Author: ddas
Date: Tue Mar 20 17:18:11 2012
New Revision: 1303017
URL: http://svn.apache.org/viewvc?rev=1303017&view=rev
Log:
HADOOP-6941. Adds support for building Hadoop with IBM's JDK. Contributed by
Stephen Watt, Eli Collins, and Devaraj Das.
Added:
hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/authentication/util/KerberosUtil.java
Modified:
hadoop/common/branches/branch-1/CHANGES.txt
hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/KerberosName.java
hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/SecurityUtil.java
hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/UserGroupInformation.java
hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java
hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.java
hadoop/common/branches/branch-1/src/test/org/apache/hadoop/security/authentication/KerberosTestUtils.java
hadoop/common/branches/branch-1/src/test/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java
Modified: hadoop/common/branches/branch-1/CHANGES.txt
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/branch-1/CHANGES.txt?rev=1303017&r1=1303016&r2=1303017&view=diff
==============================================================================
--- hadoop/common/branches/branch-1/CHANGES.txt (original)
+++ hadoop/common/branches/branch-1/CHANGES.txt Tue Mar 20 17:18:11 2012
@@ -166,6 +166,9 @@ Release 1.1.0 - unreleased
This was done to handle the build of Hadoop with IBM's JDK. (Stephen Watt,
Guillermo Cabrera and ddas)
+ HADOOP-6941. Adds support for building Hadoop with IBM's JDK
+ (Stephen Watt, Eli and ddas)
+
Release 1.0.2 - 2012.03.18
NEW FEATURES
Modified:
hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/KerberosName.java
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/KerberosName.java?rev=1303017&r1=1303016&r2=1303017&view=diff
==============================================================================
---
hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/KerberosName.java
(original)
+++
hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/KerberosName.java
Tue Mar 20 17:18:11 2012
@@ -25,9 +25,7 @@ import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.hadoop.conf.Configuration;
-
-import sun.security.krb5.Config;
-import sun.security.krb5.KrbException;
+import org.apache.hadoop.security.authentication.util.KerberosUtil;
/**
* This class implements parsing and handling of Kerberos principal names. In
@@ -73,13 +71,11 @@ public class KerberosName {
private static List<Rule> rules;
private static String defaultRealm;
- private static Config kerbConf;
static {
try {
- kerbConf = Config.getInstance();
- defaultRealm = kerbConf.getDefaultRealm();
- } catch (KrbException ke) {
+ defaultRealm = KerberosUtil.getDefaultRealm();
+ } catch (Exception ke) {
if(UserGroupInformation.isSecurityEnabled())
throw new IllegalArgumentException("Can't get Kerberos
configuration",ke);
else
Modified:
hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/SecurityUtil.java
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/SecurityUtil.java?rev=1303017&r1=1303016&r2=1303017&view=diff
==============================================================================
---
hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/SecurityUtil.java
(original)
+++
hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/SecurityUtil.java
Tue Mar 20 17:18:11 2012
@@ -17,6 +17,10 @@
package org.apache.hadoop.security;
import java.io.IOException;
+import java.lang.reflect.Constructor;
+import java.lang.reflect.Field;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.URI;
@@ -42,9 +46,6 @@ import org.apache.hadoop.security.token.
//this will need to be replaced someday when there is a suitable replacement
import sun.net.dns.ResolverConfiguration;
import sun.net.util.IPAddressUtil;
-import sun.security.jgss.krb5.Krb5Util;
-import sun.security.krb5.Credentials;
-import sun.security.krb5.PrincipalName;
public class SecurityUtil {
public static final Log LOG = LogFactory.getLog(SecurityUtil.class);
@@ -128,12 +129,41 @@ public class SecurityUtil {
String serviceName = "host/" + remoteHost.getHost();
if (LOG.isDebugEnabled())
LOG.debug("Fetching service ticket for host at: " + serviceName);
- Credentials serviceCred = null;
+ Object serviceCred = null;
+ Method credsToTicketMeth;
+ Class<?> krb5utilClass;
try {
- PrincipalName principal = new PrincipalName(serviceName,
- PrincipalName.KRB_NT_SRV_HST);
- serviceCred = Credentials.acquireServiceCreds(principal
- .toString(), Krb5Util.ticketToCreds(getTgtFromSubject()));
+ Class<?> principalClass;
+ Class<?> credentialsClass;
+
+ if (System.getProperty("java.vendor").contains("IBM")) {
+ principalClass = Class.forName("com.ibm.security.krb5.PrincipalName");
+
+ credentialsClass = Class.forName("com.ibm.security.krb5.Credentials");
+ krb5utilClass = Class.forName("com.ibm.security.jgss.mech.krb5");
+ } else {
+ principalClass = Class.forName("sun.security.krb5.PrincipalName");
+ credentialsClass = Class.forName("sun.security.krb5.Credentials");
+ krb5utilClass = Class.forName("sun.security.jgss.krb5");
+ }
+ @SuppressWarnings("rawtypes")
+ Constructor principalConstructor =
principalClass.getConstructor(String.class,
+ int.class);
+ Field KRB_NT_SRV_HST = principalClass.getDeclaredField("KRB_NT_SRV_HST");
+ Method acquireServiceCredsMeth =
+ credentialsClass.getDeclaredMethod("acquireServiceCreds",
+ String.class, credentialsClass);
+ Method ticketToCredsMeth =
krb5utilClass.getDeclaredMethod("ticketToCreds",
+ KerberosTicket.class);
+ credsToTicketMeth = krb5utilClass.getDeclaredMethod("credsToTicket",
+ credentialsClass);
+
+ Object principal = principalConstructor.newInstance(serviceName,
+ KRB_NT_SRV_HST.get(principalClass));
+
+ serviceCred = acquireServiceCredsMeth.invoke(credentialsClass,
+ principal.toString(),
+ ticketToCredsMeth.invoke(krb5utilClass, getTgtFromSubject()));
} catch (Exception e) {
throw new IOException("Can't get service ticket for: "
+ serviceName, e);
@@ -141,8 +171,13 @@ public class SecurityUtil {
if (serviceCred == null) {
throw new IOException("Can't get service ticket for " + serviceName);
}
- Subject.getSubject(AccessController.getContext()).getPrivateCredentials()
- .add(Krb5Util.credsToTicket(serviceCred));
+ try {
+ Subject.getSubject(AccessController.getContext()).getPrivateCredentials()
+ .add(credsToTicketMeth.invoke(krb5utilClass, serviceCred));
+ } catch (Exception e) {
+ throw new IOException("Can't get service ticket for: "
+ + serviceName, e);
+ }
}
/**
Modified:
hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/UserGroupInformation.java
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/UserGroupInformation.java?rev=1303017&r1=1303016&r2=1303017&view=diff
==============================================================================
---
hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/UserGroupInformation.java
(original)
+++
hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/UserGroupInformation.java
Tue Mar 20 17:18:11 2012
@@ -51,14 +51,11 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.Path;
+import org.apache.hadoop.security.authentication.util.KerberosUtil;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.TokenIdentifier;
import org.apache.hadoop.util.Shell;
-import com.sun.security.auth.NTUserPrincipal;
-import com.sun.security.auth.UnixPrincipal;
-import com.sun.security.auth.module.Krb5LoginModule;
-
/**
* User and group information for Hadoop.
* This class wraps around a JAAS Subject and provides methods to determine the
@@ -253,22 +250,53 @@ public class UserGroupInformation {
private final boolean isKeytab;
private final boolean isKrbTkt;
- private static final String OS_LOGIN_MODULE_NAME;
- private static final Class<? extends Principal> OS_PRINCIPAL_CLASS;
+ private static String OS_LOGIN_MODULE_NAME;
+ private static Class<? extends Principal> OS_PRINCIPAL_CLASS;
private static final boolean windows =
System.getProperty("os.name").startsWith("Windows");
private static Thread renewerThread = null;
private static volatile boolean shouldRunRenewerThread = true;
- static {
- if (windows) {
- OS_LOGIN_MODULE_NAME = "com.sun.security.auth.module.NTLoginModule";
- OS_PRINCIPAL_CLASS = NTUserPrincipal.class;
+ /* Return the OS login module class name */
+ private static String getOSLoginModuleName() {
+ if (System.getProperty("java.vendor").contains("IBM")) {
+ return windows ? "com.ibm.security.auth.module.NTLoginModule"
+ : "com.ibm.security.auth.module.LinuxLoginModule";
} else {
- OS_LOGIN_MODULE_NAME = "com.sun.security.auth.module.UnixLoginModule";
- OS_PRINCIPAL_CLASS = UnixPrincipal.class;
+ return windows ? "com.sun.security.auth.module.NTLoginModule"
+ : "com.sun.security.auth.module.UnixLoginModule";
}
}
+
+ /* Return the OS principal class */
+ @SuppressWarnings("unchecked")
+ private static Class<? extends Principal> getOsPrincipalClass() {
+ ClassLoader cl = ClassLoader.getSystemClassLoader();
+ try {
+ if (System.getProperty("java.vendor").contains("IBM")) {
+ if (windows) {
+ return (Class<? extends Principal>)
+ cl.loadClass("com.ibm.security.auth.UsernamePrincipal");
+ } else {
+ return (Class<? extends Principal>)
+ (System.getProperty("os.arch").contains("64")
+ ? cl.loadClass("com.ibm.security.auth.UsernamePrincipal")
+ : cl.loadClass("com.ibm.security.auth.LinuxPrincipal"));
+ }
+ } else {
+ return (Class<? extends Principal>) (windows
+ ? cl.loadClass("com.sun.security.auth.NTUserPrincipal")
+ : cl.loadClass("com.sun.security.auth.UnixPrincipal"));
+ }
+ } catch (ClassNotFoundException e) {
+ LOG.error("Unable to find JAAS classes:" + e.getMessage());
+ }
+ return null;
+ }
+ static {
+ OS_LOGIN_MODULE_NAME = getOSLoginModuleName();
+ OS_PRINCIPAL_CLASS = getOsPrincipalClass();
+ }
private static class RealUser implements Principal {
private final UserGroupInformation realUser;
@@ -339,7 +367,7 @@ public class UserGroupInformation {
}
}
private static final AppConfigurationEntry USER_KERBEROS_LOGIN =
- new AppConfigurationEntry(Krb5LoginModule.class.getName(),
+ new AppConfigurationEntry(KerberosUtil.getKrb5LoginModuleName(),
LoginModuleControlFlag.OPTIONAL,
USER_KERBEROS_OPTIONS);
private static final Map<String,String> KEYTAB_KERBEROS_OPTIONS =
@@ -350,7 +378,7 @@ public class UserGroupInformation {
KEYTAB_KERBEROS_OPTIONS.put("storeKey", "true");
}
private static final AppConfigurationEntry KEYTAB_KERBEROS_LOGIN =
- new AppConfigurationEntry(Krb5LoginModule.class.getName(),
+ new AppConfigurationEntry(KerberosUtil.getKrb5LoginModuleName(),
LoginModuleControlFlag.REQUIRED,
KEYTAB_KERBEROS_OPTIONS);
Modified:
hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java?rev=1303017&r1=1303016&r2=1303017&view=diff
==============================================================================
---
hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java
(original)
+++
hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java
Tue Mar 20 17:18:11 2012
@@ -13,12 +13,12 @@
*/
package org.apache.hadoop.security.authentication.client;
-import com.sun.security.auth.module.Krb5LoginModule;
import org.apache.commons.codec.binary.Base64;
+import org.apache.hadoop.security.authentication.util.KerberosUtil;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
-import sun.security.jgss.GSSUtil;
+import org.ietf.jgss.Oid;
import javax.security.auth.Subject;
import javax.security.auth.login.AppConfigurationEntry;
@@ -26,6 +26,7 @@ import javax.security.auth.login.Configu
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import java.io.IOException;
+import java.lang.reflect.Field;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.AccessControlContext;
@@ -97,7 +98,7 @@ public class KerberosAuthenticator imple
}
private static final AppConfigurationEntry USER_KERBEROS_LOGIN =
- new AppConfigurationEntry(Krb5LoginModule.class.getName(),
+ new AppConfigurationEntry(KerberosUtil.getKrb5LoginModuleName(),
AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL,
USER_KERBEROS_OPTIONS);
@@ -109,7 +110,7 @@ public class KerberosAuthenticator imple
return USER_KERBEROS_CONF;
}
}
-
+
private URL url;
private HttpURLConnection conn;
private Base64 base64;
@@ -195,9 +196,12 @@ public class KerberosAuthenticator imple
try {
GSSManager gssManager = GSSManager.getInstance();
String servicePrincipal = "HTTP/" +
KerberosAuthenticator.this.url.getHost();
+
GSSName serviceName = gssManager.createName(servicePrincipal,
-
GSSUtil.NT_GSS_KRB5_PRINCIPAL);
- gssContext = gssManager.createContext(serviceName,
GSSUtil.GSS_KRB5_MECH_OID, null,
+
GSSName.NT_HOSTBASED_SERVICE);
+ Oid oid = KerberosUtil.getOidClassInstance(servicePrincipal,
+ gssManager);
+ gssContext = gssManager.createContext(serviceName, oid, null,
GSSContext.DEFAULT_LIFETIME);
gssContext.requestCredDeleg(true);
gssContext.requestMutualAuth(true);
Modified:
hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.java
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.java?rev=1303017&r1=1303016&r2=1303017&view=diff
==============================================================================
---
hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.java
(original)
+++
hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.java
Tue Mar 20 17:18:11 2012
@@ -15,9 +15,9 @@ package org.apache.hadoop.security.authe
import
org.apache.hadoop.security.authentication.client.AuthenticationException;
import org.apache.hadoop.security.authentication.client.KerberosAuthenticator;
-import com.sun.security.auth.module.Krb5LoginModule;
import org.apache.commons.codec.binary.Base64;
import org.apache.hadoop.security.KerberosName;
+import org.apache.hadoop.security.authentication.util.KerberosUtil;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSManager;
@@ -93,7 +93,7 @@ public class KerberosAuthenticationHandl
}
return new AppConfigurationEntry[]{
- new AppConfigurationEntry(Krb5LoginModule.class.getName(),
+ new AppConfigurationEntry(KerberosUtil.getKrb5LoginModuleName(),
AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
options),};
}
Added:
hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/authentication/util/KerberosUtil.java
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/authentication/util/KerberosUtil.java?rev=1303017&view=auto
==============================================================================
---
hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/authentication/util/KerberosUtil.java
(added)
+++
hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/authentication/util/KerberosUtil.java
Tue Mar 20 17:18:11 2012
@@ -0,0 +1,70 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.security.authentication.util;
+
+import java.lang.reflect.Field;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+
+import org.ietf.jgss.GSSException;
+import org.ietf.jgss.GSSManager;
+import org.ietf.jgss.Oid;
+
+public class KerberosUtil {
+
+ /* Return the Kerberos login module name */
+ public static String getKrb5LoginModuleName() {
+ return System.getProperty("java.vendor").contains("IBM")
+ ? "com.ibm.security.auth.module.Krb5LoginModule"
+ : "com.sun.security.auth.module.Krb5LoginModule";
+ }
+
+ public static Oid getOidClassInstance(String servicePrincipal,
+ GSSManager gssManager)
+ throws ClassNotFoundException, GSSException, NoSuchFieldException,
+ IllegalAccessException {
+ Class<?> oidClass;
+ if (System.getProperty("java.vendor").contains("IBM")) {
+ oidClass = Class.forName("com.ibm.security.jgss.GSSUtil");
+ } else {
+ oidClass = Class.forName("sun.security.jgss.GSSUtil");
+ }
+ Field oidField = oidClass.getDeclaredField("GSS_KRB5_MECH_OID");
+ return (Oid)oidField.get(oidClass);
+ }
+
+ public static String getDefaultRealm()
+ throws ClassNotFoundException, NoSuchMethodException,
+ IllegalArgumentException, IllegalAccessException,
+ InvocationTargetException {
+ Object kerbConf;
+ Class<?> classRef;
+ Method getInstanceMethod;
+ Method getDefaultRealmMethod;
+ if (System.getProperty("java.vendor").contains("IBM")) {
+ classRef = Class.forName("com.ibm.security.krb5.internal.Config");
+ } else {
+ classRef = Class.forName("sun.security.krb5.Config");
+ }
+ getInstanceMethod = classRef.getMethod("getInstance", new Class[0]);
+ kerbConf = getInstanceMethod.invoke(classRef, new Object[0]);
+ getDefaultRealmMethod = classRef.getDeclaredMethod("getDefaultRealm",
+ new Class[0]);
+ return (String)getDefaultRealmMethod.invoke(kerbConf, new Object[0]);
+ }
+}
Modified:
hadoop/common/branches/branch-1/src/test/org/apache/hadoop/security/authentication/KerberosTestUtils.java
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/branch-1/src/test/org/apache/hadoop/security/authentication/KerberosTestUtils.java?rev=1303017&r1=1303016&r2=1303017&view=diff
==============================================================================
---
hadoop/common/branches/branch-1/src/test/org/apache/hadoop/security/authentication/KerberosTestUtils.java
(original)
+++
hadoop/common/branches/branch-1/src/test/org/apache/hadoop/security/authentication/KerberosTestUtils.java
Tue Mar 20 17:18:11 2012
@@ -13,13 +13,15 @@
*/
package org.apache.hadoop.security.authentication;
-import com.sun.security.auth.module.Krb5LoginModule;
import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
+
+import org.apache.hadoop.security.authentication.util.KerberosUtil;
+
import java.io.File;
import java.security.Principal;
import java.security.PrivilegedActionException;
@@ -88,7 +90,7 @@ public class KerberosTestUtils {
options.put("debug", "true");
return new AppConfigurationEntry[]{
- new AppConfigurationEntry(Krb5LoginModule.class.getName(),
+ new AppConfigurationEntry(KerberosUtil.getKrb5LoginModuleName(),
AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
options),};
}
Modified:
hadoop/common/branches/branch-1/src/test/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/branch-1/src/test/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java?rev=1303017&r1=1303016&r2=1303017&view=diff
==============================================================================
---
hadoop/common/branches/branch-1/src/test/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java
(original)
+++
hadoop/common/branches/branch-1/src/test/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java
Tue Mar 20 17:18:11 2012
@@ -18,15 +18,17 @@ import org.apache.hadoop.security.authen
import org.apache.hadoop.security.authentication.client.KerberosAuthenticator;
import junit.framework.TestCase;
import org.apache.commons.codec.binary.Base64;
+import org.apache.hadoop.security.authentication.util.KerberosUtil;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.junit.Ignore;
import org.mockito.Mockito;
-import sun.security.jgss.GSSUtil;
+import org.ietf.jgss.Oid;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import java.lang.reflect.Field;
import java.util.Properties;
import java.util.concurrent.Callable;
@@ -116,9 +118,12 @@ public class TestKerberosAuthenticationH
GSSContext gssContext = null;
try {
String servicePrincipal = KerberosTestUtils.getServerPrincipal();
- GSSName serviceName = gssManager.createName(servicePrincipal,
GSSUtil.NT_GSS_KRB5_PRINCIPAL);
- gssContext = gssManager.createContext(serviceName,
GSSUtil.GSS_KRB5_MECH_OID, null,
- GSSContext.DEFAULT_LIFETIME);
+ GSSName serviceName = gssManager.createName(servicePrincipal,
+ GSSName.NT_HOSTBASED_SERVICE);
+ Oid oid = KerberosUtil.getOidClassInstance(servicePrincipal,
+ gssManager);
+ gssContext = gssManager.createContext(serviceName, oid, null,
+ GSSContext.DEFAULT_LIFETIME);
gssContext.requestCredDeleg(true);
gssContext.requestMutualAuth(true);