Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_jdk
提交
27a9d6bb
D
dragonwell8_jdk
项目概览
openanolis
/
dragonwell8_jdk
通知
4
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_jdk
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
27a9d6bb
编写于
11月 13, 2017
作者:
I
igerasim
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
8186600: Improve property negotiations
Reviewed-by: valeriep, ahgross, mullan
上级
e51bd75a
变更
3
隐藏空白更改
内联
并排
Showing
3 changed file
with
44 addition
and
32 deletion
+44
-32
src/share/classes/sun/net/www/protocol/http/spnego/NegotiateCallbackHandler.java
...et/www/protocol/http/spnego/NegotiateCallbackHandler.java
+17
-13
src/share/classes/sun/security/jgss/GSSUtil.java
src/share/classes/sun/security/jgss/GSSUtil.java
+10
-17
src/share/classes/sun/security/jgss/LoginConfigImpl.java
src/share/classes/sun/security/jgss/LoginConfigImpl.java
+17
-2
未找到文件。
src/share/classes/sun/net/www/protocol/http/spnego/NegotiateCallbackHandler.java
浏览文件 @
27a9d6bb
/*
/*
* Copyright (c) 2005, 201
0
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 201
7
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
*
* This code is free software; you can redistribute it and/or modify it
* This code is free software; you can redistribute it and/or modify it
...
@@ -35,6 +35,7 @@ import javax.security.auth.callback.NameCallback;
...
@@ -35,6 +35,7 @@ import javax.security.auth.callback.NameCallback;
import
javax.security.auth.callback.PasswordCallback
;
import
javax.security.auth.callback.PasswordCallback
;
import
javax.security.auth.callback.UnsupportedCallbackException
;
import
javax.security.auth.callback.UnsupportedCallbackException
;
import
sun.net.www.protocol.http.HttpCallerInfo
;
import
sun.net.www.protocol.http.HttpCallerInfo
;
import
sun.security.jgss.LoginConfigImpl
;
/**
/**
* @since 1.6
* @since 1.6
...
@@ -61,18 +62,21 @@ public class NegotiateCallbackHandler implements CallbackHandler {
...
@@ -61,18 +62,21 @@ public class NegotiateCallbackHandler implements CallbackHandler {
private
void
getAnswer
()
{
private
void
getAnswer
()
{
if
(!
answered
)
{
if
(!
answered
)
{
answered
=
true
;
answered
=
true
;
PasswordAuthentication
passAuth
=
Authenticator
.
requestPasswordAuthentication
(
if
(
LoginConfigImpl
.
HTTP_USE_GLOBAL_CREDS
)
{
hci
.
host
,
hci
.
addr
,
hci
.
port
,
hci
.
protocol
,
PasswordAuthentication
passAuth
=
hci
.
prompt
,
hci
.
scheme
,
hci
.
url
,
hci
.
authType
);
Authenticator
.
requestPasswordAuthentication
(
/**
hci
.
host
,
hci
.
addr
,
hci
.
port
,
hci
.
protocol
,
* To be compatible with existing callback handler implementations,
hci
.
prompt
,
hci
.
scheme
,
hci
.
url
,
hci
.
authType
);
* when the underlying Authenticator is canceled, username and
/**
* password are assigned null. No exception is thrown.
* To be compatible with existing callback handler implementations,
*/
* when the underlying Authenticator is canceled, username and
if
(
passAuth
!=
null
)
{
* password are assigned null. No exception is thrown.
username
=
passAuth
.
getUserName
();
*/
password
=
passAuth
.
getPassword
();
if
(
passAuth
!=
null
)
{
username
=
passAuth
.
getUserName
();
password
=
passAuth
.
getPassword
();
}
}
}
}
}
}
}
...
...
src/share/classes/sun/security/jgss/GSSUtil.java
浏览文件 @
27a9d6bb
/*
/*
* Copyright (c) 2000, 201
1
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 201
7
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
*
* This code is free software; you can redistribute it and/or modify it
* This code is free software; you can redistribute it and/or modify it
...
@@ -270,24 +270,17 @@ public class GSSUtil {
...
@@ -270,24 +270,17 @@ public class GSSUtil {
*/
*/
public
static
boolean
useSubjectCredsOnly
(
GSSCaller
caller
)
{
public
static
boolean
useSubjectCredsOnly
(
GSSCaller
caller
)
{
// HTTP/SPNEGO doesn't use the standard JAAS framework. Instead, it
String
propValue
=
GetPropertyAction
.
privilegedGetProperty
(
// uses the java.net.Authenticator style, therefore always return
"javax.security.auth.useSubjectCredsOnly"
);
// false here.
// Invalid values should be ignored and the default assumed.
if
(
caller
instanceof
HttpCaller
)
{
if
(
caller
instanceof
HttpCaller
)
{
return
false
;
// Default for HTTP/SPNEGO is false.
return
"true"
.
equalsIgnoreCase
(
propValue
);
}
else
{
// Default for JGSS is true.
return
!(
"false"
.
equalsIgnoreCase
(
propValue
));
}
}
/*
* Don't use GetBooleanAction because the default value in the JRE
* (when this is unset) has to treated as true.
*/
String
propValue
=
AccessController
.
doPrivileged
(
new
GetPropertyAction
(
"javax.security.auth.useSubjectCredsOnly"
,
"true"
));
/*
* This property has to be explicitly set to "false". Invalid
* values should be ignored and the default "true" assumed.
*/
return
(!
propValue
.
equalsIgnoreCase
(
"false"
));
}
}
/**
/**
...
...
src/share/classes/sun/security/jgss/LoginConfigImpl.java
浏览文件 @
27a9d6bb
/*
/*
* Copyright (c) 2005, 201
3
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 201
7
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
*
* This code is free software; you can redistribute it and/or modify it
* This code is free software; you can redistribute it and/or modify it
...
@@ -29,6 +29,7 @@ import java.util.HashMap;
...
@@ -29,6 +29,7 @@ import java.util.HashMap;
import
javax.security.auth.login.AppConfigurationEntry
;
import
javax.security.auth.login.AppConfigurationEntry
;
import
javax.security.auth.login.Configuration
;
import
javax.security.auth.login.Configuration
;
import
org.ietf.jgss.Oid
;
import
org.ietf.jgss.Oid
;
import
sun.security.action.GetPropertyAction
;
/**
/**
* A Configuration implementation especially designed for JGSS.
* A Configuration implementation especially designed for JGSS.
...
@@ -44,6 +45,16 @@ public class LoginConfigImpl extends Configuration {
...
@@ -44,6 +45,16 @@ public class LoginConfigImpl extends Configuration {
private
static
final
sun
.
security
.
util
.
Debug
debug
=
private
static
final
sun
.
security
.
util
.
Debug
debug
=
sun
.
security
.
util
.
Debug
.
getInstance
(
"gssloginconfig"
,
"\t[GSS LoginConfigImpl]"
);
sun
.
security
.
util
.
Debug
.
getInstance
(
"gssloginconfig"
,
"\t[GSS LoginConfigImpl]"
);
public
static
final
boolean
HTTP_USE_GLOBAL_CREDS
;
static
{
String
prop
=
GetPropertyAction
.
privilegedGetProperty
(
"http.use.global.creds"
);
//HTTP_USE_GLOBAL_CREDS = "true".equalsIgnoreCase(prop); // default false
HTTP_USE_GLOBAL_CREDS
=
!
"false"
.
equalsIgnoreCase
(
prop
);
// default true
}
/**
/**
* A new instance of LoginConfigImpl must be created for each login request
* A new instance of LoginConfigImpl must be created for each login request
* since it's only used by a single (caller, mech) pair
* since it's only used by a single (caller, mech) pair
...
@@ -178,7 +189,11 @@ public class LoginConfigImpl extends Configuration {
...
@@ -178,7 +189,11 @@ public class LoginConfigImpl extends Configuration {
options
.
put
(
"principal"
,
"*"
);
options
.
put
(
"principal"
,
"*"
);
options
.
put
(
"isInitiator"
,
"false"
);
options
.
put
(
"isInitiator"
,
"false"
);
}
else
{
}
else
{
options
.
put
(
"useTicketCache"
,
"true"
);
if
(
caller
instanceof
HttpCaller
&&
!
HTTP_USE_GLOBAL_CREDS
)
{
options
.
put
(
"useTicketCache"
,
"false"
);
}
else
{
options
.
put
(
"useTicketCache"
,
"true"
);
}
options
.
put
(
"doNotPrompt"
,
"false"
);
options
.
put
(
"doNotPrompt"
,
"false"
);
}
}
return
new
AppConfigurationEntry
[]
{
return
new
AppConfigurationEntry
[]
{
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录