List of usage examples for javax.security.auth.login LoginContext LoginContext
public LoginContext(String name, Subject subject, CallbackHandler callbackHandler, Configuration config) throws LoginException
From source file:org.pentaho.di.trans.ael.websocket.SessionConfigurator.java
private Subject getServiceSubject(ClientLoginConfig loginConfig) throws Exception { Set<Principal> princ = new HashSet<>(1); princ.add(new KerberosPrincipal(this.principal)); Subject sub = new Subject(false, princ, new HashSet(), new HashSet()); loginContext = new LoginContext("", sub, null, loginConfig); loginContext.login();/* w ww . ja va 2 s . c o m*/ return loginContext.getSubject(); }
From source file:org.elasticsearch.xpack.security.authc.kerberos.SpnegoHttpClientConfigCallbackHandler.java
/** * If logged in {@link LoginContext} is not available, it attempts login and * returns {@link LoginContext}//www . ja va 2s . c om * * @return {@link LoginContext} * @throws PrivilegedActionException */ public synchronized LoginContext login() throws PrivilegedActionException { if (this.loginContext == null) { AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> { final Subject subject = new Subject(false, Collections.singleton(new KerberosPrincipal(userPrincipalName)), Collections.emptySet(), Collections.emptySet()); Configuration conf = null; final CallbackHandler callback; if (password != null) { conf = new PasswordJaasConf(userPrincipalName, enableDebugLogs); callback = new KrbCallbackHandler(userPrincipalName, password); } else { conf = new KeytabJaasConf(userPrincipalName, keytabPath, enableDebugLogs); callback = null; } loginContext = new LoginContext(CRED_CONF_NAME, subject, callback, conf); loginContext.login(); return null; }); } return loginContext; }
From source file:com.lucidworks.security.authentication.server.KerberosAuthenticationHandler.java
/** * Initializes the authentication handler instance. * <p/>/*from w w w . j ava2 s. c om*/ * It creates a Kerberos context using the principal and keytab specified in the configuration. * <p/> * This method is invoked by the {@link AuthenticationFilter#init} method. * * @param config configuration properties to initialize the handler. * * @throws ServletException thrown if the handler could not be initialized. */ @Override public void init(Properties config) throws ServletException { try { principal = config.getProperty(PRINCIPAL, principal); if (principal == null || principal.trim().length() == 0) { throw new ServletException("Principal not defined in configuration"); } keytab = config.getProperty(KEYTAB, keytab); if (keytab == null || keytab.trim().length() == 0) { throw new ServletException("Keytab not defined in configuration"); } if (!new File(keytab).exists()) { throw new ServletException("Keytab does not exist: " + keytab); } String nameRules = config.getProperty(NAME_RULES, null); if (nameRules != null) { KerberosName.setRules(nameRules); } Set<Principal> principals = new HashSet<Principal>(); principals.add(new KerberosPrincipal(principal)); Subject subject = new Subject(false, principals, new HashSet<Object>(), new HashSet<Object>()); KerberosConfiguration kerberosConfiguration = new KerberosConfiguration(keytab, principal); LOG.info("Login using keytab " + keytab + ", for principal " + principal); loginContext = new LoginContext("", subject, null, kerberosConfiguration); loginContext.login(); Subject serverSubject = loginContext.getSubject(); try { gssManager = Subject.doAs(serverSubject, new PrivilegedExceptionAction<GSSManager>() { @Override public GSSManager run() throws Exception { return GSSManager.getInstance(); } }); } catch (PrivilegedActionException ex) { throw ex.getException(); } LOG.info("Initialized, principal [{}] from keytab [{}]", principal, keytab); } catch (Exception ex) { throw new ServletException(ex); } }
From source file:com.flipkart.fdp.migration.distcp.security.KerberosAuthenticator2.java
/** * Implements the SPNEGO authentication sequence interaction using the * current default principal in the Kerberos cache (normally set via kinit). * /* w w w . j a v a 2s .c o m*/ * @param token * the authentication token being used for the user. * * @throws IOException * if an IO error occurred. * @throws AuthenticationException * if an authentication error occurred. */ private void doSpnegoSequence(AuthenticatedURL.Token token) throws IOException, AuthenticationException { try { /* * // AccessControlContext context = AccessController.getContext(); * Subject subject = Subject.getSubject(context); if (subject == * null) { subject = new Subject(); LoginContext login = new * LoginContext("", subject, null, new KerberosConfiguration()); * login.login(); } */ LoginContext loginContext = new LoginContext("", null, new KerberosClientCallbackHandler(username, password), new LoginConfig(this.debug)); loginContext.login(); // if (LOG.isDebugEnabled()) { // LOG.debug("Kerberos authenticated user: " // + loginContext.getSubject()); // } Subject subject = loginContext.getSubject(); Subject.doAs(subject, new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { GSSContext gssContext = null; try { GSSManager gssManager = GSSManager.getInstance(); Oid oid = KerberosUtil.getOidInstance("NT_GSS_KRB5_PRINCIPAL"); String sp = KerberosAuthenticator2.this.servicePrincipal; if (sp == null) { sp = "HTTP/" + KerberosAuthenticator2.this.url.getHost(); } GSSName serviceName = gssManager.createName(sp, oid); oid = KerberosUtil.getOidInstance("GSS_KRB5_MECH_OID"); gssContext = gssManager.createContext(serviceName, oid, null, GSSContext.DEFAULT_LIFETIME); gssContext.requestCredDeleg(true); gssContext.requestMutualAuth(true); byte[] inToken = new byte[0]; byte[] outToken; boolean established = false; // Loop while the context is still not established while (!established) { outToken = gssContext.initSecContext(inToken, 0, inToken.length); if (outToken != null) { sendToken(outToken); } if (!gssContext.isEstablished()) { inToken = readToken(); } else { established = true; } } } finally { if (gssContext != null) { gssContext.dispose(); gssContext = null; } } return null; } }); } catch (PrivilegedActionException ex) { throw new AuthenticationException(ex.getException()); } catch (LoginException ex) { throw new AuthenticationException(ex); } AuthenticatedURL.extractToken(conn, token); }
From source file:org.springframework.security.kerberos.client.KerberosRestTemplate.java
/** * Setup the {@link LoginContext} with credentials and options for authentication against kerberos. * * @return the login context//from w w w . j a v a 2s . c o m */ private LoginContext buildLoginContext() throws LoginException { ClientLoginConfig loginConfig = new ClientLoginConfig(keyTabLocation, userPrincipal, password, loginOptions); Set<Principal> princ = new HashSet<Principal>(1); princ.add(new KerberosPrincipal(userPrincipal)); Subject sub = new Subject(false, princ, new HashSet<Object>(), new HashSet<Object>()); CallbackHandler callbackHandler = new CallbackHandlerImpl(userPrincipal, password); LoginContext lc = new LoginContext("", sub, callbackHandler, loginConfig); return lc; }
From source file:main.client.http.KerberosAuthenticator2.java
/** * Implements the SPNEGO authentication sequence interaction using the * current default principal in the Kerberos cache (normally set via kinit). * /* w w w .j av a 2 s . co m*/ * @param token * the authentication token being used for the user. * * @throws IOException * if an IO error occurred. * @throws AuthenticationException * if an authentication error occurred. */ private void doSpnegoSequence(AuthenticatedURL.Token token) throws IOException, AuthenticationException { try { /* // AccessControlContext context = AccessController.getContext(); Subject subject = Subject.getSubject(context); if (subject == null) { subject = new Subject(); LoginContext login = new LoginContext("", subject, null, new KerberosConfiguration()); login.login(); } */ LoginContext loginContext = new LoginContext("", null, new KerberosClientCallbackHandler(username, password), new LoginConfig(this.debug)); loginContext.login(); if (LOG.isDebugEnabled()) { LOG.debug("Kerberos authenticated user: " + loginContext.getSubject()); } Subject subject = loginContext.getSubject(); Subject.doAs(subject, new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception { GSSContext gssContext = null; try { GSSManager gssManager = GSSManager.getInstance(); String servicePrincipal = "HTTP/" + KerberosAuthenticator2.this.url.getHost(); Oid oid = KerberosUtil.getOidInstance("NT_GSS_KRB5_PRINCIPAL"); GSSName serviceName = gssManager.createName(servicePrincipal, oid); oid = KerberosUtil.getOidInstance("GSS_KRB5_MECH_OID"); gssContext = gssManager.createContext(serviceName, oid, null, GSSContext.DEFAULT_LIFETIME); gssContext.requestCredDeleg(true); gssContext.requestMutualAuth(true); byte[] inToken = new byte[0]; byte[] outToken; boolean established = false; // Loop while the context is still not established while (!established) { outToken = gssContext.initSecContext(inToken, 0, inToken.length); if (outToken != null) { sendToken(outToken); } if (!gssContext.isEstablished()) { inToken = readToken(); } else { established = true; } } } finally { if (gssContext != null) { gssContext.dispose(); gssContext = null; } } return null; } }); } catch (PrivilegedActionException ex) { throw new AuthenticationException(ex.getException()); } catch (LoginException ex) { throw new AuthenticationException(ex); } AuthenticatedURL.extractToken(conn, token); }
From source file:com.lucidworks.security.authentication.client.KerberosAuthenticator.java
/** * Implements the SPNEGO authentication sequence interaction using the current default principal * in the Kerberos cache (normally set via kinit). * * @param token the authentication token being used for the user. * * @throws IOException if an IO error occurred. * @throws AuthenticationException if an authentication error occurred. *//*from w w w .java2 s . co m*/ private void doSpnegoSequence(AuthenticatedURL.Token token) throws IOException, AuthenticationException { try { AccessControlContext context = AccessController.getContext(); Subject subject = Subject.getSubject(context); if (subject == null) { LOG.debug("No subject in context, logging in"); subject = new Subject(); LoginContext login = new LoginContext("", subject, null, new KerberosConfiguration()); login.login(); } if (LOG.isDebugEnabled()) { LOG.debug("Using subject: " + subject); } Subject.doAs(subject, new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception { GSSContext gssContext = null; try { GSSManager gssManager = GSSManager.getInstance(); String servicePrincipal = KerberosUtil.getServicePrincipal("HTTP", KerberosAuthenticator.this.url.getHost()); Oid oid = KerberosUtil.getOidInstance("NT_GSS_KRB5_PRINCIPAL"); GSSName serviceName = gssManager.createName(servicePrincipal, oid); oid = KerberosUtil.getOidInstance("GSS_KRB5_MECH_OID"); gssContext = gssManager.createContext(serviceName, oid, null, GSSContext.DEFAULT_LIFETIME); gssContext.requestCredDeleg(true); gssContext.requestMutualAuth(true); byte[] inToken = new byte[0]; byte[] outToken; boolean established = false; // Loop while the context is still not established while (!established) { outToken = gssContext.initSecContext(inToken, 0, inToken.length); if (outToken != null) { sendToken(outToken); } if (!gssContext.isEstablished()) { inToken = readToken(); } else { established = true; } } } finally { if (gssContext != null) { gssContext.dispose(); gssContext = null; } } return null; } }); } catch (PrivilegedActionException ex) { throw new AuthenticationException(ex.getException()); } catch (LoginException ex) { throw new AuthenticationException(ex); } AuthenticatedURL.extractToken(conn, token); }
From source file:com.xebialabs.overthere.winrm.WinRmClient.java
/** * Performs the JAAS login and run the sendRequest method within a privileged scope. *///from w ww . j ava2 s . c o m private Document runPrivileged(final PrivilegedSendMessage privilegedSendMessage) { final CallbackHandler handler = new ProvidedAuthCallback(username, password); Document result; try { final LoginContext lc = new LoginContext("", null, handler, new KerberosJaasConfiguration(kerberosDebug, kerberosTicketCache)); lc.login(); result = Subject.doAs(lc.getSubject(), privilegedSendMessage); } catch (LoginException e) { throw new WinRmRuntimeIOException( "Login failure sending message on " + targetURL + " error: " + e.getMessage(), privilegedSendMessage.getRequestDocument(), null, e); } catch (PrivilegedActionException e) { throw new WinRmRuntimeIOException( "Failure sending message on " + targetURL + " error: " + e.getMessage(), privilegedSendMessage.getRequestDocument(), null, e.getException()); } return result; }
From source file:com.xebialabs.overthere.cifs.winrm.WinRmClient.java
/** * Performs the JAAS login and run the sendRequest method within a privileged scope. *//* ww w . ja v a 2 s . c om*/ private Document runPrivileged(final PrivilegedSendMessage privilegedSendMessage) { final CallbackHandler handler = new ProvidedAuthCallback(username, password); Document result; try { final LoginContext lc = new LoginContext("", null, handler, new KerberosJaasConfiguration(kerberosDebug)); lc.login(); result = Subject.doAs(lc.getSubject(), privilegedSendMessage); } catch (LoginException e) { throw new WinRmRuntimeIOException( "Login failure sending message on " + targetURL + " error: " + e.getMessage(), privilegedSendMessage.getRequestDocument(), null, e); } catch (PrivilegedActionException e) { throw new WinRmRuntimeIOException( "Failure sending message on " + targetURL + " error: " + e.getMessage(), privilegedSendMessage.getRequestDocument(), null, e.getException()); } return result; }
From source file:com.buaa.cfs.security.UserGroupInformation.java
private static LoginContext newLoginContext(String appName, Subject subject, javax.security.auth.login.Configuration loginConf) throws LoginException { // Temporarily switch the thread's ContextClassLoader to match this // class's classloader, so that we can properly load HadoopLoginModule // from the JAAS libraries. Thread t = Thread.currentThread(); ClassLoader oldCCL = t.getContextClassLoader(); t.setContextClassLoader(HadoopLoginModule.class.getClassLoader()); try {/*from w w w .ja v a 2s . c o m*/ return new LoginContext(appName, subject, null, loginConf); } finally { t.setContextClassLoader(oldCCL); } }