Example 1 with KerberosAuthenticationConfig
use of com.hazelcast.config.security.KerberosAuthenticationConfig in project hazelcast by hazelcast.
the class YamlConfigBuilderTest method testSecurityConfig.
@Override
@Test
public void testSecurityConfig() {
String yaml = "" + "hazelcast:\n" + " security:\n" + " enabled: true\n" + " security-interceptors:\n" + " - foo\n" + " - bar\n" + " client-block-unmapped-actions: false\n" + " member-authentication:\n" + " realm: mr\n" + " client-authentication:\n" + " realm: cr\n" + " realms:\n" + " - name: mr\n" + " authentication:\n" + " jaas:\n" + " - class-name: MyRequiredLoginModule\n" + " usage: REQUIRED\n" + " properties:\n" + " login-property: login-value\n" + " - class-name: MyRequiredLoginModule2\n" + " usage: SUFFICIENT\n" + " properties:\n" + " login-property2: login-value2\n" + " identity:\n" + " credentials-factory:\n" + " class-name: MyCredentialsFactory\n" + " properties:\n" + " property: value\n" + " - name: cr\n" + " authentication:\n" + " jaas:\n" + " - class-name: MyOptionalLoginModule\n" + " usage: OPTIONAL\n" + " properties:\n" + " client-property: client-value\n" + " - class-name: MyRequiredLoginModule\n" + " usage: REQUIRED\n" + " properties:\n" + " client-property2: client-value2\n" + " - name: kerberos\n" + " authentication:\n" + " kerberos:\n" + " skip-role: false\n" + " relax-flags-check: true\n" + " use-name-without-realm: true\n" + " security-realm: krb5Acceptor\n" + " principal: jduke@HAZELCAST.COM\n" + " keytab-file: /opt/jduke.keytab\n" + " ldap:\n" + " url: ldap://127.0.0.1\n" + " identity:\n" + " kerberos:\n" + " realm: HAZELCAST.COM\n" + " security-realm: krb5Initializer\n" + " principal: jduke@HAZELCAST.COM\n" + " keytab-file: /opt/jduke.keytab\n" + " use-canonical-hostname: true\n" + " - name: simple\n" + " authentication:\n" + " simple:\n" + " skip-role: true\n" + " users:\n" + " - username: test\n" + " password: 'a1234'\n" + " roles:\n" + " - monitor\n" + " - hazelcast\n" + " - username: dev\n" + " password: secret\n" + " roles:\n" + " - root\n" + " client-permission-policy:\n" + " class-name: MyPermissionPolicy\n" + " properties:\n" + " permission-property: permission-value\n";
Config config = buildConfig(yaml);
SecurityConfig securityConfig = config.getSecurityConfig();
List<SecurityInterceptorConfig> interceptorConfigs = securityConfig.getSecurityInterceptorConfigs();
assertEquals(2, interceptorConfigs.size());
assertEquals("foo", interceptorConfigs.get(0).className);
assertEquals("bar", interceptorConfigs.get(1).className);
assertFalse(securityConfig.getClientBlockUnmappedActions());
RealmConfig memberRealm = securityConfig.getRealmConfig(securityConfig.getMemberRealm());
CredentialsFactoryConfig memberCredentialsConfig = memberRealm.getCredentialsFactoryConfig();
assertEquals("MyCredentialsFactory", memberCredentialsConfig.getClassName());
assertEquals(1, memberCredentialsConfig.getProperties().size());
assertEquals("value", memberCredentialsConfig.getProperties().getProperty("property"));
List<LoginModuleConfig> memberLoginModuleConfigs = memberRealm.getJaasAuthenticationConfig().getLoginModuleConfigs();
assertEquals(2, memberLoginModuleConfigs.size());
Iterator<LoginModuleConfig> memberLoginIterator = memberLoginModuleConfigs.iterator();
LoginModuleConfig memberLoginModuleCfg1 = memberLoginIterator.next();
assertEquals("MyRequiredLoginModule", memberLoginModuleCfg1.getClassName());
assertEquals(LoginModuleUsage.REQUIRED, memberLoginModuleCfg1.getUsage());
assertEquals(1, memberLoginModuleCfg1.getProperties().size());
assertEquals("login-value", memberLoginModuleCfg1.getProperties().getProperty("login-property"));
LoginModuleConfig memberLoginModuleCfg2 = memberLoginIterator.next();
assertEquals("MyRequiredLoginModule2", memberLoginModuleCfg2.getClassName());
assertEquals(LoginModuleUsage.SUFFICIENT, memberLoginModuleCfg2.getUsage());
assertEquals(1, memberLoginModuleCfg2.getProperties().size());
assertEquals("login-value2", memberLoginModuleCfg2.getProperties().getProperty("login-property2"));
RealmConfig clientRealm = securityConfig.getRealmConfig(securityConfig.getClientRealm());
List<LoginModuleConfig> clientLoginModuleConfigs = clientRealm.getJaasAuthenticationConfig().getLoginModuleConfigs();
assertEquals(2, clientLoginModuleConfigs.size());
Iterator<LoginModuleConfig> clientLoginIterator = clientLoginModuleConfigs.iterator();
LoginModuleConfig clientLoginModuleCfg1 = clientLoginIterator.next();
assertEquals("MyOptionalLoginModule", clientLoginModuleCfg1.getClassName());
assertEquals(LoginModuleUsage.OPTIONAL, clientLoginModuleCfg1.getUsage());
assertEquals(1, clientLoginModuleCfg1.getProperties().size());
assertEquals("client-value", clientLoginModuleCfg1.getProperties().getProperty("client-property"));
LoginModuleConfig clientLoginModuleCfg2 = clientLoginIterator.next();
assertEquals("MyRequiredLoginModule", clientLoginModuleCfg2.getClassName());
assertEquals(LoginModuleUsage.REQUIRED, clientLoginModuleCfg2.getUsage());
assertEquals(1, clientLoginModuleCfg2.getProperties().size());
assertEquals("client-value2", clientLoginModuleCfg2.getProperties().getProperty("client-property2"));
RealmConfig kerberosRealm = securityConfig.getRealmConfig("kerberos");
assertNotNull(kerberosRealm);
KerberosIdentityConfig kerbIdentity = kerberosRealm.getKerberosIdentityConfig();
assertNotNull(kerbIdentity);
assertEquals("HAZELCAST.COM", kerbIdentity.getRealm());
assertEquals("krb5Initializer", kerbIdentity.getSecurityRealm());
assertEquals("jduke@HAZELCAST.COM", kerbIdentity.getPrincipal());
assertEquals("/opt/jduke.keytab", kerbIdentity.getKeytabFile());
assertTrue(kerbIdentity.getUseCanonicalHostname());
KerberosAuthenticationConfig kerbAuthentication = kerberosRealm.getKerberosAuthenticationConfig();
assertNotNull(kerbAuthentication);
assertEquals(Boolean.TRUE, kerbAuthentication.getRelaxFlagsCheck());
assertEquals(Boolean.FALSE, kerbAuthentication.getSkipRole());
assertNull(kerbAuthentication.getSkipIdentity());
assertEquals("krb5Acceptor", kerbAuthentication.getSecurityRealm());
assertEquals("jduke@HAZELCAST.COM", kerbAuthentication.getPrincipal());
assertEquals("/opt/jduke.keytab", kerbAuthentication.getKeytabFile());
assertTrue(kerbAuthentication.getUseNameWithoutRealm());
LdapAuthenticationConfig kerbLdapAuthentication = kerbAuthentication.getLdapAuthenticationConfig();
assertNotNull(kerbLdapAuthentication);
assertEquals("ldap://127.0.0.1", kerbLdapAuthentication.getUrl());
RealmConfig simpleRealm = securityConfig.getRealmConfig("simple");
assertNotNull(simpleRealm);
SimpleAuthenticationConfig simpleAuthnCfg = simpleRealm.getSimpleAuthenticationConfig();
assertNotNull(simpleAuthnCfg);
assertEquals(2, simpleAuthnCfg.getUsernames().size());
assertTrue(simpleAuthnCfg.getUsernames().contains("test"));
assertEquals("a1234", simpleAuthnCfg.getPassword("test"));
Set<String> expectedRoles = new HashSet<>();
expectedRoles.add("monitor");
expectedRoles.add("hazelcast");
assertEquals(expectedRoles, simpleAuthnCfg.getRoles("test"));
assertEquals(Boolean.TRUE, simpleAuthnCfg.getSkipRole());
// client-permission-policy
PermissionPolicyConfig permissionPolicyConfig = securityConfig.getClientPolicyConfig();
assertEquals("MyPermissionPolicy", permissionPolicyConfig.getClassName());
assertEquals(1, permissionPolicyConfig.getProperties().size());
assertEquals("permission-value", permissionPolicyConfig.getProperties().getProperty("permission-property"));
}
Also used :
RealmConfig(com.hazelcast.config.security.RealmConfig)
LdapAuthenticationConfig(com.hazelcast.config.security.LdapAuthenticationConfig)
SemaphoreConfig(com.hazelcast.config.cp.SemaphoreConfig)
CPSubsystemConfig(com.hazelcast.config.cp.CPSubsystemConfig)
RaftAlgorithmConfig(com.hazelcast.config.cp.RaftAlgorithmConfig)
SimpleAuthenticationConfig(com.hazelcast.config.security.SimpleAuthenticationConfig)
KerberosIdentityConfig(com.hazelcast.config.security.KerberosIdentityConfig)
KerberosAuthenticationConfig(com.hazelcast.config.security.KerberosAuthenticationConfig)
RealmConfig(com.hazelcast.config.security.RealmConfig)
FencedLockConfig(com.hazelcast.config.cp.FencedLockConfig)
KerberosIdentityConfig(com.hazelcast.config.security.KerberosIdentityConfig)
LdapAuthenticationConfig(com.hazelcast.config.security.LdapAuthenticationConfig)
KerberosAuthenticationConfig(com.hazelcast.config.security.KerberosAuthenticationConfig)
SimpleAuthenticationConfig(com.hazelcast.config.security.SimpleAuthenticationConfig)
HashSet(java.util.HashSet)
ParallelJVMTest(com.hazelcast.test.annotation.ParallelJVMTest)
QuickTest(com.hazelcast.test.annotation.QuickTest)
Test(org.junit.Test)
Example 2 with KerberosAuthenticationConfig
use of com.hazelcast.config.security.KerberosAuthenticationConfig in project hazelcast by hazelcast.
the class TestFullApplicationContext method testSecurity.
@Test
public void testSecurity() {
SecurityConfig securityConfig = config.getSecurityConfig();
assertEquals(OnJoinPermissionOperationName.SEND, securityConfig.getOnJoinPermissionOperation());
final Set<PermissionConfig> clientPermissionConfigs = securityConfig.getClientPermissionConfigs();
assertFalse(securityConfig.getClientBlockUnmappedActions());
assertTrue(isNotEmpty(clientPermissionConfigs));
assertEquals(PermissionType.values().length, clientPermissionConfigs.size());
final PermissionConfig pnCounterPermission = new PermissionConfig(PermissionType.PN_COUNTER, "pnCounterPermission", "*").addAction("create").setEndpoints(Collections.emptySet());
assertContains(clientPermissionConfigs, pnCounterPermission);
Set<PermissionType> permTypes = new HashSet<>(Arrays.asList(PermissionType.values()));
for (PermissionConfig pc : clientPermissionConfigs) {
permTypes.remove(pc.getType());
}
assertTrue("All permission types should be listed in fullConfig. Not found ones: " + permTypes, permTypes.isEmpty());
RealmConfig kerberosRealm = securityConfig.getRealmConfig("kerberosRealm");
assertNotNull(kerberosRealm);
KerberosAuthenticationConfig kerbAuthentication = kerberosRealm.getKerberosAuthenticationConfig();
assertNotNull(kerbAuthentication);
assertEquals(TRUE, kerbAuthentication.getRelaxFlagsCheck());
assertEquals(TRUE, kerbAuthentication.getUseNameWithoutRealm());
assertEquals("krb5Acceptor", kerbAuthentication.getSecurityRealm());
assertNotNull(kerbAuthentication.getLdapAuthenticationConfig());
KerberosIdentityConfig kerbIdentity = kerberosRealm.getKerberosIdentityConfig();
assertNotNull(kerbIdentity);
assertEquals("HAZELCAST.COM", kerbIdentity.getRealm());
assertEquals(TRUE, kerbIdentity.getUseCanonicalHostname());
RealmConfig simpleRealm = securityConfig.getRealmConfig("simpleRealm");
assertNotNull(simpleRealm);
SimpleAuthenticationConfig simpleAuthnCfg = simpleRealm.getSimpleAuthenticationConfig();
assertNotNull(simpleAuthnCfg);
assertEquals(2, simpleAuthnCfg.getUsernames().size());
assertTrue(simpleAuthnCfg.getUsernames().contains("test"));
assertEquals("a1234", simpleAuthnCfg.getPassword("test"));
Set<String> expectedRoles = new HashSet<>();
expectedRoles.add("monitor");
expectedRoles.add("hazelcast");
assertEquals(expectedRoles, simpleAuthnCfg.getRoles("test"));
}
Also used :
PermissionConfig(com.hazelcast.config.PermissionConfig)
RealmConfig(com.hazelcast.config.security.RealmConfig)
SecurityConfig(com.hazelcast.config.SecurityConfig)
PermissionType(com.hazelcast.config.PermissionConfig.PermissionType)
KerberosAuthenticationConfig(com.hazelcast.config.security.KerberosAuthenticationConfig)
SimpleAuthenticationConfig(com.hazelcast.config.security.SimpleAuthenticationConfig)
HashSet(java.util.HashSet)
KerberosIdentityConfig(com.hazelcast.config.security.KerberosIdentityConfig)
Test(org.junit.Test)
QuickTest(com.hazelcast.test.annotation.QuickTest)
Example 3 with KerberosAuthenticationConfig
use of com.hazelcast.config.security.KerberosAuthenticationConfig in project hazelcast by hazelcast.
the class MemberDomConfigProcessor method handleKerberosAuthentication.
protected void handleKerberosAuthentication(RealmConfig realmConfig, Node node) {
KerberosAuthenticationConfig krbCfg = new KerberosAuthenticationConfig();
fillClusterLoginConfig(krbCfg, node);
for (Node child : childElements(node)) {
String nodeName = cleanNodeName(child);
if (matches("relax-flags-check", nodeName)) {
krbCfg.setRelaxFlagsCheck(getBooleanValue(getTextContent(child)));
} else if (matches("use-name-without-realm", nodeName)) {
krbCfg.setUseNameWithoutRealm(getBooleanValue(getTextContent(child)));
} else if (matches("security-realm", nodeName)) {
krbCfg.setSecurityRealm(getTextContent(child));
} else if (matches("principal", nodeName)) {
krbCfg.setPrincipal(getTextContent(child));
} else if (matches("keytab-file", nodeName)) {
krbCfg.setKeytabFile(getTextContent(child));
} else if (matches("ldap", nodeName)) {
krbCfg.setLdapAuthenticationConfig(createLdapAuthentication(child));
}
}
realmConfig.setKerberosAuthenticationConfig(krbCfg);
}
Also used :
Node(org.w3c.dom.Node)
KerberosAuthenticationConfig(com.hazelcast.config.security.KerberosAuthenticationConfig)
Example 4 with KerberosAuthenticationConfig
use of com.hazelcast.config.security.KerberosAuthenticationConfig in project hazelcast by hazelcast.
the class XMLConfigBuilderTest method testSecurityConfig.
@Override
@Test
public void testSecurityConfig() {
String xml = HAZELCAST_START_TAG + "<security enabled=\"true\">" + " <security-interceptors>" + " <interceptor class-name=\"foo\"/>" + " <interceptor class-name=\"bar\"/>" + " </security-interceptors>" + " <client-block-unmapped-actions>false</client-block-unmapped-actions>" + " <realms>" + " <realm name='mr'>" + " <authentication>" + " <jaas>" + " <login-module class-name=\"MyRequiredLoginModule\" usage=\"REQUIRED\">\n" + " <properties>\n" + " <property name=\"login-property\">login-value</property>\n" + " </properties>\n" + " </login-module>\n" + " <login-module class-name=\"MyRequiredLoginModule2\" usage=\"SUFFICIENT\">\n" + " <properties>\n" + " <property name=\"login-property2\">login-value2</property>\n" + " </properties>\n" + " </login-module>\n" + " </jaas>" + " </authentication>" + " <identity>" + " <credentials-factory class-name=\"MyCredentialsFactory\">\n" + " <properties>\n" + " <property name=\"property\">value</property>\n" + " </properties>\n" + " </credentials-factory>\n" + " </identity>" + " </realm>" + " <realm name='cr'>" + " <authentication>" + " <jaas>" + " <login-module class-name=\"MyOptionalLoginModule\" usage=\"OPTIONAL\">\n" + " <properties>\n" + " <property name=\"client-property\">client-value</property>\n" + " </properties>\n" + " </login-module>\n" + " <login-module class-name=\"MyRequiredLoginModule\" usage=\"REQUIRED\">\n" + " <properties>\n" + " <property name=\"client-property2\">client-value2</property>\n" + " </properties>\n" + " </login-module>\n" + " </jaas>" + " </authentication>" + " <identity>" + " <token encoding=\"base64\">****</token>" + " </identity>" + " </realm>" + " <realm name='kerberos'>" + " <authentication>" + " <kerberos>" + " <skip-role>false</skip-role>" + " <relax-flags-check>true</relax-flags-check>" + " <use-name-without-realm>true</use-name-without-realm>" + " <security-realm>krb5Acceptor</security-realm>" + " <principal>jduke@HAZELCAST.COM</principal>" + " <keytab-file>/opt/jduke.keytab</keytab-file>" + " <ldap>" + " <url>ldap://127.0.0.1</url>" + " </ldap>" + " </kerberos>" + " </authentication>" + " <identity>" + " <kerberos>" + " <realm>HAZELCAST.COM</realm>" + " <security-realm>krb5Initializer</security-realm>" + " <principal>jduke@HAZELCAST.COM</principal>" + " <keytab-file>/opt/jduke.keytab</keytab-file>" + " <use-canonical-hostname>true</use-canonical-hostname>" + " </kerberos>" + " </identity>" + " </realm>" + " <realm name='simple'>" + " <authentication>" + " <simple>" + " <skip-role>true</skip-role>" + " <role-separator>:</role-separator>" + " <user username='test' password='a1234'>" + " <role>monitor</role>" + " <role>hazelcast</role>" + " </user>" + " <user username='dev' password='secret'>" + " <role>root</role>" + " </user>" + " </simple>" + " </authentication>" + " </realm>" + " </realms>" + " <member-authentication realm='mr'/>\n" + " <client-authentication realm='cr'/>\n" + " <client-permission-policy class-name=\"MyPermissionPolicy\">\n" + " <properties>\n" + " <property name=\"permission-property\">permission-value</property>\n" + " </properties>\n" + " </client-permission-policy>" + "</security>" + HAZELCAST_END_TAG;
Config config = buildConfig(xml);
SecurityConfig securityConfig = config.getSecurityConfig();
List<SecurityInterceptorConfig> interceptorConfigs = securityConfig.getSecurityInterceptorConfigs();
assertEquals(2, interceptorConfigs.size());
assertEquals("foo", interceptorConfigs.get(0).className);
assertEquals("bar", interceptorConfigs.get(1).className);
assertFalse(securityConfig.getClientBlockUnmappedActions());
RealmConfig memberRealm = securityConfig.getRealmConfig(securityConfig.getMemberRealm());
CredentialsFactoryConfig memberCredentialsConfig = memberRealm.getCredentialsFactoryConfig();
assertEquals("MyCredentialsFactory", memberCredentialsConfig.getClassName());
assertEquals(1, memberCredentialsConfig.getProperties().size());
assertEquals("value", memberCredentialsConfig.getProperties().getProperty("property"));
List<LoginModuleConfig> memberLoginModuleConfigs = memberRealm.getJaasAuthenticationConfig().getLoginModuleConfigs();
assertEquals(2, memberLoginModuleConfigs.size());
Iterator<LoginModuleConfig> memberLoginIterator = memberLoginModuleConfigs.iterator();
LoginModuleConfig memberLoginModuleCfg1 = memberLoginIterator.next();
assertEquals("MyRequiredLoginModule", memberLoginModuleCfg1.getClassName());
assertEquals(LoginModuleUsage.REQUIRED, memberLoginModuleCfg1.getUsage());
assertEquals(1, memberLoginModuleCfg1.getProperties().size());
assertEquals("login-value", memberLoginModuleCfg1.getProperties().getProperty("login-property"));
LoginModuleConfig memberLoginModuleCfg2 = memberLoginIterator.next();
assertEquals("MyRequiredLoginModule2", memberLoginModuleCfg2.getClassName());
assertEquals(LoginModuleUsage.SUFFICIENT, memberLoginModuleCfg2.getUsage());
assertEquals(1, memberLoginModuleCfg2.getProperties().size());
assertEquals("login-value2", memberLoginModuleCfg2.getProperties().getProperty("login-property2"));
RealmConfig clientRealm = securityConfig.getRealmConfig(securityConfig.getClientRealm());
List<LoginModuleConfig> clientLoginModuleConfigs = clientRealm.getJaasAuthenticationConfig().getLoginModuleConfigs();
assertEquals(2, clientLoginModuleConfigs.size());
Iterator<LoginModuleConfig> clientLoginIterator = clientLoginModuleConfigs.iterator();
LoginModuleConfig clientLoginModuleCfg1 = clientLoginIterator.next();
assertEquals("MyOptionalLoginModule", clientLoginModuleCfg1.getClassName());
assertEquals(LoginModuleUsage.OPTIONAL, clientLoginModuleCfg1.getUsage());
assertEquals(1, clientLoginModuleCfg1.getProperties().size());
assertEquals("client-value", clientLoginModuleCfg1.getProperties().getProperty("client-property"));
LoginModuleConfig clientLoginModuleCfg2 = clientLoginIterator.next();
assertEquals("MyRequiredLoginModule", clientLoginModuleCfg2.getClassName());
assertEquals(LoginModuleUsage.REQUIRED, clientLoginModuleCfg2.getUsage());
assertEquals(1, clientLoginModuleCfg2.getProperties().size());
assertEquals("client-value2", clientLoginModuleCfg2.getProperties().getProperty("client-property2"));
TokenIdentityConfig tokenIdentityConfig = clientRealm.getTokenIdentityConfig();
assertEquals(TokenEncoding.BASE64, tokenIdentityConfig.getEncoding());
assertArrayEquals(ConfigXmlGenerator.MASK_FOR_SENSITIVE_DATA.getBytes(US_ASCII), tokenIdentityConfig.getToken());
RealmConfig kerberosRealm = securityConfig.getRealmConfig("kerberos");
assertNotNull(kerberosRealm);
KerberosIdentityConfig kerbIdentity = kerberosRealm.getKerberosIdentityConfig();
assertNotNull(kerbIdentity);
assertEquals("HAZELCAST.COM", kerbIdentity.getRealm());
assertEquals("krb5Initializer", kerbIdentity.getSecurityRealm());
assertEquals("jduke@HAZELCAST.COM", kerbIdentity.getPrincipal());
assertEquals("/opt/jduke.keytab", kerbIdentity.getKeytabFile());
assertTrue(kerbIdentity.getUseCanonicalHostname());
KerberosAuthenticationConfig kerbAuthentication = kerberosRealm.getKerberosAuthenticationConfig();
assertNotNull(kerbAuthentication);
assertEquals(Boolean.TRUE, kerbAuthentication.getRelaxFlagsCheck());
assertEquals(Boolean.FALSE, kerbAuthentication.getSkipRole());
assertNull(kerbAuthentication.getSkipIdentity());
assertEquals("krb5Acceptor", kerbAuthentication.getSecurityRealm());
assertEquals("jduke@HAZELCAST.COM", kerbAuthentication.getPrincipal());
assertEquals("/opt/jduke.keytab", kerbAuthentication.getKeytabFile());
assertTrue(kerbAuthentication.getUseNameWithoutRealm());
LdapAuthenticationConfig kerbLdapAuthentication = kerbAuthentication.getLdapAuthenticationConfig();
assertNotNull(kerbLdapAuthentication);
assertEquals("ldap://127.0.0.1", kerbLdapAuthentication.getUrl());
RealmConfig simpleRealm = securityConfig.getRealmConfig("simple");
assertNotNull(simpleRealm);
SimpleAuthenticationConfig simpleAuthnCfg = simpleRealm.getSimpleAuthenticationConfig();
assertNotNull(simpleAuthnCfg);
assertEquals(2, simpleAuthnCfg.getUsernames().size());
assertTrue(simpleAuthnCfg.getUsernames().contains("test"));
assertEquals("a1234", simpleAuthnCfg.getPassword("test"));
assertEquals(":", simpleAuthnCfg.getRoleSeparator());
Set<String> expectedRoles = new HashSet<>();
expectedRoles.add("monitor");
expectedRoles.add("hazelcast");
assertEquals(expectedRoles, simpleAuthnCfg.getRoles("test"));
assertEquals(Boolean.TRUE, simpleAuthnCfg.getSkipRole());
// client-permission-policy
PermissionPolicyConfig permissionPolicyConfig = securityConfig.getClientPolicyConfig();
assertEquals("MyPermissionPolicy", permissionPolicyConfig.getClassName());
assertEquals(1, permissionPolicyConfig.getProperties().size());
assertEquals("permission-value", permissionPolicyConfig.getProperties().getProperty("permission-property"));
}
Also used :
RealmConfig(com.hazelcast.config.security.RealmConfig)
TokenIdentityConfig(com.hazelcast.config.security.TokenIdentityConfig)
TokenIdentityConfig(com.hazelcast.config.security.TokenIdentityConfig)
LdapAuthenticationConfig(com.hazelcast.config.security.LdapAuthenticationConfig)
SemaphoreConfig(com.hazelcast.config.cp.SemaphoreConfig)
CPSubsystemConfig(com.hazelcast.config.cp.CPSubsystemConfig)
RaftAlgorithmConfig(com.hazelcast.config.cp.RaftAlgorithmConfig)
SimpleAuthenticationConfig(com.hazelcast.config.security.SimpleAuthenticationConfig)
KerberosIdentityConfig(com.hazelcast.config.security.KerberosIdentityConfig)
KerberosAuthenticationConfig(com.hazelcast.config.security.KerberosAuthenticationConfig)
RealmConfig(com.hazelcast.config.security.RealmConfig)
FencedLockConfig(com.hazelcast.config.cp.FencedLockConfig)
KerberosIdentityConfig(com.hazelcast.config.security.KerberosIdentityConfig)
LdapAuthenticationConfig(com.hazelcast.config.security.LdapAuthenticationConfig)
KerberosAuthenticationConfig(com.hazelcast.config.security.KerberosAuthenticationConfig)
SimpleAuthenticationConfig(com.hazelcast.config.security.SimpleAuthenticationConfig)
HashSet(java.util.HashSet)
ParallelJVMTest(com.hazelcast.test.annotation.ParallelJVMTest)
QuickTest(com.hazelcast.test.annotation.QuickTest)
Test(org.junit.Test)
Example 5 with KerberosAuthenticationConfig
use of com.hazelcast.config.security.KerberosAuthenticationConfig in project hazelcast by hazelcast.
the class ConfigXmlGeneratorTest method testKerberosConfig.
@Test
public void testKerberosConfig() {
Config cfg = new Config();
RealmConfig realmConfig = new RealmConfig().setKerberosAuthenticationConfig(new KerberosAuthenticationConfig().setSkipIdentity(TRUE).setSkipEndpoint(FALSE).setSkipRole(TRUE).setRelaxFlagsCheck(TRUE).setUseNameWithoutRealm(TRUE).setSecurityRealm("jaasRealm").setKeytabFile("/opt/test.keytab").setPrincipal("testPrincipal").setLdapAuthenticationConfig(new LdapAuthenticationConfig().setUrl("url"))).setKerberosIdentityConfig(new KerberosIdentityConfig().setRealm("HAZELCAST.COM").setSecurityRealm("krb5Init").setKeytabFile("/opt/test.keytab").setPrincipal("testPrincipal").setServiceNamePrefix("hz/").setUseCanonicalHostname(TRUE).setSpn("spn@HAZELCAST.COM"));
SecurityConfig expectedConfig = new SecurityConfig().setMemberRealmConfig("kerberosRealm", realmConfig);
cfg.setSecurityConfig(expectedConfig);
SecurityConfig actualConfig = getNewConfigViaXMLGenerator(cfg).getSecurityConfig();
assertEquals(expectedConfig, actualConfig);
}
Also used :
RealmConfig(com.hazelcast.config.security.RealmConfig)
TlsAuthenticationConfig(com.hazelcast.config.security.TlsAuthenticationConfig)
TokenIdentityConfig(com.hazelcast.config.security.TokenIdentityConfig)
LdapAuthenticationConfig(com.hazelcast.config.security.LdapAuthenticationConfig)
SemaphoreConfig(com.hazelcast.config.cp.SemaphoreConfig)
CPSubsystemConfig(com.hazelcast.config.cp.CPSubsystemConfig)
SimpleAuthenticationConfig(com.hazelcast.config.security.SimpleAuthenticationConfig)
KerberosIdentityConfig(com.hazelcast.config.security.KerberosIdentityConfig)
KerberosAuthenticationConfig(com.hazelcast.config.security.KerberosAuthenticationConfig)
RealmConfig(com.hazelcast.config.security.RealmConfig)
JaasAuthenticationConfig(com.hazelcast.config.security.JaasAuthenticationConfig)
JetConfig(com.hazelcast.jet.config.JetConfig)
FencedLockConfig(com.hazelcast.config.cp.FencedLockConfig)
LdapAuthenticationConfig(com.hazelcast.config.security.LdapAuthenticationConfig)
KerberosAuthenticationConfig(com.hazelcast.config.security.KerberosAuthenticationConfig)
KerberosIdentityConfig(com.hazelcast.config.security.KerberosIdentityConfig)
ParallelJVMTest(com.hazelcast.test.annotation.ParallelJVMTest)
QuickTest(com.hazelcast.test.annotation.QuickTest)
Test(org.junit.Test)
Aggregations
KerberosAuthenticationConfig (com.hazelcast.config.security.KerberosAuthenticationConfig)5
KerberosIdentityConfig (com.hazelcast.config.security.KerberosIdentityConfig)4
RealmConfig (com.hazelcast.config.security.RealmConfig)4
SimpleAuthenticationConfig (com.hazelcast.config.security.SimpleAuthenticationConfig)4
QuickTest (com.hazelcast.test.annotation.QuickTest)4
Test (org.junit.Test)4
CPSubsystemConfig (com.hazelcast.config.cp.CPSubsystemConfig)3
FencedLockConfig (com.hazelcast.config.cp.FencedLockConfig)3
SemaphoreConfig (com.hazelcast.config.cp.SemaphoreConfig)3
LdapAuthenticationConfig (com.hazelcast.config.security.LdapAuthenticationConfig)3
ParallelJVMTest (com.hazelcast.test.annotation.ParallelJVMTest)3
HashSet (java.util.HashSet)3
RaftAlgorithmConfig (com.hazelcast.config.cp.RaftAlgorithmConfig)2
TokenIdentityConfig (com.hazelcast.config.security.TokenIdentityConfig)2
PermissionConfig (com.hazelcast.config.PermissionConfig)1
PermissionType (com.hazelcast.config.PermissionConfig.PermissionType)1
SecurityConfig (com.hazelcast.config.SecurityConfig)1
JaasAuthenticationConfig (com.hazelcast.config.security.JaasAuthenticationConfig)1
TlsAuthenticationConfig (com.hazelcast.config.security.TlsAuthenticationConfig)1
JetConfig (com.hazelcast.jet.config.JetConfig)1
