Java Code Examples for org.ietf.jgss.GSSContext#dispose()

The following examples show how to use org.ietf.jgss.GSSContext#dispose() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: HTTPKerberosAuthInterceptor.java    From java-client-api with Apache License 2.0 6 votes vote down vote up
@Override
public Object run() {
  try {
    Oid krb5Mechanism = new Oid("1.2.840.113554.1.2.2");
    Oid krb5PrincipalNameType = new Oid("1.2.840.113554.1.2.2.1");
    final GSSManager manager = GSSManager.getInstance();
    final GSSName clientName = manager.createName(clientPrincipalName, krb5PrincipalNameType);
    final GSSCredential clientCred = manager.createCredential(clientName, 8 * 3600, krb5Mechanism,
        GSSCredential.INITIATE_ONLY);
    final GSSName serverName = manager.createName(serverPrincipalName, krb5PrincipalNameType);

    final GSSContext context = manager.createContext(serverName, krb5Mechanism, clientCred,
        GSSContext.DEFAULT_LIFETIME);
    byte[] inToken = new byte[0];
    byte[] outToken = context.initSecContext(inToken, 0, inToken.length);
    if (outToken == null) {
      throw new FailedRequestException("could not initialize the security context");
    }
    context.requestMutualAuth(true);
    outputToken.append(new String(Base64.getEncoder().encode(outToken)));
    context.dispose();
  } catch (GSSException exception) {
    throw new FailedRequestException(exception.getMessage(), exception);
  }
  return null;
}
 
Example 2
Source File: SpnegoHandler.java    From presto with Apache License 2.0 5 votes vote down vote up
private byte[] generateToken(String servicePrincipal)
{
    GSSContext context = null;
    try {
        Session session = getSession();
        context = doAs(session.getLoginContext().getSubject(), () -> {
            GSSContext result = GSS_MANAGER.createContext(
                    GSS_MANAGER.createName(servicePrincipal, NT_HOSTBASED_SERVICE),
                    SPNEGO_OID,
                    session.getClientCredential(),
                    INDEFINITE_LIFETIME);

            result.requestMutualAuth(true);
            result.requestConf(true);
            result.requestInteg(true);
            result.requestCredDeleg(true);
            return result;
        });

        byte[] token = context.initSecContext(new byte[0], 0, 0);
        if (token == null) {
            throw new LoginException("No token generated from GSS context");
        }
        return token;
    }
    catch (GSSException | LoginException e) {
        throw new ClientException(format("Kerberos error for [%s]: %s", servicePrincipal, e.getMessage()), e);
    }
    finally {
        try {
            if (context != null) {
                context.dispose();
            }
        }
        catch (GSSException ignored) {
        }
    }
}
 
Example 3
Source File: Socks5LogicHandler.java    From neoscada with Eclipse Public License 1.0 5 votes vote down vote up
/**
 * Closes the session. If any {@link GSSContext} is present in the session 
 * then it is closed.
 * 
 * @param message the error message
 */
@Override
protected void closeSession(String message) {
    GSSContext ctx = (GSSContext) getSession().getAttribute(GSS_CONTEXT);
    if (ctx != null) {
        try {
            ctx.dispose();
        } catch (GSSException e) {
            e.printStackTrace();
            super.closeSession(message, e);
            return;
        }
    }
    super.closeSession(message);
}
 
Example 4
Source File: KerberosToken.java    From athenz with Apache License 2.0 5 votes vote down vote up
@Override
public String run() throws Exception {
    GSSContext context = GSSManager.getInstance().createContext((GSSCredential) null);
    context.acceptSecContext(kerberosTicket, 0, kerberosTicket.length);
    ///CLOVER:OFF
    String user = context.getSrcName().toString();
    context.dispose();
    return user;
    ///CLOVER:ON
}
 
Example 5
Source File: SpnegoAuthInterceptor.java    From knox with Apache License 2.0 5 votes vote down vote up
private byte[] generateToken(String servicePrincipal) {
  GSSContext context = null;
  try {
    GSSCredentialSession GSSCredentialSession = getCredentialSession();
    context = doAs(subject, () -> {
      GSSContext result = GSS_MANAGER.createContext(GSS_MANAGER.createName(servicePrincipal, NT_HOSTBASED_SERVICE),
                          SPNEGO_OID,
                          GSSCredentialSession.getClientCredential(),
                          INDEFINITE_LIFETIME);
      result.requestMutualAuth(true);
      result.requestConf(true);
      result.requestInteg(true);
      result.requestCredDeleg(false);
      return result;
    });

    byte[] token = context.initSecContext(new byte[0], 0, 0);
    if (token == null) {
      throw new LoginException("No token generated from GSS context");
    }
    return token;
  } catch (GSSException | LoginException e) {
    throw new RuntimeException(format(Locale.getDefault(), "Kerberos error for [%s]: %s", servicePrincipal, e.getMessage()), e);
  } finally {
    try {
      if (context != null) {
        context.dispose();
      }
    } catch (GSSException ignored) {
    }
  }
}
 
Example 6
Source File: SPNEGOAuthenticator.java    From keycloak with Apache License 2.0 5 votes vote down vote up
@Override
public Boolean run() throws Exception {
    GSSContext gssContext = null;
    try {
        if (log.isTraceEnabled()) {
            log.trace("Going to establish security context");
        }

        gssContext = establishContext();
        logAuthDetails(gssContext);

        if (gssContext.isEstablished()) {
            if (gssContext.getSrcName() == null) {
                log.warn("GSS Context accepted, but no context initiator recognized. Check your kerberos configuration and reverse DNS lookup configuration");
                return false;
            }

            authenticatedKerberosPrincipal = gssContext.getSrcName().toString();

            if (gssContext.getCredDelegState()) {
                delegationCredential = gssContext.getDelegCred();
            }

            return true;
        } else {
            return false;
        }
    } finally {
        if (gssContext != null) {
            gssContext.dispose();
        }
    }
}