bug fix for native kerberos libraries
Sean Mullan
sean.mullan at oracle.com
Thu Oct 18 21:26:10 UTC 2012
(Forwarding to security-dev as this should be discussed in that group, not
core-libs).
On 10/18/12 5:02 PM, christos at zoulas.com wrote:
> Hello,
>
> This simple fix allows kerberos authentication to work with:
>
> -Dsun.security.jgss.native=true
>
> and microsoft's sqljdbc 4.0.2206.100 driver.
>
> Enjoy,
>
> christos
>
> --- a/java/src/sun/security/jgss/GSSUtil.java Mon Oct 15 17:43:08 2012 -0400
> +++ b/java/src/sun/security/jgss/GSSUtil.java Mon Oct 15 17:44:28 2012 -0400
> @@ -333,10 +333,19 @@
> Subject accSubj = Subject.getSubject(acc);
> Vector<GSSCredentialSpi> result = null;
> if (accSubj != null) {
> - result = new Vector<GSSCredentialSpi>();
> Iterator<GSSCredentialImpl> iterator =
> accSubj.getPrivateCredentials
> (GSSCredentialImpl.class).iterator();
> + // GSSCredentialImpl is only implemented in
> + // the non-native kerberos implementation,
> + // so if we don't get any elements here
> + // assume native and return null so that
> + // searchSubject does not fail. A better
> + // fix is to implement the code that handles
> + // this in native java.
> + if (!iterator.hasNext())
> + return null;
> + result = new Vector<GSSCredentialSpi>();
> while (iterator.hasNext()) {
> GSSCredentialImpl cred = iterator.next();
> debug("...Found cred" + cred);
>
More information about the core-libs-dev
mailing list