Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

GSSManager instance is obtained at init time instead on every authent…

…ication request
  • Loading branch information...
commit 42b8db103bf30b29a147f20a09316229ce5fe7ab 1 parent 33d7f8a
@tucu00 tucu00 authored
View
1  CHANGES.txt
@@ -1,5 +1,6 @@
-- Alfredo 0.1.1 release
+- GSSManager instance is obtained at init time instead on every authentication request
- Add AuthenticatedURL.Token constructor that takes a string representation of a token
- Improved documentation
View
16 alfredo/src/main/java/com/cloudera/alfredo/server/KerberosAuthenticationHandler.java
@@ -119,6 +119,7 @@ public KerberosConfiguration(String keytab, String principal) {
private String principal;
private String keytab;
+ private GSSManager gssManager;
private LoginContext loginContext;
/**
@@ -156,6 +157,19 @@ public void init(Properties config) throws ServletException {
loginContext = new LoginContext("", subject, null, kerberosConfiguration);
loginContext.login();
+ Subject serverSubject = loginContext.getSubject();
+ try {
+ gssManager = Subject.doAs(serverSubject, new PrivilegedExceptionAction<GSSManager>() {
+
+ @Override
+ public GSSManager run() throws Exception {
+ return GSSManager.getInstance();
+ }
+ });
+ }
+ catch (PrivilegedActionException ex) {
+ throw ex.getException();
+ }
LOG.info("Initialized, principal [{}] from keytab [{}]", principal, keytab);
}
catch (Exception ex) {
@@ -240,7 +254,7 @@ public AuthenticationToken run() throws Exception {
AuthenticationToken token = null;
GSSContext gssContext = null;
try {
- gssContext = GSSManager.getInstance().createContext((GSSCredential) null);
+ gssContext = gssManager.createContext((GSSCredential) null);
byte[] serverToken = gssContext.acceptSecContext(clientToken, 0, clientToken.length);
if (serverToken != null && serverToken.length > 0) {
String authenticate = base64.encodeToString(serverToken);
Please sign in to comment.
Something went wrong with that request. Please try again.