List of usage examples for org.apache.zookeeper Login getSubject
public Subject getSubject()
From source file:backtype.storm.messaging.netty.KerberosSaslNettyClient.java
License:Apache License
/** * Create a KerberosSaslNettyClient for authentication with servers. *//* w ww . java 2 s . c om*/ public KerberosSaslNettyClient(Map storm_conf, String jaas_section) { LOG.debug("KerberosSaslNettyClient: Creating SASL {} client to authenticate to server ", SaslUtils.KERBEROS); LOG.info("Creating Kerberos Client."); Configuration login_conf; try { login_conf = AuthUtils.GetConfiguration(storm_conf); } catch (Throwable t) { LOG.error("Failed to get login_conf: ", t); throw t; } LOG.debug("KerberosSaslNettyClient: authmethod {}", SaslUtils.KERBEROS); SaslClientCallbackHandler ch = new SaslClientCallbackHandler(); subject = null; try { LOG.debug("Setting Configuration to login_config: {}", login_conf); //specify a configuration object to be used Configuration.setConfiguration(login_conf); //now login LOG.debug("Trying to login."); Login login = new Login(jaas_section, ch); subject = login.getSubject(); LOG.debug("Got Subject: {}", subject.toString()); } catch (LoginException ex) { LOG.error("Client failed to login in principal:" + ex, ex); throw new RuntimeException(ex); } //check the credential of our principal if (subject.getPrivateCredentials(KerberosTicket.class).isEmpty()) { LOG.error("Failed to verify user principal."); throw new RuntimeException("Fail to verify user principal with section \"" + jaas_section + "\" in login configuration file " + login_conf); } String serviceName = null; try { serviceName = AuthUtils.get(login_conf, jaas_section, "serviceName"); } catch (IOException e) { LOG.error("Failed to get service name.", e); throw new RuntimeException(e); } try { Principal principal = (Principal) subject.getPrincipals().toArray()[0]; final String fPrincipalName = principal.getName(); final String fHost = (String) storm_conf.get(Config.PACEMAKER_HOST); final String fServiceName = serviceName; final CallbackHandler fch = ch; LOG.debug("Kerberos Client with principal: {}, host: {}", fPrincipalName, fHost); saslClient = Subject.doAs(subject, new PrivilegedExceptionAction<SaslClient>() { public SaslClient run() { try { Map<String, String> props = new TreeMap<String, String>(); props.put(Sasl.QOP, "auth"); props.put(Sasl.SERVER_AUTH, "false"); return Sasl.createSaslClient(new String[] { SaslUtils.KERBEROS }, fPrincipalName, fServiceName, fHost, props, fch); } catch (Exception e) { LOG.error("Subject failed to create sasl client.", e); return null; } } }); LOG.info("Got Client: {}", saslClient); } catch (PrivilegedActionException e) { LOG.error("KerberosSaslNettyClient: Could not create Sasl Netty Client."); throw new RuntimeException(e); } }
From source file:backtype.storm.messaging.netty.KerberosSaslNettyServer.java
License:Apache License
KerberosSaslNettyServer(Map storm_conf, String jaas_section, List<String> authorizedUsers) {
this.authorizedUsers = authorizedUsers;
LOG.debug("Getting Configuration.");
Configuration login_conf;/*from ww w.j a v a 2s. c o m*/
try {
login_conf = AuthUtils.GetConfiguration(storm_conf);
} catch (Throwable t) {
LOG.error("Failed to get login_conf: ", t);
throw t;
}
LOG.debug("KerberosSaslNettyServer: authmethod {}", SaslUtils.KERBEROS);
KerberosSaslCallbackHandler ch = new KerberosSaslNettyServer.KerberosSaslCallbackHandler(authorizedUsers);
//login our principal
subject = null;
try {
LOG.debug("Setting Configuration to login_config: {}", login_conf);
//specify a configuration object to be used
Configuration.setConfiguration(login_conf);
//now login
LOG.debug("Trying to login.");
Login login = new Login(jaas_section, ch);
subject = login.getSubject();
LOG.debug("Got Subject: {}", subject.toString());
} catch (LoginException ex) {
LOG.error("Server failed to login in principal:", ex);
throw new RuntimeException(ex);
}
//check the credential of our principal
if (subject.getPrivateCredentials(KerberosTicket.class).isEmpty()) {
LOG.error("Failed to verifyuser principal.");
throw new RuntimeException("Fail to verify user principal with section \"" + jaas_section
+ "\" in login configuration file " + login_conf);
}
try {
LOG.info("Creating Kerberos Server.");
final CallbackHandler fch = ch;
Principal p = (Principal) subject.getPrincipals().toArray()[0];
KerberosName kName = new KerberosName(p.getName());
final String fHost = kName.getHostName();
final String fServiceName = kName.getServiceName();
LOG.debug("Server with host: {}", fHost);
saslServer = Subject.doAs(subject, new PrivilegedExceptionAction<SaslServer>() {
public SaslServer run() {
try {
Map<String, String> props = new TreeMap<String, String>();
props.put(Sasl.QOP, "auth");
props.put(Sasl.SERVER_AUTH, "false");
return Sasl.createSaslServer(SaslUtils.KERBEROS, fServiceName, fHost, props, fch);
} catch (Exception e) {
LOG.error("Subject failed to create sasl server.", e);
return null;
}
}
});
LOG.info("Got Server: {}", saslServer);
} catch (PrivilegedActionException e) {
LOG.error("KerberosSaslNettyServer: Could not create SaslServer: ", e);
throw new RuntimeException(e);
}
}
From source file:backtype.storm.security.auth.kerberos.KerberosSaslTransportPlugin.java
License:Apache License
public TTransportFactory getServerTransportFactory() throws IOException { //create an authentication callback handler CallbackHandler server_callback_handler = new ServerCallbackHandler(login_conf, storm_conf); //login our principal Subject subject = null;/*from ww w . j a va2s . com*/ try { //specify a configuration object to be used Configuration.setConfiguration(login_conf); //now login Login login = new Login(AuthUtils.LOGIN_CONTEXT_SERVER, server_callback_handler); subject = login.getSubject(); } catch (LoginException ex) { LOG.error("Server failed to login in principal:" + ex, ex); throw new RuntimeException(ex); } //check the credential of our principal if (subject.getPrivateCredentials(KerberosTicket.class).isEmpty()) { throw new RuntimeException("Fail to verify user principal with section \"" + AuthUtils.LOGIN_CONTEXT_SERVER + "\" in login configuration file " + login_conf); } String principal = AuthUtils.get(login_conf, AuthUtils.LOGIN_CONTEXT_SERVER, "principal"); LOG.debug("principal:" + principal); KerberosName serviceKerberosName = new KerberosName(principal); String serviceName = serviceKerberosName.getServiceName(); String hostName = serviceKerberosName.getHostName(); Map<String, String> props = new TreeMap<String, String>(); props.put(Sasl.QOP, "auth"); props.put(Sasl.SERVER_AUTH, "false"); //create a transport factory that will invoke our auth callback for digest TSaslServerTransport.Factory factory = new TSaslServerTransport.Factory(); factory.addServerDefinition(KERBEROS, serviceName, hostName, props, server_callback_handler); //create a wrap transport factory so that we could apply user credential during connections TUGIAssumingTransportFactory wrapFactory = new TUGIAssumingTransportFactory(factory, subject); LOG.info("SASL GSSAPI transport factory will be used"); return wrapFactory; }
From source file:backtype.storm.security.auth.kerberos.KerberosSaslTransportPlugin.java
License:Apache License
@Override public TTransport connect(TTransport transport, String serverHost, String asUser) throws TTransportException, IOException { //create an authentication callback handler ClientCallbackHandler client_callback_handler = new ClientCallbackHandler(login_conf); //login our user Login login = null; try {// w ww.ja va2 s .c om //specify a configuration object to be used Configuration.setConfiguration(login_conf); //now login login = new Login(AuthUtils.LOGIN_CONTEXT_CLIENT, client_callback_handler); } catch (LoginException ex) { LOG.error("Server failed to login in principal:" + ex, ex); throw new RuntimeException(ex); } final Subject subject = login.getSubject(); if (subject.getPrivateCredentials(KerberosTicket.class).isEmpty()) { //error throw new RuntimeException("Fail to verify user principal with section \"" + AuthUtils.LOGIN_CONTEXT_CLIENT + "\" in login configuration file " + login_conf); } final String principal = StringUtils.isBlank(asUser) ? getPrincipal(subject) : asUser; String serviceName = AuthUtils.get(login_conf, AuthUtils.LOGIN_CONTEXT_CLIENT, "serviceName"); if (serviceName == null) { serviceName = AuthUtils.SERVICE; } Map<String, String> props = new TreeMap<String, String>(); props.put(Sasl.QOP, "auth"); props.put(Sasl.SERVER_AUTH, "false"); LOG.debug("SASL GSSAPI client transport is being established"); final TTransport sasalTransport = new TSaslClientTransport(KERBEROS, principal, serviceName, serverHost, props, null, transport); //open Sasl transport with the login credential try { Subject.doAs(subject, new PrivilegedExceptionAction<Void>() { public Void run() { try { LOG.debug("do as:" + principal); sasalTransport.open(); } catch (Exception e) { LOG.error( "Client failed to open SaslClientTransport to interact with a server during session initiation: " + e, e); } return null; } }); } catch (PrivilegedActionException e) { throw new RuntimeException(e); } return sasalTransport; }