Author: markt
Date: Fri Dec 6 19:44:34 2013
New Revision: 1548697
URL: http://svn.apache.org/r1548697
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=55851
Enable SPNEGO to work with IBM JDKs.
Based on a patch by Arunav Sanyal.
Modified:
tomcat/tc7.0.x/trunk/ (props changed)
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
Propchange: tomcat/tc7.0.x/trunk/
------------------------------------------------------------------------------
Merged /tomcat/trunk:r1548695
Modified:
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java?rev=1548697&r1=1548696&r2=1548697&view=diff
==============================================================================
---
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
(original)
+++
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
Fri Dec 6 19:44:34 2013
@@ -231,7 +231,7 @@ public class SpnegoAuthenticator extends
};
gssContext = manager.createContext(Subject.doAs(lc.getSubject(),
action));
- outToken = gssContext.acceptSecContext(decoded, 0, decoded.length);
+ outToken = Subject.doAs(lc.getSubject(), new
AcceptAction(gssContext, decoded));
if (outToken == null) {
if (log.isDebugEnabled()) {
@@ -298,4 +298,26 @@ public class SpnegoAuthenticator extends
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return false;
}
+
+
+ /**
+ * This class gets a gss credential via a privileged action.
+ */
+ private static class AcceptAction implements
PrivilegedExceptionAction<byte[]> {
+
+ GSSContext gssContext;
+
+ byte[] decoded;
+
+ AcceptAction(GSSContext context, byte[] decodedToken) {
+ this.gssContext = context;
+ this.decoded = decodedToken;
+ }
+
+ @Override
+ public byte[] run() throws GSSException {
+ return gssContext.acceptSecContext(decoded,
+ 0, decoded.length);
+ }
+ }
}
Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1548697&r1=1548696&r2=1548697&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Fri Dec 6 19:44:34 2013
@@ -202,6 +202,10 @@
is configured that the full buffer is used when a Servlet outputs via a
Writer. (markt)
</fix>
+ <fix>
+ <bug>55851</bug>: Further fixes to enable SPNEGO authentication to work
+ with IBM JDKs. Based on a patch by Arunav Sanyal. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
