1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16 package net.sf.michaelo.tomcat.realm;
17
18 import java.security.Principal;
19
20 import org.apache.catalina.realm.UserDatabaseRealm;
21 import org.apache.juli.logging.Log;
22 import org.apache.juli.logging.LogFactory;
23 import org.apache.tomcat.util.res.StringManager;
24 import org.ietf.jgss.GSSContext;
25 import org.ietf.jgss.GSSCredential;
26 import org.ietf.jgss.GSSException;
27 import org.ietf.jgss.GSSName;
28
29
30
31
32
33
34 public class GSSUserDatabaseRealm extends UserDatabaseRealm implements GSSRealm {
35
36 protected final Log logger = LogFactory.getLog(getClass());
37 protected final StringManager sm = StringManager.getManager(getClass());
38
39
40
41
42 protected static final String name = "GSSUserDatabaseRealm";
43
44 @Override
45 protected String getName() {
46 return name;
47 }
48
49 public Principal authenticate(GSSName gssName, GSSCredential gssCredential) {
50 return getPrincipal(String.valueOf(gssName), gssCredential);
51 }
52
53 @Override
54 public Principal authenticate(GSSContext gssContext, boolean storeCreds) {
55 if (gssContext.isEstablished()) {
56 GSSName gssName = null;
57 try {
58 gssName = gssContext.getSrcName();
59 } catch (GSSException e) {
60 logger.error(sm.getString("activeDirectoryRealm.gssNameFailed"), e);
61 }
62
63 if (gssName != null) {
64 GSSCredential gssCredential = null;
65 if (storeCreds) {
66 if (gssContext.getCredDelegState()) {
67 try {
68 gssCredential = gssContext.getDelegCred();
69 } catch (GSSException e) {
70 logger.warn(sm.getString(
71 "activeDirectoryRealm.delegatedCredentialFailed", gssName), e);
72 }
73 } else {
74 if (logger.isDebugEnabled())
75 logger.debug(sm.getString(
76 "activeDirectoryRealm.credentialNotDelegable", gssName));
77 }
78 }
79
80 return getPrincipal(String.valueOf(gssName), gssCredential);
81 }
82 } else
83 logger.error(sm.getString("activeDirectoryRealm.securityContextNotEstablished"));
84
85 return null;
86 }
87
88 }