SpnegoAuthSupplier using Kerberos OID instead of Spnego
-------------------------------------------------------
Key: CXF-3496
URL: https://issues.apache.org/jira/browse/CXF-3496
Project: CXF
Issue Type: Bug
Components: Transports
Affects Versions: 2.4
Reporter: Aris Tsaklidis
Updating from 2.3.4 to 2.4.0 added the SpnegoAuthSupplier which is called
everytime you use "Negotiate" as AuthorizationType. SpnegoAuthSupplier uses
Kerberos OID instead of Spnego. Spnego would be correct.
http://cxf.547215.n5.nabble.com/CXF-2-4-Kerberos-SpnegoAuthSupplier-Message-content-from-Soap-Response-is-null-td4369582.html
## correct code in SpnegoAuthSupplier.java
private byte[] getToken(AuthorizationPolicy proxyAuthPolicy, String spn)
throws GSSException,
LoginException {
GSSManager manager = GSSManager.getInstance();
GSSName serverName = manager.createName(spn, null);
// need to use SPNEGO_OID
Oid oid = new Oid(SPNEGO_OID);
GSSContext context = manager
.createContext(serverName.canonicalize(oid), oid, null,
GSSContext.DEFAULT_LIFETIME);
// TODO Do we need mutual auth. Will the code we have really work with
// mutual auth?
context.requestMutualAuth(true);
// TODO Credential delegation could be a security hole if it was not
// intended. Both settings should be configurable
context.requestCredDeleg(true);
return getToken(proxyAuthPolicy, context);
}
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
