Example usage for javax.security.auth.kerberos KeyTab getInstance

List of usage examples for javax.security.auth.kerberos KeyTab getInstance

  1. HOME
  2. Java
  3. javax
  4. javax.security.auth.kerberos.*
  5. KeyTab
  6. getInstance

Introduction

In this page you can find the example usage for javax.security.auth.kerberos KeyTab getInstance.

Prototype

public static KeyTab getInstance(KerberosPrincipal princ)

Source Link

Document

Returns the default KeyTab instance that is bound to the specified service principal.

Usage

From source file:org.apache.zeppelin.realm.kerberos.KerberosRealm.java

/**
 * Initializes the KerberosRealm by 'kinit'ing using principal and keytab.
 * <p>//from   w  ww .jav a2s. c o m
 * It creates a Kerberos context using the principal and keytab specified in
 * the Shiro configuration.
 * <p>
 * This method should be called only once.
 *
 * @throws RuntimeException thrown if the handler could not be initialized.
 */
@Override
protected void onInit() {
    super.onInit();
    config = getConfiguration();
    try {
        if (principal == null || principal.trim().length() == 0) {
            throw new RuntimeException("Principal not defined in configuration");
        }

        if (keytab == null || keytab.trim().length() == 0) {
            throw new RuntimeException("Keytab not defined in configuration");
        }

        File keytabFile = new File(keytab);
        if (!keytabFile.exists()) {
            throw new RuntimeException("Keytab file does not exist: " + keytab);
        }

        // use all SPNEGO principals in the keytab if a principal isn't
        // specifically configured
        final String[] spnegoPrincipals;
        if (principal.equals("*")) {
            spnegoPrincipals = KerberosUtil.getPrincipalNames(keytab, Pattern.compile("HTTP/.*"));
            if (spnegoPrincipals.length == 0) {
                throw new RuntimeException("Principals do not exist in the keytab");
            }
        } else {
            spnegoPrincipals = new String[] { principal };
        }
        KeyTab keytabInstance = KeyTab.getInstance(keytabFile);

        serverSubject = new Subject();
        serverSubject.getPrivateCredentials().add(keytabInstance);
        for (String spnegoPrincipal : spnegoPrincipals) {
            Principal krbPrincipal = new KerberosPrincipal(spnegoPrincipal);
            LOG.info("Using keytab {}, for principal {}", keytab, krbPrincipal);
            serverSubject.getPrincipals().add(krbPrincipal);
        }

        if (nameRules == null || nameRules.trim().length() == 0) {
            LOG.warn("No auth_to_local rules defined, DEFAULT will be used.");
            nameRules = "DEFAULT";
        }

        KerberosName.setRules(nameRules);

        if (null == gssManager) {
            try {
                gssManager = Subject.doAs(serverSubject, new PrivilegedExceptionAction<GSSManager>() {
                    @Override
                    public GSSManager run() {
                        return GSSManager.getInstance();
                    }
                });
                LOG.trace("SPNEGO gssManager initialized.");
            } catch (PrivilegedActionException ex) {
                throw ex.getException();
            }
        }

        if (null == signer) {
            initializeSecretProvider();
        }

        Configuration hadoopConfig = new Configuration();
        hadoopGroups = new Groups(hadoopConfig);

    } catch (Exception ex) {
        throw new RuntimeException(ex);
    }
}