Add an options to use a CallbackHandler + service name form switch with KerberosClient
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/7bdaa88f Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/7bdaa88f Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/7bdaa88f Branch: refs/heads/2.7.x-fixes Commit: 7bdaa88f16b0e817f20348cf427b696fd4260c76 Parents: 34adffd Author: Colm O hEigeartaigh <[email protected]> Authored: Tue Sep 2 15:45:53 2014 +0100 Committer: Colm O hEigeartaigh <[email protected]> Committed: Tue Sep 2 15:53:48 2014 +0100 ---------------------------------------------------------------------- .../java/org/apache/cxf/ws/security/SecurityConstants.java | 9 ++++++++- .../org/apache/cxf/ws/security/kerberos/KerberosUtils.java | 6 ++++++ 2 files changed, 14 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/7bdaa88f/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java index a9daac2..b195a71 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java @@ -210,6 +210,12 @@ public final class SecurityConstants { public static final String KERBEROS_USE_CREDENTIAL_DELEGATION = "ws-security.kerberos.use.credential.delegation"; + /** + * Whether the Kerberos username is in servicename form or not. The default is "false". + */ + public static final String KERBEROS_IS_USERNAME_IN_SERVICENAME_FORM = + "ws-security.kerberos.is.username.in.servicename.form"; + // // Non-boolean WS-Security Configuration parameters // @@ -574,7 +580,8 @@ public final class SecurityConstants { TOKEN, TOKEN_ID, SUBJECT_ROLE_CLASSIFIER, SUBJECT_ROLE_CLASSIFIER_TYPE, MUST_UNDERSTAND, ASYMMETRIC_SIGNATURE_ALGORITHM, ENABLE_SAML_ONE_TIME_USE_CACHE, SAML_ONE_TIME_USE_CACHE_INSTANCE, CACHE_IDENTIFIER, CACHE_ISSUED_TOKEN_IN_ENDPOINT, PREFER_WSMEX_OVER_STS_CLIENT_CONFIG, - DELEGATED_CREDENTIAL, KERBEROS_USE_CREDENTIAL_DELEGATION + DELEGATED_CREDENTIAL, KERBEROS_USE_CREDENTIAL_DELEGATION, + KERBEROS_IS_USERNAME_IN_SERVICENAME_FORM })); ALL_PROPERTIES = Collections.unmodifiableSet(s); } http://git-wip-us.apache.org/repos/asf/cxf/blob/7bdaa88f/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosUtils.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosUtils.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosUtils.java index 42f4794..b739edb 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosUtils.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosUtils.java @@ -54,10 +54,16 @@ public final class KerberosUtils { SecurityConstants.KERBEROS_USE_CREDENTIAL_DELEGATION, false); + boolean isInServiceNameForm = + MessageUtils.getContextualBoolean(message, + SecurityConstants.KERBEROS_IS_USERNAME_IN_SERVICENAME_FORM, + false); + client.setContextName(jaasContext); client.setServiceName(kerberosSpn); client.setCallbackHandler(callbackHandler); client.setUseDelegatedCredential(useCredentialDelegation); + client.setUsernameServiceNameForm(isInServiceNameForm); } return client; }
