point so we know it is
@@ -404,20 +405,7 @@
if (gssContext.isEstablished())
{
log.warn("Authentication was performed despite already being authenticated!");
-
- // TODO - Refactor to only do this once.
- setIdentity(new KerberosPrincipal(gssContext.getSrcName().toString()));
-
- if (DEBUG)
- {
- log.debug("context.getCredDelegState() = " + gssContext.getCredDelegState());
- log.debug("context.getMutualAuthState() = " + gssContext.getMutualAuthState());
- log.debug("context.getSrcName() = " + gssContext.getSrcName().toString());
- }
-
- negotiationContext.setAuthenticationMethod(SPNEGO);
- negotiationContext.setAuthenticated(true);
-
+ processIdentity(gssContext);
return Boolean.TRUE;
}
@@ -447,18 +435,7 @@
}
else
{
- setIdentity(createIdentity(gssContext.getSrcName().toString()));
-
- if (DEBUG)
- {
- log.debug("context.getCredDelegState() = " + gssContext.getCredDelegState());
- log.debug("context.getMutualAuthState() = " + gssContext.getMutualAuthState());
- log.debug("context.getSrcName() = " + gssContext.getSrcName().toString());
- }
-
- // TODO - Get these two in synch - maybe isAuthenticated based on an authentication method been set?
- negotiationContext.setAuthenticationMethod(SPNEGO);
- negotiationContext.setAuthenticated(true);
+ processIdentity(gssContext);
return Boolean.TRUE;
}
@@ -469,5 +446,20 @@
}
}
+
+ private void processIdentity(GSSContext gssContext) throws GSSException, Exception
+ {
+ setIdentity(createIdentity(gssContext.getSrcName().toString()));
+
+ if (DEBUG)
+ {
+ log.debug("context.getCredDelegState() = " + gssContext.getCredDelegState());
+ log.debug("context.getMutualAuthState() = " + gssContext.getMutualAuthState());
+ log.debug("context.getSrcName() = " + gssContext.getSrcName().toString());
+ }
+
+ negotiationContext.setAuthenticationMethod(SPNEGO);
+ negotiationContext.setAuthenticated(true);
+ }
}
}
More information about the jboss-cvs-commits
mailing list