Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-4781190

GSSContext.isTransferable() and GSSContext.export() not implemented

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Fix
    • Icon: P4 P4
    • None
    • 1.4.1
    • security-libs



      Name: jl125535 Date: 11/19/2002


      FULL PRODUCT VERSION :
      j2se 1.4.0, j2se1.4.1

      FULL OPERATING SYSTEM VERSION :
      Solaris/Windows/Linux

      EXTRA RELEVANT SYSTEM CONFIGURATION :
      J2SE 1.4.0, 1.4.1

      A DESCRIPTION OF THE PROBLEM :
      GSSContext has 2 methods.
      isTransferable()
      export()

      These methods help in transfering client credentials to
      another client, thereby establishing the context on behalf of
      that client based on their forwardable credentials.

      This is needed to seamlessly transfer client identity from
      one node to another.


      STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
      1. accept a GSS connection
      2. try to export()
      3. retuns a null context


      STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
      I have modified the SampleServer program provided in J2SDK
      1.4.1 under $JAVA/docs/guide/security/jgss/tutorials.

      Here is the diff
      134,142d133
      <
      < if (context.isTransferable()) {
      < System.out.println("Context is Transferable");
      < byte[] bctx = context.export();
      < if (null != bctx)
      < System.out.println(bctx);
      < } else {
      < System.out.println("Context is not Transferable");
      < }

      Pls. do the following to reproduce the bug:
      1. kinit with the forwardable flag
      2. Start SampleServer
      3. Start SampleClient

      If you have a sucessful connection, and the flags are
      forwardable, then the Server should be able to establish
      further connections on the clients behalf.

      What you will see is
      (a) isTransferable() returns false
      (b) if you try an export() it returns null.


      EXPECTED VERSUS ACTUAL BEHAVIOR :
      should return true for isTransferable()
      should return a byte array with credentials to create a new
      context

      REPRODUCIBILITY :
      This bug can be reproduced always.

      ---------- BEGIN SOURCE ----------
      I have modified the SampleServer program provided in J2SDK 1.4.1 under
      $JAVA/docs/guide/security/jgss/tutorials.

      Here is the diff
      134,142d133
      <
      < if (context.isTransferable()) {
      < System.out.println("Context is Transferable");
      < byte[] bctx = context.export();
      < if (null != bctx)
      < System.out.println(bctx);
      < } else {
      < System.out.println("Context is not Transferable");
      < }

      location of problem:
      $JAVA/scsl/j2se/src/share/classes/sun/security/jgss/krb5/Krb5Context.java
      that
          /**
           * Method to determine if the context can be exported and then
           * re-imported.
           */
          public final boolean isTransferable() throws GSSException {
      return false;
          }

      and
          public final byte [] export () throws GSSException {
      throw new GSSException(GSSException.UNAVAILABLE, -1,
      "GSS Export Context not available");
          }


      ---------- END SOURCE ----------
      (Review ID: 167015)
      ======================================================================

            weijun Weijun Wang
            jleesunw Jon Lee (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved:
              Imported:
              Indexed: