nddipiazza closed pull request #456: CXF-7867 - Allow the
AbstractSpnegoAuthSupplier loginConfig to be used
URL: https://github.com/apache/cxf/pull/456
This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:
As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):
diff --git
a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java
b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java
index 2129e294eaa..2df13ad1f83 100644
---
a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java
+++
b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java
@@ -120,6 +120,10 @@ public String getAuthorization(AuthorizationPolicy
authPolicy,
lc.login();
subject = lc.getSubject();
}
+ } else if (loginConfig != null && delegatedCred == null) {
+ LoginContext lc = new LoginContext("", null, null, loginConfig);
+ lc.login();
+ subject = lc.getSubject();
}
GSSManager manager = GSSManager.getInstance();
diff --git a/systests/kerberos/pom.xml b/systests/kerberos/pom.xml
index d726e2ccda0..66d6cdb9b3a 100644
--- a/systests/kerberos/pom.xml
+++ b/systests/kerberos/pom.xml
@@ -222,6 +222,12 @@
<version>${cxf.kerby.version}</version>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.mockito</groupId>
+ <artifactId>mockito-core</artifactId>
+ <version>${cxf.mockito.version}</version>
+ <scope>test</scope>
+ </dependency>
</dependencies>
<profiles>
diff --git
a/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/spnego/SpnegoAuthSupplierTest.java
b/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/spnego/SpnegoAuthSupplierTest.java
new file mode 100644
index 00000000000..8188045d05e
--- /dev/null
+++
b/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/spnego/SpnegoAuthSupplierTest.java
@@ -0,0 +1,43 @@
+package org.apache.cxf.systest.kerberos.wssec.spnego;
+
+import org.apache.cxf.configuration.security.AuthorizationPolicy;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.transport.http.auth.SpnegoAuthSupplier;
+import org.mockito.Mockito;
+
+import javax.security.auth.login.AppConfigurationEntry;
+import javax.security.auth.login.Configuration;
+import java.net.URI;
+import java.util.HashMap;
+import java.util.Map;
+
+public class SpnegoAuthSupplierTest {
+ @org.junit.Test
+ public void testSpnegoOverSymmetric() throws Exception {
+ SpnegoAuthSupplier spnegoAuthSupplier = new SpnegoAuthSupplier();
+
+ Map<String, String> loginConfig = new HashMap<>();
+ loginConfig.put("useKeyTab", "false");
+ loginConfig.put("storeKey", "true");
+ loginConfig.put("refreshKrb5Config", "true");
+ loginConfig.put("principal", "[email protected]");
+ loginConfig.put("useTicketCache", "true");
+ loginConfig.put("debug", String.valueOf(true));
+
+ spnegoAuthSupplier.setLoginConfig(new Configuration() {
+ @Override
+ public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
+ return new AppConfigurationEntry[] {
+ new
AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule",
+ AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
+ loginConfig)};
+ }
+ });
+
+ URI uri = new URI("http://some-test-domain-doesnt-exist.com/";);
+
+ AuthorizationPolicy authorizationPolicy =
Mockito.mock(AuthorizationPolicy.class);
+ Message message = Mockito.mock(Message.class);
+ spnegoAuthSupplier.getAuthorization(authorizationPolicy, uri, message,
"ignored anyway");
+ }
+}
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
