View Javadoc
1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  
20  package org.apache.wss4j.common.spnego;
21  
22  import org.ietf.jgss.GSSContext;
23  import org.ietf.jgss.GSSException;
24  import org.ietf.jgss.GSSManager;
25  import org.ietf.jgss.GSSName;
26  import org.ietf.jgss.Oid;
27  
28  /**
29   * This class represents a PrivilegedAction implementation to obtain a (SPNEGO) service ticket from a
30   * Kerberos Key Distribution Center.
31   */
32  public class DefaultSpnegoClientAction implements SpnegoClientAction {
33      private static final org.slf4j.Logger LOG =
34          org.slf4j.LoggerFactory.getLogger(DefaultSpnegoClientAction.class);
35  
36      private String serviceName;
37      private GSSContext secContext;
38      private boolean mutualAuth;
39      private boolean isUsernameServiceNameForm;
40  
41      /**
42       * Whether to enable mutual authentication or not.
43       */
44      public void setMutualAuth(boolean mutualAuthentication) {
45          mutualAuth = mutualAuthentication;
46      }
47  
48      /**
49       * The Service Name
50       */
51      public void setServiceName(String serviceName) {
52          this.serviceName = serviceName;
53      }
54  
55      /**
56       * Obtain a service ticket
57       */
58      public byte[] run() {
59          try {
60              GSSManager gssManager = GSSManager.getInstance();
61              Oid oid = new Oid("1.3.6.1.5.5.2");
62  
63              GSSName gssService = gssManager.createName(serviceName, isUsernameServiceNameForm
64                                                         ? GSSName.NT_USER_NAME : GSSName.NT_HOSTBASED_SERVICE);
65              secContext = gssManager.createContext(gssService, oid, null, GSSContext.DEFAULT_LIFETIME);
66  
67              secContext.requestMutualAuth(mutualAuth);
68              secContext.requestCredDeleg(Boolean.FALSE);
69  
70              byte[] token = new byte[0];
71              return secContext.initSecContext(token, 0, token.length);
72          } catch (GSSException e) {
73              LOG.debug("Error in obtaining a Kerberos token", e);
74          }
75  
76          return new byte[0];
77      }
78  
79      /**
80       * Get the GSSContext that was created after a service ticket was obtained
81       */
82      public GSSContext getContext() {
83          return secContext;
84      }
85  
86      @Override
87      public void setUserNameServiceForm(boolean isUsernameServiceNameForm) {
88          this.isUsernameServiceNameForm = isUsernameServiceNameForm;
89      }
90  
91  }