public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
if (credential == null || credential.getBinarySecurityToken() == null) {
throw new WSSecurityException(WSSecurityException.FAILURE, "noCredential");
}
BinarySecurity binarySecurity = credential.getBinarySecurityToken();
if (!(binarySecurity instanceof KerberosSecurity)) {
return credential;
}
if (log.isDebugEnabled()) {
try {
String jaasAuth = System.getProperty("java.security.auth.login.config");
String krbConf = System.getProperty("java.security.krb5.conf");
log.debug("KerberosTokenValidator - Using JAAS auth login file: " + jaasAuth);
log.debug("KerberosTokenValidator - Using KRB conf file: " + krbConf);
} catch (SecurityException ex) {
log.debug(ex.getMessage(), ex);
}
}
// Get a TGT from the KDC using JAAS
LoginContext loginContext = null;
try {
if (callbackHandler == null) {
loginContext = new LoginContext(getContextName());
} else {
loginContext = new LoginContext(getContextName(), callbackHandler);
}
loginContext.login();
} catch (LoginException ex) {
if (log.isDebugEnabled()) {
log.debug(ex.getMessage(), ex);
}
throw new WSSecurityException(
WSSecurityException.FAILURE,
"kerberosLoginError",
new Object[] {ex.getMessage()},
ex
);
}
if (log.isDebugEnabled()) {
log.debug("Successfully authenticated to the TGT");
}
byte[] token = binarySecurity.getToken();
// Get the service name to use - fall back on the principal
Subject subject = loginContext.getSubject();
String service = serviceName;
if (service == null) {