svn commit: r1548697 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/catalina/authenticator/SpnegoAuthenticator.java webapps/docs/changelog.xml

Fri, 06 Dec 2013 11:45:53 -0800 

Author: markt
Date: Fri Dec  6 19:44:34 2013
New Revision: 1548697

URL: http://svn.apache.org/r1548697
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=55851
Enable SPNEGO to work with IBM JDKs.
Based on a patch by Arunav Sanyal.

Modified:
    tomcat/tc7.0.x/trunk/   (props changed)
    
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
    tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc7.0.x/trunk/
------------------------------------------------------------------------------
  Merged /tomcat/trunk:r1548695

Modified: 
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java?rev=1548697&r1=1548696&r2=1548697&view=diff
==============================================================================
--- 
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
 (original)
+++ 
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
 Fri Dec  6 19:44:34 2013
@@ -231,7 +231,7 @@ public class SpnegoAuthenticator extends
                 };
             gssContext = manager.createContext(Subject.doAs(lc.getSubject(), 
action));
 
-            outToken = gssContext.acceptSecContext(decoded, 0, decoded.length);
+            outToken = Subject.doAs(lc.getSubject(), new 
AcceptAction(gssContext, decoded));
 
             if (outToken == null) {
                 if (log.isDebugEnabled()) {
@@ -298,4 +298,26 @@ public class SpnegoAuthenticator extends
         response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
         return false;
     }
+
+
+    /**
+     * This class gets a gss credential via a privileged action.
+     */
+    private static class AcceptAction implements 
PrivilegedExceptionAction<byte[]> {
+
+        GSSContext gssContext;
+
+        byte[] decoded;
+
+        AcceptAction(GSSContext context, byte[] decodedToken) {
+            this.gssContext = context;
+            this.decoded = decodedToken;
+        }
+
+        @Override
+        public byte[] run() throws GSSException {
+            return gssContext.acceptSecContext(decoded,
+                    0, decoded.length);
+        }
+    }
 }

Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1548697&r1=1548696&r2=1548697&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Fri Dec  6 19:44:34 2013
@@ -202,6 +202,10 @@
         is configured that the full buffer is used when a Servlet outputs via a
         Writer. (markt)
       </fix>
+      <fix>
+        <bug>55851</bug>: Further fixes to enable SPNEGO authentication to work
+        with IBM JDKs. Based on a patch by Arunav Sanyal. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to