List of usage examples for org.apache.zookeeper.server.auth KerberosName getServiceName
public String getServiceName()
From source file:backtype.storm.messaging.netty.KerberosSaslNettyServer.java
License:Apache License
KerberosSaslNettyServer(Map storm_conf, String jaas_section, List<String> authorizedUsers) {
this.authorizedUsers = authorizedUsers;
LOG.debug("Getting Configuration.");
Configuration login_conf;/* ww w. j a v a2 s . c o m*/
try {
login_conf = AuthUtils.GetConfiguration(storm_conf);
} catch (Throwable t) {
LOG.error("Failed to get login_conf: ", t);
throw t;
}
LOG.debug("KerberosSaslNettyServer: authmethod {}", SaslUtils.KERBEROS);
KerberosSaslCallbackHandler ch = new KerberosSaslNettyServer.KerberosSaslCallbackHandler(authorizedUsers);
//login our principal
subject = null;
try {
LOG.debug("Setting Configuration to login_config: {}", login_conf);
//specify a configuration object to be used
Configuration.setConfiguration(login_conf);
//now login
LOG.debug("Trying to login.");
Login login = new Login(jaas_section, ch);
subject = login.getSubject();
LOG.debug("Got Subject: {}", subject.toString());
} catch (LoginException ex) {
LOG.error("Server failed to login in principal:", ex);
throw new RuntimeException(ex);
}
//check the credential of our principal
if (subject.getPrivateCredentials(KerberosTicket.class).isEmpty()) {
LOG.error("Failed to verifyuser principal.");
throw new RuntimeException("Fail to verify user principal with section \"" + jaas_section
+ "\" in login configuration file " + login_conf);
}
try {
LOG.info("Creating Kerberos Server.");
final CallbackHandler fch = ch;
Principal p = (Principal) subject.getPrincipals().toArray()[0];
KerberosName kName = new KerberosName(p.getName());
final String fHost = kName.getHostName();
final String fServiceName = kName.getServiceName();
LOG.debug("Server with host: {}", fHost);
saslServer = Subject.doAs(subject, new PrivilegedExceptionAction<SaslServer>() {
public SaslServer run() {
try {
Map<String, String> props = new TreeMap<String, String>();
props.put(Sasl.QOP, "auth");
props.put(Sasl.SERVER_AUTH, "false");
return Sasl.createSaslServer(SaslUtils.KERBEROS, fServiceName, fHost, props, fch);
} catch (Exception e) {
LOG.error("Subject failed to create sasl server.", e);
return null;
}
}
});
LOG.info("Got Server: {}", saslServer);
} catch (PrivilegedActionException e) {
LOG.error("KerberosSaslNettyServer: Could not create SaslServer: ", e);
throw new RuntimeException(e);
}
}
From source file:backtype.storm.security.auth.kerberos.KerberosSaslTransportPlugin.java
License:Apache License
public TTransportFactory getServerTransportFactory() throws IOException { //create an authentication callback handler CallbackHandler server_callback_handler = new ServerCallbackHandler(login_conf, storm_conf); //login our principal Subject subject = null;//ww w .j av a2 s .co m try { //specify a configuration object to be used Configuration.setConfiguration(login_conf); //now login Login login = new Login(AuthUtils.LOGIN_CONTEXT_SERVER, server_callback_handler); subject = login.getSubject(); } catch (LoginException ex) { LOG.error("Server failed to login in principal:" + ex, ex); throw new RuntimeException(ex); } //check the credential of our principal if (subject.getPrivateCredentials(KerberosTicket.class).isEmpty()) { throw new RuntimeException("Fail to verify user principal with section \"" + AuthUtils.LOGIN_CONTEXT_SERVER + "\" in login configuration file " + login_conf); } String principal = AuthUtils.get(login_conf, AuthUtils.LOGIN_CONTEXT_SERVER, "principal"); LOG.debug("principal:" + principal); KerberosName serviceKerberosName = new KerberosName(principal); String serviceName = serviceKerberosName.getServiceName(); String hostName = serviceKerberosName.getHostName(); Map<String, String> props = new TreeMap<String, String>(); props.put(Sasl.QOP, "auth"); props.put(Sasl.SERVER_AUTH, "false"); //create a transport factory that will invoke our auth callback for digest TSaslServerTransport.Factory factory = new TSaslServerTransport.Factory(); factory.addServerDefinition(KERBEROS, serviceName, hostName, props, server_callback_handler); //create a wrap transport factory so that we could apply user credential during connections TUGIAssumingTransportFactory wrapFactory = new TUGIAssumingTransportFactory(factory, subject); LOG.info("SASL GSSAPI transport factory will be used"); return wrapFactory; }
From source file:blazingcache.security.sasl.SaslNettyClient.java
License:Apache License
/** * Create a SaslNettyClient for authentication with servers. *///from ww w. jav a 2s . c o m public SaslNettyClient(String username, String password, String serverHostname) throws Exception { String serverPrincipal = "blazingcache/" + serverHostname; clientSubject = loginClient(); if (clientSubject == null) { LOG.log(Level.SEVERE, "Using plain SASL/DIGEST-MD5 auth to connect to " + serverHostname); saslClient = Sasl.createSaslClient(new String[] { SaslUtils.AUTH_DIGEST_MD5 }, null, null, SaslUtils.DEFAULT_REALM, SaslUtils.getSaslProps(), new SaslClientCallbackHandler(username, password.toCharArray())); } else if (clientSubject.getPrincipals().isEmpty()) { LOG.log(Level.SEVERE, "Using JAAS/SASL/DIGEST-MD5 auth to connect to " + serverPrincipal); String[] mechs = { "DIGEST-MD5" }; username = (String) (clientSubject.getPublicCredentials().toArray()[0]); password = (String) (clientSubject.getPrivateCredentials().toArray()[0]); saslClient = Sasl.createSaslClient(mechs, username, "blazingcache", "blazingcache", null, new ClientCallbackHandler(password)); } else { // GSSAPI. final Object[] principals = clientSubject.getPrincipals().toArray(); // determine client principal from subject. final Principal clientPrincipal = (Principal) principals[0]; final KerberosName clientKerberosName = new KerberosName(clientPrincipal.getName()); KerberosName serviceKerberosName = new KerberosName( serverPrincipal + "@" + clientKerberosName.getRealm()); final String serviceName = serviceKerberosName.getServiceName(); final String serviceHostname = serviceKerberosName.getHostName(); final String clientPrincipalName = clientKerberosName.toString(); LOG.log(Level.SEVERE, "Using JAAS/SASL/GSSAPI auth to connect to server Principal " + serverPrincipal); saslClient = Subject.doAs(clientSubject, new PrivilegedExceptionAction<SaslClient>() { @Override public SaslClient run() throws SaslException { String[] mechs = { "GSSAPI" }; return Sasl.createSaslClient(mechs, clientPrincipalName, serviceName, serviceHostname, null, new ClientCallbackHandler(null)); } }); } if (saslClient == null) { throw new IOException("Cannot create JVM SASL Client"); } }
From source file:herddb.security.sasl.SaslNettyClient.java
License:Apache License
/** * Create a SaslNettyClient for authentication with servers. */// ww w. j a v a2 s.c o m public SaslNettyClient(String username, String password, String serverHostname) throws Exception { String serverPrincipal = "herddb/" + serverHostname; clientSubject = loginClient(); if (clientSubject == null) { LOG.log(Level.FINEST, "Using plain SASL/DIGEST-MD5 auth to connect to " + serverHostname); saslClient = Sasl.createSaslClient(new String[] { SaslUtils.AUTH_DIGEST_MD5 }, null, null, SaslUtils.DEFAULT_REALM, SaslUtils.getSaslProps(), new SaslClientCallbackHandler(username, password.toCharArray())); } else if (clientSubject.getPrincipals().isEmpty()) { LOG.log(Level.FINEST, "Using JAAS/SASL/DIGEST-MD5 auth to connect to " + serverPrincipal); String[] mechs = { "DIGEST-MD5" }; username = (String) (clientSubject.getPublicCredentials().toArray()[0]); password = (String) (clientSubject.getPrivateCredentials().toArray()[0]); saslClient = Sasl.createSaslClient(mechs, username, "herddb", "herddb", null, new ClientCallbackHandler(password)); } else { // GSSAPI. final Object[] principals = clientSubject.getPrincipals().toArray(); // determine client principal from subject. final Principal clientPrincipal = (Principal) principals[0]; final KerberosName clientKerberosName = new KerberosName(clientPrincipal.getName()); KerberosName serviceKerberosName = new KerberosName( serverPrincipal + "@" + clientKerberosName.getRealm()); final String serviceName = serviceKerberosName.getServiceName(); final String serviceHostname = serviceKerberosName.getHostName(); final String clientPrincipalName = clientKerberosName.toString(); LOG.log(Level.FINEST, "Using JAAS/SASL/GSSAPI auth to connect to server Principal " + serverPrincipal); saslClient = Subject.doAs(clientSubject, new PrivilegedExceptionAction<SaslClient>() { @Override public SaslClient run() throws SaslException { String[] mechs = { "GSSAPI" }; return Sasl.createSaslClient(mechs, clientPrincipalName, serviceName, serviceHostname, null, new ClientCallbackHandler(null)); } }); } if (saslClient == null) { throw new IOException("Cannot create JVM SASL Client"); } }
From source file:majordodo.security.sasl.SaslNettyClient.java
License:Apache License
/** * Create a SaslNettyClient for authentication with servers. */// w w w. j a va 2s.c om public SaslNettyClient(String username, String password, String serverHostname) throws Exception { String serverPrincipal = "majordodo/" + serverHostname; clientSubject = loginClient(); if (clientSubject == null) { LOG.log(Level.SEVERE, "Using plain SASL/DIGEST-MD5 auth to connect to " + serverHostname); saslClient = Sasl.createSaslClient(new String[] { SaslUtils.AUTH_DIGEST_MD5 }, null, null, SaslUtils.DEFAULT_REALM, SaslUtils.getSaslProps(), new SaslClientCallbackHandler(username, password.toCharArray())); } else if (clientSubject.getPrincipals().isEmpty()) { LOG.log(Level.SEVERE, "Using JAAS/SASL/DIGEST-MD5 auth to connect to " + serverPrincipal); String[] mechs = { "DIGEST-MD5" }; username = (String) (clientSubject.getPublicCredentials().toArray()[0]); password = (String) (clientSubject.getPrivateCredentials().toArray()[0]); saslClient = Sasl.createSaslClient(mechs, username, "majordodo", "majordodo", null, new ClientCallbackHandler(password)); } else { // GSSAPI. final Object[] principals = clientSubject.getPrincipals().toArray(); // determine client principal from subject. final Principal clientPrincipal = (Principal) principals[0]; final KerberosName clientKerberosName = new KerberosName(clientPrincipal.getName()); KerberosName serviceKerberosName = new KerberosName( serverPrincipal + "@" + clientKerberosName.getRealm()); final String serviceName = serviceKerberosName.getServiceName(); final String serviceHostname = serviceKerberosName.getHostName(); final String clientPrincipalName = clientKerberosName.toString(); LOG.log(Level.SEVERE, "Using JAAS/SASL/GSSAPI auth to connect to server Principal " + serverPrincipal); saslClient = Subject.doAs(clientSubject, new PrivilegedExceptionAction<SaslClient>() { @Override public SaslClient run() throws SaslException { String[] mechs = { "GSSAPI" }; return Sasl.createSaslClient(mechs, clientPrincipalName, serviceName, serviceHostname, null, new ClientCallbackHandler(null)); } }); } if (saslClient == null) { throw new IOException("Cannot create JVM SASL Client"); } }
From source file:org.apache.bookkeeper.sasl.SaslClientState.java
License:Apache License
public SaslClientState(String serverHostname, Subject subject) throws SaslException { String serverPrincipal = SaslConstants.SASL_BOOKKEEPER_PROTOCOL + "/" + serverHostname; this.clientSubject = subject; if (clientSubject == null) { throw new SaslException("Cannot create JAAS Sujbect for SASL"); }/* w ww. j a v a2 s.c o m*/ if (clientSubject.getPrincipals().isEmpty()) { if (LOG.isDebugEnabled()) { LOG.debug("Using JAAS/SASL/DIGEST-MD5 auth to connect to {}", serverPrincipal); } String[] mechs = { "DIGEST-MD5" }; username = (String) (clientSubject.getPublicCredentials().toArray()[0]); password = (String) (clientSubject.getPrivateCredentials().toArray()[0]); saslClient = Sasl.createSaslClient(mechs, username, SaslConstants.SASL_BOOKKEEPER_PROTOCOL, SaslConstants.SASL_MD5_DUMMY_HOSTNAME, null, new ClientCallbackHandler(password)); } else { // GSSAPI/Kerberos final Object[] principals = clientSubject.getPrincipals().toArray(); final Principal clientPrincipal = (Principal) principals[0]; final KerberosName clientKerberosName = new KerberosName(clientPrincipal.getName()); KerberosName serviceKerberosName = new KerberosName( serverPrincipal + "@" + clientKerberosName.getRealm()); final String serviceName = serviceKerberosName.getServiceName(); final String serviceHostname = serviceKerberosName.getHostName(); final String clientPrincipalName = clientKerberosName.toString(); if (LOG.isDebugEnabled()) { LOG.debug("Using JAAS/SASL/GSSAPI auth to connect to server Principal {}", serverPrincipal); } try { saslClient = Subject.doAs(clientSubject, new PrivilegedExceptionAction<SaslClient>() { @Override public SaslClient run() throws SaslException { String[] mechs = { "GSSAPI" }; return Sasl.createSaslClient(mechs, clientPrincipalName, serviceName, serviceHostname, null, new ClientCallbackHandler(null)); } }); } catch (PrivilegedActionException err) { if (LOG.isDebugEnabled()) { LOG.debug("GSSAPI client error", err.getCause()); } throw new SaslException("error while booting GSSAPI client", err.getCause()); } } if (saslClient == null) { throw new SaslException("Cannot create JVM SASL Client"); } }