View Javadoc
1   /*
2    * DavMail POP/IMAP/SMTP/CalDav/LDAP Exchange Gateway
3    * Copyright (C) 2012  Mickael Guessant
4    *
5    * This program is free software; you can redistribute it and/or
6    * modify it under the terms of the GNU General Public License
7    * as published by the Free Software Foundation; either version 2
8    * of the License, or (at your option) any later version.
9    *
10   * This program is distributed in the hope that it will be useful,
11   * but WITHOUT ANY WARRANTY; without even the implied warranty of
12   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13   * GNU General Public License for more details.
14   *
15   * You should have received a copy of the GNU General Public License
16   * along with this program; if not, write to the Free Software
17   * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
18   */
19  package davmail.http;
20  
21  import org.apache.log4j.Logger;
22  
23  import javax.security.auth.login.AppConfigurationEntry;
24  import javax.security.auth.login.Configuration;
25  import java.util.HashMap;
26  
27  /**
28   * Custom JAAS login configuration.
29   * Equivalent to the following configuration:
30   * spnego-client {
31   * com.sun.security.auth.module.Krb5LoginModule required useTicketCache=true renewTGT=true;
32   * };
33   * spnego-server {
34   * com.sun.security.auth.module.Krb5LoginModule required isInitiator=false useKeyTab=false storeKey=true;
35   * };
36   * <p/>
37   */
38  public class KerberosLoginConfiguration extends Configuration {
39      protected static final Logger LOGGER = Logger.getLogger(KerberosLoginConfiguration.class);
40      protected static final AppConfigurationEntry[] CLIENT_LOGIN_MODULE;
41      protected static final AppConfigurationEntry[] SERVER_LOGIN_MODULE;
42  
43      static {
44          HashMap<String, String> clientLoginModuleOptions = new HashMap<String, String>();
45          if (LOGGER.isDebugEnabled()) {
46              clientLoginModuleOptions.put("debug", "true");
47          }
48  
49          clientLoginModuleOptions.put("useTicketCache", "true");
50          clientLoginModuleOptions.put("renewTGT", "true");
51          //clientLoginModuleOptions.put("doNotPrompt", "true");
52          String krb5ccName = System.getenv().get("KRB5CCNAME");
53          if (krb5ccName != null && krb5ccName.length() > 0) {
54              clientLoginModuleOptions.put("ticketCache", krb5ccName);
55          }
56          //clientLoginModuleOptions.put("ticketCache", FileCredentialsCache.getDefaultCacheName());
57          //clientLoginModuleOptions.put("refreshKrb5Config", "true");
58          //clientLoginModuleOptions.put("storeKey", "true");
59          CLIENT_LOGIN_MODULE = new AppConfigurationEntry[]{new AppConfigurationEntry(
60                  "com.sun.security.auth.module.Krb5LoginModule",
61                  AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
62                  clientLoginModuleOptions)};
63  
64          HashMap<String, String> serverLoginModuleOptions = new HashMap<String, String>();
65          if (LOGGER.isDebugEnabled()) {
66              serverLoginModuleOptions.put("debug", "true");
67          }
68  
69          serverLoginModuleOptions.put("isInitiator", "false"); // acceptor (server) mode
70          serverLoginModuleOptions.put("useKeyTab", "false"); // do not use credentials stored in keytab file
71          serverLoginModuleOptions.put("storeKey", "true"); // store credentials in subject
72          SERVER_LOGIN_MODULE = new AppConfigurationEntry[]{new AppConfigurationEntry(
73                  "com.sun.security.auth.module.Krb5LoginModule",
74                  AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
75                  serverLoginModuleOptions)};
76      }
77  
78      @Override
79      public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
80          if ("spnego-client".equals(name)) {
81              return CLIENT_LOGIN_MODULE;
82          } else if ("spnego-server".equals(name)) {
83              return SERVER_LOGIN_MODULE;
84          } else {
85              return null;
86          }
87      }
88  
89      @Override
90      public void refresh() {
91          // nothing to do
92      }
93  }