Java Examples for javax.security.auth.login.Configuration
The following java examples will help you to understand the usage of javax.security.auth.login.Configuration. These source code samples are taken from different open source projects.
Example 1
Project: jboss-seam-2.3.0.Final-Hibernate.3-master File: SecurityTest.java View source code |
private Configuration createMockJAASConfiguration() { return new Configuration() { private AppConfigurationEntry[] aces = { new AppConfigurationEntry(MockLoginModule.class.getName(), LoginModuleControlFlag.REQUIRED, new HashMap<String, String>()) }; @Override public AppConfigurationEntry[] getAppConfigurationEntry(String name) { return aces; } @Override public void refresh() { } }; }
Example 2
Project: seam-2.2-master File: SecurityTest.java View source code |
private Configuration createMockJAASConfiguration() { return new Configuration() { private AppConfigurationEntry[] aces = { new AppConfigurationEntry(MockLoginModule.class.getName(), LoginModuleControlFlag.REQUIRED, new HashMap<String, String>()) }; @Override public AppConfigurationEntry[] getAppConfigurationEntry(String name) { return aces; } @Override public void refresh() { } }; }
Example 3
Project: seam-revisited-master File: Configuration.java View source code |
protected javax.security.auth.login.Configuration createConfiguration() { return new javax.security.auth.login.Configuration() { private AppConfigurationEntry[] aces = { createAppConfigurationEntry() }; @Override public AppConfigurationEntry[] getAppConfigurationEntry(String name) { return DEFAULT_JAAS_CONFIG_NAME.equals(name) ? aces : null; } @Override public void refresh() { } }; }
Example 4
Project: seam2jsf2-master File: SecurityTest.java View source code |
private Configuration createMockJAASConfiguration() { return new Configuration() { private AppConfigurationEntry[] aces = { new AppConfigurationEntry(MockLoginModule.class.getName(), LoginModuleControlFlag.REQUIRED, new HashMap<String, String>()) }; @Override public AppConfigurationEntry[] getAppConfigurationEntry(String name) { return aces; } @Override public void refresh() { } }; }
Example 5
Project: taylor-seam-jsf2-master File: Configuration.java View source code |
protected javax.security.auth.login.Configuration createConfiguration() { return new javax.security.auth.login.Configuration() { private AppConfigurationEntry[] aces = { createAppConfigurationEntry() }; @Override public AppConfigurationEntry[] getAppConfigurationEntry(String name) { return DEFAULT_JAAS_CONFIG_NAME.equals(name) ? aces : null; } @Override public void refresh() { } }; }
Example 6
Project: kylo-master File: JaasAuthConfig.java View source code |
@Bean(name = UI_AUTH_PROVIDER)
public AuthenticationProvider uiAuthenticationProvider(@Named("jaasConfiguration") javax.security.auth.login.Configuration config, List<AuthorityGranter> authorityGranters) {
DefaultJaasAuthenticationProvider provider = new DefaultJaasAuthenticationProvider();
provider.setConfiguration(config);
provider.setAuthorityGranters(authorityGranters.toArray(new AuthorityGranter[authorityGranters.size()]));
provider.setLoginContextName(JAAS_UI);
return provider;
}
Example 7
Project: aries-master File: JAASHelper.java View source code |
public static <T> void doAs(final String[] groups, PrivilegedAction<T> action) { Configuration config = new Configuration() { @Override public AppConfigurationEntry[] getAppConfigurationEntry(String name) { Map<String, Object> options = new HashMap<String, Object>(); // The user does not matter options.put("username", "dummy"); options.put("groups", groups); AppConfigurationEntry entry = new AppConfigurationEntry(SimpleLoginModule.class.getName(), LoginModuleControlFlag.REQUIRED, options); return new AppConfigurationEntry[] { entry }; } }; try { LoginContext lc = new LoginContext("test", new Subject(), null, config); lc.login(); Subject.doAs(lc.getSubject(), action); lc.logout(); } catch (LoginException e) { throw new RuntimeException(e.getMessage(), e); } }
Example 8
Project: flink-master File: TestingSecurityContext.java View source code |
public static void install(SecurityUtils.SecurityConfiguration config, Map<String, ClientSecurityConfiguration> clientSecurityConfigurationMap) throws Exception {
SecurityUtils.install(config);
// install dynamic JAAS entries
checkArgument(config.getSecurityModules().contains(JaasModule.class));
DynamicConfiguration jaasConf = (DynamicConfiguration) javax.security.auth.login.Configuration.getConfiguration();
for (Map.Entry<String, ClientSecurityConfiguration> e : clientSecurityConfigurationMap.entrySet()) {
AppConfigurationEntry entry = KerberosUtils.keytabEntry(e.getValue().getKeytab(), e.getValue().getPrincipal());
jaasConf.addAppConfigurationEntry(e.getKey(), entry);
}
}
Example 9
Project: cdi-tck-master File: PrincipalInjectedBean.java View source code |
protected javax.security.auth.login.Configuration createConfiguration() { return new javax.security.auth.login.Configuration() { private AppConfigurationEntry[] aces = { createAppConfigurationEntry() }; @Override public AppConfigurationEntry[] getAppConfigurationEntry(String name) { return DEFAULT_JAAS_CONFIG_NAME.equals(name) ? aces : null; } @Override public void refresh() { } }; }
Example 10
Project: jbosstools-javaee-master File: PrincipalInjectedBean.java View source code |
protected javax.security.auth.login.Configuration createConfiguration() { return new javax.security.auth.login.Configuration() { private AppConfigurationEntry[] aces = { createAppConfigurationEntry() }; @Override public AppConfigurationEntry[] getAppConfigurationEntry(String name) { return DEFAULT_JAAS_CONFIG_NAME.equals(name) ? aces : null; } @Override public void refresh() { } }; }
Example 11
Project: JBossAS51-master File: SecurityDomainTolerateUnitTestCase.java View source code |
/**
* Setup the test suite.
*/
public static Test suite() throws Exception {
TestSuite suite = new TestSuite();
suite.addTest(new TestSuite(SecurityDomainTolerateUnitTestCase.class));
// Create an initializer for the test suite
TestSetup wrapper = new JBossTestSetup(suite) {
@Override
protected void setUp() throws Exception {
super.setUp();
Configuration.setConfiguration(XMLLoginConfigImpl.getInstance());
redeploy("sdtolerate.ear");
redeploy(getResourceURL(login_config));
flushAuthCache();
}
@Override
protected void tearDown() throws Exception {
undeploy(getResourceURL(login_config));
undeploy("sdtolerate.ear");
super.tearDown();
}
};
return wrapper;
}
Example 12
Project: JBossAS_5_1_EDG-master File: SecurityDomainTolerateUnitTestCase.java View source code |
/**
* Setup the test suite.
*/
public static Test suite() throws Exception {
TestSuite suite = new TestSuite();
suite.addTest(new TestSuite(SecurityDomainTolerateUnitTestCase.class));
// Create an initializer for the test suite
TestSetup wrapper = new JBossTestSetup(suite) {
@Override
protected void setUp() throws Exception {
super.setUp();
Configuration.setConfiguration(XMLLoginConfigImpl.getInstance());
redeploy("sdtolerate.ear");
redeploy(getResourceURL(login_config));
flushAuthCache();
}
@Override
protected void tearDown() throws Exception {
undeploy(getResourceURL(login_config));
undeploy("sdtolerate.ear");
super.tearDown();
}
};
return wrapper;
}
Example 13
Project: datacollector-master File: SdcKrb5HttpClientConfigurer.java View source code |
public static boolean setSPNegoAuth(DefaultHttpClient httpClient) {
// Begin change for SDC-2962
// Instead of checking existence of JAAS file, do the following if solr kerberos is enabled
//String configValue = System.getProperty("java.security.auth.login.config");
//if(configValue != null) {
//logger.info("Setting up SPNego auth with config: " + configValue);
// End change for SDC-2962
String useSubjectCredsProp = "javax.security.auth.useSubjectCredsOnly";
String useSubjectCredsVal = System.getProperty("javax.security.auth.useSubjectCredsOnly");
if (useSubjectCredsVal == null) {
System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
} else if (!useSubjectCredsVal.toLowerCase(Locale.ROOT).equals("false")) {
logger.warn("System Property: javax.security.auth.useSubjectCredsOnly set to: " + useSubjectCredsVal + " not false. SPNego authentication may not be successful.");
}
// Change for SDC-2962
//Configuration.setConfiguration(jaasConf);
httpClient.getAuthSchemes().register("negotiate", new SPNegoSchemeFactory(true));
Credentials use_jaas_creds = new Credentials() {
public String getPassword() {
return null;
}
public Principal getUserPrincipal() {
return null;
}
};
httpClient.getCredentialsProvider().setCredentials(AuthScope.ANY, use_jaas_creds);
return true;
/*} else {
httpClient.getCredentialsProvider().clear();
return false;
}*/
}
Example 14
Project: lucene-solr-master File: KerberosTestServices.java View source code |
public KerberosTestServices build() throws Exception { final MiniKdc kdc = kdcWorkDir != null ? getKdc(kdcWorkDir) : null; final Configuration oldConfig = clientPrincipal != null ? Configuration.getConfiguration() : null; JaasConfiguration jaasConfiguration = null; if (clientPrincipal != null) { jaasConfiguration = (appName == null) ? new JaasConfiguration(clientPrincipal, clientKeytab, serverPrincipal, serverKeytab) : new JaasConfiguration(clientPrincipal, clientKeytab, appName); } return new KerberosTestServices(kdc, jaasConfiguration, oldConfig, savedLocale); }
Example 15
Project: camel-master File: HdfsProducer.java View source code |
@Override
protected void doStart() throws Exception {
// need to remember auth as Hadoop will override that, which otherwise means the Auth is broken afterwards
Configuration auth = HdfsComponent.getJAASConfiguration();
try {
super.doStart();
// setup hdfs if configured to do on startup
if (getEndpoint().getConfig().isConnectOnStartup()) {
ostream = setupHdfs(true);
}
SplitStrategy idleStrategy = null;
for (SplitStrategy strategy : config.getSplitStrategies()) {
if (strategy.type == SplitStrategyType.IDLE) {
idleStrategy = strategy;
break;
}
}
if (idleStrategy != null) {
scheduler = getEndpoint().getCamelContext().getExecutorServiceManager().newSingleThreadScheduledExecutor(this, "HdfsIdleCheck");
log.debug("Creating IdleCheck task scheduled to run every {} millis", config.getCheckIdleInterval());
scheduler.scheduleAtFixedRate(new IdleCheck(idleStrategy), config.getCheckIdleInterval(), config.getCheckIdleInterval(), TimeUnit.MILLISECONDS);
}
} finally {
HdfsComponent.setJAASConfiguration(auth);
}
}
Example 16
Project: incubator-wave-master File: ServerModule.java View source code |
@Override protected void configure() { bind(WaveServerImpl.class).in(Singleton.class); // Receive updates from the outside world, and push them into our local Wave // Server. bind(WaveletFederationListener.Factory.class).annotatedWith(FederationRemoteBridge.class).to(WaveServerImpl.class); // Provide history and respond to submits about our own local waves. bind(WaveletFederationProvider.class).annotatedWith(FederationHostBridge.class).to(WaveServerImpl.class); install(waveServerModule); TypeLiteral<List<String>> certs = new TypeLiteral<List<String>>() { }; bind(certs).annotatedWith(Names.named("certs")).toInstance(Arrays.<String>asList()); bind(ProtoSerializer.class).in(Singleton.class); bind(Configuration.class).toInstance(Configuration.getConfiguration()); bind(SessionManager.class).to(SessionManagerImpl.class).in(Singleton.class); bind(ServerRpcProvider.class).in(Singleton.class); bind(RobotRegistrar.class).to(RobotRegistrarImpl.class); requestStaticInjection(WebSocketChannel.class); }
Example 17
Project: jdk7u-jdk-master File: ConfigFile.java View source code |
/** * Read and initialize the entire login Configuration. * * <p> * * @exception IOException if the Configuration can not be initialized. <p> * @exception SecurityException if the caller does not have permission * to initialize the Configuration. */ private void init(URL url) throws IOException { boolean initialized = false; FileReader fr = null; String sep = File.separator; if ("false".equals(System.getProperty("policy.expandProperties"))) { expandProp = false; } // new configuration HashMap<String, LinkedList<AppConfigurationEntry>> newConfig = new HashMap<>(); if (url != null) { /** * If the caller specified a URI via Configuration.getInstance, * we only read from that URI */ if (debugConfig != null) { debugConfig.println("reading " + url); } init(url, newConfig); configuration = newConfig; return; } /** * Caller did not specify URI via Configuration.getInstance. * Read from URLs listed in the java.security properties file. */ String allowSys = java.security.Security.getProperty("policy.allowSystemProperty"); if ("true".equalsIgnoreCase(allowSys)) { String extra_config = System.getProperty("java.security.auth.login.config"); if (extra_config != null) { boolean overrideAll = false; if (extra_config.startsWith("=")) { overrideAll = true; extra_config = extra_config.substring(1); } try { extra_config = PropertyExpander.expand(extra_config); } catch (PropertyExpander.ExpandException peee) { MessageFormat form = new MessageFormat(ResourcesMgr.getString("Unable.to.properly.expand.config", "sun.security.util.AuthResources")); Object[] source = { extra_config }; throw new IOException(form.format(source)); } URL configURL = null; try { configURL = new URL(extra_config); } catch (java.net.MalformedURLException mue) { File configFile = new File(extra_config); if (configFile.exists()) { configURL = configFile.toURI().toURL(); } else { MessageFormat form = new MessageFormat(ResourcesMgr.getString("extra.config.No.such.file.or.directory.", "sun.security.util.AuthResources")); Object[] source = { extra_config }; throw new IOException(form.format(source)); } } if (debugConfig != null) { debugConfig.println("reading " + configURL); } init(configURL, newConfig); initialized = true; if (overrideAll) { if (debugConfig != null) { debugConfig.println("overriding other policies!"); } configuration = newConfig; return; } } } int n = 1; String config_url; while ((config_url = java.security.Security.getProperty("login.config.url." + n)) != null) { try { config_url = PropertyExpander.expand(config_url).replace(File.separatorChar, '/'); if (debugConfig != null) { debugConfig.println("\tReading config: " + config_url); } init(new URL(config_url), newConfig); initialized = true; } catch (PropertyExpander.ExpandException peee) { MessageFormat form = new MessageFormat(ResourcesMgr.getString("Unable.to.properly.expand.config", "sun.security.util.AuthResources")); Object[] source = { config_url }; throw new IOException(form.format(source)); } n++; } if (initialized == false && n == 1 && config_url == null) { // get the config from the user's home directory if (debugConfig != null) { debugConfig.println("\tReading Policy " + "from ~/.java.login.config"); } config_url = System.getProperty("user.home"); String userConfigFile = config_url + File.separatorChar + ".java.login.config"; // at all. Returns an empty Configuration instead. if (new File(userConfigFile).exists()) { init(new File(userConfigFile).toURI().toURL(), newConfig); } } configuration = newConfig; }
Example 18
Project: openjdk-master File: DynamicConfigurationTest.java View source code |
public static void main(String... args) {
String rightConfigName = "PT";
String wrongConfigName = "NT";
char[] rightPwd = new char[] { 't', 'e', 's', 't', 'P', 'a', 's', 's', 'w', 'o', 'r', 'd', '1' };
char[] wrongPwd = new char[] { 'w', 'r', 'o', 'n', 'g', 'P', 'a', 's', 's', 'w', 'o', 'r', 'd' };
// Test with wrong configuration name
// Expect LoginException when initiate a new LoginContext object
testConfigName(wrongConfigName, true);
System.out.println("Wrong Config Name Test passed ");
// Spedify two loginModules: SmartLoginModule and DummyLoginModule
// Flags: required-required
// Test with right password for SmartLoginModule
// No exception is expected
Configuration cf = new MyConfiguration();
testLogin(rightConfigName, rightPwd, cf, false);
System.out.println("Positive test passed");
// Spedify two loginModules: SmartLoginModule and DummyLoginModule
// Flags: required-required
// Test with wrong password for SmartLoginModule
// Expect LoginException by calling LoginContext.login() method
testLogin(rightConfigName, wrongPwd, cf, true);
System.out.println("Should fail test passed");
// Spedify two loginModules: SmartLoginModule and DummyLoginModule
// Change the flags from required-required to optional-sufficient
// Test with wrong password for SmartLoginModule, while DummyLoginModule
// always passes
// No Exception is expected
cf = new MyConfiguration(true);
testLogin(rightConfigName, wrongPwd, cf, false);
System.out.println("One module fails where are other module succeeeds " + "Test passed with optional-sufficient flags");
}
Example 19
Project: openjdk8-jdk-master File: ConfigFile.java View source code |
/** * Read and initialize the entire login Configuration from the * configured URL. * * @throws IOException if the Configuration can not be initialized * @throws SecurityException if the caller does not have permission * to initialize the Configuration */ private void init() throws IOException { boolean initialized = false; // For policy.expandProperties, check if either a security or system // property is set to false (old code erroneously checked the system // prop so we must check both to preserve compatibility). String expand = Security.getProperty("policy.expandProperties"); if (expand == null) { expand = System.getProperty("policy.expandProperties"); } if ("false".equals(expand)) { expandProp = false; } // new configuration Map<String, List<AppConfigurationEntry>> newConfig = new HashMap<>(); if (url != null) { /** * If the caller specified a URI via Configuration.getInstance, * we only read from that URI */ if (debugConfig != null) { debugConfig.println("reading " + url); } init(url, newConfig); configuration = newConfig; return; } /** * Caller did not specify URI via Configuration.getInstance. * Read from URLs listed in the java.security properties file. */ String allowSys = Security.getProperty("policy.allowSystemProperty"); if ("true".equalsIgnoreCase(allowSys)) { String extra_config = System.getProperty("java.security.auth.login.config"); if (extra_config != null) { boolean overrideAll = false; if (extra_config.startsWith("=")) { overrideAll = true; extra_config = extra_config.substring(1); } try { extra_config = PropertyExpander.expand(extra_config); } catch (PropertyExpander.ExpandException peee) { throw ioException("Unable.to.properly.expand.config", extra_config); } URL configURL = null; try { configURL = new URL(extra_config); } catch (MalformedURLException mue) { File configFile = new File(extra_config); if (configFile.exists()) { configURL = configFile.toURI().toURL(); } else { throw ioException("extra.config.No.such.file.or.directory.", extra_config); } } if (debugConfig != null) { debugConfig.println("reading " + configURL); } init(configURL, newConfig); initialized = true; if (overrideAll) { if (debugConfig != null) { debugConfig.println("overriding other policies!"); } configuration = newConfig; return; } } } int n = 1; String config_url; while ((config_url = Security.getProperty("login.config.url." + n)) != null) { try { config_url = PropertyExpander.expand(config_url).replace(File.separatorChar, '/'); if (debugConfig != null) { debugConfig.println("\tReading config: " + config_url); } init(new URL(config_url), newConfig); initialized = true; } catch (PropertyExpander.ExpandException peee) { throw ioException("Unable.to.properly.expand.config", config_url); } n++; } if (initialized == false && n == 1 && config_url == null) { // get the config from the user's home directory if (debugConfig != null) { debugConfig.println("\tReading Policy " + "from ~/.java.login.config"); } config_url = System.getProperty("user.home"); String userConfigFile = config_url + File.separatorChar + ".java.login.config"; // at all. Returns an empty Configuration instead. if (new File(userConfigFile).exists()) { init(new File(userConfigFile).toURI().toURL(), newConfig); } } configuration = newConfig; }
Example 20
Project: swellrt-master File: ServerModule.java View source code |
@Override protected void configure() { bind(WaveServerImpl.class).in(Singleton.class); // Receive updates from the outside world, and push them into our local Wave // Server. bind(WaveletFederationListener.Factory.class).annotatedWith(FederationRemoteBridge.class).to(WaveServerImpl.class); // Provide history and respond to submits about our own local waves. bind(WaveletFederationProvider.class).annotatedWith(FederationHostBridge.class).to(WaveServerImpl.class); install(waveServerModule); TypeLiteral<List<String>> certs = new TypeLiteral<List<String>>() { }; bind(certs).annotatedWith(Names.named("certs")).toInstance(Arrays.<String>asList()); bind(ProtoSerializer.class).in(Singleton.class); bind(Configuration.class).toInstance(Configuration.getConfiguration()); bind(SessionManager.class).to(SessionManagerImpl.class).in(Singleton.class); bind(ServerRpcProvider.class).in(Singleton.class); // bind(RobotRegistrar.class).to(RobotRegistrarImpl.class); requestStaticInjection(WebSocketChannel.class); }
Example 21
Project: Wave-master File: ServerModule.java View source code |
@Override protected void configure() { bind(WaveServerImpl.class).in(Singleton.class); // Receive updates from the outside world, and push them into our local Wave // Server. bind(WaveletFederationListener.Factory.class).annotatedWith(FederationRemoteBridge.class).to(WaveServerImpl.class); // Provide history and respond to submits about our own local waves. bind(WaveletFederationProvider.class).annotatedWith(FederationHostBridge.class).to(WaveServerImpl.class); bind(Executor.class).annotatedWith(LookupExecutor.class).toInstance(Executors.newFixedThreadPool(lookupCount)); install(new WaveServerModule(enableFederation, listenerCount, waveletLoadCount, deltaPersistCount, storageContinuationCount)); TypeLiteral<List<String>> certs = new TypeLiteral<List<String>>() { }; bind(certs).annotatedWith(Names.named("certs")).toInstance(Arrays.<String>asList()); bind(ProtoSerializer.class).in(Singleton.class); bind(Configuration.class).toInstance(Configuration.getConfiguration()); bind(SessionManager.class).to(SessionManagerImpl.class).in(Singleton.class); bind(org.eclipse.jetty.server.SessionManager.class).to(HashSessionManager.class).in(Singleton.class); bind(ServerRpcProvider.class).in(Singleton.class); bind(RobotRegistrar.class).to(RobotRegistrarImpl.class); }
Example 22
Project: wave-protocol-master File: ServerModule.java View source code |
@Override protected void configure() { // Receive updates from the outside world, and push them into our local Wave // Server. bind(WaveletFederationListener.Factory.class).annotatedWith(FederationRemoteBridge.class).to(WaveServerImpl.class); // Provide history and respond to submits about our own local waves. bind(WaveletFederationProvider.class).annotatedWith(FederationHostBridge.class).to(WaveServerImpl.class); install(new WaveServerModule(enableFederation)); TypeLiteral<List<String>> certs = new TypeLiteral<List<String>>() { }; bind(certs).annotatedWith(Names.named("certs")).toInstance(Arrays.<String>asList()); bind(ProtoSerializer.class).in(Singleton.class); bind(Configuration.class).toInstance(Configuration.getConfiguration()); bind(SessionManager.class).to(SessionManagerImpl.class).in(Singleton.class); bind(org.eclipse.jetty.server.SessionManager.class).to(HashSessionManager.class).in(Singleton.class); bind(ServerRpcProvider.class).in(Singleton.class); bind(RobotRegistrar.class).to(RobotRegistrarImpl.class); }
Example 23
Project: WaveInCloud-master File: ServerModule.java View source code |
@Override protected void configure() { // Receive updates from the outside world, and push them into our local Wave // Server. bind(WaveletFederationListener.Factory.class).annotatedWith(FederationRemoteBridge.class).to(WaveServerImpl.class); // Provide history and respond to submits about our own local waves. bind(WaveletFederationProvider.class).annotatedWith(FederationHostBridge.class).to(WaveServerImpl.class); install(new WaveServerModule(enableFederation)); TypeLiteral<List<String>> certs = new TypeLiteral<List<String>>() { }; bind(certs).annotatedWith(Names.named("certs")).toInstance(Arrays.<String>asList()); bind(ProtoSerializer.class).in(Singleton.class); bind(Configuration.class).toInstance(Configuration.getConfiguration()); bind(SessionManager.class).to(SessionManagerImpl.class).in(Singleton.class); bind(org.eclipse.jetty.server.SessionManager.class).to(HashSessionManager.class).in(Singleton.class); bind(ServerRpcProvider.class).in(Singleton.class); }
Example 24
Project: alluxio-master File: LoginUser.java View source code |
/**
* Logs in based on the LoginModules.
*
* @return the login user
*/
private static User login() throws UnauthenticatedException {
AuthType authType = Configuration.getEnum(PropertyKey.SECURITY_AUTHENTICATION_TYPE, AuthType.class);
checkSecurityEnabled(authType);
Subject subject = new Subject();
try {
// Use the class loader of User.class to construct the LoginContext. LoginContext uses this
// class loader to dynamically instantiate login modules. This enables
// Subject#getPrincipals to use reflection to search for User.class instances.
LoginContext loginContext = createLoginContext(authType, subject, User.class.getClassLoader(), new LoginModuleConfiguration());
loginContext.login();
} catch (LoginException e) {
throw new UnauthenticatedException("Failed to login: " + e.getMessage(), e);
}
Set<User> userSet = subject.getPrincipals(User.class);
if (userSet.isEmpty()) {
throw new UnauthenticatedException("Failed to login: No Alluxio User is found.");
}
if (userSet.size() > 1) {
StringBuilder msg = new StringBuilder("Failed to login: More than one Alluxio Users are found:");
for (User user : userSet) {
msg.append(" ").append(user.toString());
}
throw new UnauthenticatedException(msg.toString());
}
return userSet.iterator().next();
}
Example 25
Project: ambari-master File: KerberosChecker.java View source code |
/** * Checks Ambari Server with a Kerberos principal and keytab to allow views * to authenticate via SPNEGO against cluster components. * * @throws AmbariException */ public static void checkJaasConfiguration() throws AmbariException { if (config.isKerberosJaasConfigurationCheckEnabled()) { LOG.info("Checking Ambari Server Kerberos credentials."); String jaasConfPath = System.getProperty(JAVA_SECURITY_AUTH_LOGIN_CONFIG); javax.security.auth.login.Configuration jaasConf = javax.security.auth.login.Configuration.getConfiguration(); AppConfigurationEntry[] jaasConfEntries = jaasConf.getAppConfigurationEntry(HTTP_SPNEGO_STANDARD_ENTRY); if (jaasConfEntries == null) { LOG.warn("Can't find " + HTTP_SPNEGO_STANDARD_ENTRY + " entry in " + jaasConfPath); } else { boolean krb5LoginModulePresent = false; for (AppConfigurationEntry ace : jaasConfEntries) { if (KRB5_LOGIN_MODULE.equals(ace.getLoginModuleName())) { krb5LoginModulePresent = true; Map<String, ?> options = ace.getOptions(); if ((options != null)) { if (options.containsKey("keyTab")) { String keytabPath = (String) options.get("keyTab"); File keytabFile = new File(keytabPath); if (!keytabFile.exists()) { LOG.warn(keytabPath + " doesn't exist."); } else if (!keytabFile.canRead()) { LOG.warn("Unable to read " + keytabPath + " Please check the file access permissions for user " + System.getProperty("user.name")); } } else { LOG.warn("Can't find keyTab option in " + KRB5_LOGIN_MODULE + " module of " + HTTP_SPNEGO_STANDARD_ENTRY + " entry in " + jaasConfPath); } if (!options.containsKey("principal")) { LOG.warn("Can't find principal option in " + KRB5_LOGIN_MODULE + " module of " + HTTP_SPNEGO_STANDARD_ENTRY + " entry in " + jaasConfPath); } } } } if (!krb5LoginModulePresent) { LOG.warn("Can't find " + KRB5_LOGIN_MODULE + " module in " + HTTP_SPNEGO_STANDARD_ENTRY + " entry in " + jaasConfPath); } } try { LoginContext loginContext = loginContextHelper.createLoginContext(HTTP_SPNEGO_STANDARD_ENTRY); loginContext.login(); loginContext.logout(); } catch (LoginException le) { LOG.error(le.getMessage()); throw new AmbariException("Ambari Server Kerberos credentials check failed. \n" + "Check KDC availability and JAAS configuration in " + jaasConfPath); } LOG.info("Ambari Server Kerberos credentials check passed."); } else { LOG.info("Skipping Ambari Server Kerberos credentials check."); } }
Example 26
Project: hadoop-master File: TestSecureRegistry.java View source code |
/** * this is a cut and paste of some of the ZK internal code that was * failing on windows and swallowing its exceptions */ @Test public void testLowlevelZKSaslLogin() throws Throwable { RegistrySecurity.bindZKToServerJAASContext(ZOOKEEPER_SERVER_CONTEXT); String serverSection = System.getProperty(ZooKeeperSaslServer.LOGIN_CONTEXT_NAME_KEY, ZooKeeperSaslServer.DEFAULT_LOGIN_CONTEXT_NAME); assertEquals(ZOOKEEPER_SERVER_CONTEXT, serverSection); AppConfigurationEntry entries[]; entries = javax.security.auth.login.Configuration.getConfiguration().getAppConfigurationEntry(serverSection); assertNotNull("null entries", entries); SaslServerCallbackHandler saslServerCallbackHandler = new SaslServerCallbackHandler(javax.security.auth.login.Configuration.getConfiguration()); Login login = new Login(serverSection, saslServerCallbackHandler); try { login.startThreadIfNeeded(); } finally { login.shutdown(); } }
Example 27
Project: hops-master File: TestSecureRegistry.java View source code |
/** * this is a cut and paste of some of the ZK internal code that was * failing on windows and swallowing its exceptions */ @Test public void testLowlevelZKSaslLogin() throws Throwable { RegistrySecurity.bindZKToServerJAASContext(ZOOKEEPER_SERVER_CONTEXT); String serverSection = System.getProperty(ZooKeeperSaslServer.LOGIN_CONTEXT_NAME_KEY, ZooKeeperSaslServer.DEFAULT_LOGIN_CONTEXT_NAME); assertEquals(ZOOKEEPER_SERVER_CONTEXT, serverSection); AppConfigurationEntry entries[]; entries = javax.security.auth.login.Configuration.getConfiguration().getAppConfigurationEntry(serverSection); assertNotNull("null entries", entries); SaslServerCallbackHandler saslServerCallbackHandler = new SaslServerCallbackHandler(javax.security.auth.login.Configuration.getConfiguration()); Login login = new Login(serverSection, saslServerCallbackHandler); try { login.startThreadIfNeeded(); } finally { login.shutdown(); } }
Example 28
Project: picketbox-master File: LdapAttributeMappingProviderUnitTestCase.java View source code |
protected void setUp() throws Exception {
super.setUp();
XMLLoginConfigImpl xmlLogin = XMLLoginConfigImpl.getInstance();
Configuration.setConfiguration(xmlLogin);
ApplicationPolicy ap = new ApplicationPolicy("test");
SecurityConfiguration.addApplicationPolicy(ap);
//Let us add the ldapAttributes.ldif
String fileName = targetDir + "ldap" + fs + "ldapAttributes.ldif";
boolean op = util.addLDIF(serverHost, port, adminDN, adminPW, new File(fileName).toURI().toURL());
assertTrue(op);
}
Example 29
Project: tachyon-master File: LoginUser.java View source code |
/**
* Logs in based on the LoginModules.
*
* @return the login user
*/
private static User login() throws UnauthenticatedException {
AuthType authType = Configuration.getEnum(PropertyKey.SECURITY_AUTHENTICATION_TYPE, AuthType.class);
checkSecurityEnabled(authType);
Subject subject = new Subject();
try {
// Use the class loader of User.class to construct the LoginContext. LoginContext uses this
// class loader to dynamically instantiate login modules. This enables
// Subject#getPrincipals to use reflection to search for User.class instances.
LoginContext loginContext = createLoginContext(authType, subject, User.class.getClassLoader(), new LoginModuleConfiguration());
loginContext.login();
} catch (LoginException e) {
throw new UnauthenticatedException("Failed to login: " + e.getMessage(), e);
}
Set<User> userSet = subject.getPrincipals(User.class);
if (userSet.isEmpty()) {
throw new UnauthenticatedException("Failed to login: No Alluxio User is found.");
}
if (userSet.size() > 1) {
StringBuilder msg = new StringBuilder("Failed to login: More than one Alluxio Users are found:");
for (User user : userSet) {
msg.append(" ").append(user.toString());
}
throw new UnauthenticatedException(msg.toString());
}
return userSet.iterator().next();
}
Example 30
Project: hive-master File: LlapZookeeperRegistryImpl.java View source code |
/**
* Get the ensemble server addresses from the configuration. The format is: host1:port,
* host2:port..
*
* @param conf
**/
private String getQuorumServers(Configuration conf) {
String[] hosts = conf.getTrimmedStrings(ConfVars.HIVE_ZOOKEEPER_QUORUM.varname);
String port = conf.get(ConfVars.HIVE_ZOOKEEPER_CLIENT_PORT.varname, ConfVars.HIVE_ZOOKEEPER_CLIENT_PORT.getDefaultValue());
StringBuilder quorum = new StringBuilder();
for (int i = 0; i < hosts.length; i++) {
quorum.append(hosts[i].trim());
if (!hosts[i].contains(":")) {
// if the hostname doesn't contain a port, add the configured port to hostname
quorum.append(":");
quorum.append(port);
}
if (i != hosts.length - 1) {
quorum.append(",");
}
}
return quorum.toString();
}
Example 31
Project: incubator-atlas-master File: InMemoryJAASConfigurationTest.java View source code |
@Test(enabled = false)
public void testGetAppConfigurationEntryStringForKafkaClient() {
AppConfigurationEntry[] entries = Configuration.getConfiguration().getAppConfigurationEntry("KafkaClient");
Assert.assertNotNull(entries);
Assert.assertEquals(1, entries.length);
String principal = (String) entries[0].getOptions().get("principal");
Assert.assertNotNull(principal);
String[] components = principal.split("[/@]");
Assert.assertEquals(3, components.length);
Assert.assertEquals(false, StringUtils.equalsIgnoreCase(components[1], "_HOST"));
}
Example 32
Project: kafka-master File: JaasContext.java View source code |
private static JaasContext defaultContext(JaasContext.Type contextType, String listenerContextName, String globalContextName) { String jaasConfigFile = System.getProperty(JaasUtils.JAVA_LOGIN_CONFIG_PARAM); if (jaasConfigFile == null) { if (contextType == Type.CLIENT) { LOG.debug("System property '" + JaasUtils.JAVA_LOGIN_CONFIG_PARAM + "' and Kafka SASL property '" + SaslConfigs.SASL_JAAS_CONFIG + "' are not set, using default JAAS configuration."); } else { LOG.debug("System property '" + JaasUtils.JAVA_LOGIN_CONFIG_PARAM + "' is not set, using default JAAS " + "configuration."); } } Configuration jaasConfig = Configuration.getConfiguration(); AppConfigurationEntry[] configEntries = null; String contextName = globalContextName; if (listenerContextName != null) { configEntries = jaasConfig.getAppConfigurationEntry(listenerContextName); if (configEntries != null) contextName = listenerContextName; } if (configEntries == null) configEntries = jaasConfig.getAppConfigurationEntry(globalContextName); if (configEntries == null) { String listenerNameText = listenerContextName == null ? "" : " or '" + listenerContextName + "'"; String errorMessage = "Could not find a '" + globalContextName + "'" + listenerNameText + " entry in the JAAS " + "configuration. System property '" + JaasUtils.JAVA_LOGIN_CONFIG_PARAM + "' is " + (jaasConfigFile == null ? "not set" : jaasConfigFile); throw new IllegalArgumentException(errorMessage); } return new JaasContext(contextName, contextType, jaasConfig); }
Example 33
Project: ManagedRuntimeInitiative-master File: ConfigFile.java View source code |
/** * Read and initialize the entire login Configuration. * * <p> * * @exception IOException if the Configuration can not be initialized. <p> * @exception SecurityException if the caller does not have permission * to initialize the Configuration. */ private void init(URL url) throws IOException { boolean initialized = false; FileReader fr = null; String sep = File.separator; if ("false".equals(System.getProperty("policy.expandProperties"))) { expandProp = false; } // new configuration HashMap<String, LinkedList<AppConfigurationEntry>> newConfig = new HashMap<String, LinkedList<AppConfigurationEntry>>(); if (url != null) { /** * If the caller specified a URI via Configuration.getInstance, * we only read from that URI */ if (debugConfig != null) { debugConfig.println("reading " + url); } init(url, newConfig); configuration = newConfig; return; } /** * Caller did not specify URI via Configuration.getInstance. * Read from URLs listed in the java.security properties file. */ String allowSys = java.security.Security.getProperty("policy.allowSystemProperty"); if ("true".equalsIgnoreCase(allowSys)) { String extra_config = System.getProperty("java.security.auth.login.config"); if (extra_config != null) { boolean overrideAll = false; if (extra_config.startsWith("=")) { overrideAll = true; extra_config = extra_config.substring(1); } try { extra_config = PropertyExpander.expand(extra_config); } catch (PropertyExpander.ExpandException peee) { MessageFormat form = new MessageFormat(ResourcesMgr.getString("Unable to properly expand config", "sun.security.util.AuthResources")); Object[] source = { extra_config }; throw new IOException(form.format(source)); } URL configURL = null; try { configURL = new URL(extra_config); } catch (java.net.MalformedURLException mue) { File configFile = new File(extra_config); if (configFile.exists()) { configURL = configFile.toURI().toURL(); } else { MessageFormat form = new MessageFormat(ResourcesMgr.getString("extra_config (No such file or directory)", "sun.security.util.AuthResources")); Object[] source = { extra_config }; throw new IOException(form.format(source)); } } if (debugConfig != null) { debugConfig.println("reading " + configURL); } init(configURL, newConfig); initialized = true; if (overrideAll) { if (debugConfig != null) { debugConfig.println("overriding other policies!"); } configuration = newConfig; return; } } } int n = 1; String config_url; while ((config_url = java.security.Security.getProperty("login.config.url." + n)) != null) { try { config_url = PropertyExpander.expand(config_url).replace(File.separatorChar, '/'); if (debugConfig != null) { debugConfig.println("\tReading config: " + config_url); } init(new URL(config_url), newConfig); initialized = true; } catch (PropertyExpander.ExpandException peee) { MessageFormat form = new MessageFormat(ResourcesMgr.getString("Unable to properly expand config", "sun.security.util.AuthResources")); Object[] source = { config_url }; throw new IOException(form.format(source)); } n++; } if (initialized == false && n == 1 && config_url == null) { // get the config from the user's home directory if (debugConfig != null) { debugConfig.println("\tReading Policy " + "from ~/.java.login.config"); } config_url = System.getProperty("user.home"); String userConfigFile = config_url + File.separatorChar + ".java.login.config"; // at all. Returns an empty Configuration instead. if (new File(userConfigFile).exists()) { init(new File(userConfigFile).toURI().toURL(), newConfig); } } configuration = newConfig; }
Example 34
Project: marketcetera-master File: StrategyAgentRemotingConfigTest.java View source code |
/** * Sets up the JAAS Configuration such that both Client's test Mock server * and remote-receiver's can work. */ static void setupConfiguration() { Configuration.setConfiguration(new Configuration() { public AppConfigurationEntry[] getAppConfigurationEntry(String inName) { if ("remoting-amq-domain".equals(inName)) { //the login module for the receiver module. return new AppConfigurationEntry[] { new AppConfigurationEntry(ClientLoginModule.class.getName(), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, Collections.unmodifiableMap(new HashMap<String, String>())) }; } else if ("test-amq-domain".equals(inName)) { //the login module for mock server return new AppConfigurationEntry[] { new AppConfigurationEntry(MockLoginModule.class.getName(), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, Collections.unmodifiableMap(new HashMap<String, String>())) }; } return null; } }); }
Example 35
Project: mssql-jdbc-master File: JaasConfiguration.java View source code |
@Override
public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
AppConfigurationEntry[] conf = delegate == null ? null : delegate.getAppConfigurationEntry(name);
// In case where user did request another JAAS Configuration name, we expect he knows what he is doing.
if (conf == null && name.equals(SQLServerDriverStringProperty.JAAS_CONFIG_NAME.getDefaultValue())) {
return defaultValue;
}
return conf;
}
Example 36
Project: nuxeo-master File: LoginConfiguration.java View source code |
public void install(Provider provider) {
holder.set(provider);
int count = counter.incrementAndGet();
if (count == 1) {
context = new InstallContext(provider);
Configuration.setConfiguration(this);
LogFactory.getLog(LoginConfiguration.class).trace("installed login configuration", context.stacktrace);
}
}
Example 37
Project: rt.equinox.bundles-master File: SecurePlatformInternal.java View source code |
/** * Java docs specify that if multiple config files are passed in, they will be merged into one file. * Hence, aside from implementation details, no priority information is specified by the order * of config files. In this implementation we add customer's config file to the end of the list. * * This method substitutes default login configuration: * Configuration Inquiries -> ConfigurationFederator -> * 1) Extension Point supplied config providers; * 2) default Java config provider ("login.configuration.provider") */ public void start() { if (running) return; // Kludge for the bug 215828 "JAAS and server-side Eclipse": for the time being configuration // substitution is turned off if running on a server. It is likely possible to work around // configuration substitution using Java 5 methods, but not Java 1.4 BundleContext context = AuthPlugin.getDefault().getBundleContext(); String vmType = context.getProperty(VM_PROPERTY); if (SERVER_VM.equals(vmType)) { defaultConfiguration = null; running = true; return; } try { defaultConfiguration = Configuration.getConfiguration(); } catch (SecurityException e) { defaultConfiguration = null; } Configuration.setConfiguration(new ConfigurationFederator(defaultConfiguration)); running = true; }
Example 38
Project: tempto-master File: KerberosAuthentication.java View source code |
private static Configuration createKerberosConfiguration(String principal, String keytab) { Map<String, String> loginOptions = createLoginOptions(principal, keytab); return new Configuration() { @Override public AppConfigurationEntry[] getAppConfigurationEntry(String name) { return new AppConfigurationEntry[] { new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, loginOptions) }; } }; }
Example 39
Project: Tstream-master File: ThriftClient.java View source code |
protected void flushClient(Map storm_conf, Integer timeout) throws Exception {
try {
flushHost();
String[] host_port = masterHost.split(":");
if (host_port.length != 2) {
throw new InvalidParameterException("Host format error: " + masterHost);
}
String host = host_port[0];
int port = Integer.parseInt(host_port[1]);
LOG.info("Begin to connect " + host + ":" + port);
// locate login configuration
Configuration login_conf = AuthUtils.GetConfiguration(storm_conf);
// construct a transport plugin
ITransportPlugin transportPlugin = AuthUtils.GetTransportPlugin(storm_conf, login_conf);
// create a socket with server
if (host == null) {
throw new IllegalArgumentException("host is not set");
}
if (port <= 0) {
throw new IllegalArgumentException("invalid port: " + port);
}
// /***************only test for daily *************/
// if (host.endsWith("bja")) {
// host += ".tbsite.net";
// }
// /***************only test for daily *************/
TSocket socket = new TSocket(host, port);
if (timeout != null) {
socket.setTimeout(timeout);
}
final TTransport underlyingTransport = socket;
// establish client-server transport via plugin
_transport = transportPlugin.connect(underlyingTransport, host);
} catch (IOException ex) {
throw new RuntimeException("Create transport error");
}
_protocol = null;
if (_transport != null)
_protocol = new TBinaryProtocol(_transport);
}
Example 40
Project: tuscany-sca-2.x-master File: CalculatorClient.java View source code |
public static void main(String[] args) throws Exception { try { Configuration secConf = Configuration.getConfiguration(); } catch (java.lang.SecurityException e) { System.setProperty("java.security.auth.login.config", CalculatorClient.class.getClassLoader().getResource("implementation/policies/CalculatorJass.config").toString()); } NodeFactory factory = NodeFactory.newInstance(); Node node = factory.createNode(new File("src/main/resources/implementation/policies/ImplementationPolicies.composite").toURI().toURL().toString(), new Contribution("TestContribution", new File("src/main/resources/implementation/policies/").toURI().toURL().toString())); node.start(); CalculatorService calculatorService = node.getService(CalculatorService.class, "CalculatorServiceComponent"); // Calculate System.out.println("Calling CalculatorServiceComponent configured with 'logging' " + "policy for subtract and divide operations..."); System.out.println("3 + 2=" + calculatorService.add(3, 2)); System.out.println("3 - 2=" + calculatorService.subtract(3, 2)); System.out.println("3 * 2=" + calculatorService.multiply(3, 2)); System.out.println("3 / 2=" + calculatorService.divide(3, 2)); calculatorService = node.getService(CalculatorService.class, "AnotherCalculatorServiceComponent"); // Calculate System.out.println("Calling CalculatorServiceComponent configured with 'logging' " + "for all operations in the implementation..."); System.out.println("3 + 2=" + calculatorService.add(3, 2)); System.out.println("3 - 2=" + calculatorService.subtract(3, 2)); System.out.println("3 * 2=" + calculatorService.multiply(3, 2)); System.out.println("3 / 2=" + calculatorService.divide(3, 2)); node.stop(); System.out.println("Bye"); }
Example 41
Project: activemq-artemis-master File: JaasDualAuthenticationBrokerTest.java View source code |
/**
* create a dual login config, for both SSL and non-SSL connections
* using the StubLoginModule
*/
void createLoginConfig() {
HashMap<String, String> sslConfigOptions = new HashMap<>();
HashMap<String, String> configOptions = new HashMap<>();
sslConfigOptions.put(StubLoginModule.ALLOW_LOGIN_PROPERTY, "true");
sslConfigOptions.put(StubLoginModule.USERS_PROPERTY, DN_USERNAME);
sslConfigOptions.put(StubLoginModule.GROUPS_PROPERTY, DN_GROUP);
AppConfigurationEntry sslConfigEntry = new AppConfigurationEntry("org.apache.activemq.security.StubLoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, sslConfigOptions);
configOptions.put(StubLoginModule.ALLOW_LOGIN_PROPERTY, "true");
configOptions.put(StubLoginModule.USERS_PROPERTY, INSECURE_USERNAME);
configOptions.put(StubLoginModule.GROUPS_PROPERTY, INSECURE_GROUP);
AppConfigurationEntry configEntry = new AppConfigurationEntry("org.apache.activemq.security.StubLoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, configOptions);
StubDualJaasConfiguration jaasConfig = new StubDualJaasConfiguration(configEntry, sslConfigEntry);
Configuration.setConfiguration(jaasConfig);
}
Example 42
Project: cdap-master File: JAASLoginService.java View source code |
/* ------------------------------------------------------------ */
public UserIdentity login(final String username, final Object credentials) {
try {
CallbackHandler callbackHandler = null;
if (callbackHandlerClass == null) {
callbackHandler = new CallbackHandler() {
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (Callback callback : callbacks) {
if (callback instanceof NameCallback) {
((NameCallback) callback).setName(username);
} else if (callback instanceof PasswordCallback) {
((PasswordCallback) callback).setPassword(credentials.toString().toCharArray());
} else if (callback instanceof ObjectCallback) {
((ObjectCallback) callback).setObject(credentials);
} else if (callback instanceof RequestParameterCallback) {
AbstractHttpConnection connection = AbstractHttpConnection.getCurrentConnection();
Request request = (connection == null ? null : connection.getRequest());
if (request != null) {
RequestParameterCallback rpc = (RequestParameterCallback) callback;
rpc.setParameterValues(Arrays.asList(request.getParameterValues(rpc.getParameterName())));
}
} else {
throw new UnsupportedCallbackException(callback);
}
}
}
};
} else {
Class clazz = Loader.loadClass(getClass(), callbackHandlerClass);
callbackHandler = (CallbackHandler) clazz.newInstance();
}
//set up the login context
//TODO jaspi requires we provide the Configuration parameter
Subject subject = new Subject();
LoginContext loginContext = new LoginContext(loginModuleName, subject, callbackHandler, configuration);
loginContext.login();
//login success
JAASUserPrincipal userPrincipal = new JAASUserPrincipal(getUserName(callbackHandler), subject, loginContext);
subject.getPrincipals().add(userPrincipal);
return identityService.newUserIdentity(subject, userPrincipal, getGroups(subject));
} catch (LoginException e) {
LOG.debug(e);
} catch (IOException e) {
LOG.info(e.getMessage());
LOG.debug(e);
} catch (UnsupportedCallbackException e) {
LOG.info(e.getMessage());
LOG.debug(e);
} catch (InstantiationException e) {
LOG.info(e.getMessage());
LOG.debug(e);
} catch (IllegalAccessException e) {
LOG.info(e.getMessage());
LOG.debug(e);
} catch (ClassNotFoundException e) {
LOG.info(e.getMessage());
LOG.debug(e);
}
return null;
}
Example 43
Project: distributed-processor-master File: AuthUtils.java View source code |
/** * Construct a JAAS configuration object per storm configuration file * @param storm_conf Storm configuration * @return JAAS configuration object */ public static Configuration GetConfiguration(Map storm_conf) { Configuration login_conf = null; //find login file configuration from Storm configuration String loginConfigurationFile = (String) storm_conf.get("java.security.auth.login.config"); if ((loginConfigurationFile != null) && (loginConfigurationFile.length() > 0)) { try { URI config_uri = new File(loginConfigurationFile).toURI(); login_conf = Configuration.getInstance("JavaLoginConfig", new URIParameter(config_uri)); } catch (NoSuchAlgorithmException ex1) { if (ex1.getCause() instanceof FileNotFoundException) throw new RuntimeException("configuration file " + loginConfigurationFile + " could not be found"); else throw new RuntimeException(ex1); } catch (Exception ex2) { throw new RuntimeException(ex2); } } return login_conf; }
Example 44
Project: felix-master File: ITJaasWithConfigBasedLoginModule.java View source code |
@Test public void testJaasWithTCCL() throws Exception { String realmName = name.getMethodName(); createLoginModuleConfig(realmName); delay(); CallbackHandler handler = new SimpleCallbackHandler("foo", "foo"); Configuration config = Configuration.getInstance("JavaLoginConfig", null, "FelixJaasProvider"); Subject s = new Subject(); final ClassLoader cl = Thread.currentThread().getContextClassLoader(); try { Thread.currentThread().setContextClassLoader(getClass().getClassLoader()); LoginContext lc = new LoginContext(realmName, s, handler, config); lc.login(); } finally { Thread.currentThread().setContextClassLoader(cl); } assertFalse(s.getPrincipals().isEmpty()); }
Example 45
Project: mina-sshd-master File: JaasPasswordAuthenticatorTest.java View source code |
@Before public void setUp() { Configuration config = new Configuration() { @Override public AppConfigurationEntry[] getAppConfigurationEntry(String name) { return new AppConfigurationEntry[] { new AppConfigurationEntry(DummyLoginModule.class.getName(), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, new HashMap<>()) }; } @Override public void refresh() { // ignored } }; Configuration.setConfiguration(config); }
Example 46
Project: presto-master File: KerberosAuthentication.java View source code |
private static Configuration createConfiguration(String principal, String keytabLocation) { Map<String, String> options = ImmutableMap.<String, String>builder().put("useKeyTab", "true").put("storeKey", "true").put("doNotPrompt", "true").put("isInitiator", "true").put("principal", principal).put("keyTab", keytabLocation).build(); return new Configuration() { @Override public AppConfigurationEntry[] getAppConfigurationEntry(String name) { return new AppConfigurationEntry[] { new AppConfigurationEntry(KERBEROS_LOGIN_MODULE, AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options) }; } }; }
Example 47
Project: scumd-master File: JaasPasswordAuthenticatorTest.java View source code |
@Before public void setUp() { Configuration config = new Configuration() { public AppConfigurationEntry[] getAppConfigurationEntry(String name) { return new AppConfigurationEntry[] { new AppConfigurationEntry(DummyLoginModule.class.getName(), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, new HashMap<String, Object>()) }; } public void refresh() { } }; Configuration.setConfiguration(config); }
Example 48
Project: spark-svn-mirror-master File: GSSAPIConfiguration.java View source code |
private void init(boolean config_from_file) {
configs = new HashMap<String, Vector<AppConfigurationEntry>>();
//The structure of the options is not well documented in terms of
//data types. Since the file version of the Configuration object
//puts things in quotes, String is assumed. But boolean options
//do not have quotes, and my represent different types internally.
HashMap<String, String> c_options = new HashMap<String, String>();
//So don't set refreshKrb5Config
if (config_from_file) {
c_options.put("refreshKrb5Config", "true");
}
c_options.put("doNotPrompt", "true");
c_options.put("useTicketCache", "true");
c_options.put("debug", "true");
putAppConfigurationEntry("com.sun.security.jgss.initiate", "com.sun.security.auth.module.Krb5LoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, c_options);
putAppConfigurationEntry("com.sun.security.jgss.krb5.initiate", "com.sun.security.auth.module.Krb5LoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, c_options);
}
Example 49
Project: Storm-master File: AuthUtils.java View source code |
/** * Construct a JAAS configuration object per storm configuration file * @param storm_conf Storm configuration * @return JAAS configuration object */ public static Configuration GetConfiguration(Map storm_conf) { Configuration login_conf = null; //find login file configuration from Storm configuration String loginConfigurationFile = (String) storm_conf.get("java.security.auth.login.config"); if ((loginConfigurationFile != null) && (loginConfigurationFile.length() > 0)) { try { URI config_uri = new File(loginConfigurationFile).toURI(); login_conf = Configuration.getInstance("JavaLoginConfig", new URIParameter(config_uri)); } catch (NoSuchAlgorithmException ex1) { if (ex1.getCause() instanceof FileNotFoundException) throw new RuntimeException("configuration file " + loginConfigurationFile + " could not be found"); else throw new RuntimeException(ex1); } catch (Exception ex2) { throw new RuntimeException(ex2); } } return login_conf; }
Example 50
Project: ACaZoo-master File: ZooKeeperSaslClient.java View source code |
public boolean clientTunneledAuthenticationInProgress() { // configured to use SASL. (see also ZOOKEEPER-1455). try { if ((System.getProperty(Environment.JAAS_CONF_KEY) != null) || ((javax.security.auth.login.Configuration.getConfiguration() != null) && (javax.security.auth.login.Configuration.getConfiguration().getAppConfigurationEntry(System.getProperty(ZooKeeperSaslClient.LOGIN_CONTEXT_NAME_KEY, "Client")) != null))) { // 1. Authentication hasn't finished yet: we must wait for it to do so. if ((isComplete() == false) && (isFailed() == false)) { return true; } // 2. SASL authentication has succeeded or failed.. if (isComplete() || isFailed()) { if (gotLastPacket == false) { // message from server which must be received. return true; } } } // not), and all server SASL messages have been received. return false; } catch (SecurityException e) { if (LOG.isDebugEnabled() == true) { LOG.debug("Could not retrieve login configuration: " + e); } return false; } }
Example 51
Project: cxf-master File: JAASLoginInterceptorTest.java View source code |
private JAASLoginInterceptor createTestJaasLoginInterceptor() { JAASLoginInterceptor jaasInt = new JAASLoginInterceptor(); jaasInt.setReportFault(true); Configuration config = new Configuration() { @Override public AppConfigurationEntry[] getAppConfigurationEntry(String name) { Map<String, String> options = new HashMap<>(); AppConfigurationEntry configEntry = new AppConfigurationEntry(TestUserPasswordLoginModule.class.getName(), LoginModuleControlFlag.REQUIRED, options); return Collections.singleton(configEntry).toArray(new AppConfigurationEntry[] {}); } }; jaasInt.setLoginConfig(config); return jaasInt; }
Example 52
Project: hadoop-release-2.6.0-master File: ZKDelegationTokenSecretManager.java View source code |
private String setJaasConfiguration(Configuration config) throws Exception { String keytabFile = config.get(ZK_DTSM_ZK_KERBEROS_KEYTAB, "").trim(); if (keytabFile == null || keytabFile.length() == 0) { throw new IllegalArgumentException(ZK_DTSM_ZK_KERBEROS_KEYTAB + " must be specified"); } String principal = config.get(ZK_DTSM_ZK_KERBEROS_PRINCIPAL, "").trim(); if (principal == null || principal.length() == 0) { throw new IllegalArgumentException(ZK_DTSM_ZK_KERBEROS_PRINCIPAL + " must be specified"); } JaasConfiguration jConf = new JaasConfiguration(JAAS_LOGIN_ENTRY_NAME, principal, keytabFile); javax.security.auth.login.Configuration.setConfiguration(jConf); return principal.split("[/@]")[0]; }
Example 53
Project: zoo-master File: SaslAuthDesignatedClientTest.java View source code |
@Test
public void testSaslConfig() throws Exception {
ZooKeeper zk = createClient();
try {
zk.getChildren("/", false);
Assert.assertFalse(zk.getSaslClient().clientTunneledAuthenticationInProgress());
Assert.assertEquals(zk.getSaslClient().getSaslState(), ZooKeeperSaslClient.SaslState.COMPLETE);
Assert.assertNotNull(javax.security.auth.login.Configuration.getConfiguration().getAppConfigurationEntry("MyZookeeperClient"));
Assert.assertSame(zk.getSaslClient().getLoginContext(), "MyZookeeperClient");
} catch (KeeperException e) {
Assert.fail("test failed :" + e);
} finally {
zk.close();
}
}
Example 54
Project: zookeeper-master File: SaslAuthDesignatedClientTest.java View source code |
@Test
public void testSaslConfig() throws Exception {
ZooKeeper zk = createClient();
try {
zk.getChildren("/", false);
Assert.assertFalse(zk.getSaslClient().clientTunneledAuthenticationInProgress());
Assert.assertEquals(zk.getSaslClient().getSaslState(), ZooKeeperSaslClient.SaslState.COMPLETE);
Assert.assertNotNull(javax.security.auth.login.Configuration.getConfiguration().getAppConfigurationEntry("MyZookeeperClient"));
Assert.assertSame(zk.getSaslClient().getLoginContext(), "MyZookeeperClient");
} catch (KeeperException e) {
Assert.fail("test failed :" + e);
} finally {
zk.close();
}
}
Example 55
Project: tomee-master File: Main.java View source code |
@Override protected javax.security.auth.login.Configuration getConfig() { try { if (jaasConfigurationLoaded) { return jaasConfiguration; } synchronized (this) { if (configFile == null) { jaasConfigurationLoaded = true; return null; } configFile = file.getAbsolutePath(); final Class<?> sunConfigFile = Class.forName("com.sun.security.auth.login.ConfigFile"); final Constructor<?> constructor = sunConfigFile.getConstructor(URI.class); javax.security.auth.login.Configuration config = javax.security.auth.login.Configuration.class.cast(constructor.newInstance(file.toURI())); this.jaasConfiguration = config; this.jaasConfigurationLoaded = true; return this.jaasConfiguration; } } catch (final NoSuchMethodExceptionSecurityException | IllegalArgumentException | IllegalAccessException | InstantiationException | InvocationTargetException | ClassNotFoundException | ex) { throw new RuntimeException(ex); } }
Example 56
Project: activemq-master File: JaasDualAuthenticationBrokerTest.java View source code |
/** create a dual login config, for both SSL and non-SSL connections
* using the StubLoginModule
*
*/
void createLoginConfig() {
HashMap<String, String> sslConfigOptions = new HashMap<String, String>();
HashMap<String, String> configOptions = new HashMap<String, String>();
sslConfigOptions.put(StubLoginModule.ALLOW_LOGIN_PROPERTY, "true");
sslConfigOptions.put(StubLoginModule.USERS_PROPERTY, DN_USERNAME);
sslConfigOptions.put(StubLoginModule.GROUPS_PROPERTY, DN_GROUP);
AppConfigurationEntry sslConfigEntry = new AppConfigurationEntry("org.apache.activemq.security.StubLoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, sslConfigOptions);
configOptions.put(StubLoginModule.ALLOW_LOGIN_PROPERTY, "true");
configOptions.put(StubLoginModule.USERS_PROPERTY, INSECURE_USERNAME);
configOptions.put(StubLoginModule.GROUPS_PROPERTY, INSECURE_GROUP);
AppConfigurationEntry configEntry = new AppConfigurationEntry("org.apache.activemq.security.StubLoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, configOptions);
StubDualJaasConfiguration jaasConfig = new StubDualJaasConfiguration(configEntry, sslConfigEntry);
Configuration.setConfiguration(jaasConfig);
}
Example 57
Project: bookkeeper-master File: EnableZkSecurityBasicTest.java View source code |
@BeforeClass
public static void setupJAAS() throws IOException {
System.setProperty("zookeeper.authProvider.1", "org.apache.zookeeper.server.auth.SASLAuthenticationProvider");
File tmpJaasDir = new File("target").getAbsoluteFile();
File tmpJaasFile = new File(tmpJaasDir, "jaas.conf");
String jassFileContent = "Server {\n" + " org.apache.zookeeper.server.auth.DigestLoginModule required\n" + " user_foo=\"bar\";\n" + "};\n" + "\n" + "Client {\n" + " org.apache.zookeeper.server.auth.DigestLoginModule required\n" + " username=\"foo\"\n" + " password=\"bar\";\n" + "};";
Files.write(tmpJaasFile.toPath(), jassFileContent.getBytes(StandardCharsets.UTF_8));
System.setProperty("java.security.auth.login.config", tmpJaasFile.getAbsolutePath());
Configuration.getConfiguration().refresh();
}
Example 58
Project: directory-server-master File: SaslGssapiBindITest.java View source code |
/**
* Tests to make sure GSSAPI binds below the RootDSE work.
*/
@Test
public void testSaslGssapiBind() throws Exception {
// Set up a partition for EXAMPLE.COM and add user and service principals to test authentication with.
KerberosTestUtils.fixServicePrincipalName("ldap/" + KerberosTestUtils.getHostName() + "@EXAMPLE.COM", null, getLdapServer());
ObtainTicketParameters parameters = new ObtainTicketParameters(TcpTransport.class, EncryptionType.AES128_CTS_HMAC_SHA1_96, ChecksumType.HMAC_SHA1_96_AES128);
setupEnv(parameters);
kdcServer.getConfig().setPaEncTimestampRequired(false);
// Use our custom configuration to avoid reliance on external config
Configuration.setConfiguration(new Krb5LoginConfiguration());
// 1. Authenticate to Kerberos.
LoginContext lc = null;
try {
lc = new LoginContext(SaslGssapiBindITest.class.getName(), new CallbackHandlerBean("hnelson", "secret"));
lc.login();
} catch (LoginException le) {
fail("Authentication failed: " + le.getMessage());
}
// 2. Perform JNDI work as authenticated Subject.
Subject.doAs(lc.getSubject(), new PrivilegedAction<Void>() {
public Void run() {
//Currently GSSAPI authentication for the ldap server is broken
try {
// Create the initial context
Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://" + KerberosTestUtils.getHostName() + ":" + getLdapServer().getPort());
// Request the use of the "GSSAPI" SASL mechanism
// Authenticate by using already established Kerberos credentials
env.put(Context.SECURITY_AUTHENTICATION, "GSSAPI");
// Request privacy protection
env.put("javax.security.sasl.qop", "auth-conf");
// Request mutual authentication
env.put("javax.security.sasl.server.authentication", "true");
// Request high-strength cryptographic protection
env.put("javax.security.sasl.strength", "high");
DirContext ctx = new InitialDirContext(env);
String[] attrIDs = { "uid" };
Attributes attrs = ctx.getAttributes("uid=hnelson,ou=users,dc=example,dc=com", attrIDs);
String uid = null;
if (attrs.get("uid") != null) {
uid = (String) attrs.get("uid").get();
}
assertEquals(uid, "hnelson");
} catch (NamingException e) {
fail("Should not have caught exception: " + e.getMessage() + e.getRootCause());
}
return null;
}
});
}
Example 59
Project: federation-master File: SAMLRoleLoginModuleUnitTestCase.java View source code |
@Before public void setup() { Configuration.setConfiguration(new Configuration() { @SuppressWarnings({ "rawtypes", "unchecked" }) @Override public AppConfigurationEntry[] getAppConfigurationEntry(String name) { final Map options = new HashMap(); AppConfigurationEntry a1 = new AppConfigurationEntry(MySAMLModule.class.getName(), LoginModuleControlFlag.REQUIRED, options); AppConfigurationEntry a2 = new AppConfigurationEntry(SAMLRoleLoginModule.class.getName(), LoginModuleControlFlag.REQUIRED, options); return new AppConfigurationEntry[] { a1, a2 }; } }); }
Example 60
Project: geronimo-master File: SubjectCarryingProtocolTest.java View source code |
public void tearDown() throws Exception {
server.dispose();
kernel.stopGBean(testRealm);
kernel.stopGBean(testCE);
kernel.stopGBean(serverInfo);
kernel.unloadGBean(testCE);
kernel.unloadGBean(testRealm);
kernel.unloadGBean(serverInfo);
super.tearDown();
Configuration.setConfiguration(new ConfigFile());
}
Example 61
Project: jackrabbit-master File: AuthContextProvider.java View source code |
/**
*
* @param credentials
* @param subject
* @param session
* @param principalProviderRegistry
* @param adminId
* @param anonymousId
* @return context of for authentication and log-out
* @throws RepositoryException in case neither an <code>JAASContext</code>
* nor a <code>LocalContext</code> can be successfully created.
*/
public AuthContext getAuthContext(Credentials credentials, Subject subject, Session session, PrincipalProviderRegistry principalProviderRegistry, String adminId, String anonymousId) throws RepositoryException {
CallbackHandler cbHandler = new CallbackHandlerImpl(credentials, session, principalProviderRegistry, adminId, anonymousId);
if (isLocal()) {
return new LocalAuthContext(config, cbHandler, subject);
} else if (isJAAS()) {
return new JAASAuthContext(appName, cbHandler, subject);
} else {
throw new RepositoryException("No Login-Configuration");
}
}
Example 62
Project: ldaptive-master File: ApacheLdapSaslUtils.java View source code |
/**
* Creates a new gssapi request.
*
* @param username to bind as
* @param credential to bind with
* @param config to set sasl parameters
*
* @return gssapi request
*/
protected static SaslGssApiRequest createGssApiRequest(final String username, final Credential credential, final SaslConfig config) {
final SaslGssApiRequest request = new SaslGssApiRequest();
if (username != null) {
request.setUsername(username);
}
if (credential != null) {
request.setCredentials(credential.getBytes());
}
if (config.getAuthorizationId() != null) {
request.setAuthorizationId(config.getAuthorizationId());
}
if (config.getMutualAuthentication() != null) {
request.setMutualAuthentication(config.getMutualAuthentication());
}
if (config.getQualityOfProtection() != null) {
request.setQualityOfProtection(getQualityOfProtection(config.getQualityOfProtection()));
}
if (config.getSecurityStrength() != null) {
request.setSecurityStrength(getSecurityStrength(config.getSecurityStrength()));
}
if (config instanceof GssApiConfig) {
final GssApiConfig c = (GssApiConfig) config;
if (c.getRealm() != null) {
request.setRealmName(c.getRealm());
}
}
final String realm = System.getProperty("java.security.krb5.realm");
if (realm != null) {
request.setRealmName(realm);
}
final String kdcHost = System.getProperty("java.security.krb5.kdc");
if (kdcHost != null) {
request.setKdcHost(kdcHost);
}
final String loginConfig = System.getProperty("java.security.auth.login.config");
if (loginConfig != null) {
request.setLoginModuleConfiguration(Configuration.getConfiguration());
}
request.setLoginContextName("com.sun.security.jgss.initiate");
return request;
}
Example 63
Project: mymam-master File: JBossLoginContextFactory.java View source code |
/**
* Obtain a LoginContext configured for use with the ClientLoginModule.
*
* @return the configured LoginContext.
*/
public static LoginContext createLoginContext(final String username, final String password) throws LoginException {
final String configurationName = "Arquillian Testing";
CallbackHandler cbh = new JBossLoginContextFactory.NamePasswordCallbackHandler(username, password);
Configuration config = new JBossJaasConfiguration(configurationName);
return new LoginContext(configurationName, new Subject(), cbh, config);
}
Example 64
Project: picketlink-bindings-master File: SAMLRoleLoginModuleUnitTestCase.java View source code |
@Before public void setup() { Configuration.setConfiguration(new Configuration() { @SuppressWarnings({ "rawtypes", "unchecked" }) @Override public AppConfigurationEntry[] getAppConfigurationEntry(String name) { final Map options = new HashMap(); AppConfigurationEntry a1 = new AppConfigurationEntry(MySAMLModule.class.getName(), LoginModuleControlFlag.REQUIRED, options); AppConfigurationEntry a2 = new AppConfigurationEntry(SAMLRoleLoginModule.class.getName(), LoginModuleControlFlag.REQUIRED, options); return new AppConfigurationEntry[] { a1, a2 }; } }); }
Example 65
Project: rj-core-master File: JaasAuthMethod.java View source code |
@Override
public void doInit(final String arg) throws RjException {
this.configuration = Configuration.getConfiguration();
if (this.configuration.getAppConfigurationEntry(JAAS_NAME) == null) {
this.configuration = new JaasConfig(arg);
}
try {
this.context = new LoginContext(JAAS_NAME, new Subject(), this, this.configuration);
} catch (final LoginException e) {
e.printStackTrace();
}
}
Example 66
Project: schema-registry-master File: SASLClusterTestHarness.java View source code |
@Before @Override public void setUp() throws Exception { // Important if tests leak consumers, producers or brokers. LoginManager.closeAll(); File serverKeytab = File.createTempFile("server-", ".keytab"); File clientKeytab = File.createTempFile("client-", ".keytab"); // create a JAAS file. Option<File> serverKeytabOption = Option.apply(serverKeytab); Option<File> clientKeytabOption = Option.apply(clientKeytab); List<String> serverSaslMechanisms = JavaConversions.asScalaBuffer(Arrays.asList("GSSAPI")).toList(); Option<String> clientSaslMechanism = Option.apply("GSSAPI"); java.util.List<JaasTestUtils.JaasSection> jaasSections = new ArrayList<>(); jaasSections.add(JaasTestUtils.kafkaServerSection(JaasTestUtils.KafkaServerContextName(), serverSaslMechanisms, serverKeytabOption)); jaasSections.add(JaasTestUtils.kafkaClientSection(clientSaslMechanism, clientKeytabOption)); jaasSections.addAll(JavaConversions.asJavaCollection(JaasTestUtils.zkSections())); String jaasFilePath = JaasTestUtils.writeJaasContextsToFile(JavaConversions.asScalaBuffer(jaasSections).toSeq()).getAbsolutePath(); log.info("Using KDC home: " + kdcHome.getAbsolutePath()); kdc = new MiniKdc(kdcProps, kdcHome); kdc.start(); createPrincipal(serverKeytab, "kafka/localhost"); createPrincipal(clientKeytab, "client"); createPrincipal(clientKeytab, "client2"); // This will cause a reload of the Configuration singleton when `getConfiguration` is called. Configuration.setConfiguration(null); System.setProperty(JAAS_CONF, jaasFilePath); System.setProperty(ZK_AUTH_PROVIDER, "org.apache.zookeeper.server.auth.SASLAuthenticationProvider"); super.setUp(); }
Example 67
Project: simba-os-master File: JaasLoginCommandTest.java View source code |
private void setupJAAS() { Configuration configurationMock = mock(Configuration.class); AppConfigurationEntry entry = new AppConfigurationEntry(TestLoginModule.class.getName(), LoginModuleControlFlag.REQUIRED, Collections.<String, Object>emptyMap()); when(configurationMock.getAppConfigurationEntry(LOGIN_MODULE_NAME)).thenReturn(new AppConfigurationEntry[] { entry }); Configuration.setConfiguration(configurationMock); }
Example 68
Project: sling-master File: DelegatingLoginModule.java View source code |
public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options) { Configuration config = null; try { config = Configuration.getInstance(JAAS_CONFIG_ALGO_NAME, null, providerName); } catch (NoSuchProviderException e) { logger.debug("No provider " + providerName + "found so far", e); } catch (NoSuchAlgorithmException e) { logger.debug("No provider " + providerName + "found so far for fetching JAAS " + "config with algorithm name " + JAAS_CONFIG_ALGO_NAME, e); } if (config != null) { final Thread current = Thread.currentThread(); final ClassLoader orig = current.getContextClassLoader(); try { current.setContextClassLoader(DelegatingLoginModule.class.getClassLoader()); loginContext = new LoginContext(appName, subject, callbackHandler, config); } catch (LoginException e) { loginException = e; } finally { current.setContextClassLoader(orig); } } else { //No support so far from OSGi so would use default logic used by Jackrabbit //to construct the LoginModule Properties p = new Properties(); p.putAll(options); BeanConfig bc = new BeanConfig(delegateLoginModuleClass, p); LoginModuleConfig lmc = new LoginModuleConfig(bc); try { delegate = lmc.getLoginModule(); delegate.initialize(subject, callbackHandler, sharedState, options); logger.info("No JAAS Configuration provider found would be directly invoking LoginModule {}", delegateLoginModuleClass); } catch (ConfigurationException e) { loginException = new LoginException(e.getMessage()); } } }
Example 69
Project: storm-solr-master File: FusionKrb5HttpClientConfigurer.java View source code |
public void configure(DefaultHttpClient httpClient, SolrParams config) {
super.configure(httpClient, config);
if (System.getProperty(LOGIN_CONFIG_PROP) != null) {
String configValue = System.getProperty(LOGIN_CONFIG_PROP);
if (configValue != null) {
logger.debug("Setting up kerberos auth with config: " + configValue);
System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
if (fusionPrincipal != null) {
Subject subject = new Subject(false, Sets.newHashSet(new KerberosPrincipal(fusionPrincipal)), Collections.emptySet(), Collections.emptySet());
LoginContext loginContext;
try {
loginContext = new LoginContext("", subject, null, jaasConfig);
loginContext.login();
logger.debug("Successful Fusion Login with principal: " + fusionPrincipal);
} catch (LoginException e) {
String errorMessage = "Unsuccessful Fusion Login with principal: " + fusionPrincipal;
logger.error(errorMessage, e);
throw new RuntimeException(errorMessage, e);
}
}
Configuration.setConfiguration(jaasConfig);
httpClient.getAuthSchemes().register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory(true, false));
Credentials useJaasCreds = new Credentials() {
public String getPassword() {
return null;
}
public Principal getUserPrincipal() {
return null;
}
};
httpClient.getCredentialsProvider().setCredentials(AuthScope.ANY, useJaasCreds);
httpClient.addRequestInterceptor(this.bufferedEntityInterceptor);
} else {
httpClient.getCredentialsProvider().clear();
}
}
}
Example 70
Project: wildfly-camel-master File: LoginContextBuilder.java View source code |
// Provides a RunAs client login context private LoginContext getClientLoginContext() throws LoginException { Configuration config = new Configuration() { @Override public AppConfigurationEntry[] getAppConfigurationEntry(String name) { Map<String, String> options = new HashMap<String, String>(); options.put("multi-threaded", "true"); options.put("restore-login-identity", "true"); AppConfigurationEntry clmEntry = new AppConfigurationEntry(ClientLoginModule.class.getName(), LoginModuleControlFlag.REQUIRED, options); return new AppConfigurationEntry[] { clmEntry }; } }; return getLoginContext(config); }
Example 71
Project: wildfly-core-master File: KeytabService.java View source code |
private Configuration createConfiguration(final boolean isServer, final File keyTabFile) throws MalformedURLException { Map<String, Object> options = new HashMap<String, Object>(); if (debug) { options.put("debug", "true"); } options.put("principal", principal); final AppConfigurationEntry ace; if (IS_IBM) { options.put("noAddress", "true"); options.put("credsType", isServer ? "acceptor" : "initiator"); options.put("useKeytab", keyTabFile.toURI().toURL().toString()); ace = new AppConfigurationEntry(IBMKRB5LoginModule, REQUIRED, options); } else { options.put("storeKey", "true"); options.put("useKeyTab", "true"); options.put("keyTab", keyTabFile.getAbsolutePath()); options.put("isInitiator", isServer ? "false" : "true"); ace = new AppConfigurationEntry(KRB5LoginModule, REQUIRED, options); } final AppConfigurationEntry[] aceArray = new AppConfigurationEntry[] { ace }; return new Configuration() { @Override public AppConfigurationEntry[] getAppConfigurationEntry(String name) { assert "KDC".equals(name); return aceArray; } }; }
Example 72
Project: hbase-master File: DemoClient.java View source code |
public static void main(String[] args) throws Exception {
System.out.println("Thrift2 Demo");
System.out.println("Usage: DemoClient [host=localhost] [port=9090] [secure=false]");
System.out.println("This demo assumes you have a table called \"example\" with a column family called \"family1\"");
// use passed in arguments instead of defaults
if (args.length >= 1) {
host = args[0];
}
if (args.length >= 2) {
port = Integer.parseInt(args[1]);
}
org.apache.hadoop.conf.Configuration conf = HBaseConfiguration.create();
String principal = conf.get("hbase.thrift.kerberos.principal");
if (principal != null) {
secure = true;
int slashIdx = principal.indexOf("/");
int atIdx = principal.indexOf("@");
int idx = slashIdx != -1 ? slashIdx : atIdx != -1 ? atIdx : principal.length();
user = principal.substring(0, idx);
}
if (args.length >= 3) {
secure = Boolean.parseBoolean(args[2]);
}
final DemoClient client = new DemoClient();
Subject.doAs(getSubject(), new PrivilegedExceptionAction<Void>() {
@Override
public Void run() throws Exception {
client.run();
return null;
}
});
}
Example 73
Project: ranger-master File: SolrAuditDestination.java View source code |
private void resetInitializerInSOLR() { javax.security.auth.login.Configuration solrConfig = javax.security.auth.login.Configuration.getConfiguration(); String solrConfigClassName = solrConfig.getClass().getName(); String solrJassConfigEnd = "SolrJaasConfiguration"; if (solrConfigClassName.endsWith(solrJassConfigEnd)) { try { Field f = solrConfig.getClass().getDeclaredField("initiateAppNames"); if (f != null) { f.setAccessible(true); HashSet<String> val = new HashSet<String>(); f.set(solrConfig, val); if (LOG.isDebugEnabled()) { LOG.debug("resetInitializerInSOLR: successfully reset the initiateAppNames"); } } else { if (LOG.isDebugEnabled()) { LOG.debug("resetInitializerInSOLR: not applying on class [" + solrConfigClassName + "] as it does not have initiateAppNames variable name."); } } } catch (Throwable t) { logError("resetInitializerInSOLR: Unable to reset SOLRCONFIG.initiateAppNames to be empty", t); } } else { if (LOG.isDebugEnabled()) { LOG.debug("resetInitializerInSOLR: not applying on class [" + solrConfigClassName + "] as it does not endwith [" + solrJassConfigEnd + "]"); } } }
Example 74
Project: spring-security-master File: JaasApiIntegrationFilterTests.java View source code |
// ~ Methods
// ========================================================================================================
@Before
public void onBeforeTests() throws Exception {
this.filter = new JaasApiIntegrationFilter();
this.request = new MockHttpServletRequest();
this.response = new MockHttpServletResponse();
authenticatedSubject = new Subject();
authenticatedSubject.getPrincipals().add(new Principal() {
public String getName() {
return "principal";
}
});
authenticatedSubject.getPrivateCredentials().add("password");
authenticatedSubject.getPublicCredentials().add("username");
callbackHandler = new CallbackHandler() {
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (Callback callback : callbacks) {
if (callback instanceof NameCallback) {
((NameCallback) callback).setName("user");
} else if (callback instanceof PasswordCallback) {
((PasswordCallback) callback).setPassword("password".toCharArray());
} else if (callback instanceof TextInputCallback) {
// ignore
} else {
throw new UnsupportedCallbackException(callback, "Unrecognized Callback " + callback);
}
}
}
};
testConfiguration = new Configuration() {
public void refresh() {
}
public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
return new AppConfigurationEntry[] { new AppConfigurationEntry(TestLoginModule.class.getName(), LoginModuleControlFlag.REQUIRED, new HashMap<String, String>()) };
}
};
LoginContext ctx = new LoginContext("SubjectDoAsFilterTest", authenticatedSubject, callbackHandler, testConfiguration);
ctx.login();
token = new JaasAuthenticationToken("username", "password", AuthorityUtils.createAuthorityList("ROLE_ADMIN"), ctx);
// just in case someone forgot to clear the context
SecurityContextHolder.clearContext();
}
Example 75
Project: classlib6-master File: ConfigFile.java View source code |
/** * Read and initialize the entire login Configuration. * * <p> * * @exception IOException if the Configuration can not be initialized. <p> * @exception SecurityException if the caller does not have permission * to initialize the Configuration. */ private void init(URL url) throws IOException { boolean initialized = false; FileReader fr = null; String sep = File.separator; if ("false".equals(System.getProperty("policy.expandProperties"))) { expandProp = false; } // new configuration HashMap<String, LinkedList<AppConfigurationEntry>> newConfig = new HashMap<String, LinkedList<AppConfigurationEntry>>(); if (url != null) { /** * If the caller specified a URI via Configuration.getInstance, * we only read from that URI */ if (debugConfig != null) { debugConfig.println("reading " + url); } init(url, newConfig); configuration = newConfig; return; } /** * Caller did not specify URI via Configuration.getInstance. * Read from URLs listed in the java.security properties file. */ String allowSys = java.security.Security.getProperty("policy.allowSystemProperty"); if ("true".equalsIgnoreCase(allowSys)) { String extra_config = System.getProperty("java.security.auth.login.config"); if (extra_config != null) { boolean overrideAll = false; if (extra_config.startsWith("=")) { overrideAll = true; extra_config = extra_config.substring(1); } try { extra_config = PropertyExpander.expand(extra_config); } catch (PropertyExpander.ExpandException peee) { MessageFormat form = new MessageFormat(ResourcesMgr.getString("Unable to properly expand config", "sun.security.util.AuthResources")); Object[] source = { extra_config }; throw new IOException(form.format(source)); } URL configURL = null; try { configURL = new URL(extra_config); } catch (java.net.MalformedURLException mue) { File configFile = new File(extra_config); if (configFile.exists()) { configURL = configFile.toURI().toURL(); } else { MessageFormat form = new MessageFormat(ResourcesMgr.getString("extra_config (No such file or directory)", "sun.security.util.AuthResources")); Object[] source = { extra_config }; throw new IOException(form.format(source)); } } if (debugConfig != null) { debugConfig.println("reading " + configURL); } init(configURL, newConfig); initialized = true; if (overrideAll) { if (debugConfig != null) { debugConfig.println("overriding other policies!"); } configuration = newConfig; return; } } } int n = 1; String config_url; while ((config_url = java.security.Security.getProperty("login.config.url." + n)) != null) { try { config_url = PropertyExpander.expand(config_url).replace(File.separatorChar, '/'); if (debugConfig != null) { debugConfig.println("\tReading config: " + config_url); } init(new URL(config_url), newConfig); initialized = true; } catch (PropertyExpander.ExpandException peee) { MessageFormat form = new MessageFormat(ResourcesMgr.getString("Unable to properly expand config", "sun.security.util.AuthResources")); Object[] source = { config_url }; throw new IOException(form.format(source)); } n++; } if (initialized == false && n == 1 && config_url == null) { // get the config from the user's home directory if (debugConfig != null) { debugConfig.println("\tReading Policy " + "from ~/.java.login.config"); } config_url = System.getProperty("user.home"); String userConfigFile = config_url + File.separatorChar + ".java.login.config"; // at all. Returns an empty Configuration instead. if (new File(userConfigFile).exists()) { init(new File(userConfigFile).toURI().toURL(), newConfig); } } configuration = newConfig; }
Example 76
Project: ikvm-openjdk-master File: ConfigFile.java View source code |
/** * Read and initialize the entire login Configuration. * * <p> * * @exception IOException if the Configuration can not be initialized. <p> * @exception SecurityException if the caller does not have permission * to initialize the Configuration. */ private void init(URL url) throws IOException { boolean initialized = false; FileReader fr = null; String sep = File.separator; if ("false".equals(System.getProperty("policy.expandProperties"))) { expandProp = false; } // new configuration HashMap<String, LinkedList<AppConfigurationEntry>> newConfig = new HashMap<String, LinkedList<AppConfigurationEntry>>(); if (url != null) { /** * If the caller specified a URI via Configuration.getInstance, * we only read from that URI */ if (debugConfig != null) { debugConfig.println("reading " + url); } init(url, newConfig); configuration = newConfig; return; } /** * Caller did not specify URI via Configuration.getInstance. * Read from URLs listed in the java.security properties file. */ String allowSys = java.security.Security.getProperty("policy.allowSystemProperty"); if ("true".equalsIgnoreCase(allowSys)) { String extra_config = System.getProperty("java.security.auth.login.config"); if (extra_config != null) { boolean overrideAll = false; if (extra_config.startsWith("=")) { overrideAll = true; extra_config = extra_config.substring(1); } try { extra_config = PropertyExpander.expand(extra_config); } catch (PropertyExpander.ExpandException peee) { MessageFormat form = new MessageFormat(ResourcesMgr.getString("Unable to properly expand config", "sun.security.util.AuthResources")); Object[] source = { extra_config }; throw new IOException(form.format(source)); } URL configURL = null; try { configURL = new URL(extra_config); } catch (java.net.MalformedURLException mue) { File configFile = new File(extra_config); if (configFile.exists()) { configURL = configFile.toURI().toURL(); } else { MessageFormat form = new MessageFormat(ResourcesMgr.getString("extra_config (No such file or directory)", "sun.security.util.AuthResources")); Object[] source = { extra_config }; throw new IOException(form.format(source)); } } if (debugConfig != null) { debugConfig.println("reading " + configURL); } init(configURL, newConfig); initialized = true; if (overrideAll) { if (debugConfig != null) { debugConfig.println("overriding other policies!"); } configuration = newConfig; return; } } } int n = 1; String config_url; while ((config_url = java.security.Security.getProperty("login.config.url." + n)) != null) { try { config_url = PropertyExpander.expand(config_url).replace(File.separatorChar, '/'); if (debugConfig != null) { debugConfig.println("\tReading config: " + config_url); } init(new URL(config_url), newConfig); initialized = true; } catch (PropertyExpander.ExpandException peee) { MessageFormat form = new MessageFormat(ResourcesMgr.getString("Unable to properly expand config", "sun.security.util.AuthResources")); Object[] source = { config_url }; throw new IOException(form.format(source)); } n++; } if (initialized == false && n == 1 && config_url == null) { // get the config from the user's home directory if (debugConfig != null) { debugConfig.println("\tReading Policy " + "from ~/.java.login.config"); } config_url = System.getProperty("user.home"); String userConfigFile = config_url + File.separatorChar + ".java.login.config"; // at all. Returns an empty Configuration instead. if (new File(userConfigFile).exists()) { init(new File(userConfigFile).toURI().toURL(), newConfig); } } configuration = newConfig; }
Example 77
Project: JDK-master File: ConfigFile.java View source code |
/** * Read and initialize the entire login Configuration. * * <p> * * @exception IOException if the Configuration can not be initialized. <p> * @exception SecurityException if the caller does not have permission * to initialize the Configuration. */ private void init(URL url) throws IOException { boolean initialized = false; FileReader fr = null; String sep = File.separator; if ("false".equals(System.getProperty("policy.expandProperties"))) { expandProp = false; } // new configuration HashMap<String, LinkedList<AppConfigurationEntry>> newConfig = new HashMap<>(); if (url != null) { /** * If the caller specified a URI via Configuration.getInstance, * we only read from that URI */ if (debugConfig != null) { debugConfig.println("reading " + url); } init(url, newConfig); configuration = newConfig; return; } /** * Caller did not specify URI via Configuration.getInstance. * Read from URLs listed in the java.security properties file. */ String allowSys = java.security.Security.getProperty("policy.allowSystemProperty"); if ("true".equalsIgnoreCase(allowSys)) { String extra_config = System.getProperty("java.security.auth.login.config"); if (extra_config != null) { boolean overrideAll = false; if (extra_config.startsWith("=")) { overrideAll = true; extra_config = extra_config.substring(1); } try { extra_config = PropertyExpander.expand(extra_config); } catch (PropertyExpander.ExpandException peee) { MessageFormat form = new MessageFormat(ResourcesMgr.getString("Unable.to.properly.expand.config", "sun.security.util.AuthResources")); Object[] source = { extra_config }; throw new IOException(form.format(source)); } URL configURL = null; try { configURL = new URL(extra_config); } catch (java.net.MalformedURLException mue) { File configFile = new File(extra_config); if (configFile.exists()) { configURL = configFile.toURI().toURL(); } else { MessageFormat form = new MessageFormat(ResourcesMgr.getString("extra.config.No.such.file.or.directory.", "sun.security.util.AuthResources")); Object[] source = { extra_config }; throw new IOException(form.format(source)); } } if (debugConfig != null) { debugConfig.println("reading " + configURL); } init(configURL, newConfig); initialized = true; if (overrideAll) { if (debugConfig != null) { debugConfig.println("overriding other policies!"); } configuration = newConfig; return; } } } int n = 1; String config_url; while ((config_url = java.security.Security.getProperty("login.config.url." + n)) != null) { try { config_url = PropertyExpander.expand(config_url).replace(File.separatorChar, '/'); if (debugConfig != null) { debugConfig.println("\tReading config: " + config_url); } init(new URL(config_url), newConfig); initialized = true; } catch (PropertyExpander.ExpandException peee) { MessageFormat form = new MessageFormat(ResourcesMgr.getString("Unable.to.properly.expand.config", "sun.security.util.AuthResources")); Object[] source = { config_url }; throw new IOException(form.format(source)); } n++; } if (initialized == false && n == 1 && config_url == null) { // get the config from the user's home directory if (debugConfig != null) { debugConfig.println("\tReading Policy " + "from ~/.java.login.config"); } config_url = System.getProperty("user.home"); String userConfigFile = config_url + File.separatorChar + ".java.login.config"; // at all. Returns an empty Configuration instead. if (new File(userConfigFile).exists()) { init(new File(userConfigFile).toURI().toURL(), newConfig); } } configuration = newConfig; }
Example 78
Project: tomcat60-master File: JreMemoryLeakPreventionListener.java View source code |
public void lifecycleEvent(LifecycleEvent event) { // Initialise these classes when Tomcat starts if (Lifecycle.INIT_EVENT.equals(event.getType())) { ClassLoader loader = Thread.currentThread().getContextClassLoader(); try { // Use the system classloader as the victim for all this // ClassLoader pinning we're about to do. Thread.currentThread().setContextClassLoader(ClassLoader.getSystemClassLoader()); /* * First call to this loads all drivers in the current class * loader */ if (driverManagerProtection) { DriverManager.getDrivers(); } // be an issue. if (appContextProtection) { ImageIO.getCacheDirectory(); } // etc.) thread if (awtThreadProtection) { java.awt.Toolkit.getDefaultToolkit(); } /* * Several components end up calling * sun.misc.GC.requestLatency(long) which creates a daemon * thread without setting the TCCL. * * Those libraries / components known to trigger memory leaks * due to eventual calls to requestLatency(long) are: * - javax.management.remote.rmi.RMIConnectorServer.start() * * Note: Long.MAX_VALUE is a special case that causes the thread * to terminate * */ if (gcDaemonProtection) { try { Class<?> clazz = Class.forName("sun.misc.GC"); Method method = clazz.getDeclaredMethod("requestLatency", new Class[] { long.class }); method.invoke(null, Long.valueOf(Long.MAX_VALUE - 1)); } catch (ClassNotFoundException e) { if (System.getProperty("java.vendor").startsWith("Sun")) { log.error(sm.getString("jreLeakListener.gcDaemonFail"), e); } else { log.debug(sm.getString("jreLeakListener.gcDaemonFail"), e); } } catch (SecurityException e) { log.error(sm.getString("jreLeakListener.gcDaemonFail"), e); } catch (NoSuchMethodException e) { log.error(sm.getString("jreLeakListener.gcDaemonFail"), e); } catch (IllegalArgumentException e) { log.error(sm.getString("jreLeakListener.gcDaemonFail"), e); } catch (IllegalAccessException e) { log.error(sm.getString("jreLeakListener.gcDaemonFail"), e); } catch (InvocationTargetException e) { log.error(sm.getString("jreLeakListener.gcDaemonFail"), e); } } /* * Calling getPolicy retains a static reference to the context * class loader. */ if (securityPolicyProtection) { try { // Policy.getPolicy(); Class<?> policyClass = Class.forName("javax.security.auth.Policy"); Method method = policyClass.getMethod("getPolicy"); method.invoke(null); } catch (ClassNotFoundException e) { } catch (SecurityException e) { } catch (NoSuchMethodException e) { log.warn(sm.getString("jreLeakListener.authPolicyFail"), e); } catch (IllegalArgumentException e) { log.warn(sm.getString("jreLeakListener.authPolicyFail"), e); } catch (IllegalAccessException e) { log.warn(sm.getString("jreLeakListener.authPolicyFail"), e); } catch (InvocationTargetException e) { log.warn(sm.getString("jreLeakListener.authPolicyFail"), e); } } /* * Initializing javax.security.auth.login.Configuration retains a static reference to the context * class loader. */ if (securityLoginConfigurationProtection) { try { Class.forName("javax.security.auth.login.Configuration", true, ClassLoader.getSystemClassLoader()); } catch (ClassNotFoundException e) { } } /* * Creating a MessageDigest during web application startup * initializes the Java Cryptography Architecture. Under certain * conditions this starts a Token poller thread with TCCL equal * to the web application class loader. * * Instead we initialize JCA right now. */ if (tokenPollerProtection) { java.security.Security.getProviders(); } // Set the default URL caching policy to not to cache if (urlCacheProtection) { try { // Doesn't matter that this JAR doesn't exist - just as // long as the URL is well-formed URL url = new URL("jar:file://dummy.jar!/"); URLConnection uConn = url.openConnection(); uConn.setDefaultUseCaches(false); } catch (MalformedURLException e) { log.error(sm.getString("jreLeakListener.jarUrlConnCacheFail"), e); } catch (IOException e) { log.error(sm.getString("jreLeakListener.jarUrlConnCacheFail"), e); } } if (xmlParsingProtection) { // There are three known issues with XML parsing // 1. DocumentBuilderFactory.newInstance().newDocumentBuilder(); // http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6916498 // This issue is fixed in Java 7 onwards DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); try { DocumentBuilder documentBuilder = factory.newDocumentBuilder(); // The 2nd and 3rd links both relate to cached Exception // instances that retain a link to the TCCL via the // backtrace field. Note that YourKit only shows this // field when using the HPROF format memory snapshots. // https://bz.apache.org/bugzilla/show_bug.cgi?id=58486 // These issues are currently present in all current // versions of Java // 2. com.sun.org.apache.xml.internal.serialize.DOMSerializerImpl Document document = documentBuilder.newDocument(); document.createElement("dummy"); DOMImplementationLS implementation = (DOMImplementationLS) document.getImplementation(); implementation.createLSSerializer().writeToString(document); // 3. com.sun.org.apache.xerces.internal.dom.DOMNormalizer document.normalize(); } catch (ParserConfigurationException e) { log.error(sm.getString("jreLeakListener.xmlParseFail"), e); } } if (ldapPoolProtection) { try { Class.forName("com.sun.jndi.ldap.LdapPoolManager"); } catch (ClassNotFoundException e) { if (System.getProperty("java.vendor").startsWith("Sun")) { log.error(sm.getString("jreLeakListener.ldapPoolManagerFail"), e); } else { log.debug(sm.getString("jreLeakListener.ldapPoolManagerFail"), e); } } } if (classesToInitialize != null) { StringTokenizer strTok = new StringTokenizer(classesToInitialize, ", \r\n\t"); while (strTok.hasMoreTokens()) { String classNameToLoad = strTok.nextToken(); try { Class.forName(classNameToLoad); } catch (ClassNotFoundException e) { log.error(sm.getString("jreLeakListener.classToInitializeFail", classNameToLoad), e); } } } } finally { Thread.currentThread().setContextClassLoader(loader); } } }
Example 79
Project: tomcat70-master File: JreMemoryLeakPreventionListener.java View source code |
@Override public void lifecycleEvent(LifecycleEvent event) { // Initialise these classes when Tomcat starts if (Lifecycle.BEFORE_INIT_EVENT.equals(event.getType())) { ClassLoader loader = Thread.currentThread().getContextClassLoader(); try { // Use the system classloader as the victim for all this // ClassLoader pinning we're about to do. Thread.currentThread().setContextClassLoader(ClassLoader.getSystemClassLoader()); /* * First call to this loads all drivers in the current class * loader */ if (driverManagerProtection) { DriverManager.getDrivers(); } // be an issue. if (appContextProtection) { ImageIO.getCacheDirectory(); } // etc.) thread if (awtThreadProtection) { java.awt.Toolkit.getDefaultToolkit(); } // See https://bz.apache.org/bugzilla/show_bug.cgi?id=51687 if (java2dDisposerProtection) { try { Class.forName("sun.java2d.Disposer"); } catch (ClassNotFoundException cnfe) { } } /* * Several components end up calling * sun.misc.GC.requestLatency(long) which creates a daemon * thread without setting the TCCL. * * Those libraries / components known to trigger memory leaks * due to eventual calls to requestLatency(long) are: * - javax.management.remote.rmi.RMIConnectorServer.start() * * Note: Long.MAX_VALUE is a special case that causes the thread * to terminate * */ if (gcDaemonProtection) { try { Class<?> clazz = Class.forName("sun.misc.GC"); Method method = clazz.getDeclaredMethod("requestLatency", new Class[] { long.class }); method.invoke(null, Long.valueOf(Long.MAX_VALUE - 1)); } catch (ClassNotFoundException e) { if (JreVendor.IS_ORACLE_JVM) { log.error(sm.getString("jreLeakListener.gcDaemonFail"), e); } else { log.debug(sm.getString("jreLeakListener.gcDaemonFail"), e); } } catch (SecurityException e) { log.error(sm.getString("jreLeakListener.gcDaemonFail"), e); } catch (NoSuchMethodException e) { log.error(sm.getString("jreLeakListener.gcDaemonFail"), e); } catch (IllegalArgumentException e) { log.error(sm.getString("jreLeakListener.gcDaemonFail"), e); } catch (IllegalAccessException e) { log.error(sm.getString("jreLeakListener.gcDaemonFail"), e); } catch (InvocationTargetException e) { ExceptionUtils.handleThrowable(e.getCause()); log.error(sm.getString("jreLeakListener.gcDaemonFail"), e); } } /* * Calling getPolicy retains a static reference to the context * class loader. */ if (securityPolicyProtection) { try { // Policy.getPolicy(); Class<?> policyClass = Class.forName("javax.security.auth.Policy"); Method method = policyClass.getMethod("getPolicy"); method.invoke(null); } catch (ClassNotFoundException e) { } catch (SecurityException e) { } catch (NoSuchMethodException e) { log.warn(sm.getString("jreLeakListener.authPolicyFail"), e); } catch (IllegalArgumentException e) { log.warn(sm.getString("jreLeakListener.authPolicyFail"), e); } catch (IllegalAccessException e) { log.warn(sm.getString("jreLeakListener.authPolicyFail"), e); } catch (InvocationTargetException e) { ExceptionUtils.handleThrowable(e.getCause()); log.warn(sm.getString("jreLeakListener.authPolicyFail"), e); } } /* * Initializing javax.security.auth.login.Configuration retains a static reference to the context * class loader. */ if (securityLoginConfigurationProtection) { try { Class.forName("javax.security.auth.login.Configuration", true, ClassLoader.getSystemClassLoader()); } catch (ClassNotFoundException e) { } } /* * Creating a MessageDigest during web application startup * initializes the Java Cryptography Architecture. Under certain * conditions this starts a Token poller thread with TCCL equal * to the web application class loader. * * Instead we initialize JCA right now. */ if (tokenPollerProtection) { java.security.Security.getProviders(); } // Set the default URL caching policy to not to cache if (urlCacheProtection) { try { // Doesn't matter that this JAR doesn't exist - just as // long as the URL is well-formed URL url = new URL("jar:file://dummy.jar!/"); URLConnection uConn = url.openConnection(); uConn.setDefaultUseCaches(false); } catch (MalformedURLException e) { log.error(sm.getString("jreLeakListener.jarUrlConnCacheFail"), e); } catch (IOException e) { log.error(sm.getString("jreLeakListener.jarUrlConnCacheFail"), e); } } /* * Various leaks related to the use of XML parsing. */ if (xmlParsingProtection) { // There are three known issues with XML parsing // 1. DocumentBuilderFactory.newInstance().newDocumentBuilder(); // http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6916498 // This issue is fixed in Java 7 onwards DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); try { DocumentBuilder documentBuilder = factory.newDocumentBuilder(); // The 2nd and 3rd links both relate to cached Exception // instances that retain a link to the TCCL via the // backtrace field. Note that YourKit only shows this // field when using the HPROF format memory snapshots. // https://bz.apache.org/bugzilla/show_bug.cgi?id=58486 // These issues are currently present in all current // versions of Java // 2. com.sun.org.apache.xml.internal.serialize.DOMSerializerImpl Document document = documentBuilder.newDocument(); document.createElement("dummy"); DOMImplementationLS implementation = (DOMImplementationLS) document.getImplementation(); implementation.createLSSerializer().writeToString(document); // 3. com.sun.org.apache.xerces.internal.dom.DOMNormalizer document.normalize(); } catch (ParserConfigurationException e) { log.error(sm.getString("jreLeakListener.xmlParseFail"), e); } } if (ldapPoolProtection) { try { Class.forName("com.sun.jndi.ldap.LdapPoolManager"); } catch (ClassNotFoundException e) { if (JreVendor.IS_ORACLE_JVM) { log.error(sm.getString("jreLeakListener.ldapPoolManagerFail"), e); } else { log.debug(sm.getString("jreLeakListener.ldapPoolManagerFail"), e); } } } /* * Present in Java 8 onwards */ if (forkJoinCommonPoolProtection && IS_JAVA_8_OR_LATER) { // Don't override any explicitly set property if (System.getProperty(FORK_JOIN_POOL_THREAD_FACTORY_PROPERTY) == null) { System.setProperty(FORK_JOIN_POOL_THREAD_FACTORY_PROPERTY, "org.apache.catalina.startup.SafeForkJoinWorkerThreadFactory"); } } if (classesToInitialize != null) { StringTokenizer strTok = new StringTokenizer(classesToInitialize, ", \r\n\t"); while (strTok.hasMoreTokens()) { String classNameToLoad = strTok.nextToken(); try { Class.forName(classNameToLoad); } catch (ClassNotFoundException e) { log.error(sm.getString("jreLeakListener.classToInitializeFail", classNameToLoad), e); } } } } finally { Thread.currentThread().setContextClassLoader(loader); } } }
Example 80
Project: cdh3u3-with-mesos-master File: UserGroupInformation.java View source code |
/** * Set the configuration values for UGI. * @param conf the configuration to use */ private static synchronized void initialize(Configuration conf, boolean skipRulesSetting) { String value = conf.get(HADOOP_SECURITY_AUTHENTICATION); if (value == null || "simple".equals(value)) { useKerberos = false; } else if ("kerberos".equals(value)) { useKerberos = true; } else { throw new IllegalArgumentException("Invalid attribute value for " + HADOOP_SECURITY_AUTHENTICATION + " of " + value); } // If we haven't set up testing groups, use the configuration to find it if (!(groups instanceof TestingGroups)) { groups = Groups.getUserToGroupsMappingService(conf); } // Set the configuration for JAAS to be the Hadoop configuration. // This is done here rather than a static initializer to avoid a // circular dependence. javax.security.auth.login.Configuration existingConfig = null; try { existingConfig = javax.security.auth.login.Configuration.getConfiguration(); } catch (SecurityException se) { } if (existingConfig instanceof HadoopConfiguration) { LOG.info("JAAS Configuration already set up for Hadoop, not re-installing."); } else { javax.security.auth.login.Configuration.setConfiguration(new HadoopConfiguration(existingConfig)); } // We're done initializing at this point. Important not to classload // KerberosName before this point, or else its static initializer // may call back into this same method! isInitialized = true; UserGroupInformation.conf = conf; // give the configuration on how to translate Kerberos names try { if (!skipRulesSetting) { KerberosName.setConfiguration(conf); } } catch (IOException ioe) { throw new RuntimeException("Problem with Kerberos auth_to_local name " + "configuration", ioe); } }
Example 81
Project: hdfs-cloudera-cdh3u3-production-master File: UserGroupInformation.java View source code |
/** * Set the configuration values for UGI. * @param conf the configuration to use */ private static synchronized void initialize(Configuration conf, boolean skipRulesSetting) { String value = conf.get(HADOOP_SECURITY_AUTHENTICATION); if (value == null || "simple".equals(value)) { useKerberos = false; } else if ("kerberos".equals(value)) { useKerberos = true; } else { throw new IllegalArgumentException("Invalid attribute value for " + HADOOP_SECURITY_AUTHENTICATION + " of " + value); } // If we haven't set up testing groups, use the configuration to find it if (!(groups instanceof TestingGroups)) { groups = Groups.getUserToGroupsMappingService(conf); } // Set the configuration for JAAS to be the Hadoop configuration. // This is done here rather than a static initializer to avoid a // circular dependence. javax.security.auth.login.Configuration existingConfig = null; try { existingConfig = javax.security.auth.login.Configuration.getConfiguration(); } catch (SecurityException se) { } if (existingConfig instanceof HadoopConfiguration) { LOG.info("JAAS Configuration already set up for Hadoop, not re-installing."); } else { javax.security.auth.login.Configuration.setConfiguration(new HadoopConfiguration(existingConfig)); } // We're done initializing at this point. Important not to classload // KerberosName before this point, or else its static initializer // may call back into this same method! isInitialized = true; UserGroupInformation.conf = conf; // give the configuration on how to translate Kerberos names try { if (!skipRulesSetting) { KerberosName.setConfiguration(conf); } } catch (IOException ioe) { throw new RuntimeException("Problem with Kerberos auth_to_local name " + "configuration", ioe); } }
Example 82
Project: nifi-master File: SolrProcessor.java View source code |
@Override protected final Collection<ValidationResult> customValidate(ValidationContext context) { final List<ValidationResult> problems = new ArrayList<>(); if (SOLR_TYPE_CLOUD.equals(context.getProperty(SOLR_TYPE).getValue())) { final String collection = context.getProperty(COLLECTION).getValue(); if (collection == null || collection.trim().isEmpty()) { problems.add(new ValidationResult.Builder().subject(COLLECTION.getName()).input(collection).valid(false).explanation("A collection must specified for Solr Type of Cloud").build()); } } // If a JAAS Client App Name is provided then the system property for the JAAS config file must be set, // and that config file must contain an entry for the name provided by the processor final String jaasAppName = context.getProperty(JAAS_CLIENT_APP_NAME).getValue(); if (!StringUtils.isEmpty(jaasAppName)) { final String loginConf = System.getProperty(Krb5HttpClientConfigurer.LOGIN_CONFIG_PROP); if (StringUtils.isEmpty(loginConf)) { problems.add(new ValidationResult.Builder().subject(JAAS_CLIENT_APP_NAME.getDisplayName()).valid(false).explanation("the system property " + Krb5HttpClientConfigurer.LOGIN_CONFIG_PROP + " must be set when providing a JAAS Client App Name").build()); } else { final Configuration config = javax.security.auth.login.Configuration.getConfiguration(); if (config.getAppConfigurationEntry(jaasAppName) == null) { problems.add(new ValidationResult.Builder().subject(JAAS_CLIENT_APP_NAME.getDisplayName()).valid(false).explanation("'" + jaasAppName + "' does not exist in " + loginConf).build()); } } } // we can validate if the url starts with https we need an SSLContextService, if it starts with http we can't have an SSLContextService if (SOLR_TYPE_STANDARD.equals(context.getProperty(SOLR_TYPE).getValue())) { final String solrLocation = context.getProperty(SOLR_LOCATION).evaluateAttributeExpressions().getValue(); if (solrLocation != null) { final SSLContextService sslContextService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class); if (solrLocation.startsWith("https:") && sslContextService == null) { problems.add(new ValidationResult.Builder().subject(SSL_CONTEXT_SERVICE.getDisplayName()).valid(false).explanation("an SSLContextService must be provided when using https").build()); } else if (solrLocation.startsWith("http:") && sslContextService != null) { problems.add(new ValidationResult.Builder().subject(SSL_CONTEXT_SERVICE.getDisplayName()).valid(false).explanation("an SSLContextService can not be provided when using http").build()); } } } // Validate that we username and password are provided together, or that neither are provided final String username = context.getProperty(BASIC_USERNAME).evaluateAttributeExpressions().getValue(); final String password = context.getProperty(BASIC_PASSWORD).evaluateAttributeExpressions().getValue(); if (!StringUtils.isBlank(username) && StringUtils.isBlank(password)) { problems.add(new ValidationResult.Builder().subject(BASIC_PASSWORD.getDisplayName()).valid(false).explanation("a password must be provided for the given username").build()); } if (!StringUtils.isBlank(password) && StringUtils.isBlank(username)) { problems.add(new ValidationResult.Builder().subject(BASIC_USERNAME.getDisplayName()).valid(false).explanation("a username must be provided for the given password").build()); } Collection<ValidationResult> otherProblems = this.additionalCustomValidation(context); if (otherProblems != null) { problems.addAll(otherProblems); } return problems; }
Example 83
Project: spring-hadoop-master File: ExecutionUtils.java View source code |
static ClassLoader createParentLastClassLoader(Resource jar, ClassLoader parentClassLoader, Configuration cfg) {
ClassLoader cl = null;
// sanity check
if (parentClassLoader == null) {
parentClassLoader = ClassUtils.getDefaultClassLoader();
cl = parentClassLoader;
}
// check if a custom CL is needed
if (jar != null) {
// check if unjarring is required (it's a legacy JAR)
try {
if (isLegacyJar(jar)) {
URL[] extractedURLs = expandedJarClassPath(jar, cfg);
cl = new ParentLastURLClassLoader(extractedURLs, parentClassLoader);
} else {
cl = new ParentLastURLClassLoader(new URL[] { jar.getURL() }, parentClassLoader);
}
} catch (IOException e) {
throw new IllegalStateException("Cannot open jar file", e);
}
}
return cl;
}
Example 84
Project: yarn-comment-master File: TestUserGroupInformation.java View source code |
/** configure ugi */ @BeforeClass public static void setup() { Configuration conf = new Configuration(); conf.set("hadoop.security.auth_to_local", "RULE:[2:$1@$0](.*@HADOOP.APACHE.ORG)s/@.*//" + "RULE:[1:$1@$0](.*@HADOOP.APACHE.ORG)s/@.*//" + "DEFAULT"); UserGroupInformation.setConfiguration(conf); javax.security.auth.login.Configuration.setConfiguration(new DummyLoginConfiguration()); }
Example 85
Project: airlift-master File: SpnegoAuthentication.java View source code |
private synchronized Session getSession() throws LoginException, GSSException {
if (clientSession == null || clientSession.getClientCredential().getRemainingLifetime() < MIN_CREDENTIAL_LIFE_TIME.getValue(TimeUnit.SECONDS)) {
// TODO: do we need to call logout() on the LoginContext?
LoginContext loginContext = new LoginContext("", null, null, new Configuration() {
@Override
public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
ImmutableMap.Builder<String, String> optionsBuilder = ImmutableMap.builder();
optionsBuilder.put("refreshKrb5Config", "true");
optionsBuilder.put("doNotPrompt", "true");
optionsBuilder.put("useKeyTab", "true");
if (LOG.isDebugEnabled()) {
optionsBuilder.put("debug", "true");
}
if (keytab != null) {
optionsBuilder.put("keyTab", keytab.getAbsolutePath());
}
if (credentialCache != null) {
optionsBuilder.put("ticketCache", credentialCache.getAbsolutePath());
optionsBuilder.put("useTicketCache", "true");
optionsBuilder.put("renewTGT", "true");
}
if (principal != null) {
optionsBuilder.put("principal", principal);
}
return new AppConfigurationEntry[] { new AppConfigurationEntry(Krb5LoginModule.class.getName(), REQUIRED, optionsBuilder.build()) };
}
});
loginContext.login();
Subject subject = loginContext.getSubject();
Principal clientPrincipal = subject.getPrincipals().iterator().next();
GSSCredential clientCredential = doAs(subject, () -> GSS_MANAGER.createCredential(GSS_MANAGER.createName(clientPrincipal.getName(), NT_USER_NAME), DEFAULT_LIFETIME, KERBEROS_OID, INITIATE_ONLY));
clientSession = new Session(loginContext, clientCredential);
}
return clientSession;
}
Example 86
Project: elasticsearch-master File: Loggers.java View source code |
public static void setLevel(Logger logger, Level level) {
if (!LogManager.ROOT_LOGGER_NAME.equals(logger.getName())) {
Configurator.setLevel(logger.getName(), level);
} else {
final LoggerContext ctx = LoggerContext.getContext(false);
final Configuration config = ctx.getConfiguration();
final LoggerConfig loggerConfig = config.getLoggerConfig(logger.getName());
loggerConfig.setLevel(level);
ctx.updateLoggers();
}
// we have to descend the hierarchy
final LoggerContext ctx = LoggerContext.getContext(false);
for (final LoggerConfig loggerConfig : ctx.getConfiguration().getLoggers().values()) {
if (LogManager.ROOT_LOGGER_NAME.equals(logger.getName()) || loggerConfig.getName().startsWith(logger.getName() + ".")) {
Configurator.setLevel(loggerConfig.getName(), level);
}
}
}
Example 87
Project: eucalyptus-master File: GssapiKrb5Authenticator.java View source code |
/** * See {@link com.eucalyptus.auth.euare.ldap.authentication.LdapAuthenticator} * <p> * extraArgs[0] is the path of krb5.conf * </p> */ @Override public LdapContext authenticate(final String serverUrl, String method, final boolean useSsl, final boolean ignoreSslCert, final String login, final String password, Object... extraArgs) throws LdapException { if (Strings.isNullOrEmpty(login) || Strings.isNullOrEmpty(password)) { throw new LdapException("LDAP login failed: empty login name or password"); } if (extraArgs.length < 1 || !(extraArgs[0] instanceof String) || Strings.isNullOrEmpty((String) extraArgs[0])) { throw new LdapException("GSSAPI w/ Kerberos V5 requires krb5.conf argument"); } System.setProperty(KRB5_CONF_PROPERTY, (String) extraArgs[0]); final Map<String, String> options = new HashMap<String, String>(); options.put(JAAS_CONF_OPTION_CLIENT, "TRUE"); final Configuration configuration = new Configuration() { @Override public AppConfigurationEntry[] getAppConfigurationEntry(String name) { return new AppConfigurationEntry[] { new AppConfigurationEntry(KRB5_LOGIN_MODULE, AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options) }; } }; final CallbackHandler callbackHandler = new CallbackHandler() { @Override public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { for (int i = 0; i < callbacks.length; i++) { if (callbacks[i] instanceof NameCallback) { NameCallback cb = (NameCallback) callbacks[i]; cb.setName(login); } else if (callbacks[i] instanceof PasswordCallback) { PasswordCallback cb = (PasswordCallback) callbacks[i]; char[] pwBytes = new char[password.length()]; password.getChars(0, pwBytes.length, pwBytes, 0); cb.setPassword(pwBytes); } } } }; // 1. Log in (to Kerberos) LoginContext loginContext = null; try { loginContext = new LoginContext(KRB5_LOGIN_CONTEXT_NAME, null, callbackHandler, configuration); loginContext.login(); } catch (LoginException e) { LOG.error(e, e); throw new LdapException("Failed to login to Kerberos", e); } // 2. Perform JNDI work as logged in subject LdapContext ldapContext = Subject.<LdapContext>doAs(loginContext.getSubject(), new PrivilegedAction<LdapContext>() { @Override public LdapContext run() { Properties env = new Properties(); env.put(Context.INITIAL_CONTEXT_FACTORY, LDAP_CONTEXT_FACTORY); env.put(Context.REFERRAL, "follow"); env.put(Context.PROVIDER_URL, serverUrl); env.put(Context.SECURITY_AUTHENTICATION, LicParser.LDAP_AUTH_METHOD_SASL_GSSAPI); if (useSsl) { env.put(Context.SECURITY_PROTOCOL, SSL_PROTOCOL); if (ignoreSslCert) { env.put(SOCKET_FACTORY, EasySSLSocketFactory.class.getCanonicalName()); } } try { return new InitialLdapContext(env, null); } catch (NamingException e) { LOG.error(e, e); } return null; } }); if (ldapContext == null) { throw new LdapException("LDAP login failed, possibly wrong credential"); } return ldapContext; }
Example 88
Project: jboss-as-quickstart-master File: RemoteClient.java View source code |
public static LoginContext getCLMLoginContext(final String username, final String password) throws LoginException { final String configurationName = "Testing"; CallbackHandler cbh = new CallbackHandler() { public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { for (Callback current : callbacks) { if (current instanceof NameCallback) { ((NameCallback) current).setName(username); } else if (current instanceof PasswordCallback) { ((PasswordCallback) current).setPassword(password.toCharArray()); } else { throw new UnsupportedCallbackException(current); } } } }; Configuration config = new Configuration() { @Override public AppConfigurationEntry[] getAppConfigurationEntry(String name) { if (configurationName.equals(name) == false) { throw new IllegalArgumentException("Unexpected configuration name '" + name + "'"); } Map<String, String> options = new HashMap<String, String>(); options.put("multi-threaded", "true"); options.put("restore-login-identity", "true"); AppConfigurationEntry clmEntry = new AppConfigurationEntry(ClientLoginModule.class.getName(), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options); return new AppConfigurationEntry[] { clmEntry }; } }; return new LoginContext(configurationName, new Subject(), cbh, config); }
Example 89
Project: jst-master File: ThriftClient.java View source code |
public synchronized void reconnect() {
close();
try {
TSocket socket = new TSocket(host, port);
if (timeout != null) {
socket.setTimeout(timeout);
} else {
// @@@ Todo
// set the socket default Timeout as xxxx
}
// locate login configuration
Configuration login_conf = AuthUtils.GetConfiguration(conf);
// construct a transport plugin
ITransportPlugin transportPlugin = AuthUtils.GetTransportPlugin(type, conf, login_conf);
final TTransport underlyingTransport = socket;
// TODO get this from type instead of hardcoding to Nimbus.
// establish client-server transport via plugin
// do retries if the connect fails
TBackoffConnect connectionRetry = new TBackoffConnect(Utils.getInt(conf.get(Config.STORM_NIMBUS_RETRY_TIMES)), Utils.getInt(conf.get(Config.STORM_NIMBUS_RETRY_INTERVAL)), Utils.getInt(conf.get(Config.STORM_NIMBUS_RETRY_INTERVAL_CEILING)));
_transport = connectionRetry.doConnectWithRetry(transportPlugin, underlyingTransport, host, asUser);
} catch (IOException ex) {
throw new RuntimeException(ex);
}
_protocol = null;
if (_transport != null) {
_protocol = new TBinaryProtocol(_transport);
}
}
Example 90
Project: jstorm-master File: ThriftClient.java View source code |
public synchronized void reconnect() {
close();
try {
TSocket socket = new TSocket(host, port);
if (timeout != null) {
socket.setTimeout(timeout);
} else {
// @@@ Todo
// set the socket default Timeout as xxxx
}
// locate login configuration
Configuration login_conf = AuthUtils.GetConfiguration(conf);
// construct a transport plugin
ITransportPlugin transportPlugin = AuthUtils.GetTransportPlugin(type, conf, login_conf);
final TTransport underlyingTransport = socket;
// TODO get this from type instead of hardcoding to Nimbus.
// establish client-server transport via plugin
// do retries if the connect fails
TBackoffConnect connectionRetry = new TBackoffConnect(Utils.getInt(conf.get(Config.STORM_NIMBUS_RETRY_TIMES)), Utils.getInt(conf.get(Config.STORM_NIMBUS_RETRY_INTERVAL)), Utils.getInt(conf.get(Config.STORM_NIMBUS_RETRY_INTERVAL_CEILING)));
_transport = connectionRetry.doConnectWithRetry(transportPlugin, underlyingTransport, host, asUser);
} catch (IOException ex) {
throw new RuntimeException(ex);
}
_protocol = null;
if (_transport != null) {
_protocol = new TBinaryProtocol(_transport);
}
}
Example 91
Project: keycloak-master File: KerberosJdkProvider.java View source code |
@Override public Configuration createJaasConfigurationForServer(final String keytab, final String serverPrincipal, final boolean debug) { return new Configuration() { @Override public AppConfigurationEntry[] getAppConfigurationEntry(String name) { Map<String, Object> options = new HashMap<>(); options.put("storeKey", "true"); options.put("doNotPrompt", "true"); options.put("isInitiator", "false"); options.put("useKeyTab", "true"); options.put("keyTab", keytab); options.put("principal", serverPrincipal); options.put("debug", String.valueOf(debug)); AppConfigurationEntry kerberosLMConfiguration = new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options); return new AppConfigurationEntry[] { kerberosLMConfiguration }; } }; }
Example 92
Project: pbase-master File: DemoClient.java View source code |
static Subject getSubject() throws Exception {
if (!secure)
return new Subject();
/*
* To authenticate the DemoClient, kinit should be invoked ahead.
* Here we try to get the Kerberos credential from the ticket cache.
*/
LoginContext context = new LoginContext("", new Subject(), null, new Configuration() {
@Override
public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
Map<String, String> options = new HashMap<String, String>();
options.put("useKeyTab", "false");
options.put("storeKey", "false");
options.put("doNotPrompt", "true");
options.put("useTicketCache", "true");
options.put("renewTGT", "true");
options.put("refreshKrb5Config", "true");
options.put("isInitiator", "true");
String ticketCache = System.getenv("KRB5CCNAME");
if (ticketCache != null) {
options.put("ticketCache", ticketCache);
}
options.put("debug", "true");
return new AppConfigurationEntry[] { new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options) };
}
});
context.login();
return context.getSubject();
}
Example 93
Project: quickstart-master File: RemoteClient.java View source code |
public static LoginContext getCLMLoginContext(final String username, final String password) throws LoginException { final String configurationName = "Testing"; CallbackHandler cbh = new CallbackHandler() { public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { for (Callback current : callbacks) { if (current instanceof NameCallback) { ((NameCallback) current).setName(username); } else if (current instanceof PasswordCallback) { ((PasswordCallback) current).setPassword(password.toCharArray()); } else { throw new UnsupportedCallbackException(current); } } } }; Configuration config = new Configuration() { @Override public AppConfigurationEntry[] getAppConfigurationEntry(String name) { if (configurationName.equals(name) == false) { throw new IllegalArgumentException("Unexpected configuration name '" + name + "'"); } Map<String, String> options = new HashMap<>(); options.put("multi-threaded", "true"); options.put("restore-login-identity", "true"); AppConfigurationEntry clmEntry = new AppConfigurationEntry(ClientLoginModule.class.getName(), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options); return new AppConfigurationEntry[] { clmEntry }; } }; return new LoginContext(configurationName, new Subject(), cbh, config); }
Example 94
Project: rest-utils-master File: SaslTest.java View source code |
@Before
public void setUp() throws Exception {
jaasFile = File.createTempFile("jaas", ".config");
loginPropertiesFile = File.createTempFile("login", ".properties");
String jaas = "c3 {\n" + " org.eclipse.jetty.jaas.spi.PropertyFileLoginModule required\n" + " debug=\"true\"\n" + " file=\"" + loginPropertiesFile.getAbsolutePath() + "\";\n" + "};\n";
Files.write(jaasFile.toPath(), jaas.getBytes(StandardCharsets.UTF_8), StandardOpenOption.TRUNCATE_EXISTING);
String loginProperties = "jay: kafka,Administrators\n" + "neha: akfak,Administrators\n" + "jun: kafka-\n";
Files.write(loginPropertiesFile.toPath(), loginProperties.getBytes(StandardCharsets.UTF_8), StandardOpenOption.TRUNCATE_EXISTING);
previousAuthConfig = System.getProperty("java.security.auth.login.config");
Configuration.setConfiguration(null);
System.setProperty("java.security.auth.login.config", jaasFile.getAbsolutePath());
httpclient = HttpClients.createDefault();
TestMetricsReporter.reset();
Properties props = new Properties();
props.put(RestConfig.LISTENERS_CONFIG, httpUri);
props.put(RestConfig.METRICS_REPORTER_CLASSES_CONFIG, "io.confluent.rest.TestMetricsReporter");
configBasic(props);
TestRestConfig config = new TestRestConfig(props);
app = new SaslTestApplication(config);
app.start();
}
Example 95
Project: sonar-plugins-master File: Ldap.java View source code |
/**
* Checks password using GSSAPI.
*
* @param principal principal
* @param password password
* @return true, if principal can be authenticated with specified password
*/
private boolean checkPasswordUsingGssapi(String principal, String password) {
// Use our custom configuration to avoid reliance on external config
Configuration.setConfiguration(new Krb5LoginConfiguration());
LoginContext lc;
try {
lc = new LoginContext(getClass().getName(), new CallbackHandlerImpl(principal, password));
lc.login();
} catch (LoginException e) {
LdapHelper.LOG.debug("Password is not valid for principal: " + principal, e);
return false;
}
try {
lc.logout();
} catch (LoginException e) {
LdapHelper.LOG.warn("Logout fails", e);
}
return true;
}
Example 96
Project: tinkerpop-master File: JaasKrbUtil.java View source code |
public static Subject loginUsingPassword(String principal, String password) throws LoginException {
Set<Principal> principals = new HashSet<Principal>();
principals.add(new KerberosPrincipal(principal));
Subject subject = new Subject(false, principals, new HashSet<Object>(), new HashSet<Object>());
Configuration conf = usePassword(principal);
String confName = "PasswordConf";
CallbackHandler callback = new KrbCallbackHandler(principal, password);
LoginContext loginContext = new LoginContext(confName, subject, callback, conf);
loginContext.login();
return loginContext.getSubject();
}
Example 97
Project: vco-powershel-plugin-master File: KerberosTokenGenerator.java View source code |
// Authenticate against the KDC using JAAS.
private void login(final NTUser userName, final String password) throws LoginException {
this.subject = new Subject();
LoginContext login;
login = new LoginContext("", subject, new CallbackHandler() {
@Override
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (Callback callback : callbacks) {
if (callback instanceof NameCallback) {
//We may need some more complete mapping between AD user domain and Kerberos realms
String kerbUserSPN = userName.getUserName();
if (StringUtils.isNotBlank(userName.getDomain())) {
kerbUserSPN += "@" + userName.getDomain().toUpperCase();
}
log.debug("Kerberos login name: " + kerbUserSPN);
((NameCallback) callback).setName(kerbUserSPN);
} else if (callback instanceof PasswordCallback) {
((PasswordCallback) callback).setPassword(password.toCharArray());
}
}
}
}, new Configuration() {
@Override
public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
Map<String, String> config = new HashMap<String, String>();
config.put("useTicketCache", "false");
return new AppConfigurationEntry[] { new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, config) };
}
});
login.login();
}
Example 98
Project: wildfly-elytron-master File: JaasUtil.java View source code |
static Subject login(final String userName, final char[] password, final boolean server, final String keyTabFile) throws LoginException {
Subject theSubject = new Subject();
CallbackHandler cbh = new UsernamePasswordCBH(userName, password);
Configuration config;
if (server) {
config = createGssProxyConfiguration(userName, keyTabFile);
} else {
config = createJaasConfiguration(false);
}
LoginContext lc = new LoginContext("KDC", theSubject, cbh, config);
lc.login();
return theSubject;
}
Example 99
Project: wildfly-security-master File: JaasUtil.java View source code |
static Subject login(final String userName, final char[] password, final boolean server, final String keyTabFile) throws LoginException {
Subject theSubject = new Subject();
CallbackHandler cbh = new UsernamePasswordCBH(userName, password);
Configuration config;
if (server) {
config = createGssProxyConfiguration(userName, keyTabFile);
} else {
config = createJaasConfiguration(false);
}
LoginContext lc = new LoginContext("KDC", theSubject, cbh, config);
lc.login();
return theSubject;
}
Example 100
Project: zkclient-master File: SaslAuthenticatedTest.java View source code |
private void bootstrap() throws IOException {
Configuration.setConfiguration(null);
String jaasFileName = createJaasFile();
System.setProperty(ZK_AUTH_PROVIDER, "org.apache.zookeeper.server.auth.SASLAuthenticationProvider");
System.setProperty(ZkClient.JAVA_LOGIN_CONFIG_PARAM, jaasFileName);
_zkServer = TestUtil.startZkServer(_temporaryFolder, _port);
_client = _zkServer.getZkClient();
}
Example 101
Project: JamVM-PH-master File: GnuConfiguration.java View source code |
// Class methods // -------------------------------------------------------------------------- // Instance methods // -------------------------------------------------------------------------- // Configuration abstract methods implementation ---------------------------- /* (non-Javadoc) * @see javax.security.auth.login.Configuration#getAppConfigurationEntry(java.lang.String) */ public AppConfigurationEntry[] getAppConfigurationEntry(String appName) { if (appName == null) return null; appName = appName.trim(); if (appName.length() == 0) return null; List loginModules = (List) loginModulesMap.get(appName); if (loginModules == null || loginModules.size() == 0) return null; if (gnu.java.security.Configuration.DEBUG) log.fine(appName + " -> " + loginModules.size() + " entry(ies)"); return (AppConfigurationEntry[]) loginModules.toArray(new AppConfigurationEntry[0]); }