List of usage examples for org.apache.zookeeper.server ZooKeeperSaslServer LOGIN_CONTEXT_NAME_KEY
String LOGIN_CONTEXT_NAME_KEY
To view the source code for org.apache.zookeeper.server ZooKeeperSaslServer LOGIN_CONTEXT_NAME_KEY.
Click Source Link
From source file:com.lami.tuomatuo.mq.zookeeper.server.auth.SaslServerCallbackHandler.java
License:Apache License
public SaslServerCallbackHandler(Configuration configuration) throws IOException { String serverSection = System.getProperty(ZooKeeperSaslServer.LOGIN_CONTEXT_NAME_KEY, ZooKeeperSaslServer.DEFAULT_LOGIN_CONTEXT_NAME); AppConfigurationEntry configurationEntries[] = configuration.getAppConfigurationEntry(serverSection); if (configurationEntries == null) { String errorMessage = "Could not find a 'Server' entry in this configuration: Server cannot start."; LOG.error(errorMessage);//w w w. j a v a 2 s . c o m throw new IOException(errorMessage); } credentials.clear(); for (AppConfigurationEntry entry : configurationEntries) { Map<String, ?> options = entry.getOptions(); // Populate DIGEST-MD5 user -> password map with JAAS configuration entries from the "Server" section. // Usernames are distinguished from other options by prefixing the username with a "user_" prefix. for (Map.Entry<String, ?> pair : options.entrySet()) { String key = pair.getKey(); if (key.startsWith(USER_PREFIX)) { String userName = key.substring(USER_PREFIX.length()); credentials.put(userName, (String) pair.getValue()); } } } }
From source file:org.apache.drill.exec.ZookeeperTestUtil.java
License:Apache License
/** * Sets zookeeper server and client SASL test config properties. *///from w w w . ja v a 2s. c o m public static void setZookeeperSaslTestConfigProps() { System.setProperty(ZooKeeperSaslServer.LOGIN_CONTEXT_NAME_KEY, "DrillTestServerForUnitTests"); System.setProperty(ZooKeeperSaslClient.LOGIN_CONTEXT_NAME_KEY, "DrillTestClientForUnitTests"); }
From source file:org.apache.hadoop.hbase.zookeeper.ZKUtil.java
License:Apache License
/** * Log in the current zookeeper server process using the given configuration * keys for the credential file and login principal. * * <p><strong>This is only applicable when running on secure hbase</strong> * On regular HBase (without security features), this will safely be ignored. * </p>/*from www. j a v a2 s . co m*/ * * @param conf The configuration data to use * @param keytabFileKey Property key used to configure the path to the credential file * @param userNameKey Property key used to configure the login principal * @param hostname Current hostname to use in any credentials * @throws IOException underlying exception from SecurityUtil.login() call */ public static void loginServer(Configuration conf, String keytabFileKey, String userNameKey, String hostname) throws IOException { login(conf, keytabFileKey, userNameKey, hostname, ZooKeeperSaslServer.LOGIN_CONTEXT_NAME_KEY, JaasConfiguration.SERVER_KEYTAB_KERBEROS_CONFIG_NAME); }
From source file:org.apache.hadoop.registry.secure.TestSecureRegistry.java
License:Apache License
/** * this is a cut and paste of some of the ZK internal code that was * failing on windows and swallowing its exceptions *//*from ww w .j a va 2 s . c om*/ @Test public void testLowlevelZKSaslLogin() throws Throwable { RegistrySecurity.bindZKToServerJAASContext(ZOOKEEPER_SERVER_CONTEXT); String serverSection = System.getProperty(ZooKeeperSaslServer.LOGIN_CONTEXT_NAME_KEY, ZooKeeperSaslServer.DEFAULT_LOGIN_CONTEXT_NAME); assertEquals(ZOOKEEPER_SERVER_CONTEXT, serverSection); AppConfigurationEntry entries[]; entries = javax.security.auth.login.Configuration.getConfiguration() .getAppConfigurationEntry(serverSection); assertNotNull("null entries", entries); SaslServerCallbackHandler saslServerCallbackHandler = new SaslServerCallbackHandler( javax.security.auth.login.Configuration.getConfiguration()); Login login = new Login(serverSection, saslServerCallbackHandler); try { login.startThreadIfNeeded(); } finally { login.shutdown(); } }
From source file:org.apache.oozie.test.ZKXTestCaseWithSecurity.java
License:Apache License
/** * Creates and sets up the embedded ZooKeeper server. Test subclasses should have no reason to override this method. * <p>//from w w w. j a va2s. co m * Here we override it to start the MiniKdc, set the jaas configuration, configure ZooKeeper for SASL/Kerberos authentication * and ACLs, and to start the ZooKeeper server. * <p> * Unfortunately, ZooKeeper security requires setting the security for the entire JVM. And for the tests, we're running the * ZK server and one or more clients from the same JVM, so things get messy. There are two ways to tell ZooKeeper to * authenticate: (1) set the system property, "java.security.auth.login.config", to a jaas.conf file and (2) create a * javax.security.auth.login.Configuration object with the same info as the jaas.conf and set it. In either case, once set and * something has authenticated, it seems that it can't be unset or changed, and there's no way to log out. By setting the * system property, "javax.security.auth.useSubjectCredsOnly", to "false" we can sort-of change the jaas Configuration, but its * kind of funny about it. Another effect of this is that we have to add jaas entries for the "Server" and "Client" here * instead of just the "Server" here and the "Client" in the normal place ({@link ZKUtils}) or it will be unable to find the * "Client" info. Also, because there is no way to logout, once any client has authenticated once, all subsequent clients will * automatically connect using the same authentication; trying to stop this is futile and either results in an error or has no * effect. This means that there's no way to do any tests with an unauthenticated client. Also, if any tests using secure * ZooKeeper get run before tests not using secure ZooKeeper, they will likely fail because it will try to use authentication: * so they should be run separately. For this reason, the secure tests should be run in a separate module where they will get * their own JVM. * * @return the embedded ZooKeeper server * @throws Exception */ @Override protected TestingServer setupZKServer() throws Exception { // Not entirely sure exactly what "javax.security.auth.useSubjectCredsOnly=false" does, but it has something to do with // re-authenticating in cases where it otherwise wouldn't. One of the sections on this page briefly mentions it: // http://docs.oracle.com/javase/7/docs/technotes/guides/security/jgss/tutorials/Troubleshooting.html setSystemProperty("javax.security.auth.useSubjectCredsOnly", "false"); // Setup KDC and principal kdc = new MiniKdc(MiniKdc.createConf(), new File(getTestCaseDir())); kdc.start(); keytabFile = new File(getTestCaseDir(), "test.keytab"); String serverPrincipal = "zookeeper/127.0.0.1"; kdc.createPrincipal(keytabFile, getPrincipal(), serverPrincipal); setSystemProperty("zookeeper.authProvider.1", "org.apache.zookeeper.server.auth.SASLAuthenticationProvider"); setSystemProperty("zookeeper.kerberos.removeHostFromPrincipal", "true"); setSystemProperty("zookeeper.kerberos.removeRealmFromPrincipal", "true"); JaasConfiguration.addEntry("Server", serverPrincipal, keytabFile.getAbsolutePath()); // Here's where we add the "Client" to the jaas configuration, even though we'd like not to JaasConfiguration.addEntry("Client", getPrincipal(), keytabFile.getAbsolutePath()); Configuration.setConfiguration(JaasConfiguration.getInstance()); setSystemProperty(ZooKeeperSaslServer.LOGIN_CONTEXT_NAME_KEY, "Server"); return new TestingServer(); }
From source file:org.apache.sentry.service.thrift.SentryServiceIntegrationBase.java
License:Apache License
protected static TestingServer getZKServer() throws Exception { if (!kerberos) { LOGGER.info("Creating a non-security ZooKeeper Server."); return new TestingServer(); } else {// w w w .jav a2 s .c o m LOGGER.info("Creating a security ZooKeeper Server."); // Not entirely sure exactly what "javax.security.auth.useSubjectCredsOnly=false" does, but it has something to do with // re-authenticating in cases where it otherwise wouldn't. One of the sections on this page briefly mentions it: // http://docs.oracle.com/javase/7/docs/technotes/guides/security/jgss/tutorials/Troubleshooting.html System.setProperty("javax.security.auth.useSubjectCredsOnly", "false"); // Setup KDC and principal kdc = getKdc(); ZKKeytabFile = new File(kdcWorkDir, "test.keytab"); kdc.createPrincipal(ZKKeytabFile, ZK_SERVER_PRINCIPAL); System.setProperty("zookeeper.authProvider.1", "org.apache.zookeeper.server.auth.SASLAuthenticationProvider"); System.setProperty("zookeeper.kerberos.removeHostFromPrincipal", "true"); System.setProperty("zookeeper.kerberos.removeRealmFromPrincipal", "true"); JaasConfiguration.addEntryForKeytab("Server", ZK_SERVER_PRINCIPAL, ZKKeytabFile.getAbsolutePath()); // Here's where we add the "Client" to the jaas configuration, even though we'd like not to JaasConfiguration.addEntryForKeytab(HAContext.SENTRY_ZK_JAAS_NAME, SERVER_KERBEROS_NAME, serverKeytab.getAbsolutePath()); javax.security.auth.login.Configuration.setConfiguration(JaasConfiguration.getInstance()); System.setProperty(ZooKeeperSaslServer.LOGIN_CONTEXT_NAME_KEY, "Server"); return new TestingServer(); } }