List of usage examples for org.apache.zookeeper.server.auth KerberosName KerberosName
public KerberosName(String name)
From source file:backtype.storm.messaging.netty.KerberosSaslNettyServer.java
License:Apache License
KerberosSaslNettyServer(Map storm_conf, String jaas_section, List<String> authorizedUsers) { this.authorizedUsers = authorizedUsers; LOG.debug("Getting Configuration."); Configuration login_conf;//ww w. ja v a 2s . c o m try { login_conf = AuthUtils.GetConfiguration(storm_conf); } catch (Throwable t) { LOG.error("Failed to get login_conf: ", t); throw t; } LOG.debug("KerberosSaslNettyServer: authmethod {}", SaslUtils.KERBEROS); KerberosSaslCallbackHandler ch = new KerberosSaslNettyServer.KerberosSaslCallbackHandler(authorizedUsers); //login our principal subject = null; try { LOG.debug("Setting Configuration to login_config: {}", login_conf); //specify a configuration object to be used Configuration.setConfiguration(login_conf); //now login LOG.debug("Trying to login."); Login login = new Login(jaas_section, ch); subject = login.getSubject(); LOG.debug("Got Subject: {}", subject.toString()); } catch (LoginException ex) { LOG.error("Server failed to login in principal:", ex); throw new RuntimeException(ex); } //check the credential of our principal if (subject.getPrivateCredentials(KerberosTicket.class).isEmpty()) { LOG.error("Failed to verifyuser principal."); throw new RuntimeException("Fail to verify user principal with section \"" + jaas_section + "\" in login configuration file " + login_conf); } try { LOG.info("Creating Kerberos Server."); final CallbackHandler fch = ch; Principal p = (Principal) subject.getPrincipals().toArray()[0]; KerberosName kName = new KerberosName(p.getName()); final String fHost = kName.getHostName(); final String fServiceName = kName.getServiceName(); LOG.debug("Server with host: {}", fHost); saslServer = Subject.doAs(subject, new PrivilegedExceptionAction<SaslServer>() { public SaslServer run() { try { Map<String, String> props = new TreeMap<String, String>(); props.put(Sasl.QOP, "auth"); props.put(Sasl.SERVER_AUTH, "false"); return Sasl.createSaslServer(SaslUtils.KERBEROS, fServiceName, fHost, props, fch); } catch (Exception e) { LOG.error("Subject failed to create sasl server.", e); return null; } } }); LOG.info("Got Server: {}", saslServer); } catch (PrivilegedActionException e) { LOG.error("KerberosSaslNettyServer: Could not create SaslServer: ", e); throw new RuntimeException(e); } }
From source file:backtype.storm.security.auth.kerberos.KerberosSaslTransportPlugin.java
License:Apache License
public TTransportFactory getServerTransportFactory() throws IOException { //create an authentication callback handler CallbackHandler server_callback_handler = new ServerCallbackHandler(login_conf, storm_conf); //login our principal Subject subject = null;/*from w ww . j a v a 2s .c o m*/ try { //specify a configuration object to be used Configuration.setConfiguration(login_conf); //now login Login login = new Login(AuthUtils.LOGIN_CONTEXT_SERVER, server_callback_handler); subject = login.getSubject(); } catch (LoginException ex) { LOG.error("Server failed to login in principal:" + ex, ex); throw new RuntimeException(ex); } //check the credential of our principal if (subject.getPrivateCredentials(KerberosTicket.class).isEmpty()) { throw new RuntimeException("Fail to verify user principal with section \"" + AuthUtils.LOGIN_CONTEXT_SERVER + "\" in login configuration file " + login_conf); } String principal = AuthUtils.get(login_conf, AuthUtils.LOGIN_CONTEXT_SERVER, "principal"); LOG.debug("principal:" + principal); KerberosName serviceKerberosName = new KerberosName(principal); String serviceName = serviceKerberosName.getServiceName(); String hostName = serviceKerberosName.getHostName(); Map<String, String> props = new TreeMap<String, String>(); props.put(Sasl.QOP, "auth"); props.put(Sasl.SERVER_AUTH, "false"); //create a transport factory that will invoke our auth callback for digest TSaslServerTransport.Factory factory = new TSaslServerTransport.Factory(); factory.addServerDefinition(KERBEROS, serviceName, hostName, props, server_callback_handler); //create a wrap transport factory so that we could apply user credential during connections TUGIAssumingTransportFactory wrapFactory = new TUGIAssumingTransportFactory(factory, subject); LOG.info("SASL GSSAPI transport factory will be used"); return wrapFactory; }
From source file:blazingcache.security.sasl.SaslNettyClient.java
License:Apache License
/** * Create a SaslNettyClient for authentication with servers. *//*from ww w . j a v a 2 s.com*/ public SaslNettyClient(String username, String password, String serverHostname) throws Exception { String serverPrincipal = "blazingcache/" + serverHostname; clientSubject = loginClient(); if (clientSubject == null) { LOG.log(Level.SEVERE, "Using plain SASL/DIGEST-MD5 auth to connect to " + serverHostname); saslClient = Sasl.createSaslClient(new String[] { SaslUtils.AUTH_DIGEST_MD5 }, null, null, SaslUtils.DEFAULT_REALM, SaslUtils.getSaslProps(), new SaslClientCallbackHandler(username, password.toCharArray())); } else if (clientSubject.getPrincipals().isEmpty()) { LOG.log(Level.SEVERE, "Using JAAS/SASL/DIGEST-MD5 auth to connect to " + serverPrincipal); String[] mechs = { "DIGEST-MD5" }; username = (String) (clientSubject.getPublicCredentials().toArray()[0]); password = (String) (clientSubject.getPrivateCredentials().toArray()[0]); saslClient = Sasl.createSaslClient(mechs, username, "blazingcache", "blazingcache", null, new ClientCallbackHandler(password)); } else { // GSSAPI. final Object[] principals = clientSubject.getPrincipals().toArray(); // determine client principal from subject. final Principal clientPrincipal = (Principal) principals[0]; final KerberosName clientKerberosName = new KerberosName(clientPrincipal.getName()); KerberosName serviceKerberosName = new KerberosName( serverPrincipal + "@" + clientKerberosName.getRealm()); final String serviceName = serviceKerberosName.getServiceName(); final String serviceHostname = serviceKerberosName.getHostName(); final String clientPrincipalName = clientKerberosName.toString(); LOG.log(Level.SEVERE, "Using JAAS/SASL/GSSAPI auth to connect to server Principal " + serverPrincipal); saslClient = Subject.doAs(clientSubject, new PrivilegedExceptionAction<SaslClient>() { @Override public SaslClient run() throws SaslException { String[] mechs = { "GSSAPI" }; return Sasl.createSaslClient(mechs, clientPrincipalName, serviceName, serviceHostname, null, new ClientCallbackHandler(null)); } }); } if (saslClient == null) { throw new IOException("Cannot create JVM SASL Client"); } }
From source file:com.lami.tuomatuo.mq.zookeeper.server.auth.SaslServerCallbackHandler.java
License:Apache License
private void handleAuthorizeCallback(AuthorizeCallback ac) { String authenticationID = ac.getAuthenticationID(); String authorizationID = ac.getAuthorizationID(); LOG.info("Successfully authenticated client: authenticationID=" + authenticationID + "; authorizationID=" + authorizationID + "."); ac.setAuthorized(true);/*w w w . ja va2 s .co m*/ // canonicalize authorization id according to system properties: // zookeeper.kerberos.removeRealmFromPrincipal(={true,false}) // zookeeper.kerberos.removeHostFromPrincipal(={true,false}) KerberosName kerberosName = new KerberosName(authenticationID); try { StringBuilder userNameBuilder = new StringBuilder(kerberosName.getShortName()); if (shouldAppendHost(kerberosName)) { userNameBuilder.append("/").append(kerberosName.getHostName()); } if (shouldAppendRealm(kerberosName)) { userNameBuilder.append("@").append(kerberosName.getRealm()); } LOG.info("Setting authorizedID: " + userNameBuilder); ac.setAuthorizedID(userNameBuilder.toString()); } catch (IOException e) { LOG.error("Failed to set name based on Kerberos authentication rules."); } }
From source file:herddb.security.sasl.SaslNettyClient.java
License:Apache License
/** * Create a SaslNettyClient for authentication with servers. *//*from w ww . j a va 2 s . c om*/ public SaslNettyClient(String username, String password, String serverHostname) throws Exception { String serverPrincipal = "herddb/" + serverHostname; clientSubject = loginClient(); if (clientSubject == null) { LOG.log(Level.FINEST, "Using plain SASL/DIGEST-MD5 auth to connect to " + serverHostname); saslClient = Sasl.createSaslClient(new String[] { SaslUtils.AUTH_DIGEST_MD5 }, null, null, SaslUtils.DEFAULT_REALM, SaslUtils.getSaslProps(), new SaslClientCallbackHandler(username, password.toCharArray())); } else if (clientSubject.getPrincipals().isEmpty()) { LOG.log(Level.FINEST, "Using JAAS/SASL/DIGEST-MD5 auth to connect to " + serverPrincipal); String[] mechs = { "DIGEST-MD5" }; username = (String) (clientSubject.getPublicCredentials().toArray()[0]); password = (String) (clientSubject.getPrivateCredentials().toArray()[0]); saslClient = Sasl.createSaslClient(mechs, username, "herddb", "herddb", null, new ClientCallbackHandler(password)); } else { // GSSAPI. final Object[] principals = clientSubject.getPrincipals().toArray(); // determine client principal from subject. final Principal clientPrincipal = (Principal) principals[0]; final KerberosName clientKerberosName = new KerberosName(clientPrincipal.getName()); KerberosName serviceKerberosName = new KerberosName( serverPrincipal + "@" + clientKerberosName.getRealm()); final String serviceName = serviceKerberosName.getServiceName(); final String serviceHostname = serviceKerberosName.getHostName(); final String clientPrincipalName = clientKerberosName.toString(); LOG.log(Level.FINEST, "Using JAAS/SASL/GSSAPI auth to connect to server Principal " + serverPrincipal); saslClient = Subject.doAs(clientSubject, new PrivilegedExceptionAction<SaslClient>() { @Override public SaslClient run() throws SaslException { String[] mechs = { "GSSAPI" }; return Sasl.createSaslClient(mechs, clientPrincipalName, serviceName, serviceHostname, null, new ClientCallbackHandler(null)); } }); } if (saslClient == null) { throw new IOException("Cannot create JVM SASL Client"); } }
From source file:majordodo.security.sasl.SaslNettyClient.java
License:Apache License
/** * Create a SaslNettyClient for authentication with servers. *//*w w w . java2 s .c o m*/ public SaslNettyClient(String username, String password, String serverHostname) throws Exception { String serverPrincipal = "majordodo/" + serverHostname; clientSubject = loginClient(); if (clientSubject == null) { LOG.log(Level.SEVERE, "Using plain SASL/DIGEST-MD5 auth to connect to " + serverHostname); saslClient = Sasl.createSaslClient(new String[] { SaslUtils.AUTH_DIGEST_MD5 }, null, null, SaslUtils.DEFAULT_REALM, SaslUtils.getSaslProps(), new SaslClientCallbackHandler(username, password.toCharArray())); } else if (clientSubject.getPrincipals().isEmpty()) { LOG.log(Level.SEVERE, "Using JAAS/SASL/DIGEST-MD5 auth to connect to " + serverPrincipal); String[] mechs = { "DIGEST-MD5" }; username = (String) (clientSubject.getPublicCredentials().toArray()[0]); password = (String) (clientSubject.getPrivateCredentials().toArray()[0]); saslClient = Sasl.createSaslClient(mechs, username, "majordodo", "majordodo", null, new ClientCallbackHandler(password)); } else { // GSSAPI. final Object[] principals = clientSubject.getPrincipals().toArray(); // determine client principal from subject. final Principal clientPrincipal = (Principal) principals[0]; final KerberosName clientKerberosName = new KerberosName(clientPrincipal.getName()); KerberosName serviceKerberosName = new KerberosName( serverPrincipal + "@" + clientKerberosName.getRealm()); final String serviceName = serviceKerberosName.getServiceName(); final String serviceHostname = serviceKerberosName.getHostName(); final String clientPrincipalName = clientKerberosName.toString(); LOG.log(Level.SEVERE, "Using JAAS/SASL/GSSAPI auth to connect to server Principal " + serverPrincipal); saslClient = Subject.doAs(clientSubject, new PrivilegedExceptionAction<SaslClient>() { @Override public SaslClient run() throws SaslException { String[] mechs = { "GSSAPI" }; return Sasl.createSaslClient(mechs, clientPrincipalName, serviceName, serviceHostname, null, new ClientCallbackHandler(null)); } }); } if (saslClient == null) { throw new IOException("Cannot create JVM SASL Client"); } }
From source file:org.apache.bookkeeper.sasl.SaslClientState.java
License:Apache License
public SaslClientState(String serverHostname, Subject subject) throws SaslException { String serverPrincipal = SaslConstants.SASL_BOOKKEEPER_PROTOCOL + "/" + serverHostname; this.clientSubject = subject; if (clientSubject == null) { throw new SaslException("Cannot create JAAS Sujbect for SASL"); }//w w w . j a v a 2 s . co m if (clientSubject.getPrincipals().isEmpty()) { if (LOG.isDebugEnabled()) { LOG.debug("Using JAAS/SASL/DIGEST-MD5 auth to connect to {}", serverPrincipal); } String[] mechs = { "DIGEST-MD5" }; username = (String) (clientSubject.getPublicCredentials().toArray()[0]); password = (String) (clientSubject.getPrivateCredentials().toArray()[0]); saslClient = Sasl.createSaslClient(mechs, username, SaslConstants.SASL_BOOKKEEPER_PROTOCOL, SaslConstants.SASL_MD5_DUMMY_HOSTNAME, null, new ClientCallbackHandler(password)); } else { // GSSAPI/Kerberos final Object[] principals = clientSubject.getPrincipals().toArray(); final Principal clientPrincipal = (Principal) principals[0]; final KerberosName clientKerberosName = new KerberosName(clientPrincipal.getName()); KerberosName serviceKerberosName = new KerberosName( serverPrincipal + "@" + clientKerberosName.getRealm()); final String serviceName = serviceKerberosName.getServiceName(); final String serviceHostname = serviceKerberosName.getHostName(); final String clientPrincipalName = clientKerberosName.toString(); if (LOG.isDebugEnabled()) { LOG.debug("Using JAAS/SASL/GSSAPI auth to connect to server Principal {}", serverPrincipal); } try { saslClient = Subject.doAs(clientSubject, new PrivilegedExceptionAction<SaslClient>() { @Override public SaslClient run() throws SaslException { String[] mechs = { "GSSAPI" }; return Sasl.createSaslClient(mechs, clientPrincipalName, serviceName, serviceHostname, null, new ClientCallbackHandler(null)); } }); } catch (PrivilegedActionException err) { if (LOG.isDebugEnabled()) { LOG.debug("GSSAPI client error", err.getCause()); } throw new SaslException("error while booting GSSAPI client", err.getCause()); } } if (saslClient == null) { throw new SaslException("Cannot create JVM SASL Client"); } }