Java Code Examples for org.ietf.jgss.GSSException#getMessage()

The following examples show how to use org.ietf.jgss.GSSException#getMessage() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: BrokerGateway.java    From gcp-token-broker with Apache License 2.0 6 votes vote down vote up
public void setSPNEGOToken() {
    String encodedToken;
    try {
        encodedToken = BaseEncoding.base64().encode(SpnegoUtils.newSPNEGOToken(serverInfo.getKerberosPrincipal()));
    } catch (GSSException e) {
        // Clean up the channel before re-throwing the exception
        managedChannel.shutdownNow();
        throw new RuntimeException(
            "Failed creating a SPNEGO token. Make sure that you have run kinit and that your Kerberos configuration is correct. See the full Kerberos error message: " + e.getMessage());
    }

    // Set the 'authorization' header with the SPNEGO token
    Metadata metadata = new Metadata();
    Metadata.Key<String> key = Metadata.Key.of("authorization", Metadata.ASCII_STRING_MARSHALLER);
    metadata.put(key, "Negotiate " + encodedToken);
    stub = MetadataUtils.attachHeaders(stub, metadata);
}
 
Example 2
Source File: TdsCore.java    From jTDS with GNU Lesser General Public License v2.1 6 votes vote down vote up
/**
 * Send the next GSS authentication token.
 *
 * @throws IOException
 */
private void sendGssToken()
   throws IOException
{
   try
   {
      byte gssMessage[] = _gssContext.initSecContext( ntlmMessage, 0, ntlmMessage.length );

      if( _gssContext.isEstablished() )
      {
         Logger.println( "GSS: Security context established." );
      }

      if( gssMessage != null )
      {
         Logger.println( "GSS: Sending token (length: " + ntlmMessage.length + ")" );
         out.setPacketType( NTLMAUTH_PKT );
         out.write( gssMessage );
         out.flush();
      }
   }
   catch( GSSException e )
   {
      throw new IOException( "GSS failure: " + e.getMessage() );
   }
}
 
Example 3
Source File: HTTPKerberosAuthInterceptor.java    From java-client-api with Apache License 2.0 6 votes vote down vote up
@Override
public Object run() {
  try {
    Oid krb5Mechanism = new Oid("1.2.840.113554.1.2.2");
    Oid krb5PrincipalNameType = new Oid("1.2.840.113554.1.2.2.1");
    final GSSManager manager = GSSManager.getInstance();
    final GSSName clientName = manager.createName(clientPrincipalName, krb5PrincipalNameType);
    final GSSCredential clientCred = manager.createCredential(clientName, 8 * 3600, krb5Mechanism,
        GSSCredential.INITIATE_ONLY);
    final GSSName serverName = manager.createName(serverPrincipalName, krb5PrincipalNameType);

    final GSSContext context = manager.createContext(serverName, krb5Mechanism, clientCred,
        GSSContext.DEFAULT_LIFETIME);
    byte[] inToken = new byte[0];
    byte[] outToken = context.initSecContext(inToken, 0, inToken.length);
    if (outToken == null) {
      throw new FailedRequestException("could not initialize the security context");
    }
    context.requestMutualAuth(true);
    outputToken.append(new String(Base64.getEncoder().encode(outToken)));
    context.dispose();
  } catch (GSSException exception) {
    throw new FailedRequestException(exception.getMessage(), exception);
  }
  return null;
}
 
Example 4
Source File: GGSSchemeBase.java    From ats-framework with Apache License 2.0 4 votes vote down vote up
@Override
public Header authenticate(
                            final Credentials credentials,
                            final HttpRequest request,
                            final HttpContext context ) throws AuthenticationException {

    if (request == null) {
        throw new IllegalArgumentException("HTTP request may not be null");
    }
    switch (state) {
        case UNINITIATED:
            throw new AuthenticationException(getSchemeName() + " authentication has not been initiated");
        case FAILED:
            throw new AuthenticationException(getSchemeName() + " authentication has failed");
        case CHALLENGE_RECEIVED:
            try {
                token = generateToken(token);
                state = State.TOKEN_GENERATED;
            } catch (GSSException gsse) {
                state = State.FAILED;
                if (gsse.getMajor() == GSSException.DEFECTIVE_CREDENTIAL
                    || gsse.getMajor() == GSSException.CREDENTIALS_EXPIRED)
                    throw new InvalidCredentialsException(gsse.getMessage(), gsse);
                if (gsse.getMajor() == GSSException.NO_CRED)
                    throw new InvalidCredentialsException(gsse.getMessage(), gsse);
                if (gsse.getMajor() == GSSException.DEFECTIVE_TOKEN
                    || gsse.getMajor() == GSSException.DUPLICATE_TOKEN
                    || gsse.getMajor() == GSSException.OLD_TOKEN)
                    throw new AuthenticationException(gsse.getMessage(), gsse);
                // other error
                throw new AuthenticationException(gsse.getMessage());
            }
            // continue to next case block
        case TOKEN_GENERATED:
            String tokenstr = new String(base64codec.encode(token));
            if (log.isDebugEnabled()) {
                log.debug("Sending response '" + tokenstr + "' back to the auth server");
            }
            return new BasicHeader("Authorization", "Negotiate " + tokenstr);
        default:
            throw new IllegalStateException("Illegal state: " + state);
    }
}