|
|
@@ -343,6 +343,8 @@ public class KerberosAuthenticationHandler implements AuthenticationHandler {
|
|
|
authorization = authorization.substring(KerberosAuthenticator.NEGOTIATE.length()).trim();
|
|
|
final Base64 base64 = new Base64(0);
|
|
|
final byte[] clientToken = base64.decode(authorization);
|
|
|
+ final String serverName = InetAddress.getByName(request.getServerName())
|
|
|
+ .getCanonicalHostName();
|
|
|
try {
|
|
|
token = Subject.doAs(serverSubject, new PrivilegedExceptionAction<AuthenticationToken>() {
|
|
|
|
|
|
@@ -352,7 +354,10 @@ public class KerberosAuthenticationHandler implements AuthenticationHandler {
|
|
|
GSSContext gssContext = null;
|
|
|
GSSCredential gssCreds = null;
|
|
|
try {
|
|
|
- gssCreds = gssManager.createCredential(null,
|
|
|
+ gssCreds = gssManager.createCredential(
|
|
|
+ gssManager.createName(
|
|
|
+ KerberosUtil.getServicePrincipal("HTTP", serverName),
|
|
|
+ KerberosUtil.getOidInstance("NT_GSS_KRB5_PRINCIPAL")),
|
|
|
GSSCredential.INDEFINITE_LIFETIME,
|
|
|
new Oid[]{
|
|
|
KerberosUtil.getOidInstance("GSS_SPNEGO_MECH_OID"),
|
Xiaoyu Yao