Transferring a secure context
Olfmatic
olfmatic at web.de
Tue Sep 5 12:57:30 EDT 2006
Hello,
I am trying to transfer a secure GSSContext after I established it so I can use it later to encrypt a session ID. But when I want to do this with the recreated GSSContext, I get an exception that says, that the mechanism context wasn't set yet. What am I doing wrong?
This is how I do it:
Method 1 establishes the context and saves it as byte array into a HashMap:
LoginContext tLoginContext = new LoginContext("Krb5Login");
tLoginContext.login();
Subject tSubject = tLoginContext.getSubject();
Object tObject = Subject.doAs(tSubject, new PrivilegedExceptionAction()
{
public Object run() throws Exception
{
try
{
GSSManager tGSSManager = GSSManager.getInstance();
GSSName tServerName = tGSSManager.createName(tServiceUrl, GSSName.NT_USER_NAME);
GSSCredential tServerCredential = tGSSManager.createCredential(tServerName,
GSSCredential.INDEFINITE_LIFETIME, new Krb5MechFactory().getMechanismOid(),
GSSCredential.ACCEPT_ONLY);
GSSContext tSecureContext = tGSSManager.createContext(tServerCredential);
byte [] tInToken = aToken;
byte [] tOutToken = tSecureContext.acceptSecContext(tInToken, 0, tInToken.length);
byte [] tSerializedSecureContext = tSecureContext.export();
String tUserName = StringHelper.getBeforeDivider(tSecureContext.getSrcName().toString(), "@");
AISessionManager.getInstance().addSecureContext(tUserName, tSerializedSecureContext);
return tOutToken;
}
catch (GSSException aException)
{
String tMessage = aException.getMessage();
cCat.error(tMessage);
cCat.debug(tMessage, aException);
throw aException;
}
}
});
Method 2 tries to get it from the Map:
String tSessionID = OIDFactory.getInstance().createOID("ClientUserSessionID");
byte [] tContextToken = AISessionManager.getInstance().getAndRemoveSecureContext(aUserKey);
GSSContext tSecureContext = GSSManager.getInstance().createContext(tContextToken);
byte [] tSessionIDBytes = tSessionID.getBytes();
byte[] tEncryptedSessionID = tSecureContext.wrap(tSessionIDBytes, 0, tSessionIDBytes.length,
new MessageProp(0, true));
tSecureContext.dispose();
But as soon as I call wrap() I get following exception:
GSSException: No mechanism context yet!
at sun.security.jgss.GSSContextImpl.wrap(GSSContextImpl.java:344)
at de.sepp.workserver.user.SessionFacadeBean.requestEncryptedSessionID(SessionFacadeBean.java:825)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.jboss.ejb.StatelessSessionContainer$ContainerInterceptor.invoke(StatelessSessionContainer.java:629)
at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:186)
at org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor.invoke(StatelessSessionInstanceInterceptor.java:72)
at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:84)
at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:273)
at org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInterceptorCMT.java:104)
at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:117)
at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:191)
at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:122)
at org.jboss.ejb.plugins.AbstractInterceptor.invoke(AbstractInterceptor.java:94)
Do I have to perform another Kerberos-Login in method 2 and execute the code seen above in a Subject.doAs()?
Thank you for any help.
Florian
More information about the Kerberos
mailing list