List of usage examples for javax.security.auth.kerberos KerberosPrincipal KerberosPrincipal
public KerberosPrincipal(String name)
From source file:org.apache.nifi.hadoop.KerberosKeytabCredentials.java
public KerberosKeytabCredentials(String principalName, String keytab) { this.userPrincipal = new KerberosPrincipal(principalName); this.keytab = keytab; }
From source file:com.hortonworks.registries.auth.server.TestKerberosAuthenticationHandler.java
@Test(timeout = 60000) public void testInit() throws Exception { Assert.assertEquals(KerberosTestUtils.getKeytabFile(), handler.getKeytab()); Set<KerberosPrincipal> principals = handler.getPrincipals(); Principal expectedPrincipal = new KerberosPrincipal(KerberosTestUtils.getServerPrincipal()); Assert.assertTrue(principals.contains(expectedPrincipal)); Assert.assertEquals(1, principals.size()); }
From source file:com.zimbra.cs.security.sasl.GssAuthenticator.java
@Override public boolean initialize() throws IOException { Krb5Keytab keytab = getKeytab(LC.krb5_keytab.value()); if (keytab == null) { sendFailed("mechanism not supported"); return false; }/*from w w w. ja v a 2 s. co m*/ debug("keytab file = %s", keytab.getFile()); final String host; if (LC.krb5_service_principal_from_interface_address.booleanValue()) { String localSocketHostname = localAddress.getCanonicalHostName().toLowerCase(); if (localSocketHostname.length() == 0 || Character.isDigit(localSocketHostname.charAt(0))) localSocketHostname = LC.zimbra_server_hostname.value(); host = localSocketHostname; } else { host = LC.zimbra_server_hostname.value(); } KerberosPrincipal kp = new KerberosPrincipal(getProtocol() + '/' + host); debug("kerberos principal = %s", kp); Subject subject = getSubject(keytab, kp); if (subject == null) { sendFailed(); return false; } debug("subject = %s", subject); final Map<String, String> props = getSaslProperties(); if (DEBUG && props != null) { String qop = props.get(Sasl.QOP); debug("Sent QOP = " + (qop != null ? qop : "auth")); } try { mSaslServer = (SaslServer) Subject.doAs(subject, new PrivilegedExceptionAction<Object>() { @Override public Object run() throws SaslException { return Sasl.createSaslServer(getMechanism(), getProtocol(), host, props, new GssCallbackHandler()); } }); } catch (PrivilegedActionException e) { sendFailed(); getLog().warn("Could not create SaslServer", e.getCause()); return false; } return true; }
From source file:com.redhat.tools.kerberos.SunJaasKerberosTicketValidator.java
public void setProperties() throws Exception { // if (keyTabLocation instanceof ClassPathResource) { // LOG.warn("Your keytab is in the classpath. This file needs special protection and shouldn't be in the classpath. JAAS may also not be able to load this file from classpath."); // }//from ww w . j a v a2 s.c o m URL keytabURL = new URL(this.keyTabLocation); LoginConfig loginConfig = new LoginConfig(keytabURL.toExternalForm(), this.servicePrincipal, this.debug); Set<Principal> princ = new HashSet<Principal>(1); princ.add(new KerberosPrincipal(this.servicePrincipal)); Subject sub = new Subject(false, princ, new HashSet<Object>(), new HashSet<Object>()); LoginContext lc = new LoginContext("", sub, null, loginConfig); lc.login(); this.serviceSubject = lc.getSubject(); }
From source file:com.hortonworks.registries.auth.server.TestKerberosAuthenticationHandler.java
@Test(timeout = 60000) public void testDynamicPrincipalDiscovery() throws Exception { String[] keytabUsers = new String[] { "HTTP/host1", "HTTP/host2", "HTTP2/host1", "XHTTP/host" }; String keytab = KerberosTestUtils.getKeytabFile(); getKdc().createPrincipal(new File(keytab), keytabUsers); // destroy handler created in setUp() handler.destroy();/*from w w w . j a v a 2 s . c o m*/ Properties props = new Properties(); props.setProperty(KerberosAuthenticationHandler.KEYTAB, keytab); props.setProperty(KerberosAuthenticationHandler.PRINCIPAL, "*"); handler = getNewAuthenticationHandler(); handler.init(props); Assert.assertEquals(KerberosTestUtils.getKeytabFile(), handler.getKeytab()); Set<KerberosPrincipal> loginPrincipals = handler.getPrincipals(); for (String user : keytabUsers) { Principal principal = new KerberosPrincipal(user + "@" + KerberosTestUtils.getRealm()); boolean expected = user.startsWith("HTTP/"); Assert.assertEquals("checking for " + user, expected, loginPrincipals.contains(principal)); } }
From source file:com.cloudera.alfredo.server.KerberosAuthenticationHandler.java
/** * Initializes the authentication handler instance. * <p/>// ww w. jav a 2 s. c o m * It creates a Kerberos context using the principal and keytab specified in the configuration. * <p/> * This method is invoked by the {@link AuthenticationFilter#init} method. * * @param config configuration properties to initialize the handler. * * @throws ServletException thrown if the handler could not be initialized. */ @Override public void init(Properties config) throws ServletException { try { principal = config.getProperty(PRINCIPAL, principal); if (principal == null || principal.trim().length() == 0) { throw new ServletException("Principal not defined in configuration"); } keytab = config.getProperty(KEYTAB, keytab); if (keytab == null || keytab.trim().length() == 0) { throw new ServletException("Keytab not defined in configuration"); } if (!new File(keytab).exists()) { throw new ServletException("Keytab does not exist: " + keytab); } Set<Principal> principals = new HashSet<Principal>(); principals.add(new KerberosPrincipal(principal)); Subject subject = new Subject(false, principals, new HashSet<Object>(), new HashSet<Object>()); KerberosConfiguration kerberosConfiguration = new KerberosConfiguration(keytab, principal); loginContext = new LoginContext("", subject, null, kerberosConfiguration); loginContext.login(); Subject serverSubject = loginContext.getSubject(); try { gssManager = Subject.doAs(serverSubject, new PrivilegedExceptionAction<GSSManager>() { @Override public GSSManager run() throws Exception { return GSSManager.getInstance(); } }); } catch (PrivilegedActionException ex) { throw ex.getException(); } LOG.info("Initialized, principal [{}] from keytab [{}]", principal, keytab); } catch (Exception ex) { throw new ServletException(ex); } }
From source file:org.elasticsearch.xpack.security.authc.kerberos.SpnegoHttpClientConfigCallbackHandler.java
/** * If logged in {@link LoginContext} is not available, it attempts login and * returns {@link LoginContext}/*from w w w.ja va2 s . co m*/ * * @return {@link LoginContext} * @throws PrivilegedActionException */ public synchronized LoginContext login() throws PrivilegedActionException { if (this.loginContext == null) { AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> { final Subject subject = new Subject(false, Collections.singleton(new KerberosPrincipal(userPrincipalName)), Collections.emptySet(), Collections.emptySet()); Configuration conf = null; final CallbackHandler callback; if (password != null) { conf = new PasswordJaasConf(userPrincipalName, enableDebugLogs); callback = new KrbCallbackHandler(userPrincipalName, password); } else { conf = new KeytabJaasConf(userPrincipalName, keytabPath, enableDebugLogs); callback = null; } loginContext = new LoginContext(CRED_CONF_NAME, subject, callback, conf); loginContext.login(); return null; }); } return loginContext; }
From source file:org.pentaho.di.trans.ael.websocket.SessionConfigurator.java
private Subject getServiceSubject(ClientLoginConfig loginConfig) throws Exception { Set<Principal> princ = new HashSet<>(1); princ.add(new KerberosPrincipal(this.principal)); Subject sub = new Subject(false, princ, new HashSet(), new HashSet()); loginContext = new LoginContext("", sub, null, loginConfig); loginContext.login();/*from w ww. j a v a 2 s. c o m*/ return loginContext.getSubject(); }
From source file:com.lucidworks.security.authentication.server.KerberosAuthenticationHandler.java
/** * Initializes the authentication handler instance. * <p/>/* w w w .j ava2 s . com*/ * It creates a Kerberos context using the principal and keytab specified in the configuration. * <p/> * This method is invoked by the {@link AuthenticationFilter#init} method. * * @param config configuration properties to initialize the handler. * * @throws ServletException thrown if the handler could not be initialized. */ @Override public void init(Properties config) throws ServletException { try { principal = config.getProperty(PRINCIPAL, principal); if (principal == null || principal.trim().length() == 0) { throw new ServletException("Principal not defined in configuration"); } keytab = config.getProperty(KEYTAB, keytab); if (keytab == null || keytab.trim().length() == 0) { throw new ServletException("Keytab not defined in configuration"); } if (!new File(keytab).exists()) { throw new ServletException("Keytab does not exist: " + keytab); } String nameRules = config.getProperty(NAME_RULES, null); if (nameRules != null) { KerberosName.setRules(nameRules); } Set<Principal> principals = new HashSet<Principal>(); principals.add(new KerberosPrincipal(principal)); Subject subject = new Subject(false, principals, new HashSet<Object>(), new HashSet<Object>()); KerberosConfiguration kerberosConfiguration = new KerberosConfiguration(keytab, principal); LOG.info("Login using keytab " + keytab + ", for principal " + principal); loginContext = new LoginContext("", subject, null, kerberosConfiguration); loginContext.login(); Subject serverSubject = loginContext.getSubject(); try { gssManager = Subject.doAs(serverSubject, new PrivilegedExceptionAction<GSSManager>() { @Override public GSSManager run() throws Exception { return GSSManager.getInstance(); } }); } catch (PrivilegedActionException ex) { throw ex.getException(); } LOG.info("Initialized, principal [{}] from keytab [{}]", principal, keytab); } catch (Exception ex) { throw new ServletException(ex); } }
From source file:org.springframework.security.kerberos.client.KerberosRestTemplate.java
/** * Setup the {@link LoginContext} with credentials and options for authentication against kerberos. * * @return the login context/*from w w w . ja va 2s . com*/ */ private LoginContext buildLoginContext() throws LoginException { ClientLoginConfig loginConfig = new ClientLoginConfig(keyTabLocation, userPrincipal, password, loginOptions); Set<Principal> princ = new HashSet<Principal>(1); princ.add(new KerberosPrincipal(userPrincipal)); Subject sub = new Subject(false, princ, new HashSet<Object>(), new HashSet<Object>()); CallbackHandler callbackHandler = new CallbackHandlerImpl(userPrincipal, password); LoginContext lc = new LoginContext("", sub, callbackHandler, loginConfig); return lc; }