< prev index next >
src/java.security.jgss/share/classes/sun/security/jgss/spnego/SpNegoContext.java
Print this page
rev 11815 : 8078439: SPNEGO auth fails if client proposes MS krb5 OID
Reviewed-by: valeriep
@@ -536,18 +536,25 @@
internal_mech = mech_wanted;
// get the token for mechanism
byte[] accept_token;
- if (mechList[0].equals(mech_wanted)) {
+ if (mechList[0].equals(mech_wanted) ||
+ (GSSUtil.isKerberosMech(mechList[0]) &&
+ GSSUtil.isKerberosMech(mech_wanted))) {
// get the mechanism token
+ if (DEBUG && !mech_wanted.equals(mechList[0])) {
+ System.out.println("SpNegoContext.acceptSecContext: " +
+ "negotiated mech adjusted to " + mechList[0]);
+ }
byte[] mechToken = initToken.getMechToken();
if (mechToken == null) {
throw new GSSException(GSSException.FAILURE, -1,
"mechToken is missing");
}
accept_token = GSS_acceptSecContext(mechToken);
+ mech_wanted = mechList[0];
} else {
accept_token = null;
}
// verify MIC
< prev index next >