KerberosClientAction xref

View Javadoc

1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  
20  package org.apache.ws.security.message.token;
21  
22  import java.security.Principal;
23  import java.security.PrivilegedAction;
24  
25  import org.ietf.jgss.GSSContext;
26  import org.ietf.jgss.GSSCredential;
27  import org.ietf.jgss.GSSException;
28  import org.ietf.jgss.GSSManager;
29  import org.ietf.jgss.GSSName;
30  import org.ietf.jgss.Oid;
31  
32  /**
33   * This class represents a PrivilegedAction implementation to obtain a service ticket from a Kerberos
34   * Key Distribution Center.
35   */
36  public class KerberosClientAction implements PrivilegedAction<byte[]> {
37      private static org.apache.commons.logging.Log log =
38          org.apache.commons.logging.LogFactory.getLog(KerberosClientAction.class);
39      
40      private Principal clientPrincipal;
41      private String serviceName;
42      
43      public KerberosClientAction(Principal clientPrincipal, String serviceName) {
44          this.clientPrincipal = clientPrincipal;
45          this.serviceName = serviceName;
46      }
47  
48      public byte[] run() {
49          try {
50              GSSManager gssManager = GSSManager.getInstance();
51          
52              Oid kerberos5Oid = new Oid("1.2.840.113554.1.2.2");
53              GSSName gssClient = gssManager.createName(clientPrincipal.getName(), GSSName.NT_USER_NAME);
54              GSSCredential credentials = 
55                  gssManager.createCredential(
56                      gssClient, GSSCredential.DEFAULT_LIFETIME, kerberos5Oid, GSSCredential.INITIATE_ONLY
57                  );
58              
59              GSSName gssService = gssManager.createName(serviceName, GSSName.NT_HOSTBASED_SERVICE);
60              GSSContext secContext =
61                  gssManager.createContext(
62                      gssService, kerberos5Oid, credentials, GSSContext.DEFAULT_LIFETIME
63                  );
64   
65              secContext.requestMutualAuth(false);
66              byte[] token = new byte[0];
67              byte[] returnedToken = secContext.initSecContext(token, 0, token.length);
68              secContext.dispose();
69              return returnedToken;
70          } catch (GSSException e) {
71              if (log.isDebugEnabled()) {
72                  log.debug("Error in obtaining a Kerberos token", e);
73              }
74          }
75  
76          return null;
77          
78      }
79      
80  }