feat(jdk8): move files to new folder to avoid resources compiled.
This commit is contained in:
213
jdkSrc/jdk8/sun/security/jgss/LoginConfigImpl.java
Normal file
213
jdkSrc/jdk8/sun/security/jgss/LoginConfigImpl.java
Normal file
@@ -0,0 +1,213 @@
|
||||
/*
|
||||
* Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License version 2 only, as
|
||||
* published by the Free Software Foundation. Oracle designates this
|
||||
* particular file as subject to the "Classpath" exception as provided
|
||||
* by Oracle in the LICENSE file that accompanied this code.
|
||||
*
|
||||
* This code is distributed in the hope that it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* version 2 for more details (a copy is included in the LICENSE file that
|
||||
* accompanied this code).
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License version
|
||||
* 2 along with this work; if not, write to the Free Software Foundation,
|
||||
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*
|
||||
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||||
* or visit www.oracle.com if you need additional information or have any
|
||||
* questions.
|
||||
*/
|
||||
|
||||
package sun.security.jgss;
|
||||
|
||||
import java.util.HashMap;
|
||||
import javax.security.auth.login.AppConfigurationEntry;
|
||||
import javax.security.auth.login.Configuration;
|
||||
import org.ietf.jgss.Oid;
|
||||
import sun.security.action.GetPropertyAction;
|
||||
|
||||
/**
|
||||
* A Configuration implementation especially designed for JGSS.
|
||||
*
|
||||
* @author weijun.wang
|
||||
* @since 1.6
|
||||
*/
|
||||
public class LoginConfigImpl extends Configuration {
|
||||
|
||||
private final Configuration config;
|
||||
private final GSSCaller caller;
|
||||
private final String mechName;
|
||||
private static final sun.security.util.Debug debug =
|
||||
sun.security.util.Debug.getInstance("gssloginconfig", "\t[GSS LoginConfigImpl]");
|
||||
|
||||
public static final boolean HTTP_USE_GLOBAL_CREDS;
|
||||
|
||||
static {
|
||||
String prop = GetPropertyAction
|
||||
.privilegedGetProperty("http.use.global.creds");
|
||||
//HTTP_USE_GLOBAL_CREDS = "true".equalsIgnoreCase(prop); // default false
|
||||
HTTP_USE_GLOBAL_CREDS = !"false".equalsIgnoreCase(prop); // default true
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* A new instance of LoginConfigImpl must be created for each login request
|
||||
* since it's only used by a single (caller, mech) pair
|
||||
* @param caller defined in GSSUtil as CALLER_XXX final fields
|
||||
* @param mech defined in GSSUtil as XXX_MECH_OID final fields
|
||||
*/
|
||||
public LoginConfigImpl(GSSCaller caller, Oid mech) {
|
||||
|
||||
this.caller = caller;
|
||||
|
||||
if (mech.equals(GSSUtil.GSS_KRB5_MECH_OID)) {
|
||||
mechName = "krb5";
|
||||
} else {
|
||||
throw new IllegalArgumentException(mech.toString() + " not supported");
|
||||
}
|
||||
config = java.security.AccessController.doPrivileged
|
||||
(new java.security.PrivilegedAction <Configuration> () {
|
||||
public Configuration run() {
|
||||
return Configuration.getConfiguration();
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
* @param name Almost useless, since the (caller, mech) is already passed
|
||||
* into constructor. The only use will be detecting OTHER which
|
||||
* is called in LoginContext
|
||||
*/
|
||||
public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
|
||||
|
||||
AppConfigurationEntry[] entries = null;
|
||||
|
||||
// This is the second call from LoginContext, which we will just ignore
|
||||
if ("OTHER".equalsIgnoreCase(name)) {
|
||||
return null;
|
||||
}
|
||||
|
||||
String[] alts = null;
|
||||
|
||||
// Compatibility:
|
||||
// For the 4 old callers, old entry names will be used if the new
|
||||
// entry name is not provided.
|
||||
|
||||
if ("krb5".equals(mechName)) {
|
||||
if (caller == GSSCaller.CALLER_INITIATE) {
|
||||
alts = new String[] {
|
||||
"com.sun.security.jgss.krb5.initiate",
|
||||
"com.sun.security.jgss.initiate",
|
||||
};
|
||||
} else if (caller == GSSCaller.CALLER_ACCEPT) {
|
||||
alts = new String[] {
|
||||
"com.sun.security.jgss.krb5.accept",
|
||||
"com.sun.security.jgss.accept",
|
||||
};
|
||||
} else if (caller == GSSCaller.CALLER_SSL_CLIENT) {
|
||||
alts = new String[] {
|
||||
"com.sun.security.jgss.krb5.initiate",
|
||||
"com.sun.net.ssl.client",
|
||||
};
|
||||
} else if (caller == GSSCaller.CALLER_SSL_SERVER) {
|
||||
alts = new String[] {
|
||||
"com.sun.security.jgss.krb5.accept",
|
||||
"com.sun.net.ssl.server",
|
||||
};
|
||||
} else if (caller instanceof HttpCaller) {
|
||||
alts = new String[] {
|
||||
"com.sun.security.jgss.krb5.initiate",
|
||||
};
|
||||
} else if (caller == GSSCaller.CALLER_UNKNOWN) {
|
||||
throw new AssertionError("caller not defined");
|
||||
}
|
||||
} else {
|
||||
throw new IllegalArgumentException(mechName + " not supported");
|
||||
// No other mech at the moment, maybe --
|
||||
/*
|
||||
switch (caller) {
|
||||
case GSSUtil.CALLER_INITIATE:
|
||||
case GSSUtil.CALLER_SSL_CLIENT:
|
||||
case GSSUtil.CALLER_HTTP_NEGOTIATE:
|
||||
alts = new String[] {
|
||||
"com.sun.security.jgss." + mechName + ".initiate",
|
||||
};
|
||||
break;
|
||||
case GSSUtil.CALLER_ACCEPT:
|
||||
case GSSUtil.CALLER_SSL_SERVER:
|
||||
alts = new String[] {
|
||||
"com.sun.security.jgss." + mechName + ".accept",
|
||||
};
|
||||
break;
|
||||
case GSSUtil.CALLER_UNKNOWN:
|
||||
// should never use
|
||||
throw new AssertionError("caller cannot be unknown");
|
||||
default:
|
||||
throw new AssertionError("caller not defined");
|
||||
}
|
||||
*/
|
||||
}
|
||||
for (String alt: alts) {
|
||||
entries = config.getAppConfigurationEntry(alt);
|
||||
if (debug != null) {
|
||||
debug.println("Trying " + alt +
|
||||
((entries == null)?": does not exist.":": Found!"));
|
||||
}
|
||||
if (entries != null) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (entries == null) {
|
||||
if (debug != null) {
|
||||
debug.println("Cannot read JGSS entry, use default values instead.");
|
||||
}
|
||||
entries = getDefaultConfigurationEntry();
|
||||
}
|
||||
return entries;
|
||||
}
|
||||
|
||||
/**
|
||||
* Default value for a caller-mech pair when no entry is defined in
|
||||
* the system-wide Configuration object.
|
||||
*/
|
||||
private AppConfigurationEntry[] getDefaultConfigurationEntry() {
|
||||
HashMap <String, String> options = new HashMap <String, String> (2);
|
||||
|
||||
if (mechName == null || mechName.equals("krb5")) {
|
||||
if (isServerSide(caller)) {
|
||||
// Assuming the keytab file can be found through
|
||||
// krb5 config file or under user home directory
|
||||
options.put("useKeyTab", "true");
|
||||
options.put("storeKey", "true");
|
||||
options.put("doNotPrompt", "true");
|
||||
options.put("principal", "*");
|
||||
options.put("isInitiator", "false");
|
||||
} else {
|
||||
if (caller instanceof HttpCaller && !HTTP_USE_GLOBAL_CREDS) {
|
||||
options.put("useTicketCache", "false");
|
||||
} else {
|
||||
options.put("useTicketCache", "true");
|
||||
}
|
||||
options.put("doNotPrompt", "false");
|
||||
}
|
||||
return new AppConfigurationEntry[] {
|
||||
new AppConfigurationEntry(
|
||||
"com.sun.security.auth.module.Krb5LoginModule",
|
||||
AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
|
||||
options)
|
||||
};
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
private static boolean isServerSide (GSSCaller caller) {
|
||||
return GSSCaller.CALLER_ACCEPT == caller ||
|
||||
GSSCaller.CALLER_SSL_SERVER == caller;
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user