Example usage for javax.security.sasl Sasl QOP

List of usage examples for javax.security.sasl Sasl QOP

  1. HOME
  2. Java
  3. javax
  4. javax.security.sasl.*
  5. Sasl
  6. QOP

Introduction

In this page you can find the example usage for javax.security.sasl Sasl QOP.

Prototype

String QOP

To view the source code for javax.security.sasl Sasl QOP.

Click Source Link

Document

The name of a property that specifies the quality-of-protection to use.

Usage

From source file:org.apache.storm.security.auth.kerberos.KerberosSaslTransportPlugin.java

public TTransportFactory getServerTransportFactory() throws IOException {
    //create an authentication callback handler
    CallbackHandler server_callback_handler = new ServerCallbackHandler(login_conf, topoConf);

    //login our principal
    Subject subject = null;//from ww  w .  j  a  va2 s  . c o m
    try {
        //specify a configuration object to be used
        Configuration.setConfiguration(login_conf);
        //now login
        Login login = new Login(AuthUtils.LOGIN_CONTEXT_SERVER, server_callback_handler);
        subject = login.getSubject();
        login.startThreadIfNeeded();
    } catch (LoginException ex) {
        LOG.error("Server failed to login in principal:" + ex, ex);
        throw new RuntimeException(ex);
    }

    //check the credential of our principal
    if (subject.getPrivateCredentials(KerberosTicket.class).isEmpty()) {
        throw new RuntimeException("Fail to verify user principal with section \""
                + AuthUtils.LOGIN_CONTEXT_SERVER + "\" in login configuration file " + login_conf);
    }

    String principal = AuthUtils.get(login_conf, AuthUtils.LOGIN_CONTEXT_SERVER, "principal");
    LOG.debug("principal:" + principal);
    KerberosName serviceKerberosName = new KerberosName(principal);
    String serviceName = serviceKerberosName.getServiceName();
    String hostName = serviceKerberosName.getHostName();
    Map<String, String> props = new TreeMap<String, String>();
    props.put(Sasl.QOP, "auth");
    props.put(Sasl.SERVER_AUTH, "false");

    //create a transport factory that will invoke our auth callback for digest
    TSaslServerTransport.Factory factory = new TSaslServerTransport.Factory();
    factory.addServerDefinition(KERBEROS, serviceName, hostName, props, server_callback_handler);

    //create a wrap transport factory so that we could apply user credential during connections
    TUGIAssumingTransportFactory wrapFactory = new TUGIAssumingTransportFactory(factory, subject);

    LOG.info("SASL GSSAPI transport factory will be used");
    return wrapFactory;
}

From source file:org.apache.storm.security.auth.kerberos.KerberosSaslTransportPlugin.java

@Override
public TTransport connect(TTransport transport, String serverHost, String asUser)
        throws TTransportException, IOException {
    //create an authentication callback handler
    ClientCallbackHandler client_callback_handler = new ClientCallbackHandler(login_conf);

    //login our user
    LoginCacheKey key = new LoginCacheKey(login_conf, AuthUtils.LOGIN_CONTEXT_CLIENT);
    Login login = loginCache.get(key);// ww w . j  av  a  2s.c o  m
    if (login == null) {
        LOG.debug("Kerberos Login was not found in the Login Cache, attempting to contact the Kerberos Server");
        synchronized (loginCache) {
            login = loginCache.get(key);
            if (login == null) {
                try {
                    //specify a configuration object to be used
                    Configuration.setConfiguration(login_conf);
                    //now login
                    login = new Login(AuthUtils.LOGIN_CONTEXT_CLIENT, client_callback_handler);
                    login.startThreadIfNeeded();
                    loginCache.put(key, login);
                } catch (LoginException ex) {
                    LOG.error("Server failed to login in principal:" + ex, ex);
                    throw new RuntimeException(ex);
                }
            }
        }
    }

    final Subject subject = login.getSubject();
    if (subject.getPrivateCredentials(KerberosTicket.class).isEmpty()) { //error
        throw new RuntimeException("Fail to verify user principal with section \""
                + AuthUtils.LOGIN_CONTEXT_CLIENT + "\" in login configuration file " + login_conf);
    }

    final String principal = StringUtils.isBlank(asUser) ? getPrincipal(subject) : asUser;
    String serviceName = AuthUtils.get(login_conf, AuthUtils.LOGIN_CONTEXT_CLIENT, "serviceName");
    if (serviceName == null) {
        serviceName = AuthUtils.SERVICE;
    }
    Map<String, String> props = new TreeMap<String, String>();
    props.put(Sasl.QOP, "auth");
    props.put(Sasl.SERVER_AUTH, "false");

    LOG.debug("SASL GSSAPI client transport is being established");
    final TTransport sasalTransport = new TSaslClientTransport(KERBEROS, principal, serviceName, serverHost,
            props, null, transport);

    //open Sasl transport with the login credential
    try {
        Subject.doAs(subject, new PrivilegedExceptionAction<Void>() {
            public Void run() {
                try {
                    LOG.debug("do as:" + principal);
                    sasalTransport.open();
                } catch (Exception e) {
                    LOG.error(
                            "Client failed to open SaslClientTransport to interact with a server during session initiation: "
                                    + e,
                            e);
                }
                return null;
            }
        });
    } catch (PrivilegedActionException e) {
        throw new RuntimeException(e);
    }

    return sasalTransport;
}