38 import com.sun.security.auth.module.Krb5LoginModule; |
38 import com.sun.security.auth.module.Krb5LoginModule; |
39 import java.io.BufferedReader; |
39 import java.io.BufferedReader; |
40 import java.io.File; |
40 import java.io.File; |
41 import java.io.FileOutputStream; |
41 import java.io.FileOutputStream; |
42 import java.io.IOException; |
42 import java.io.IOException; |
|
43 import java.io.InputStream; |
43 import java.io.InputStreamReader; |
44 import java.io.InputStreamReader; |
44 import java.net.HttpURLConnection; |
45 import java.net.HttpURLConnection; |
45 import java.net.InetSocketAddress; |
46 import java.net.InetSocketAddress; |
46 import java.net.PasswordAuthentication; |
47 import java.net.PasswordAuthentication; |
47 import java.net.Proxy; |
48 import java.net.Proxy; |
48 import java.net.URL; |
49 import java.net.URL; |
49 import java.security.PrivilegedExceptionAction; |
50 import java.net.URLConnection; |
|
51 import java.security.*; |
50 import java.util.HashMap; |
52 import java.util.HashMap; |
51 import java.util.Map; |
53 import java.util.Map; |
52 import javax.security.auth.Subject; |
54 import javax.security.auth.Subject; |
|
55 import javax.security.auth.callback.Callback; |
|
56 import javax.security.auth.callback.CallbackHandler; |
|
57 import javax.security.auth.callback.NameCallback; |
|
58 import javax.security.auth.callback.PasswordCallback; |
|
59 import javax.security.auth.callback.UnsupportedCallbackException; |
|
60 import javax.security.auth.login.AppConfigurationEntry; |
|
61 import javax.security.auth.login.Configuration; |
|
62 import javax.security.auth.login.LoginContext; |
|
63 import javax.security.auth.login.LoginException; |
|
64 import javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag; |
53 import org.ietf.jgss.GSSContext; |
65 import org.ietf.jgss.GSSContext; |
54 import org.ietf.jgss.GSSCredential; |
66 import org.ietf.jgss.GSSCredential; |
55 import org.ietf.jgss.GSSManager; |
67 import org.ietf.jgss.GSSManager; |
56 import sun.security.jgss.GSSUtil; |
68 import sun.security.jgss.GSSUtil; |
57 import sun.security.krb5.Config; |
69 import sun.security.krb5.Config; |
|
70 import java.util.Base64; |
58 import sun.util.logging.PlatformLogger; |
71 import sun.util.logging.PlatformLogger; |
59 |
72 |
60 import java.util.Base64; |
73 import java.util.Base64; |
61 |
74 |
62 /** |
75 /** |
249 } catch (IOException ioe) { |
269 } catch (IOException ioe) { |
250 // Will fail since no username and password is provided. |
270 // Will fail since no username and password is provided. |
251 } |
271 } |
252 if (count > 1) { |
272 if (count > 1) { |
253 throw new RuntimeException("Authenticator called twice"); |
273 throw new RuntimeException("Authenticator called twice"); |
|
274 } |
|
275 } |
|
276 |
|
277 static void testConnect() { |
|
278 InputStream inputStream = null; |
|
279 try { |
|
280 URL url = webUrl; |
|
281 |
|
282 URLConnection conn = url.openConnection(); |
|
283 conn.connect(); |
|
284 inputStream = conn.getInputStream(); |
|
285 byte[] b = new byte[inputStream.available()]; |
|
286 for (int j = 0; j < b.length; j++) { |
|
287 b[j] = (byte) inputStream.read(); |
|
288 } |
|
289 String s = new String(b); |
|
290 System.out.println("Length: " + s.length()); |
|
291 System.out.println(s); |
|
292 } catch (Exception ex) { |
|
293 throw new RuntimeException(ex); |
|
294 } finally { |
|
295 if (inputStream != null) { |
|
296 try { |
|
297 inputStream.close(); |
|
298 } catch (IOException e) { |
|
299 e.printStackTrace(); |
|
300 } |
|
301 } |
|
302 } |
|
303 } |
|
304 |
|
305 static void test8077155() throws Exception { |
|
306 final String username = WEB_USER; |
|
307 final char[] password = WEB_PASS; |
|
308 |
|
309 SecurityManager security = new SecurityManager(); |
|
310 Policy.setPolicy(new SecurityPolicy()); |
|
311 System.setSecurityManager(security); |
|
312 |
|
313 CallbackHandler callback = new CallbackHandler() { |
|
314 @Override |
|
315 public void handle(Callback[] pCallbacks) throws IOException, UnsupportedCallbackException { |
|
316 for (Callback cb : pCallbacks) { |
|
317 if (cb instanceof NameCallback) { |
|
318 NameCallback ncb = (NameCallback)cb; |
|
319 ncb.setName(username); |
|
320 |
|
321 } else if (cb instanceof PasswordCallback) { |
|
322 PasswordCallback pwdcb = (PasswordCallback) cb; |
|
323 pwdcb.setPassword(password); |
|
324 } |
|
325 } |
|
326 } |
|
327 |
|
328 }; |
|
329 |
|
330 final String jaasConfigName = "oracle.test.kerberos.login"; |
|
331 final String krb5LoginModule = "com.sun.security.auth.module.Krb5LoginModule"; |
|
332 |
|
333 Configuration loginConfig = new Configuration() { |
|
334 @Override |
|
335 public AppConfigurationEntry[] getAppConfigurationEntry(String name) { |
|
336 if (! jaasConfigName.equals(name)) { |
|
337 return new AppConfigurationEntry[0]; |
|
338 } |
|
339 |
|
340 Map<String, String> options = new HashMap<String, String>(); |
|
341 options.put("useTicketCache", Boolean.FALSE.toString()); |
|
342 options.put("useKeyTab", Boolean.FALSE.toString()); |
|
343 |
|
344 return new AppConfigurationEntry[] { |
|
345 new AppConfigurationEntry(krb5LoginModule, |
|
346 LoginModuleControlFlag.REQUIRED, |
|
347 options) |
|
348 }; |
|
349 } |
|
350 }; |
|
351 |
|
352 // oracle context/subject/login |
|
353 LoginContext context = null; |
|
354 try { |
|
355 context = new LoginContext("oracle.test.kerberos.login", null, callback, loginConfig); |
|
356 context.login(); |
|
357 |
|
358 } catch (LoginException ex) { |
|
359 ex.printStackTrace(); |
|
360 throw new RuntimeException(ex); |
|
361 } |
|
362 |
|
363 |
|
364 Subject subject = context.getSubject(); |
|
365 |
|
366 final PrivilegedExceptionAction<Object> test_action = new PrivilegedExceptionAction<Object>() { |
|
367 public Object run() throws Exception { |
|
368 testConnect(); |
|
369 return null; |
|
370 } |
|
371 }; |
|
372 |
|
373 System.err.println("\n\nExpecting to succeed when executing with the the logged in subject."); |
|
374 |
|
375 try { |
|
376 Subject.doAs(subject, test_action); |
|
377 System.err.println("\n\nConnection succeed when executing with the the logged in subject."); |
|
378 } catch (PrivilegedActionException e) { |
|
379 System.err.println("\n\nFailure unexpected when executing with the the logged in subject."); |
|
380 e.printStackTrace(); |
|
381 throw new RuntimeException("Failed to login as subject"); |
|
382 } |
|
383 |
|
384 try { |
|
385 System.err.println("\n\nExpecting to fail when running with the current user's login."); |
|
386 testConnect(); |
|
387 } catch (Exception ex) { |
|
388 System.err.println("\nConnect failed when running with the current user's login:\n" + ex.getMessage()); |
254 } |
389 } |
255 } |
390 } |
256 |
391 |
257 /** |
392 /** |
258 * Creates and starts an HTTP or proxy server that requires |
393 * Creates and starts an HTTP or proxy server that requires |