Print this page
Split |
Close |
Expand all |
Collapse all |
--- old/src/share/classes/sun/net/www/protocol/http/NegotiatorImpl.java
+++ new/src/share/classes/sun/net/www/protocol/http/spnego/NegotiatorImpl.java
1 1 /*
2 2 * Copyright 2005-2009 Sun Microsystems, Inc. All Rights Reserved.
3 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 4 *
5 5 * This code is free software; you can redistribute it and/or modify it
6 6 * under the terms of the GNU General Public License version 2 only, as
7 7 * published by the Free Software Foundation. Sun designates this
8 8 * particular file as subject to the "Classpath" exception as provided
9 9 * by Sun in the LICENSE file that accompanied this code.
10 10 *
11 11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 14 * version 2 for more details (a copy is included in the LICENSE file that
15 15 * accompanied this code).
↓ open down ↓ |
15 lines elided |
↑ open up ↑ |
16 16 *
17 17 * You should have received a copy of the GNU General Public License version
18 18 * 2 along with this work; if not, write to the Free Software Foundation,
19 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 20 *
21 21 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
22 22 * CA 95054 USA or visit www.sun.com if you need additional information or
23 23 * have any questions.
24 24 */
25 25
26 -package sun.net.www.protocol.http;
26 +package sun.net.www.protocol.http.spnego;
27 27
28 28 import java.io.IOException;
29 29
30 30 import org.ietf.jgss.GSSContext;
31 31 import org.ietf.jgss.GSSException;
32 32 import org.ietf.jgss.GSSName;
33 33 import org.ietf.jgss.Oid;
34 34
35 +import sun.net.www.protocol.http.HttpCallerInfo;
36 +import sun.net.www.protocol.http.Negotiator;
35 37 import sun.security.jgss.GSSManagerImpl;
36 38 import sun.security.jgss.GSSUtil;
37 39 import sun.security.jgss.HttpCaller;
38 40
39 41 /**
40 42 * This class encapsulates all JAAS and JGSS API calls in a separate class
41 43 * outside NegotiateAuthentication.java so that J2SE build can go smoothly
42 44 * without the presence of it.
43 45 *
44 46 * @author weijun.wang@sun.com
45 47 * @since 1.6
46 48 */
47 49 public class NegotiatorImpl extends Negotiator {
48 50
49 51 private static final boolean DEBUG =
50 52 java.security.AccessController.doPrivileged(
51 53 new sun.security.action.GetBooleanAction("sun.security.krb5.debug"));
52 54
53 55 private GSSContext context;
54 56 private byte[] oneToken;
55 57
56 58 /**
57 59 * Initialize the object, which includes:<ul>
58 60 * <li>Find out what GSS mechanism to use from the system property
59 61 * <code>http.negotiate.mechanism.oid</code>, defaults SPNEGO
60 62 * <li>Creating the GSSName for the target host, "HTTP/"+hostname
61 63 * <li>Creating GSSContext
62 64 * <li>A first call to initSecContext</ul>
63 65 */
64 66 private void init(HttpCallerInfo hci) throws GSSException {
65 67 final Oid oid;
66 68
67 69 if (hci.scheme.equalsIgnoreCase("Kerberos")) {
68 70 // we can only use Kerberos mech when the scheme is kerberos
69 71 oid = GSSUtil.GSS_KRB5_MECH_OID;
70 72 } else {
71 73 String pref = java.security.AccessController.doPrivileged(
72 74 new java.security.PrivilegedAction<String>() {
73 75 public String run() {
74 76 return System.getProperty(
75 77 "http.auth.preference",
76 78 "spnego");
77 79 }
78 80 });
79 81 if (pref.equalsIgnoreCase("kerberos")) {
80 82 oid = GSSUtil.GSS_KRB5_MECH_OID;
81 83 } else {
82 84 // currently there is no 3rd mech we can use
83 85 oid = GSSUtil.GSS_SPNEGO_MECH_OID;
84 86 }
85 87 }
86 88
87 89 GSSManagerImpl manager = new GSSManagerImpl(
88 90 new HttpCaller(hci));
89 91
90 92 // RFC 4559 4.1 uses uppercase service name "HTTP".
91 93 // RFC 4120 6.2.1 demands the host be lowercase
92 94 String peerName = "HTTP@" + hci.host.toLowerCase();
93 95
94 96 GSSName serverName = manager.createName(peerName,
95 97 GSSName.NT_HOSTBASED_SERVICE);
96 98 context = manager.createContext(serverName,
97 99 oid,
98 100 null,
99 101 GSSContext.DEFAULT_LIFETIME);
100 102
101 103 // In order to support credential delegation in HTTP/SPNEGO,
102 104 // we always request it before initSecContext. The current
103 105 // implementation will check the OK-AS-DELEGATE flag inside
104 106 // the service ticket of the web server, and only enable
105 107 // delegation when this flag is set. This check is only
106 108 // performed when the GSS caller is CALLER_HTTP_NEGOTIATE,
107 109 // so all other normal GSS-API calls are not affected.
108 110
109 111 context.requestCredDeleg(true);
110 112 oneToken = context.initSecContext(new byte[0], 0, 0);
111 113 }
112 114
113 115 /**
114 116 * Constructor
115 117 * @throws java.io.IOException If negotiator cannot be constructed
116 118 */
117 119 public NegotiatorImpl(HttpCallerInfo hci) throws IOException {
118 120 try {
119 121 init(hci);
120 122 } catch (GSSException e) {
121 123 if (DEBUG) {
122 124 System.out.println("Negotiate support not initiated, will " +
123 125 "fallback to other scheme if allowed. Reason:");
124 126 e.printStackTrace();
125 127 }
↓ open down ↓ |
81 lines elided |
↑ open up ↑ |
126 128 IOException ioe = new IOException("Negotiate support not initiated");
127 129 ioe.initCause(e);
128 130 throw ioe;
129 131 }
130 132 }
131 133
132 134 /**
133 135 * Return the first token of GSS, in SPNEGO, it's called NegTokenInit
134 136 * @return the first token
135 137 */
138 + @Override
136 139 public byte[] firstToken() {
137 140 return oneToken;
138 141 }
139 142
140 143 /**
141 144 * Return the rest tokens of GSS, in SPNEGO, it's called NegTokenTarg
142 145 * @param token the token received from server
143 146 * @return the next token
144 147 * @throws java.io.IOException if the token cannot be created successfully
145 148 */
149 + @Override
146 150 public byte[] nextToken(byte[] token) throws IOException {
147 151 try {
148 152 return context.initSecContext(token, 0, token.length);
149 153 } catch (GSSException e) {
150 154 if (DEBUG) {
151 155 System.out.println("Negotiate support cannot continue. Reason:");
152 156 e.printStackTrace();
153 157 }
154 158 IOException ioe = new IOException("Negotiate support cannot continue");
155 159 ioe.initCause(e);
156 160 throw ioe;
157 161 }
158 162 }
159 163 }
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX