List of usage examples for javax.security.auth.login LoginContext login
public void login() throws LoginException
From source file:org.apache.coheigea.cxf.kerberos.authentication.TokenPreAuthTest.java
private void validateServiceTicket(byte[] ticket) throws Exception { // Get the TGT for the service LoginContext loginContext = new LoginContext("bob", new KerberosCallbackHandler()); loginContext.login(); Subject serviceSubject = loginContext.getSubject(); Set<Principal> servicePrincipals = serviceSubject.getPrincipals(); assertFalse(servicePrincipals.isEmpty()); // Handle the service ticket KerberosServiceExceptionAction serviceAction = new KerberosServiceExceptionAction(ticket, "bob@service.ws.apache.org"); Subject.doAs(serviceSubject, serviceAction); }
From source file:org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper.java
private void doGssapiBind(final InnerRunnable innerRunnable) throws NamingException { File configFile = null;/*from w ww . j a va2 s. c o m*/ try { Preferences preferences = ConnectionCorePlugin.getDefault().getPluginPreferences(); boolean useKrb5SystemProperties = preferences .getBoolean(ConnectionCoreConstants.PREFERENCE_USE_KRB5_SYSTEM_PROPERTIES); String krb5LoginModule = preferences.getString(ConnectionCoreConstants.PREFERENCE_KRB5_LOGIN_MODULE); if (!useKrb5SystemProperties) { // Kerberos Configuration switch (connection.getConnectionParameter().getKrb5Configuration()) { case DEFAULT: // nothing System.clearProperty("java.security.krb5.conf"); //$NON-NLS-1$ break; case FILE: // use specified krb5.conf System.setProperty("java.security.krb5.conf", connection.getConnectionParameter() //$NON-NLS-1$ .getKrb5ConfigurationFile()); break; case MANUAL: // write manual config parameters to connection specific krb5.conf file String fileName = Utils.getFilenameString(connection.getId()) + ".krb5.conf"; //$NON-NLS-1$ configFile = ConnectionCorePlugin.getDefault().getStateLocation().append(fileName).toFile(); String realm = connection.getConnectionParameter().getKrb5Realm(); String host = connection.getConnectionParameter().getKrb5KdcHost(); int port = connection.getConnectionParameter().getKrb5KdcPort(); StringBuilder sb = new StringBuilder(); sb.append("[libdefaults]").append(ConnectionCoreConstants.LINE_SEPARATOR); //$NON-NLS-1$ sb.append("default_realm = ").append(realm).append(ConnectionCoreConstants.LINE_SEPARATOR); //$NON-NLS-1$ sb.append("[realms]").append(ConnectionCoreConstants.LINE_SEPARATOR); //$NON-NLS-1$ sb.append(realm).append(" = {").append(ConnectionCoreConstants.LINE_SEPARATOR); //$NON-NLS-1$ sb.append("kdc = ").append(host).append(":").append(port).append( //$NON-NLS-1$ //$NON-NLS-2$ ConnectionCoreConstants.LINE_SEPARATOR); sb.append("}").append(ConnectionCoreConstants.LINE_SEPARATOR); //$NON-NLS-1$ try { FileUtils.writeStringToFile(configFile, sb.toString()); } catch (IOException ioe) { NamingException ne = new NamingException(); ne.setRootCause(ioe); throw ne; } System.setProperty("java.security.krb5.conf", configFile.getAbsolutePath()); //$NON-NLS-1$ } // Use our custom configuration so we don't need to mess with external configuration Configuration.setConfiguration(new InnerConfiguration(krb5LoginModule)); } // Gets the TGT, either from native ticket cache or obtain new from KDC LoginContext lc = null; try { lc = new LoginContext(this.getClass().getName(), new InnerCallbackHandler()); lc.login(); } catch (LoginException le) { NamingException ne = new NamingException(); ne.setRootCause(le); throw ne; } // Login to LDAP server, obtains a service ticket from KDC Subject.doAs(lc.getSubject(), (PrivilegedAction<Object>) () -> { try { context.reconnect(context.getConnectControls()); } catch (NamingException ne) { innerRunnable.namingException = ne; } return null; }); } finally { // delete temporary config file if (configFile != null && configFile.exists()) { configFile.delete(); } } }
From source file:org.apache.druid.security.kerberos.DruidKerberosAuthenticationHandler.java
@Override public void init(Properties config) throws ServletException { try {/*w w w .j a v a2s. co m*/ String principal = config.getProperty(PRINCIPAL); if (principal == null || principal.trim().length() == 0) { throw new ServletException("Principal not defined in configuration"); } keytab = config.getProperty(KEYTAB, keytab); if (keytab == null || keytab.trim().length() == 0) { throw new ServletException("Keytab not defined in configuration"); } if (!new File(keytab).exists()) { throw new ServletException("Keytab does not exist: " + keytab); } // use all SPNEGO principals in the keytab if a principal isn't // specifically configured final String[] spnegoPrincipals; if ("*".equals(principal)) { spnegoPrincipals = KerberosUtil.getPrincipalNames(keytab, Pattern.compile("HTTP/.*")); if (spnegoPrincipals.length == 0) { throw new ServletException("Principals do not exist in the keytab"); } } else { spnegoPrincipals = new String[] { principal }; } String nameRules = config.getProperty(NAME_RULES, null); if (nameRules != null) { KerberosName.setRules(nameRules); } for (String spnegoPrincipal : spnegoPrincipals) { log.info("Login using keytab %s, for principal %s", keytab, spnegoPrincipal); final KerberosAuthenticator.DruidKerberosConfiguration kerberosConfiguration = new KerberosAuthenticator.DruidKerberosConfiguration( keytab, spnegoPrincipal); final LoginContext loginContext = new LoginContext("", serverSubject, null, kerberosConfiguration); try { loginContext.login(); } catch (LoginException le) { log.warn(le, "Failed to login as [%s]", spnegoPrincipal); throw new AuthenticationException(le); } loginContexts.add(loginContext); } try { gssManager = Subject.doAs(serverSubject, new PrivilegedExceptionAction<GSSManager>() { @Override public GSSManager run() { return GSSManager.getInstance(); } }); } catch (PrivilegedActionException ex) { throw ex.getException(); } } catch (Exception ex) { throw new ServletException(ex); } }
From source file:org.apache.hadoop.io.crypto.tool.kerberos.SpnegoRestCli.java
public StringBuffer getResult() throws Exception { AccessControlContext context = AccessController.getContext(); Subject subject = Subject.getSubject(context); if (subject == null) { subject = new Subject(); LoginContext login = new LoginContext("", subject, null, new KerberosConfiguration()); login.login(); }//from w w w. ja va 2s . c o m Subject.doAs(subject, new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception { sb = new RestClient(url).getResult(); return null; } }); return sb; }
From source file:org.apache.hadoop.registry.secure.AbstractSecureRegistryTest.java
/** * Log in, defaulting to the client context * @param principal principal//from w ww.j av a2 s .c o m * @param context context * @param keytab keytab * @return the logged in context * @throws LoginException failure to log in * @throws FileNotFoundException no keytab */ protected LoginContext login(String principal, String context, File keytab) throws LoginException, FileNotFoundException { LOG.info("Logging in as {} in context {} with keytab {}", principal, context, keytab); if (!keytab.exists()) { throw new FileNotFoundException(keytab.getAbsolutePath()); } Set<Principal> principals = new HashSet<Principal>(); principals.add(new KerberosPrincipal(principal)); Subject subject = new Subject(false, principals, new HashSet<Object>(), new HashSet<Object>()); LoginContext login; login = new LoginContext(context, subject, null, KerberosConfiguration.createClientConfig(principal, keytab)); login.login(); return login; }
From source file:org.apache.hadoop.registry.secure.TestSecureLogins.java
@Test public void testServerLogin() throws Throwable { LoginContext loginContext = createLoginContextZookeeperLocalhost(); loginContext.login(); loginContext.logout();/*ww w . jav a 2 s . c o m*/ }
From source file:org.apache.hadoop.security.authentication.client.KerberosAuthenticator.java
/** * Implements the SPNEGO authentication sequence interaction using the current default principal * in the Kerberos cache (normally set via kinit). * * @param token the authentication token being used for the user. * * @throws IOException if an IO error occurred. * @throws AuthenticationException if an authentication error occurred. *//*from w ww.jav a2s . c om*/ private void doSpnegoSequence(AuthenticatedURL.Token token) throws IOException, AuthenticationException { try { AccessControlContext context = AccessController.getContext(); Subject subject = Subject.getSubject(context); if (subject == null) { subject = new Subject(); LoginContext login = new LoginContext("", subject, null, new KerberosConfiguration()); login.login(); } Subject.doAs(subject, new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception { GSSContext gssContext = null; try { GSSManager gssManager = GSSManager.getInstance(); String servicePrincipal = "HTTP/" + KerberosAuthenticator.this.url.getHost(); Oid oid = KerberosUtil.getOidInstance("NT_GSS_KRB5_PRINCIPAL"); GSSName serviceName = gssManager.createName(servicePrincipal, oid); oid = KerberosUtil.getOidInstance("GSS_KRB5_MECH_OID"); gssContext = gssManager.createContext(serviceName, oid, null, GSSContext.DEFAULT_LIFETIME); gssContext.requestCredDeleg(true); gssContext.requestMutualAuth(true); byte[] inToken = new byte[0]; byte[] outToken; boolean established = false; // Loop while the context is still not established while (!established) { outToken = gssContext.initSecContext(inToken, 0, inToken.length); if (outToken != null) { sendToken(outToken); } if (!gssContext.isEstablished()) { inToken = readToken(); } else { established = true; } } } finally { if (gssContext != null) { gssContext.dispose(); gssContext = null; } } return null; } }); } catch (PrivilegedActionException ex) { throw new AuthenticationException(ex.getException()); } catch (LoginException ex) { throw new AuthenticationException(ex); } AuthenticatedURL.extractToken(conn, token); }
From source file:org.apache.hadoop.security.SecureClientLogin.java
public synchronized static Subject loginUserFromKeytab(String user, String path) throws IOException { try {/*from www . ja va2s . co m*/ Subject subject = new Subject(); SecureClientLoginConfiguration loginConf = new SecureClientLoginConfiguration(true, user, path); LoginContext login = new LoginContext("hadoop-keytab-kerberos", subject, null, loginConf); subject.getPrincipals().add(new User(user, AuthenticationMethod.KERBEROS, login)); login.login(); return login.getSubject(); } catch (LoginException le) { throw new IOException("Login failure for " + user + " from keytab " + path, le); } }
From source file:org.apache.hadoop.security.SecureClientLogin.java
public synchronized static Subject loginUserFromKeytab(String user, String path, String nameRules) throws IOException { try {/*from w ww . j a v a 2 s.c o m*/ Subject subject = new Subject(); SecureClientLoginConfiguration loginConf = new SecureClientLoginConfiguration(true, user, path); LoginContext login = new LoginContext("hadoop-keytab-kerberos", subject, null, loginConf); KerberosName.setRules(nameRules); subject.getPrincipals().add(new User(user, AuthenticationMethod.KERBEROS, login)); login.login(); return login.getSubject(); } catch (LoginException le) { throw new IOException("Login failure for " + user + " from keytab " + path, le); } }
From source file:org.apache.hadoop.security.SecureClientLogin.java
public synchronized static Subject loginUserWithPassword(String user, String password) throws IOException { String tmpPass = password;/*from w w w .ja v a 2 s. com*/ try { Subject subject = new Subject(); SecureClientLoginConfiguration loginConf = new SecureClientLoginConfiguration(false, user, password); LoginContext login = new LoginContext("hadoop-keytab-kerberos", subject, null, loginConf); subject.getPrincipals().add(new User(user, AuthenticationMethod.KERBEROS, login)); login.login(); return login.getSubject(); } catch (LoginException le) { throw new IOException("Login failure for " + user + " using password " + tmpPass.replaceAll(".", "*"), le); } }