Kerberos: server side login module

git-svn-id: http://svn.code.sf.net/p/davmail/code/trunk@2063 3d1905a2-6b24-0410-a738-b14d5a86fcbd
This commit is contained in:
mguessan 2013-02-26 21:20:41 +00:00
parent dc68175e3a
commit 0dd6efaa03
1 changed files with 25 additions and 9 deletions

View File

@ -28,33 +28,49 @@ import java.util.HashMap;
* Custom JAAS login configuration.
* Equivalent to the following configuration:
* spnego-client {
* com.sun.security.auth.module.Krb5LoginModule required;
* com.sun.security.auth.module.Krb5LoginModule required useTicketCache=true renewTGT=true;
* };
* spnego-server {
* com.sun.security.auth.module.Krb5LoginModule required isInitiator=false useKeyTab=false storeKey=true;
* };
* <p/>
*/
public class KerberosLoginConfiguration extends Configuration {
protected static final Logger LOGGER = Logger.getLogger(KerberosHelper.class);
protected static final AppConfigurationEntry[] CLIENT_LOGIN_MODULE;
protected static final AppConfigurationEntry[] SERVER_LOGIN_MODULE;
static {
HashMap<String, String> loginModuleOptions = new HashMap<String, String>();
HashMap<String, String> clientLoginModuleOptions = new HashMap<String, String>();
if (LOGGER.isDebugEnabled()) {
loginModuleOptions.put("debug", "true");
clientLoginModuleOptions.put("debug", "true");
}
loginModuleOptions.put("useTicketCache", "true");
//loginModuleOptions.put("doNotPrompt", "true");
//loginModuleOptions.put("ticketCache", FileCredentialsCache.getDefaultCacheName());
//loginModuleOptions.put("refreshKrb5Config", "true");
//loginModuleOptions.put("storeKey", "true");
CLIENT_LOGIN_MODULE = new AppConfigurationEntry[]{new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, loginModuleOptions)};
clientLoginModuleOptions.put("useTicketCache", "true");
clientLoginModuleOptions.put("renewTGT", "true");
//clientLoginModuleOptions.put("doNotPrompt", "true");
//clientLoginModuleOptions.put("ticketCache", FileCredentialsCache.getDefaultCacheName());
//clientLoginModuleOptions.put("refreshKrb5Config", "true");
//clientLoginModuleOptions.put("storeKey", "true");
CLIENT_LOGIN_MODULE = new AppConfigurationEntry[]{new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, clientLoginModuleOptions)};
HashMap<String, String> serverLoginModuleOptions = new HashMap<String, String>();
if (LOGGER.isDebugEnabled()) {
serverLoginModuleOptions.put("debug", "true");
}
serverLoginModuleOptions.put("isInitiator", "false"); // acceptor (server) mode
serverLoginModuleOptions.put("useKeyTab", "false"); // do not use credentials stored in keytab file
serverLoginModuleOptions.put("storeKey", "true"); // store credentials in subject
SERVER_LOGIN_MODULE = new AppConfigurationEntry[]{new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, serverLoginModuleOptions)};
}
@Override
public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
if ("spnego-client".equals(name)) {
return CLIENT_LOGIN_MODULE;
} else if ("spnego-server".equals(name)) {
return SERVER_LOGIN_MODULE;
} else {
return null;
}