OF-1122: Restoring GSSAPI SASL support

The changes for OF-1092 accidentally removed a snippet of code that translates a non-optional part of the GSSAPI SASL configuration. This commit restores that, with a difference: the configuration is now checked continuously, intead of just on server startup. This allows for configuration changes that need not be followed by an Openfire restart.

OF-1122: Restoring GSSAPI SASL support
The changes for OF-1092 accidentally removed a snippet of code that translates a non-optional part of the GSSAPI SASL configuration. This commit restores that, with a difference: the configuration is now checked continuously, intead of just on server startup. This allows for configuration changes that need not be followed by an Openfire restart.
b283231c · Guus der Kinderen · 61423720 · b283231c
Unverified Commit b283231c authored Apr 06, 2016 by Guus der Kinderen
Hide whitespace changes
Inline Side-by-side

Showing with 11 additions and 0 deletions

SASLAuthentication.java ...ava/org/jivesoftware/openfire/net/SASLAuthentication.java +11 -0

No files found.
--- a/src/java/org/jivesoftware/openfire/net/SASLAuthentication.java
+++ b/src/java/org/jivesoftware/openfire/net/SASLAuthentication.java
@@ -500,6 +500,17 @@ public class SASLAuthentication {
                    it.remove();
                }
            }
+            else if (mech.equals("GSSAPI")) {
+                final String gssapiConfig = JiveGlobals.getProperty("sasl.gssapi.config");
+                if (gssapiConfig != null) {
+                    System.setProperty("java.security.krb5.debug", JiveGlobals.getProperty("sasl.gssapi.debug", "false"));
+                    System.setProperty("java.security.auth.login.config", gssapiConfig);
+                    System.setProperty("javax.security.auth.useSubjectCredsOnly", JiveGlobals.getProperty("sasl.gssapi.useSubjectCredsOnly", "false"));
+                }
+                else {
+                    it.remove();
+                }
+            }
        }
        return answer;
    }