From e7cc1c3e58c78a1dceca67915f86965dc0be4045 Mon Sep 17 00:00:00 2001 From: mposolda Date: Fri, 6 Mar 2015 18:05:18 +0100 Subject: [PATCH] Minor enhancements in kerberos example --- .../example/kerberos/GSSCredentialsClient.java | 12 ++++++------ examples/kerberos/src/main/webapp/index.jsp | 4 ++-- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/examples/kerberos/src/main/java/org/keycloak/example/kerberos/GSSCredentialsClient.java b/examples/kerberos/src/main/java/org/keycloak/example/kerberos/GSSCredentialsClient.java index 19fbf910c0..3017b1e7a3 100644 --- a/examples/kerberos/src/main/java/org/keycloak/example/kerberos/GSSCredentialsClient.java +++ b/examples/kerberos/src/main/java/org/keycloak/example/kerberos/GSSCredentialsClient.java @@ -24,9 +24,9 @@ import org.keycloak.util.KerberosSerializationUtils; * * We can use GSSCredential to further GSS API calls . Note that if you will use GSS API directly, you can * attach GSSCredential when creating GSSContext like this: - * GSSContext context = gssManager.createContext(serviceName, krb5Oid, deserializedGssCredFromKeycloakAccessToken, GSSContext.DEFAULT_LIFETIME); + * GSSContext context = gssManager.createContext(serviceName, KerberosSerializationUtils.KRB5_OID, deserializedGssCredential, GSSContext.DEFAULT_LIFETIME); * - * In this example we will authenticate with GSSCredential against LDAP server, which calls GSS API under the hood + * In this example we authenticate against LDAP server, which calls GSS API under the hood when credential is attached to env under Sasl.CREDENTIALS key * * @author Marek Posolda */ @@ -38,10 +38,10 @@ public class GSSCredentialsClient { String username = accessToken.getPreferredUsername(); // Retrieve kerberos credential from accessToken and deserialize it - String serializedGssCredential = (String) keycloakPrincipal.getKeycloakSecurityContext().getToken().getOtherClaims().get(KerberosConstants.GSS_DELEGATION_CREDENTIAL); - GSSCredential gssCredential = KerberosSerializationUtils.deserializeCredential(serializedGssCredential); + String serializedGssCredential = (String) accessToken.getOtherClaims().get(KerberosConstants.GSS_DELEGATION_CREDENTIAL); + GSSCredential deserializedGssCredential = KerberosSerializationUtils.deserializeCredential(serializedGssCredential); - // First try to invoke without gssCredential. It should fail + // First try to invoke without gssCredential. It should fail. This is here just for illustration purposes try { invokeLdap(null, username); throw new RuntimeException("Not expected to authenticate to LDAP without credential"); @@ -49,7 +49,7 @@ public class GSSCredentialsClient { System.out.println("GSSCredentialsClient: Expected exception: " + nse.getMessage()); } - return invokeLdap(gssCredential, username); + return invokeLdap(deserializedGssCredential, username); } private static LDAPUser invokeLdap(GSSCredential gssCredential, String username) throws NamingException { diff --git a/examples/kerberos/src/main/webapp/index.jsp b/examples/kerberos/src/main/webapp/index.jsp index 933b1d5f57..c1df8f0878 100644 --- a/examples/kerberos/src/main/webapp/index.jsp +++ b/examples/kerberos/src/main/webapp/index.jsp @@ -20,7 +20,7 @@ String logoutUri = KeycloakUriBuilder.fromUri("/auth").path(ServiceUrlConstants.TOKEN_SERVICE_LOGOUT_PATH) .queryParam("redirect_uri", "/kerberos-portal").build("kerberos-demo").toString(); %> - List of users from LDAP | Logout
+ Details about user from LDAP | Logout
<% try { @@ -30,7 +30,7 @@ out.println("

sn: " + ldapUser.getSn() + "

"); } catch (Exception e) { e.printStackTrace(); - out.println("There was a failure invoking LDAP. Check server.log for more details"); + out.println("There was a failure in retrieve GSS credential or invoking LDAP. Check server.log for more details"); } %>