cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Talkov, Roger" <Roger.Tal...@automic.com>
Subject Kerberos and CXF 3.1.2
Date Tue, 25 Aug 2015 03:55:55 GMT
I had Kerberos working using the dynamic client with the 3.0.4 release.
I upgraded to 3.1.2 and got a compile error on the following line of code in my KerberosAuthSupplier:
public class KerberosAuthSupplier extends AbstractSpnegoAuthSupplier implements HttpAuthSupplier

in the getAuthorizationMethod I had the following line:

message.setContextualProperty("auth.spnego.useKerberosOid", "true");

with 3.1.2 this gets a compile error as the setContextualProperty method in no longer in the
Messsage interface and is not public in MessageImpl.
But AbstractSpnegoAuthSupplier references this property when setting up the OID, so how can
I set this?
I tried using reflection but when I invoke the operation I get an error, it works fine with
3.0.4

Snippet of AbstractSpnegoAuthSupplier.java:

public abstract class AbstractSpnegoAuthSupplier {

    /**
     * Can be set on the client properties. If set to true then the kerberos oid is used
     * instead of the default spnego OID
     */
    private static final String PROPERTY_USE_KERBEROS_OID = "auth.spnego.useKerberosOid";
    private static final String PROPERTY_REQUIRE_CRED_DELEGATION = "auth.spnego.requireCredDelegation";

    private static final String KERBEROS_OID = "1.2.840.113554.1.2.2";
    private static final String SPNEGO_OID = "1.3.6.1.5.5.2";


    public String getAuthorization(AuthorizationPolicy authPolicy,
                                   URI currentURI,
                                   Message message) {
        if (!HttpAuthHeader.AUTH_TYPE_NEGOTIATE.equals(authPolicy.getAuthorizationType()))
{
            return null;
        }
        try {
            String spn = getCompleteServicePrincipalName(currentURI);

            boolean useKerberosOid = MessageUtils.isTrue(
                message.getContextualProperty(PROPERTY_USE_KERBEROS_OID));
            Oid oid = new Oid(useKerberosOid ? KERBEROS_OID : SPNEGO_OID);

            byte[] token = getToken(authPolicy, spn, oid, message);
            return HttpAuthHeader.AUTH_TYPE_NEGOTIATE + " " + Base64Utility.encode(token);
        } catch (LoginException e) {
            throw new RuntimeException(e.getMessage(), e);
        } catch (GSSException e) {
            throw new RuntimeException(e.getMessage(), e);
        }
    }


Roger Talkov
Senior Software Engineer
Roger.Talkov@automic.com
+14256332568
+14256332568

Come join us at Automic World 2015<http://www.automicworld.com/en>
The Scottsdale Resort at McCormick Ranch

[http://1c9e30b70c73eb198123-9b11260827274175546df9d773dd515f.r87.cf2.rackcdn.com/AW_Email_Signature.png]<http://1c9e30b70c73eb198123-9b11260827274175546df9d773dd515f.r87.cf2.rackcdn.com/AW_Email_Signature.png>

Twitter: #AutomicWorld<http://ctt.ec/fG_Rr>
Event Email: aw2015@automic.com<mailto:aw2015@automic.com>
This email (including any attachments) may contain information which is privileged, confidential,
or protected. If you are not the intended recipient, note that any disclosure, copying, distribution,
or use of the contents of this message and attached files is prohibited. If you have received
this email in error, please notify the sender and delete this email and any attached files.

Mime
  • Unnamed multipart/related (inline, None, 0 bytes)
View raw message