Lines 22-27
Link Here
|
22 |
import java.io.IOException; |
22 |
import java.io.IOException; |
23 |
import java.security.Principal; |
23 |
import java.security.Principal; |
24 |
|
24 |
|
|
|
25 |
import javax.security.auth.callback.CallbackHandler; |
26 |
import javax.security.auth.login.LoginContext; |
27 |
import javax.security.auth.login.LoginException; |
28 |
import javax.servlet.http.HttpServletRequest; |
25 |
import javax.servlet.http.HttpServletResponse; |
29 |
import javax.servlet.http.HttpServletResponse; |
26 |
|
30 |
|
27 |
import org.apache.catalina.connector.Request; |
31 |
import org.apache.catalina.connector.Request; |
Lines 33-38
Link Here
|
33 |
import org.apache.tomcat.util.buf.ByteChunk; |
37 |
import org.apache.tomcat.util.buf.ByteChunk; |
34 |
import org.apache.tomcat.util.buf.CharChunk; |
38 |
import org.apache.tomcat.util.buf.CharChunk; |
35 |
import org.apache.tomcat.util.buf.MessageBytes; |
39 |
import org.apache.tomcat.util.buf.MessageBytes; |
|
|
40 |
import org.ietf.jgss.GSSContext; |
41 |
import org.ietf.jgss.GSSCredential; |
42 |
import org.ietf.jgss.GSSException; |
43 |
import org.ietf.jgss.GSSManager; |
44 |
import org.ietf.jgss.GSSName; |
45 |
import org.ietf.jgss.Oid; |
36 |
|
46 |
|
37 |
|
47 |
|
38 |
|
48 |
|
Lines 82-87
Link Here
|
82 |
*/ |
92 |
*/ |
83 |
protected static final String info = |
93 |
protected static final String info = |
84 |
"org.apache.catalina.authenticator.BasicAuthenticator/1.0"; |
94 |
"org.apache.catalina.authenticator.BasicAuthenticator/1.0"; |
|
|
95 |
|
96 |
protected static final String negotiate="org.apache.tomcat.config.NEGOTIATE" ; |
85 |
|
97 |
|
86 |
|
98 |
|
87 |
// ------------------------------------------------------------- Properties |
99 |
// ------------------------------------------------------------- Properties |
Lines 113-125
Link Here
|
113 |
* |
125 |
* |
114 |
* @exception IOException if an input/output error occurs |
126 |
* @exception IOException if an input/output error occurs |
115 |
*/ |
127 |
*/ |
|
|
128 |
|
116 |
public boolean authenticate(Request request, |
129 |
public boolean authenticate(Request request, |
117 |
Response response, |
130 |
Response response, |
118 |
LoginConfig config) |
131 |
LoginConfig config) |
119 |
throws IOException { |
132 |
throws IOException { |
120 |
|
133 |
|
121 |
// Have we already authenticated someone? |
134 |
HttpServletResponse httpResponse=response.getResponse(); |
122 |
Principal principal = request.getUserPrincipal(); |
135 |
HttpServletRequest httpRequest=request.getRequest(); |
|
|
136 |
String header=httpRequest.getHeader("Authorization"); |
137 |
if(System.getProperty(negotiate, "false").equalsIgnoreCase("true")) |
138 |
{ |
139 |
if(header == null) |
140 |
{ |
141 |
httpResponse.setHeader("WWW-Authenticate", "Negotiate"); |
142 |
httpResponse.setStatus(401); |
143 |
return(false); |
144 |
} |
145 |
else |
146 |
if(header!=null&&header.startsWith("Negotiate")) |
147 |
{ |
148 |
Principal principal = request.getUserPrincipal(); |
149 |
String username=header.substring(10); |
150 |
String password=null; |
151 |
principal = context.getRealm().authenticate(username, password); |
152 |
if (principal != null) { |
153 |
register(request, response, principal, Constants.BASIC_METHOD, |
154 |
username, password); |
155 |
return (true); |
156 |
|
157 |
} |
158 |
else |
159 |
request.getCoyoteRequest().getMimeHeaders().removeHeader("authorization"); |
160 |
} |
161 |
} |
162 |
|
163 |
// Have we already authenticated someone? |
164 |
Principal principal = request.getUserPrincipal(); |
123 |
String ssoId = (String) request.getNote(Constants.REQ_SSOID_NOTE); |
165 |
String ssoId = (String) request.getNote(Constants.REQ_SSOID_NOTE); |
124 |
if (principal != null) { |
166 |
if (principal != null) { |
125 |
if (log.isDebugEnabled()) |
167 |
if (log.isDebugEnabled()) |
Lines 154-159
Link Here
|
154 |
.getValue("authorization"); |
196 |
.getValue("authorization"); |
155 |
|
197 |
|
156 |
if (authorization != null) { |
198 |
if (authorization != null) { |
|
|
199 |
System.out.println("In Authorization"); |
157 |
authorization.toBytes(); |
200 |
authorization.toBytes(); |
158 |
ByteChunk authorizationBC = authorization.getByteChunk(); |
201 |
ByteChunk authorizationBC = authorization.getByteChunk(); |
159 |
if (authorizationBC.startsWithIgnoreCase("basic ", 0)) { |
202 |
if (authorizationBC.startsWithIgnoreCase("basic ", 0)) { |
Lines 173-183
Link Here
|
173 |
username = new String(buf, 0, colon); |
216 |
username = new String(buf, 0, colon); |
174 |
password = new String(buf, colon + 1, |
217 |
password = new String(buf, colon + 1, |
175 |
authorizationCC.getEnd() - colon - 1); |
218 |
authorizationCC.getEnd() - colon - 1); |
|
|
219 |
|
220 |
|
176 |
} |
221 |
} |
177 |
|
222 |
|
178 |
authorizationBC.setOffset(authorizationBC.getOffset() - 6); |
223 |
authorizationBC.setOffset(authorizationBC.getOffset() - 6); |
179 |
} |
224 |
} |
180 |
|
225 |
System.out.println("Username in basic authenticator is :" + username); |
|
|
226 |
System.out.println("Password in basic authenticator is :" + password); |
181 |
principal = context.getRealm().authenticate(username, password); |
227 |
principal = context.getRealm().authenticate(username, password); |
182 |
if (principal != null) { |
228 |
if (principal != null) { |
183 |
register(request, response, principal, Constants.BASIC_METHOD, |
229 |
register(request, response, principal, Constants.BASIC_METHOD, |