KerberosManager.java example

Explorer
gluster-ovirt-poc-master
- backend
  - manager
- frontend
package org.ovirt.engine.core.bll.adbroker;

import java.io.File;

import org.jboss.ejb3.annotation.Depends;
import org.jboss.ejb3.annotation.Management;
import org.jboss.ejb3.annotation.Service;
import org.ovirt.engine.core.common.config.ConfigValues;
import org.ovirt.engine.core.compat.LogCompat;
import org.ovirt.engine.core.compat.LogFactoryCompat;

import sun.security.krb5.Config;
import sun.security.krb5.KrbException;

/**
 * Manage the container's Kerberos initialization.
 *
 */
@SuppressWarnings("restriction")
@Service
@Depends("jboss.j2ee:ear=engine.ear,jar=engine-bll.jar,name=Backend,service=EJB3")
@Management(KerberosManagerSericeManagmentMBean.class)
public class KerberosManager implements KerberosManagerSericeManagmentMBean {

    private static LogCompat log = LogFactoryCompat.getLog(KerberosManager.class);

    private boolean isKerberosAuth() {
        boolean isKerberosAuth = false;
        String authMethod = org.ovirt.engine.core.common.config.Config.<String> GetValue(ConfigValues.AuthenticationMethod);
        String domainName = org.ovirt.engine.core.common.config.Config.<String> GetValue(ConfigValues.DomainName);
        String ldapSecurityAuthentication = org.ovirt.engine.core.common.config.Config.<String> GetValue(ConfigValues.LDAPSecurityAuthentication);

        if (authMethod.equalsIgnoreCase("LDAP")) {
            // If there are domains then we need to load the Kerberos configuration in case the LDAP security
            // authentication entry contains
            // GSSAPI explicitly, or implicitly (if empty)
            if (!domainName.isEmpty()) {
                if (ldapSecurityAuthentication.isEmpty() || ldapSecurityAuthentication.toUpperCase().contains("GSSAPI")) {
                    isKerberosAuth = true;
                }
            }
        }
        return isKerberosAuth;
    }

    /**
     * This method is called upon the bean creation as part
     * of the management Service bean lifecycle.
     */
    public void create() {
        if (!isKerberosAuth()) {
            return;
        }
        String serverHomeDir = System.getProperty("jboss.server.home.dir");
        File krb5File = new File(serverHomeDir, "conf/krb5.conf");
        if (krb5File.exists()) {
            if (log.isDebugEnabled()) {
                log.debug("Loading kerberos settings from " + krb5File.getAbsolutePath());
            }
            System.setProperty("java.security.krb5.conf",
                    krb5File.getAbsolutePath());
        } else {
            log.error("Failed loading kerberos setting. File " + krb5File + " not found.");
        }

    }

    @SuppressWarnings("restriction")
    @Override
    public void refresh() throws KrbException {
        if (!isKerberosAuth()) {
            return;
        }
        log.info("Refreshing kerberos configuration");
        Config.refresh();

    }

}