List of usage examples for javax.security.auth.login AppConfigurationEntry AppConfigurationEntry
public AppConfigurationEntry(String loginModuleName, LoginModuleControlFlag controlFlag,
Map<String, ?> options)
From source file:org.apache.nifi.security.krb.KeytabConfiguration.java
public KeytabConfiguration(final String principal, final String keytabFile) { if (StringUtils.isBlank(principal)) { throw new IllegalArgumentException("Principal cannot be null"); }// w w w . j av a2 s . c o m if (StringUtils.isBlank(keytabFile)) { throw new IllegalArgumentException("Keytab file cannot be null"); } this.principal = principal; this.keytabFile = keytabFile; final Map<String, String> options = new HashMap<>(); options.put("principal", principal); options.put("refreshKrb5Config", "true"); if (IS_IBM) { options.put("useKeytab", keytabFile); options.put("credsType", "both"); } else { options.put("keyTab", keytabFile); options.put("useKeyTab", "true"); options.put("isInitiator", "true"); options.put("doNotPrompt", "true"); options.put("storeKey", "true"); } final String krbLoginModuleName = IS_IBM ? IBM_KRB5_LOGIN_MODULE : SUN_KRB5_LOGIN_MODULE; this.kerberosKeytabConfigEntry = new AppConfigurationEntry(krbLoginModuleName, AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options); }
From source file:org.jboss.as.test.integration.security.common.Krb5LoginConfiguration.java
/** * Create a new Krb5LoginConfiguration with given principal name, keytab and credential type. * * @param principal principal name, may be <code>null</code> * @param keyTab keytab file, may be <code>null</code> * @param acceptor flag for setting credential type. Set to true, if the authenticated subject should be acceptor (i.e. * credsType=acceptor for IBM JDK, and storeKey=true for Oracle JDK) * @throws MalformedURLException// w w w . j a va 2 s. com */ public Krb5LoginConfiguration(final String principal, final File keyTab, final boolean acceptor) throws MalformedURLException { final String loginModule = getLoginModule(); Map<String, String> options = getOptions(principal, keyTab, acceptor); configList[0] = new AppConfigurationEntry(loginModule, AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options); }
From source file:org.adeptnet.auth.kerberos.Krb5.java
private Configuration getJaasKrb5TicketCfg(final String principal) { return new Configuration() { @Override//from www . j av a2s .c om public AppConfigurationEntry[] getAppConfigurationEntry(String name) { Map<String, String> options = new HashMap<>(); options.put("principal", principal); options.put("realm", config.getRealm()); options.put("keyTab", config.getKeytab().getAbsolutePath()); options.put("doNotPrompt", "true"); options.put("useKeyTab", "true"); options.put("storeKey", "true"); options.put("isInitiator", "false"); return new AppConfigurationEntry[] { new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options) }; } }; }
From source file:com.vmware.identity.openidconnect.client.GSSTestUtils.java
static LoginContext getLoginCtx(final PrincipalId validAdUser, final char[] userPass, javax.security.auth.Subject jaasSubject) throws LoginException { return new LoginContext("SampleLoginContext", jaasSubject, new CallbackHandler() { @Override// w w w .ja v a2s .com public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { String userName = String.format("%s@%s", validAdUser.getName(), validAdUser.getDomain()); for (Callback callback : callbacks) { if (callback instanceof NameCallback) { ((NameCallback) callback).setName(userName); } else if (callback instanceof PasswordCallback) { ((PasswordCallback) callback).setPassword(userPass); } } } }, new Configuration() { @Override public AppConfigurationEntry[] getAppConfigurationEntry(String name) { Map<String, String> config = new HashMap<String, String>(); config.put("useTicketCache", "false"); return new AppConfigurationEntry[] { new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, config) }; } }); }
From source file:org.apache.atlas.web.security.AtlasPamAuthenticationProvider.java
private Authentication getPamAuthentication(Authentication authentication) { try {/*from w ww. j ava 2s . co m*/ DefaultJaasAuthenticationProvider jaasAuthenticationProvider = new DefaultJaasAuthenticationProvider(); String loginModuleName = "org.apache.atlas.web.security.PamLoginModule"; AppConfigurationEntry.LoginModuleControlFlag controlFlag = AppConfigurationEntry.LoginModuleControlFlag.REQUIRED; Properties properties = ConfigurationConverter .getProperties(ApplicationProperties.get().subset("atlas.authentication.method.pam")); Map<String, String> options = new HashMap<>(); for (String key : properties.stringPropertyNames()) { String value = properties.getProperty(key); options.put(key, value); } if (!options.containsKey("service")) options.put("service", "atlas-login"); AppConfigurationEntry appConfigurationEntry = new AppConfigurationEntry(loginModuleName, controlFlag, options); AppConfigurationEntry[] appConfigurationEntries = new AppConfigurationEntry[] { appConfigurationEntry }; Map<String, AppConfigurationEntry[]> appConfigurationEntriesOptions = new HashMap<String, AppConfigurationEntry[]>(); appConfigurationEntriesOptions.put("SPRINGSECURITY", appConfigurationEntries); Configuration configuration = new InMemoryConfiguration(appConfigurationEntriesOptions); jaasAuthenticationProvider.setConfiguration(configuration); UserAuthorityGranter authorityGranter = new UserAuthorityGranter(); UserAuthorityGranter[] authorityGranters = new UserAuthorityGranter[] { authorityGranter }; jaasAuthenticationProvider.setAuthorityGranters(authorityGranters); jaasAuthenticationProvider.afterPropertiesSet(); String userName = authentication.getName(); String userPassword = ""; if (authentication.getCredentials() != null) { userPassword = authentication.getCredentials().toString(); } // getting user authenticated if (userName != null && userPassword != null && !userName.trim().isEmpty() && !userPassword.trim().isEmpty()) { final List<GrantedAuthority> grantedAuths = getAuthorities(userName); final UserDetails principal = new User(userName, userPassword, grantedAuths); final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(principal, userPassword, grantedAuths); authentication = jaasAuthenticationProvider.authenticate(finalAuthentication); authentication = getAuthenticationWithGrantedAuthority(authentication); return authentication; } else { return authentication; } } catch (Exception e) { logger.debug("Pam Authentication Failed:", e); } return authentication; }
From source file:org.springframework.security.authentication.jaas.DefaultJaasAuthenticationProviderTests.java
License:asdf
@Before public void setUp() throws Exception { Configuration configuration = mock(Configuration.class); publisher = mock(ApplicationEventPublisher.class); log = mock(Log.class); provider = new DefaultJaasAuthenticationProvider(); provider.setConfiguration(configuration); provider.setApplicationEventPublisher(publisher); provider.setAuthorityGranters(new AuthorityGranter[] { new TestAuthorityGranter() }); provider.afterPropertiesSet();//w ww .j ava2s . c o m AppConfigurationEntry[] aces = new AppConfigurationEntry[] { new AppConfigurationEntry(TestLoginModule.class.getName(), LoginModuleControlFlag.REQUIRED, Collections.<String, Object>emptyMap()) }; when(configuration.getAppConfigurationEntry(provider.getLoginContextName())).thenReturn(aces); token = new UsernamePasswordAuthenticationToken("user", "password"); ReflectionTestUtils.setField(provider, "log", log); }
From source file:org.springframework.security.kerberos.client.config.SunJaasKrb5LoginConfig.java
@Override public AppConfigurationEntry[] getAppConfigurationEntry(String name) { HashMap<String, String> options = new HashMap<String, String>(); options.put("principal", this.servicePrincipal); if (this.keyTabLocation != null) { options.put("useKeyTab", "true"); options.put("keyTab", keyTabLocationAsString); options.put("storeKey", "true"); }/* w w w . j av a2 s. c om*/ options.put("doNotPrompt", "true"); if (useTicketCache) { options.put("useTicketCache", "true"); options.put("renewTGT", "true"); } options.put("isInitiator", this.isInitiator.toString()); options.put("debug", this.debug.toString()); return new AppConfigurationEntry[] { new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options), }; }
From source file:com.jivesoftware.authHelper.customescheme.negotiate.CustomNegotiateScheme.java
private CustomConfiguration getCustomConfiguration(UsernamePasswordCredentials credentials) { AppConfigurationEntry[] defaultConfiguration = new AppConfigurationEntry[1]; Map options = new HashMap(); options.put("principal", credentials.getUserName()); options.put("client", "true"); options.put("debug", "false"); defaultConfiguration[0] = new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options); return new CustomConfiguration(defaultConfiguration); }
From source file:org.rhq.enterprise.server.core.CustomJaasDeploymentService.java
private void registerJaasModules(Properties systemConfig) throws Exception { List<AppConfigurationEntry> configEntries = new ArrayList<AppConfigurationEntry>(); AppConfigurationEntry ace;/*from w ww .j a va 2s . c om*/ Map<String, String> configOptions; try { configOptions = getJdbcOptions(systemConfig); ace = new AppConfigurationEntry(JDBCLoginModule.class.getName(), AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT, configOptions); // We always add the JDBC provider to the auth config this.log.info("Enabling RHQ JDBC JAAS Provider..."); configEntries.add(ace); String value = systemConfig.getProperty(SystemSetting.LDAP_BASED_JAAS_PROVIDER.getInternalName()); boolean isLdapAuthenticationEnabled = (value != null) ? RHQConstants.LDAPJAASProvider.equals(value) : false; if (isLdapAuthenticationEnabled) { // this is a "gatekeeper" that only allows us to go to LDAP if there is no principal in the DB configOptions = getJdbcOptions(systemConfig); ace = new AppConfigurationEntry(JDBCPrincipalCheckLoginModule.class.getName(), AppConfigurationEntry.LoginModuleControlFlag.REQUISITE, configOptions); this.log.info("Enabling RHQ JDBC-2 Principal Check JAAS Provider..."); configEntries.add(ace); // this is the LDAP module that checks the LDAP for auth configOptions = getLdapOptions(systemConfig); try { validateLdapOptions(configOptions); } catch (NamingException e) { String descriptiveMessage = null; if (e instanceof AuthenticationException) { descriptiveMessage = "The LDAP integration cannot function because the LDAP Bind credentials" + " for RHQ integration are incorrect. Contact the Administrator:" + e; } else { descriptiveMessage = "Problems encountered when communicating with LDAP server." + " Contact the Administrator:" + e; } this.log.error(descriptiveMessage, e); } //if the ldap properties are set correctly enable the LDAP module anyway ace = new AppConfigurationEntry(LdapLoginModule.class.getName(), AppConfigurationEntry.LoginModuleControlFlag.REQUISITE, configOptions); this.log.info("Enabling RHQ JDBC-2 LDAP JAAS Provider..."); configEntries.add(ace); } AppConfigurationEntry[] config = configEntries.toArray(new AppConfigurationEntry[0]); ObjectName objName = new ObjectName(AUTH_OBJECTNAME); Object obj = mbeanServer.invoke(objName, AUTH_METHOD, new Object[] { SECURITY_DOMAIN_NAME, config }, new String[] { "java.lang.String", config.getClass().getName() }); } catch (Exception e) { throw new Exception("Error registering RHQ JAAS modules", e); } }
From source file:io.reappt.adapters.kafka.KafkaAdapter.java
public KafkaAdapter() throws NoSuchAlgorithmException, KeyManagementException { parseVcapServices(System.getenv("VCAP_SERVICES")); // Kafka or message hub insists that this property is set, even though we ignore it System.setProperty("java.security.auth.login.config", "make_kafka_happy"); // Install our own Configuration implementation final Map<String, String> options = new HashMap<>(); options.put("serviceName", "kafka"); options.put("username", user); options.put("password", password); Configuration.setConfiguration(new Configuration() { @Override// ww w.j a va 2 s. c om public AppConfigurationEntry[] getAppConfigurationEntry(String name) { return new AppConfigurationEntry[] { new AppConfigurationEntry("com.ibm.messagehub.login.MessageHubLoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options) }; } }); this.session = createSession(this.reapptUrl, this.reapptUser, this.reapptPassword); serverTopicPartition = KAFKA_DIFFUSION_TOPIC + "-" + reapptUrl.hashCode(); this.producer = new OutboundKafkaAdapter(session, bootstrap, serverTopicPartition); this.consumer = new InboundKafkaAdapter(session, bootstrap); }