this.callbackHandler = callbackHandler;
}
private void getTGT() throws WSSecurityException {
try {
KerberosContextAndServiceNameCallback contextAndServiceNameCallback = new KerberosContextAndServiceNameCallback();
callbackHandler.handle(new Callback[]{contextAndServiceNameCallback});
if (contextAndServiceNameCallback.getContextName() == null) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "kerberosCallbackContextNameNotSupplied");
}
if (contextAndServiceNameCallback.getServiceName() == null) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "kerberosCallbackServiceNameNotSupplied");
}
LoginContext loginContext = new LoginContext(contextAndServiceNameCallback.getContextName(), callbackHandler);
loginContext.login();
Subject clientSubject = loginContext.getSubject();
Set<Principal> clientPrincipals = clientSubject.getPrincipals();
if (clientPrincipals.isEmpty()) {
throw new WSSecurityException(
WSSecurityException.ErrorCode.FAILURE,
"kerberosLoginError", "No Client principals found after login"
);
}
// Store the TGT
KerberosTicket tgt = getKerberosTicket(clientSubject, null);
// Get the service ticket
KerberosClientExceptionAction action =
new KerberosClientExceptionAction(clientPrincipals.iterator().next(),
contextAndServiceNameCallback.getServiceName(),
contextAndServiceNameCallback.isUsernameServiceNameForm());
KerberosContext krbCtx = null;
try {
krbCtx = (KerberosContext) Subject.doAs(clientSubject, action);
// Get the secret key from KerberosContext if available, otherwise use Kerberos ticket's session key