List of usage examples for org.apache.hadoop.security.authentication.util KerberosUtil NT_GSS_KRB5_PRINCIPAL_OID
Oid NT_GSS_KRB5_PRINCIPAL_OID
To view the source code for org.apache.hadoop.security.authentication.util KerberosUtil NT_GSS_KRB5_PRINCIPAL_OID.
Click Source Link
From source file:org.apache.zeppelin.realm.kerberos.KerberosRealm.java
License:Apache License
private AuthenticationToken runWithPrincipal(String serverPrincipal, byte[] clientToken, Base64 base64, HttpServletResponse response) throws IOException, GSSException { GSSContext gssContext = null; GSSCredential gssCreds = null; AuthenticationToken token = null;//from w ww. ja va 2s . com try { LOG.trace("SPNEGO initiated with server principal [{}]", serverPrincipal); gssCreds = this.gssManager.createCredential( this.gssManager.createName(serverPrincipal, KerberosUtil.NT_GSS_KRB5_PRINCIPAL_OID), GSSCredential.INDEFINITE_LIFETIME, new Oid[] { KerberosUtil.GSS_SPNEGO_MECH_OID, KerberosUtil.GSS_KRB5_MECH_OID }, GSSCredential.ACCEPT_ONLY); gssContext = this.gssManager.createContext(gssCreds); byte[] serverToken = gssContext.acceptSecContext(clientToken, 0, clientToken.length); if (serverToken != null && serverToken.length > 0) { String authenticate = base64.encodeToString(serverToken); response.setHeader(KerberosAuthenticator.WWW_AUTHENTICATE, KerberosAuthenticator.NEGOTIATE + " " + authenticate); } if (!gssContext.isEstablished()) { response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); LOG.trace("SPNEGO in progress"); } else { String clientPrincipal = gssContext.getSrcName().toString(); KerberosName kerberosName = new KerberosName(clientPrincipal); String userName = kerberosName.getShortName(); token = new AuthenticationToken(userName, clientPrincipal, TYPE); response.setStatus(HttpServletResponse.SC_OK); LOG.trace("SPNEGO completed for client principal [{}]", clientPrincipal); } } finally { if (gssContext != null) { gssContext.dispose(); } if (gssCreds != null) { gssCreds.dispose(); } } return token; }