while (it.hasNext() && kerberosSupported == false)
{
kerberosSupported = it.next().equals(kerberos);
}
NegTokenTarg negTokenTarg = new NegTokenTarg();
if (kerberosSupported)
{
negTokenTarg.setNegResult(NegTokenTarg.ACCEPT_INCOMPLETE);
negTokenTarg.setSupportedMech(kerberos);
}
else
{
negTokenTarg.setNegResult(NegTokenTarg.REJECTED);
}
negotiationContext.setResponseMessage(negTokenTarg);
return Boolean.FALSE;
}
}
else if (requestMessage instanceof NegTokenTarg)
{
NegTokenTarg negTokenTarg = (NegTokenTarg) requestMessage;
gssToken = negTokenTarg.getResponseToken();
}
Object schemeContext = negotiationContext.getSchemeContext();
if (schemeContext != null && schemeContext instanceof GSSContext == false)
{
throw new IllegalStateException("The schemeContext is not a GSSContext");
}
GSSContext gssContext = (GSSContext) schemeContext;
if (gssContext == null)
{
log.debug("Creating new GSSContext.");
GSSManager manager = GSSManager.getInstance();
gssContext = manager.createContext((GSSCredential) null);
negotiationContext.setSchemeContext(gssContext);
}
if (gssContext.isEstablished())
{
log.warn("Authentication was performed despite already being authenticated!");
// TODO - Refactor to only do this once.
identity = new KerberosPrincipal(gssContext.getSrcName().toString());
log.debug("context.getCredDelegState() = " + gssContext.getCredDelegState());
log.debug("context.getMutualAuthState() = " + gssContext.getMutualAuthState());
log.debug("context.getSrcName() = " + gssContext.getSrcName().toString());
negotiationContext.setAuthenticationMethod(SPNEGO);
negotiationContext.setAuthenticated(true);
return Boolean.TRUE;
}
byte[] respToken = gssContext.acceptSecContext(gssToken, 0, gssToken.length);
if (respToken != null)
{
NegTokenTarg negTokenTarg = new NegTokenTarg();
negTokenTarg.setResponseToken(respToken);
negotiationContext.setResponseMessage(negTokenTarg);
}
if (gssContext.isEstablished() == false)