Kerberos: server side login module
git-svn-id: http://svn.code.sf.net/p/davmail/code/trunk@2063 3d1905a2-6b24-0410-a738-b14d5a86fcbd
This commit is contained in:
parent
dc68175e3a
commit
0dd6efaa03
|
@ -28,33 +28,49 @@ import java.util.HashMap;
|
||||||
* Custom JAAS login configuration.
|
* Custom JAAS login configuration.
|
||||||
* Equivalent to the following configuration:
|
* Equivalent to the following configuration:
|
||||||
* spnego-client {
|
* spnego-client {
|
||||||
* com.sun.security.auth.module.Krb5LoginModule required;
|
* com.sun.security.auth.module.Krb5LoginModule required useTicketCache=true renewTGT=true;
|
||||||
|
* };
|
||||||
|
* spnego-server {
|
||||||
|
* com.sun.security.auth.module.Krb5LoginModule required isInitiator=false useKeyTab=false storeKey=true;
|
||||||
* };
|
* };
|
||||||
* <p/>
|
* <p/>
|
||||||
*/
|
*/
|
||||||
public class KerberosLoginConfiguration extends Configuration {
|
public class KerberosLoginConfiguration extends Configuration {
|
||||||
protected static final Logger LOGGER = Logger.getLogger(KerberosHelper.class);
|
protected static final Logger LOGGER = Logger.getLogger(KerberosHelper.class);
|
||||||
protected static final AppConfigurationEntry[] CLIENT_LOGIN_MODULE;
|
protected static final AppConfigurationEntry[] CLIENT_LOGIN_MODULE;
|
||||||
|
protected static final AppConfigurationEntry[] SERVER_LOGIN_MODULE;
|
||||||
|
|
||||||
static {
|
static {
|
||||||
HashMap<String, String> loginModuleOptions = new HashMap<String, String>();
|
HashMap<String, String> clientLoginModuleOptions = new HashMap<String, String>();
|
||||||
if (LOGGER.isDebugEnabled()) {
|
if (LOGGER.isDebugEnabled()) {
|
||||||
loginModuleOptions.put("debug", "true");
|
clientLoginModuleOptions.put("debug", "true");
|
||||||
}
|
}
|
||||||
|
|
||||||
loginModuleOptions.put("useTicketCache", "true");
|
clientLoginModuleOptions.put("useTicketCache", "true");
|
||||||
//loginModuleOptions.put("doNotPrompt", "true");
|
clientLoginModuleOptions.put("renewTGT", "true");
|
||||||
//loginModuleOptions.put("ticketCache", FileCredentialsCache.getDefaultCacheName());
|
//clientLoginModuleOptions.put("doNotPrompt", "true");
|
||||||
//loginModuleOptions.put("refreshKrb5Config", "true");
|
//clientLoginModuleOptions.put("ticketCache", FileCredentialsCache.getDefaultCacheName());
|
||||||
//loginModuleOptions.put("storeKey", "true");
|
//clientLoginModuleOptions.put("refreshKrb5Config", "true");
|
||||||
CLIENT_LOGIN_MODULE = new AppConfigurationEntry[]{new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, loginModuleOptions)};
|
//clientLoginModuleOptions.put("storeKey", "true");
|
||||||
|
CLIENT_LOGIN_MODULE = new AppConfigurationEntry[]{new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, clientLoginModuleOptions)};
|
||||||
|
|
||||||
|
HashMap<String, String> serverLoginModuleOptions = new HashMap<String, String>();
|
||||||
|
if (LOGGER.isDebugEnabled()) {
|
||||||
|
serverLoginModuleOptions.put("debug", "true");
|
||||||
|
}
|
||||||
|
|
||||||
|
serverLoginModuleOptions.put("isInitiator", "false"); // acceptor (server) mode
|
||||||
|
serverLoginModuleOptions.put("useKeyTab", "false"); // do not use credentials stored in keytab file
|
||||||
|
serverLoginModuleOptions.put("storeKey", "true"); // store credentials in subject
|
||||||
|
SERVER_LOGIN_MODULE = new AppConfigurationEntry[]{new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, serverLoginModuleOptions)};
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
|
public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
|
||||||
if ("spnego-client".equals(name)) {
|
if ("spnego-client".equals(name)) {
|
||||||
return CLIENT_LOGIN_MODULE;
|
return CLIENT_LOGIN_MODULE;
|
||||||
|
} else if ("spnego-server".equals(name)) {
|
||||||
|
return SERVER_LOGIN_MODULE;
|
||||||
} else {
|
} else {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue