List of usage examples for org.apache.zookeeper.server.auth KerberosName getRealm
public String getRealm()
From source file:blazingcache.security.sasl.SaslNettyClient.java
License:Apache License
/** * Create a SaslNettyClient for authentication with servers. *//*from w ww. j a va2 s .c om*/ public SaslNettyClient(String username, String password, String serverHostname) throws Exception { String serverPrincipal = "blazingcache/" + serverHostname; clientSubject = loginClient(); if (clientSubject == null) { LOG.log(Level.SEVERE, "Using plain SASL/DIGEST-MD5 auth to connect to " + serverHostname); saslClient = Sasl.createSaslClient(new String[] { SaslUtils.AUTH_DIGEST_MD5 }, null, null, SaslUtils.DEFAULT_REALM, SaslUtils.getSaslProps(), new SaslClientCallbackHandler(username, password.toCharArray())); } else if (clientSubject.getPrincipals().isEmpty()) { LOG.log(Level.SEVERE, "Using JAAS/SASL/DIGEST-MD5 auth to connect to " + serverPrincipal); String[] mechs = { "DIGEST-MD5" }; username = (String) (clientSubject.getPublicCredentials().toArray()[0]); password = (String) (clientSubject.getPrivateCredentials().toArray()[0]); saslClient = Sasl.createSaslClient(mechs, username, "blazingcache", "blazingcache", null, new ClientCallbackHandler(password)); } else { // GSSAPI. final Object[] principals = clientSubject.getPrincipals().toArray(); // determine client principal from subject. final Principal clientPrincipal = (Principal) principals[0]; final KerberosName clientKerberosName = new KerberosName(clientPrincipal.getName()); KerberosName serviceKerberosName = new KerberosName( serverPrincipal + "@" + clientKerberosName.getRealm()); final String serviceName = serviceKerberosName.getServiceName(); final String serviceHostname = serviceKerberosName.getHostName(); final String clientPrincipalName = clientKerberosName.toString(); LOG.log(Level.SEVERE, "Using JAAS/SASL/GSSAPI auth to connect to server Principal " + serverPrincipal); saslClient = Subject.doAs(clientSubject, new PrivilegedExceptionAction<SaslClient>() { @Override public SaslClient run() throws SaslException { String[] mechs = { "GSSAPI" }; return Sasl.createSaslClient(mechs, clientPrincipalName, serviceName, serviceHostname, null, new ClientCallbackHandler(null)); } }); } if (saslClient == null) { throw new IOException("Cannot create JVM SASL Client"); } }
From source file:com.lami.tuomatuo.mq.zookeeper.server.auth.SaslServerCallbackHandler.java
License:Apache License
private void handleAuthorizeCallback(AuthorizeCallback ac) { String authenticationID = ac.getAuthenticationID(); String authorizationID = ac.getAuthorizationID(); LOG.info("Successfully authenticated client: authenticationID=" + authenticationID + "; authorizationID=" + authorizationID + "."); ac.setAuthorized(true);/*w ww . j av a 2 s . com*/ // canonicalize authorization id according to system properties: // zookeeper.kerberos.removeRealmFromPrincipal(={true,false}) // zookeeper.kerberos.removeHostFromPrincipal(={true,false}) KerberosName kerberosName = new KerberosName(authenticationID); try { StringBuilder userNameBuilder = new StringBuilder(kerberosName.getShortName()); if (shouldAppendHost(kerberosName)) { userNameBuilder.append("/").append(kerberosName.getHostName()); } if (shouldAppendRealm(kerberosName)) { userNameBuilder.append("@").append(kerberosName.getRealm()); } LOG.info("Setting authorizedID: " + userNameBuilder); ac.setAuthorizedID(userNameBuilder.toString()); } catch (IOException e) { LOG.error("Failed to set name based on Kerberos authentication rules."); } }
From source file:com.lami.tuomatuo.mq.zookeeper.server.auth.SaslServerCallbackHandler.java
License:Apache License
private boolean shouldAppendRealm(KerberosName kerberosName) { return !isSystemPropertyTrue(SYSPROP_REMOVE_REALM) && kerberosName.getRealm() != null; }
From source file:herddb.security.sasl.SaslNettyClient.java
License:Apache License
/** * Create a SaslNettyClient for authentication with servers. *//*from w w w .j ava 2s. com*/ public SaslNettyClient(String username, String password, String serverHostname) throws Exception { String serverPrincipal = "herddb/" + serverHostname; clientSubject = loginClient(); if (clientSubject == null) { LOG.log(Level.FINEST, "Using plain SASL/DIGEST-MD5 auth to connect to " + serverHostname); saslClient = Sasl.createSaslClient(new String[] { SaslUtils.AUTH_DIGEST_MD5 }, null, null, SaslUtils.DEFAULT_REALM, SaslUtils.getSaslProps(), new SaslClientCallbackHandler(username, password.toCharArray())); } else if (clientSubject.getPrincipals().isEmpty()) { LOG.log(Level.FINEST, "Using JAAS/SASL/DIGEST-MD5 auth to connect to " + serverPrincipal); String[] mechs = { "DIGEST-MD5" }; username = (String) (clientSubject.getPublicCredentials().toArray()[0]); password = (String) (clientSubject.getPrivateCredentials().toArray()[0]); saslClient = Sasl.createSaslClient(mechs, username, "herddb", "herddb", null, new ClientCallbackHandler(password)); } else { // GSSAPI. final Object[] principals = clientSubject.getPrincipals().toArray(); // determine client principal from subject. final Principal clientPrincipal = (Principal) principals[0]; final KerberosName clientKerberosName = new KerberosName(clientPrincipal.getName()); KerberosName serviceKerberosName = new KerberosName( serverPrincipal + "@" + clientKerberosName.getRealm()); final String serviceName = serviceKerberosName.getServiceName(); final String serviceHostname = serviceKerberosName.getHostName(); final String clientPrincipalName = clientKerberosName.toString(); LOG.log(Level.FINEST, "Using JAAS/SASL/GSSAPI auth to connect to server Principal " + serverPrincipal); saslClient = Subject.doAs(clientSubject, new PrivilegedExceptionAction<SaslClient>() { @Override public SaslClient run() throws SaslException { String[] mechs = { "GSSAPI" }; return Sasl.createSaslClient(mechs, clientPrincipalName, serviceName, serviceHostname, null, new ClientCallbackHandler(null)); } }); } if (saslClient == null) { throw new IOException("Cannot create JVM SASL Client"); } }
From source file:majordodo.security.sasl.SaslNettyClient.java
License:Apache License
/** * Create a SaslNettyClient for authentication with servers. *//*from w w w . jav a 2 s . c o m*/ public SaslNettyClient(String username, String password, String serverHostname) throws Exception { String serverPrincipal = "majordodo/" + serverHostname; clientSubject = loginClient(); if (clientSubject == null) { LOG.log(Level.SEVERE, "Using plain SASL/DIGEST-MD5 auth to connect to " + serverHostname); saslClient = Sasl.createSaslClient(new String[] { SaslUtils.AUTH_DIGEST_MD5 }, null, null, SaslUtils.DEFAULT_REALM, SaslUtils.getSaslProps(), new SaslClientCallbackHandler(username, password.toCharArray())); } else if (clientSubject.getPrincipals().isEmpty()) { LOG.log(Level.SEVERE, "Using JAAS/SASL/DIGEST-MD5 auth to connect to " + serverPrincipal); String[] mechs = { "DIGEST-MD5" }; username = (String) (clientSubject.getPublicCredentials().toArray()[0]); password = (String) (clientSubject.getPrivateCredentials().toArray()[0]); saslClient = Sasl.createSaslClient(mechs, username, "majordodo", "majordodo", null, new ClientCallbackHandler(password)); } else { // GSSAPI. final Object[] principals = clientSubject.getPrincipals().toArray(); // determine client principal from subject. final Principal clientPrincipal = (Principal) principals[0]; final KerberosName clientKerberosName = new KerberosName(clientPrincipal.getName()); KerberosName serviceKerberosName = new KerberosName( serverPrincipal + "@" + clientKerberosName.getRealm()); final String serviceName = serviceKerberosName.getServiceName(); final String serviceHostname = serviceKerberosName.getHostName(); final String clientPrincipalName = clientKerberosName.toString(); LOG.log(Level.SEVERE, "Using JAAS/SASL/GSSAPI auth to connect to server Principal " + serverPrincipal); saslClient = Subject.doAs(clientSubject, new PrivilegedExceptionAction<SaslClient>() { @Override public SaslClient run() throws SaslException { String[] mechs = { "GSSAPI" }; return Sasl.createSaslClient(mechs, clientPrincipalName, serviceName, serviceHostname, null, new ClientCallbackHandler(null)); } }); } if (saslClient == null) { throw new IOException("Cannot create JVM SASL Client"); } }
From source file:org.apache.bookkeeper.sasl.SaslClientState.java
License:Apache License
public SaslClientState(String serverHostname, Subject subject) throws SaslException { String serverPrincipal = SaslConstants.SASL_BOOKKEEPER_PROTOCOL + "/" + serverHostname; this.clientSubject = subject; if (clientSubject == null) { throw new SaslException("Cannot create JAAS Sujbect for SASL"); }/*from w w w . j a va 2 s . c o m*/ if (clientSubject.getPrincipals().isEmpty()) { if (LOG.isDebugEnabled()) { LOG.debug("Using JAAS/SASL/DIGEST-MD5 auth to connect to {}", serverPrincipal); } String[] mechs = { "DIGEST-MD5" }; username = (String) (clientSubject.getPublicCredentials().toArray()[0]); password = (String) (clientSubject.getPrivateCredentials().toArray()[0]); saslClient = Sasl.createSaslClient(mechs, username, SaslConstants.SASL_BOOKKEEPER_PROTOCOL, SaslConstants.SASL_MD5_DUMMY_HOSTNAME, null, new ClientCallbackHandler(password)); } else { // GSSAPI/Kerberos final Object[] principals = clientSubject.getPrincipals().toArray(); final Principal clientPrincipal = (Principal) principals[0]; final KerberosName clientKerberosName = new KerberosName(clientPrincipal.getName()); KerberosName serviceKerberosName = new KerberosName( serverPrincipal + "@" + clientKerberosName.getRealm()); final String serviceName = serviceKerberosName.getServiceName(); final String serviceHostname = serviceKerberosName.getHostName(); final String clientPrincipalName = clientKerberosName.toString(); if (LOG.isDebugEnabled()) { LOG.debug("Using JAAS/SASL/GSSAPI auth to connect to server Principal {}", serverPrincipal); } try { saslClient = Subject.doAs(clientSubject, new PrivilegedExceptionAction<SaslClient>() { @Override public SaslClient run() throws SaslException { String[] mechs = { "GSSAPI" }; return Sasl.createSaslClient(mechs, clientPrincipalName, serviceName, serviceHostname, null, new ClientCallbackHandler(null)); } }); } catch (PrivilegedActionException err) { if (LOG.isDebugEnabled()) { LOG.debug("GSSAPI client error", err.getCause()); } throw new SaslException("error while booting GSSAPI client", err.getCause()); } } if (saslClient == null) { throw new SaslException("Cannot create JVM SASL Client"); } }