SES-10: Enable server side Kerberos login

This commit is contained in:
Mike Wiesner
2010-03-04 19:24:04 +00:00
parent 0734b1b6c1
commit 9f881deb0e
3 changed files with 77 additions and 27 deletions

View File

@@ -0,0 +1,75 @@
/*
* Copyright 2010 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.extensions.kerberos;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.config.BeanPostProcessor;
/**
* @author Mike Wiesner
* @since 1.0
* @version $Id:$
*/
public class GlobalSunJaasKerberosConfig implements BeanPostProcessor, InitializingBean {
private boolean debug = false;
private String krbConfLocation;
public void afterPropertiesSet() throws Exception {
if (debug) {
System.setProperty("sun.security.krb5.debug", "true");
}
if (krbConfLocation != null) {
System.setProperty("java.security.krb5.conf", krbConfLocation);
}
}
/**
* Enable debug logs from the Sun Kerberos Implementation. Default is false.
*/
public void setDebug(boolean debug) {
this.debug = debug;
}
/**
* Kerberos config file location can be specified here.
*
* @param krbConfLocation
*/
public void setKrbConfLocation(String krbConfLocation) {
this.krbConfLocation = krbConfLocation;
}
/*
* The following methods are not used here. This Bean implements only BeanPostProcessor to ensure that it
* is created before any other bean is created, because the system properties needed to be set very early
* in the startup-phase, but after the BeanFactoryPostProcessing.
*/
public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException {
return bean;
}
public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException {
return bean;
}
}

View File

@@ -43,14 +43,7 @@ public class KerberosAuthenticationProvider implements AuthenticationProvider {
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
UsernamePasswordAuthenticationToken auth = (UsernamePasswordAuthenticationToken) authentication;
String validatedUsername = kerberosClient.login(auth.getName(), auth.getCredentials().toString());
if (validatedUsername.equalsIgnoreCase(auth.getName()) == false) {
if (LOG.isDebugEnabled()) {
LOG.info("Username returned from KDC ("+validatedUsername+") doesn't match with supplied username ("+auth.getName()+")");
}
throw new BadCredentialsException("Username returned from KDC doesn't match with supplied username");
}
UserDetails userDetails = this.userDetailsService.loadUserByUsername(auth.getName());
UserDetails userDetails = this.userDetailsService.loadUserByUsername(validatedUsername);
UsernamePasswordAuthenticationToken output = new UsernamePasswordAuthenticationToken(userDetails, auth.getCredentials(), userDetails.getAuthorities());
return output;

View File

@@ -31,7 +31,6 @@ import javax.security.auth.login.LoginException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.authentication.BadCredentialsException;
/**
@@ -44,10 +43,9 @@ import org.springframework.security.authentication.BadCredentialsException;
* @since 1.0
* @version $Id$
*/
public class SunJaasKerberosClient implements KerberosClient, InitializingBean {
public class SunJaasKerberosClient implements KerberosClient {
private boolean debug = false;
private String krbConfLocation;
private static final Log LOG = LogFactory.getLog(SunJaasKerberosClient.class);
@@ -77,22 +75,6 @@ public class SunJaasKerberosClient implements KerberosClient, InitializingBean {
this.debug = debug;
}
public void setKrbConfLocation(String krbConfLocation) {
this.krbConfLocation = krbConfLocation;
}
public void afterPropertiesSet() throws Exception {
if (krbConfLocation != null) {
System.setProperty("java.security.krb5.conf", krbConfLocation);
}
if (debug) {
System.setProperty("sun.security.krb5.debug", "true");
}
}
private static class LoginConfig extends Configuration {
private boolean debug;