private Optional<Principal> authenticate(String token) { GSSContext context = doAs(loginContext.getSubject(), () -> gssManager.createContext(serverCredential)); try { byte[] inputToken = Base64.getDecoder().decode(token); context.acceptSecContext(inputToken, 0, inputToken.length); // We can't hold on to the GSS context because HTTP is stateless, so fail // if it can't be set up in a single challenge-response cycle if (context.isEstablished()) { return Optional.of(new KerberosPrincipal(context.getSrcName().toString())); } LOG.debug("Failed to establish GSS context for token %s", token); } catch (GSSException e) { // ignore and fail the authentication LOG.debug(e, "Authentication failed for token %s", token); } finally { try { context.dispose(); } catch (GSSException e) { // ignore } } return Optional.empty(); }
public static String validateSecurityContext(Subject subject, final byte[] serviceTicket) throws GSSException { // Accept the context and return the client principal name. return Subject.doAs(subject, (PrivilegedAction<String>)() -> { try { // Identify the server that communications are being made // to. GSSManager manager = GSSManager.getInstance(); GSSContext context = manager.createContext((GSSCredential) null); context.acceptSecContext(serviceTicket, 0, serviceTicket.length); return context.getSrcName().toString(); } catch (Exception e) { log.error(Util.getMessage("Krb5TokenKerberosContextProcessingException"),e); return null; } }); }
byte[] res = gssContext.acceptSecContext(inToken, 0, inToken.length); if(res != null) { outToken = Base64.getEncoder().encodeToString(res).replace("\n", "");
); gssContext = gssManager.createContext(gssCreds); byte[] serverToken = gssContext.acceptSecContext(clientToken, 0, clientToken.length); if (serverToken != null && serverToken.length > 0) { String authenticate = StringUtils.encodeBase64String(serverToken);
gssContext.acceptSecContext(inToken, 0, inToken.length);
byte[] respToken = gssContext.acceptSecContext(challenge.array(), challenge.arrayOffset(), challenge.limit()); negContext.setResponseToken(respToken);
private PrivilegedAction<byte[]> acceptGSSContext(GSSContext gssContext, byte[] token) { return () -> { try { return gssContext.acceptSecContext(token, 0, token.length); } catch (GSSException x) { throw new RuntimeException(x); } }; }
try { final GSSContext finalGssContext = gssContext; responseToken = Subject.doAs(subject, (PrivilegedExceptionAction<byte[]>) () -> finalGssContext.acceptSecContext(decodedValue, 0, decodedValue.length)); } catch (PrivilegedActionException e) { httpSpnego.trace("Call to acceptSecContext failed.", e.getCause());
gssContext.acceptSecContext(this.ticket, 0, this.ticket.length);
byte[] response = gssContext.acceptSecContext(token, 0, token.length); if (gssContext.isEstablished()) { Oid actualMechanism = gssContext.getMech(); assert gssContext.isEstablished() == false; try { byte[] response = gssContext.acceptSecContext(message, 0, message.length); if (gssContext.isEstablished()) { Oid actualMechanism = gssContext.getMech();
byte[] response = gssContext.acceptSecContext(message, 0, message.length);
@Override public byte[] run() throws GSSException { return gssContext.acceptSecContext(decoded, 0, decoded.length); } }
@Override public byte[] run() throws GSSException { return gssContext.acceptSecContext(decoded, 0, decoded.length); } }
@Override public byte[] run() throws GSSException { return gssContext.acceptSecContext(decoded, 0, decoded.length); } }
public byte[] run() throws GSSException { return context.acceptSecContext(token, 0, token.length); } }
@Override public byte[] run() throws GSSException { return gssContext.acceptSecContext(decoded, 0, decoded.length); } }
authToken = gContext.acceptSecContext(authToken,0,authToken.length);
public Void run() { try { acceptTokens = serverContext.acceptSecContext(initTokens, 0, initTokens.length); } catch (GSSException e) { throw new RuntimeException("Failed to accept.", e); } return null; } }
public String run() throws GSSException { final GSSContext serverCtx = manager.createContext((GSSCredential) null); serverCtx.acceptSecContext(token, 0, token.length); final String s = serverCtx.getSrcName().toString(); serverCtx.dispose(); return s; } });
protected GSSContext establishContext() throws GSSException, IOException { GSSManager manager = GSSManager.getInstance(); Oid[] supportedMechs = new Oid[] { KerberosConstants.KRB5_OID, KerberosConstants.SPNEGO_OID }; GSSCredential gssCredential = manager.createCredential(null, GSSCredential.INDEFINITE_LIFETIME, supportedMechs, GSSCredential.ACCEPT_ONLY); GSSContext gssContext = manager.createContext(gssCredential); byte[] inputToken = Base64.decode(spnegoToken); byte[] respToken = gssContext.acceptSecContext(inputToken, 0, inputToken.length); responseToken = Base64.encodeBytes(respToken); return gssContext; }