[
https://issues.apache.org/jira/browse/CXF-3496?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13029880#comment-13029880
]
Aris Tsaklidis commented on CXF-3496:
-------------------------------------
added the working SpnegoAuthSupplier.java (see attachment)
> SpnegoAuthSupplier using Kerberos OID instead of Spnego
> -------------------------------------------------------
>
> Key: CXF-3496
> URL: https://issues.apache.org/jira/browse/CXF-3496
> Project: CXF
> Issue Type: Bug
> Components: Transports
> Affects Versions: 2.4
> Reporter: Aris Tsaklidis
> Attachments: SpnegoAuthSupplier.java
>
>
> Updating from 2.3.4 to 2.4.0 added the SpnegoAuthSupplier which is called
> everytime you use "Negotiate" as AuthorizationType. SpnegoAuthSupplier uses
> Kerberos OID instead of Spnego. Spnego would be correct.
> http://cxf.547215.n5.nabble.com/CXF-2-4-Kerberos-SpnegoAuthSupplier-Message-content-from-Soap-Response-is-null-td4369582.html
> ## correct code in SpnegoAuthSupplier.java
> private byte[] getToken(AuthorizationPolicy proxyAuthPolicy, String spn)
> throws GSSException,
> LoginException {
> GSSManager manager = GSSManager.getInstance();
> GSSName serverName = manager.createName(spn, null);
> // need to use SPNEGO_OID
> Oid oid = new Oid(SPNEGO_OID);
>
> GSSContext context = manager
> .createContext(serverName.canonicalize(oid), oid, null,
> GSSContext.DEFAULT_LIFETIME);
> // TODO Do we need mutual auth. Will the code we have really work with
> // mutual auth?
> context.requestMutualAuth(true);
> // TODO Credential delegation could be a security hole if it was not
> // intended. Both settings should be configurable
> context.requestCredDeleg(true);
> return getToken(proxyAuthPolicy, context);
> }
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
