package kerberos;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.TextOutputCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.Oid;
public class KerberosLogin {
public GSSCredential getGSSCredentials
(GSSManager mgr,
String spn,
String keytab,
int GSSCredentialType
) throws LoginException, GSSException
{ LoginContext lc = new LoginContext("Sample", null, null, new LoginConfiguration(spn, keytab, GSSCredentialType));
lc.login();
try {
return (GSSCredential) Subject.doAs(lc.getSubject(), new SubjectAction(mgr, GSSCredentialType ));
throw (GSSException) e.getCause();
}
}
public GSSCredential getGSSCredentials
(GSSManager mgr,
String spn,
int GSSCredentialType
) throws LoginException, GSSException
{ LoginContext lc = new LoginContext("Sample", null, new KerberosCallBackHandler(), new LoginConfiguration(spn, GSSCredentialType));
lc.login();
try {
return (GSSCredential) Subject.doAs(lc.getSubject(), new SubjectAction(mgr, GSSCredentialType));
throw (GSSException) e.getCause();
}
}
// Privileged action which runs as the subject to get the credentials and throws the exception thrown by the run() method
private static final class SubjectAction implements PrivilegedExceptionAction<GSSCredential> {
private GSSManager mgr;
private int GSSCredentialType = GSSCredential.INITIATE_AND_ACCEPT;
private static final Oid KRB5_MECH = createOid("1.2.840.113554.1.2.2");
private static Oid createOid
(String rep
) { try {
return new Oid(rep);
} catch (GSSException e) {
return null;
}
}
private SubjectAction(GSSManager mgr, int GSSCredentialType) {
this.mgr = mgr;
this.GSSCredentialType = GSSCredentialType;
}
public GSSCredential run() throws GSSException {
return mgr.createCredential(null, GSSCredential.INDEFINITE_LIFETIME, KRB5_MECH, GSSCredentialType );
}
}
}
class KerberosCallBackHandler implements CallbackHandler {
public void handle
(Callback
[] callbacks
) throws IOException, UnsupportedCallbackException
{ for (int i = 0; i < callbacks.length; i++) {
// display the message
if (callbacks[i] instanceof TextOutputCallback) {
TextOutputCallback toc = (TextOutputCallback) callbacks[i];
switch (toc.getMessageType()) {
case TextOutputCallback.INFORMATION:
System.
out.
println(toc.
getMessage()); break;
case TextOutputCallback.ERROR:
System.
out.
println("ERROR: " + toc.
getMessage()); break;
case TextOutputCallback.WARNING:
System.
out.
println("WARNING: " + toc.
getMessage()); break;
default:
throw new IOException("Unsupported message type: " + toc.
getMessageType()); }
} else if (callbacks[i] instanceof PasswordCallback) {
// prompt the user for password
PasswordCallback pc = (PasswordCallback) callbacks[i];
System.
err.
print(pc.
getPrompt()); pc.setPassword(readPassword());
} else {
throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
}
}
}
return br.readLine().trim().toCharArray();
}
}