Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

gssapi: reuse existing Subject and GssCredentials #201

Merged
merged 1 commit into from Dec 1, 2014

Conversation

@simkam
Copy link
Contributor

@simkam simkam commented Oct 8, 2014

proposed fix for #200

when Subject exists in AccessControllerContext and contains GssCredential, GssCredential are reused

@simkam simkam changed the title GSS: reuse existing Subject and GssCredentials gssapi: reuse existing Subject and GssCredentials Oct 8, 2014
@ringerc
Copy link
Member

@ringerc ringerc commented Dec 1, 2014

I don't use GSS myself, but this looks like a reasonable change to make, and one that should be harmless for existing users, as it'll fall back to the current codepath in any circumstance that would currently work without throwing an exception.

ringerc added a commit that referenced this pull request Dec 1, 2014
gssapi: Re-use existing Subject and GssCredentials

The current implementation of `MakeGSS.java` always calls JAAS directly. In managed environments like application servers an upper level layer can handle authentication and then call `Driver.connect`. PgJDBC may not have access to the raw GSS credentials, or may be requiring the user to unnecessarily repeat them when the upper layers already have this information.

Allow PgJDBC to query the `AccessControllerContext` for GSS credentials and, if found, use existing credentials. If no `AccessControllerContext` exists, proceed as before, acquiring credentials directly.
@ringerc ringerc merged commit b0e3b6d into pgjdbc:master Dec 1, 2014
1 check passed
1 check passed
continuous-integration/travis-ci The Travis CI build passed
Details
@ringerc
Copy link
Member

@ringerc ringerc commented Dec 1, 2014

Actually, on second thought I'm a little concerned about what happens when there's an AccessControllerContext, but it doesn't have GSS credentials configured, and the user is currently using PgJDBC's own credentials acquisition. Have you tested this case?

@simkam
Copy link
Contributor Author

@simkam simkam commented Dec 1, 2014

No, I haven't tested this scenario, but it would throw PSQLException: GSS No valid credentials in subject. If backward compatibility is concern in this case, it can be changed to fall back to old code.

@ringerc
Copy link
Member

@ringerc ringerc commented Dec 1, 2014

I think that would be preferable. Would you mind sending a follow-up PR?

@simkam
Copy link
Contributor Author

@simkam simkam commented Dec 1, 2014

sure, I'll send it later today/tomorrow

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

2 participants