WSSecurityException.ErrorCode.FAILURE,
"kerberosLoginError", "No Client principals found after login"
);
}
// Store the TGT
KerberosTicket tgt = getKerberosTicket(clientSubject, null);
// Get the service ticket
KerberosClientExceptionAction action =
new KerberosClientExceptionAction(clientPrincipals.iterator().next(),
contextAndServiceNameCallback.getServiceName(),
contextAndServiceNameCallback.isUsernameServiceNameForm());
KerberosContext krbCtx = null;
try {
krbCtx = (KerberosContext) Subject.doAs(clientSubject, action);
// Get the secret key from KerberosContext if available, otherwise use Kerberos ticket's session key
Key sessionKey = krbCtx.getSecretKey();
if (sessionKey != null) {
secretKey = new SecretKeySpec(sessionKey.getEncoded(), sessionKey.getAlgorithm());
} else {
KerberosTicket serviceTicket = getKerberosTicket(clientSubject, tgt);
secretKey = serviceTicket.getSessionKey();
}
ticket = krbCtx.getKerberosToken();
}
catch (PrivilegedActionException e) {