Author: markt
Date: Fri Dec 6 19:42:43 2013
New Revision: 1548695
URL: http://svn.apache.org/r1548695
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=55851
Enable SPNEGO to work with IBM JDKs.
Based on a patch by Arunav Sanyal.
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java?rev=1548695&r1=1548694&r2=1548695&view=diff
==============================================================================
---
tomcat/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
(original)
+++
tomcat/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
Fri Dec 6 19:42:43 2013
@@ -227,7 +227,7 @@ public class SpnegoAuthenticator extends
};
gssContext = manager.createContext(Subject.doAs(lc.getSubject(),
action));
- outToken = gssContext.acceptSecContext(decoded, 0, decoded.length);
+ outToken = Subject.doAs(lc.getSubject(), new
AcceptAction(gssContext, decoded));
if (outToken == null) {
if (log.isDebugEnabled()) {
@@ -294,4 +294,26 @@ public class SpnegoAuthenticator extends
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return false;
}
+
+
+ /**
+ * This class gets a gss credential via a privileged action.
+ */
+ private static class AcceptAction implements
PrivilegedExceptionAction<byte[]> {
+
+ GSSContext gssContext;
+
+ byte[] decoded;
+
+ AcceptAction(GSSContext context, byte[] decodedToken) {
+ this.gssContext = context;
+ this.decoded = decodedToken;
+ }
+
+ @Override
+ public byte[] run() throws GSSException {
+ return gssContext.acceptSecContext(decoded,
+ 0, decoded.length);
+ }
+ }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
