Examples with RealmConfig com.hazelcast.config.security.RealmConfig used on opensource projects

Search in sources :

Example 16 with RealmConfig

use of com.hazelcast.config.security.RealmConfig in project hazelcast by hazelcast.

the class NodeSecurityBanner method checkAuthnConfigured.

private void checkAuthnConfigured(StringBuilder sb, SecurityConfig securityConfig, String authName, String realmName) {
    RealmConfig rc = securityConfig.getRealmConfig(realmName);
    addSecurityFeatureCheck(sb, "Configure " + authName + " explicitly (Enterprise)", rc != null && rc.isAuthenticationConfigured());
}
Also used : RealmConfig(com.hazelcast.config.security.RealmConfig)

Example 17 with RealmConfig

use of com.hazelcast.config.security.RealmConfig in project hazelcast by hazelcast.

the class MemberDomConfigProcessor method handleRealm.

protected void handleRealm(Node node) {
    String realmName = getAttribute(node, "name");
    RealmConfig realmConfig = new RealmConfig();
    config.getSecurityConfig().addRealmConfig(realmName, realmConfig);
    for (Node child : childElements(node)) {
        String nodeName = cleanNodeName(child);
        if (matches("authentication", nodeName)) {
            handleAuthentication(realmConfig, child);
        } else if (matches("identity", nodeName)) {
            handleIdentity(realmConfig, child);
        }
    }
}
Also used : RealmConfig(com.hazelcast.config.security.RealmConfig) Node(org.w3c.dom.Node)

Example 18 with RealmConfig

use of com.hazelcast.config.security.RealmConfig in project hazelcast by hazelcast.

the class TcpIpJoinTest method test_whenSameClusterNamesButDifferentPassword.

@Test
public void test_whenSameClusterNamesButDifferentPassword() throws Exception {
    Config config1 = new Config();
    config1.setProperty(ClusterProperty.WAIT_SECONDS_BEFORE_JOIN.getName(), "0");
    config1.setProperty(ClusterProperty.MAX_JOIN_SECONDS.getName(), "3");
    config1.getSecurityConfig().setMemberRealmConfig("m1", new RealmConfig().setUsernamePasswordIdentityConfig("foo", "Here"));
    config1.getNetworkConfig().getJoin().getTcpIpConfig().setEnabled(true).setConnectionTimeoutSeconds(3).addMember("127.0.0.1");
    Config config2 = new Config();
    config2.setProperty(ClusterProperty.WAIT_SECONDS_BEFORE_JOIN.getName(), "0");
    config2.setProperty(ClusterProperty.MAX_JOIN_SECONDS.getName(), "3");
    config2.getSecurityConfig().setMemberRealmConfig("m1", new RealmConfig().setUsernamePasswordIdentityConfig("foo", "There"));
    config2.getNetworkConfig().getJoin().getTcpIpConfig().setEnabled(true).setConnectionTimeoutSeconds(3).addMember("127.0.0.1");
    HazelcastInstance hz1 = Hazelcast.newHazelcastInstance(config1);
    HazelcastInstance hz2 = Hazelcast.newHazelcastInstance(config2);
    assertClusterSize(2, hz1);
    assertClusterSize(2, hz2);
}
Also used : RealmConfig(com.hazelcast.config.security.RealmConfig) HazelcastInstance(com.hazelcast.core.HazelcastInstance) Config(com.hazelcast.config.Config) NetworkConfig(com.hazelcast.config.NetworkConfig) TcpIpConfig(com.hazelcast.config.TcpIpConfig) JoinConfig(com.hazelcast.config.JoinConfig) InterfacesConfig(com.hazelcast.config.InterfacesConfig) RealmConfig(com.hazelcast.config.security.RealmConfig) PartitionGroupConfig(com.hazelcast.config.PartitionGroupConfig) Test(org.junit.Test) SlowTest(com.hazelcast.test.annotation.SlowTest)

Example 19 with RealmConfig

use of com.hazelcast.config.security.RealmConfig in project hazelcast by hazelcast.

the class XMLConfigBuilderTest method testSecurityConfig.

@Override
@Test
public void testSecurityConfig() {
    String xml = HAZELCAST_START_TAG + "<security enabled=\"true\">" + "  <security-interceptors>" + "    <interceptor class-name=\"foo\"/>" + "    <interceptor class-name=\"bar\"/>" + "  </security-interceptors>" + "  <client-block-unmapped-actions>false</client-block-unmapped-actions>" + "  <realms>" + "    <realm name='mr'>" + "      <authentication>" + "        <jaas>" + "          <login-module class-name=\"MyRequiredLoginModule\" usage=\"REQUIRED\">\n" + "            <properties>\n" + "              <property name=\"login-property\">login-value</property>\n" + "            </properties>\n" + "          </login-module>\n" + "          <login-module class-name=\"MyRequiredLoginModule2\" usage=\"SUFFICIENT\">\n" + "            <properties>\n" + "              <property name=\"login-property2\">login-value2</property>\n" + "            </properties>\n" + "          </login-module>\n" + "        </jaas>" + "      </authentication>" + "      <identity>" + "        <credentials-factory class-name=\"MyCredentialsFactory\">\n" + "          <properties>\n" + "            <property name=\"property\">value</property>\n" + "          </properties>\n" + "        </credentials-factory>\n" + "      </identity>" + "    </realm>" + "    <realm name='cr'>" + "      <authentication>" + "        <jaas>" + "          <login-module class-name=\"MyOptionalLoginModule\" usage=\"OPTIONAL\">\n" + "            <properties>\n" + "              <property name=\"client-property\">client-value</property>\n" + "            </properties>\n" + "          </login-module>\n" + "          <login-module class-name=\"MyRequiredLoginModule\" usage=\"REQUIRED\">\n" + "            <properties>\n" + "              <property name=\"client-property2\">client-value2</property>\n" + "            </properties>\n" + "          </login-module>\n" + "        </jaas>" + "      </authentication>" + "      <identity>" + "        <token encoding=\"base64\">****</token>" + "      </identity>" + "    </realm>" + "    <realm name='kerberos'>" + "      <authentication>" + "        <kerberos>" + "          <skip-role>false</skip-role>" + "          <relax-flags-check>true</relax-flags-check>" + "          <use-name-without-realm>true</use-name-without-realm>" + "          <security-realm>krb5Acceptor</security-realm>" + "          <principal>jduke@HAZELCAST.COM</principal>" + "          <keytab-file>/opt/jduke.keytab</keytab-file>" + "          <ldap>" + "            <url>ldap://127.0.0.1</url>" + "          </ldap>" + "        </kerberos>" + "      </authentication>" + "      <identity>" + "        <kerberos>" + "          <realm>HAZELCAST.COM</realm>" + "          <security-realm>krb5Initializer</security-realm>" + "          <principal>jduke@HAZELCAST.COM</principal>" + "          <keytab-file>/opt/jduke.keytab</keytab-file>" + "          <use-canonical-hostname>true</use-canonical-hostname>" + "        </kerberos>" + "      </identity>" + "    </realm>" + "    <realm name='simple'>" + "      <authentication>" + "        <simple>" + "          <skip-role>true</skip-role>" + "          <role-separator>:</role-separator>" + "          <user username='test' password='a1234'>" + "            <role>monitor</role>" + "            <role>hazelcast</role>" + "          </user>" + "          <user username='dev' password='secret'>" + "            <role>root</role>" + "          </user>" + "        </simple>" + "      </authentication>" + "    </realm>" + "  </realms>" + "  <member-authentication realm='mr'/>\n" + "  <client-authentication realm='cr'/>\n" + "  <client-permission-policy class-name=\"MyPermissionPolicy\">\n" + "    <properties>\n" + "      <property name=\"permission-property\">permission-value</property>\n" + "    </properties>\n" + "  </client-permission-policy>" + "</security>" + HAZELCAST_END_TAG;
    Config config = buildConfig(xml);
    SecurityConfig securityConfig = config.getSecurityConfig();
    List<SecurityInterceptorConfig> interceptorConfigs = securityConfig.getSecurityInterceptorConfigs();
    assertEquals(2, interceptorConfigs.size());
    assertEquals("foo", interceptorConfigs.get(0).className);
    assertEquals("bar", interceptorConfigs.get(1).className);
    assertFalse(securityConfig.getClientBlockUnmappedActions());
    RealmConfig memberRealm = securityConfig.getRealmConfig(securityConfig.getMemberRealm());
    CredentialsFactoryConfig memberCredentialsConfig = memberRealm.getCredentialsFactoryConfig();
    assertEquals("MyCredentialsFactory", memberCredentialsConfig.getClassName());
    assertEquals(1, memberCredentialsConfig.getProperties().size());
    assertEquals("value", memberCredentialsConfig.getProperties().getProperty("property"));
    List<LoginModuleConfig> memberLoginModuleConfigs = memberRealm.getJaasAuthenticationConfig().getLoginModuleConfigs();
    assertEquals(2, memberLoginModuleConfigs.size());
    Iterator<LoginModuleConfig> memberLoginIterator = memberLoginModuleConfigs.iterator();
    LoginModuleConfig memberLoginModuleCfg1 = memberLoginIterator.next();
    assertEquals("MyRequiredLoginModule", memberLoginModuleCfg1.getClassName());
    assertEquals(LoginModuleUsage.REQUIRED, memberLoginModuleCfg1.getUsage());
    assertEquals(1, memberLoginModuleCfg1.getProperties().size());
    assertEquals("login-value", memberLoginModuleCfg1.getProperties().getProperty("login-property"));
    LoginModuleConfig memberLoginModuleCfg2 = memberLoginIterator.next();
    assertEquals("MyRequiredLoginModule2", memberLoginModuleCfg2.getClassName());
    assertEquals(LoginModuleUsage.SUFFICIENT, memberLoginModuleCfg2.getUsage());
    assertEquals(1, memberLoginModuleCfg2.getProperties().size());
    assertEquals("login-value2", memberLoginModuleCfg2.getProperties().getProperty("login-property2"));
    RealmConfig clientRealm = securityConfig.getRealmConfig(securityConfig.getClientRealm());
    List<LoginModuleConfig> clientLoginModuleConfigs = clientRealm.getJaasAuthenticationConfig().getLoginModuleConfigs();
    assertEquals(2, clientLoginModuleConfigs.size());
    Iterator<LoginModuleConfig> clientLoginIterator = clientLoginModuleConfigs.iterator();
    LoginModuleConfig clientLoginModuleCfg1 = clientLoginIterator.next();
    assertEquals("MyOptionalLoginModule", clientLoginModuleCfg1.getClassName());
    assertEquals(LoginModuleUsage.OPTIONAL, clientLoginModuleCfg1.getUsage());
    assertEquals(1, clientLoginModuleCfg1.getProperties().size());
    assertEquals("client-value", clientLoginModuleCfg1.getProperties().getProperty("client-property"));
    LoginModuleConfig clientLoginModuleCfg2 = clientLoginIterator.next();
    assertEquals("MyRequiredLoginModule", clientLoginModuleCfg2.getClassName());
    assertEquals(LoginModuleUsage.REQUIRED, clientLoginModuleCfg2.getUsage());
    assertEquals(1, clientLoginModuleCfg2.getProperties().size());
    assertEquals("client-value2", clientLoginModuleCfg2.getProperties().getProperty("client-property2"));
    TokenIdentityConfig tokenIdentityConfig = clientRealm.getTokenIdentityConfig();
    assertEquals(TokenEncoding.BASE64, tokenIdentityConfig.getEncoding());
    assertArrayEquals(ConfigXmlGenerator.MASK_FOR_SENSITIVE_DATA.getBytes(US_ASCII), tokenIdentityConfig.getToken());
    RealmConfig kerberosRealm = securityConfig.getRealmConfig("kerberos");
    assertNotNull(kerberosRealm);
    KerberosIdentityConfig kerbIdentity = kerberosRealm.getKerberosIdentityConfig();
    assertNotNull(kerbIdentity);
    assertEquals("HAZELCAST.COM", kerbIdentity.getRealm());
    assertEquals("krb5Initializer", kerbIdentity.getSecurityRealm());
    assertEquals("jduke@HAZELCAST.COM", kerbIdentity.getPrincipal());
    assertEquals("/opt/jduke.keytab", kerbIdentity.getKeytabFile());
    assertTrue(kerbIdentity.getUseCanonicalHostname());
    KerberosAuthenticationConfig kerbAuthentication = kerberosRealm.getKerberosAuthenticationConfig();
    assertNotNull(kerbAuthentication);
    assertEquals(Boolean.TRUE, kerbAuthentication.getRelaxFlagsCheck());
    assertEquals(Boolean.FALSE, kerbAuthentication.getSkipRole());
    assertNull(kerbAuthentication.getSkipIdentity());
    assertEquals("krb5Acceptor", kerbAuthentication.getSecurityRealm());
    assertEquals("jduke@HAZELCAST.COM", kerbAuthentication.getPrincipal());
    assertEquals("/opt/jduke.keytab", kerbAuthentication.getKeytabFile());
    assertTrue(kerbAuthentication.getUseNameWithoutRealm());
    LdapAuthenticationConfig kerbLdapAuthentication = kerbAuthentication.getLdapAuthenticationConfig();
    assertNotNull(kerbLdapAuthentication);
    assertEquals("ldap://127.0.0.1", kerbLdapAuthentication.getUrl());
    RealmConfig simpleRealm = securityConfig.getRealmConfig("simple");
    assertNotNull(simpleRealm);
    SimpleAuthenticationConfig simpleAuthnCfg = simpleRealm.getSimpleAuthenticationConfig();
    assertNotNull(simpleAuthnCfg);
    assertEquals(2, simpleAuthnCfg.getUsernames().size());
    assertTrue(simpleAuthnCfg.getUsernames().contains("test"));
    assertEquals("a1234", simpleAuthnCfg.getPassword("test"));
    assertEquals(":", simpleAuthnCfg.getRoleSeparator());
    Set<String> expectedRoles = new HashSet<>();
    expectedRoles.add("monitor");
    expectedRoles.add("hazelcast");
    assertEquals(expectedRoles, simpleAuthnCfg.getRoles("test"));
    assertEquals(Boolean.TRUE, simpleAuthnCfg.getSkipRole());
    // client-permission-policy
    PermissionPolicyConfig permissionPolicyConfig = securityConfig.getClientPolicyConfig();
    assertEquals("MyPermissionPolicy", permissionPolicyConfig.getClassName());
    assertEquals(1, permissionPolicyConfig.getProperties().size());
    assertEquals("permission-value", permissionPolicyConfig.getProperties().getProperty("permission-property"));
}
Also used : RealmConfig(com.hazelcast.config.security.RealmConfig) TokenIdentityConfig(com.hazelcast.config.security.TokenIdentityConfig) TokenIdentityConfig(com.hazelcast.config.security.TokenIdentityConfig) LdapAuthenticationConfig(com.hazelcast.config.security.LdapAuthenticationConfig) SemaphoreConfig(com.hazelcast.config.cp.SemaphoreConfig) CPSubsystemConfig(com.hazelcast.config.cp.CPSubsystemConfig) RaftAlgorithmConfig(com.hazelcast.config.cp.RaftAlgorithmConfig) SimpleAuthenticationConfig(com.hazelcast.config.security.SimpleAuthenticationConfig) KerberosIdentityConfig(com.hazelcast.config.security.KerberosIdentityConfig) KerberosAuthenticationConfig(com.hazelcast.config.security.KerberosAuthenticationConfig) RealmConfig(com.hazelcast.config.security.RealmConfig) FencedLockConfig(com.hazelcast.config.cp.FencedLockConfig) KerberosIdentityConfig(com.hazelcast.config.security.KerberosIdentityConfig) LdapAuthenticationConfig(com.hazelcast.config.security.LdapAuthenticationConfig) KerberosAuthenticationConfig(com.hazelcast.config.security.KerberosAuthenticationConfig) SimpleAuthenticationConfig(com.hazelcast.config.security.SimpleAuthenticationConfig) HashSet(java.util.HashSet) ParallelJVMTest(com.hazelcast.test.annotation.ParallelJVMTest) QuickTest(com.hazelcast.test.annotation.QuickTest) Test(org.junit.Test)

Example 20 with RealmConfig

use of com.hazelcast.config.security.RealmConfig in project hazelcast by hazelcast.

the class ConfigXmlGeneratorTest method testTokenAuthenticationConfig.

@Test
public void testTokenAuthenticationConfig() {
    Config cfg = new Config();
    SecurityConfig expectedConfig = new SecurityConfig().setClientRealmConfig("cRealm", new RealmConfig().setTokenIdentityConfig(new TokenIdentityConfig(TokenEncoding.NONE, "ahoj"))).setMemberRealmConfig("mRealm", new RealmConfig().setTokenIdentityConfig(new TokenIdentityConfig(TokenEncoding.BASE64, "bmF6ZGFy")));
    cfg.setSecurityConfig(expectedConfig);
    SecurityConfig actualConfig = getNewConfigViaXMLGenerator(cfg, false).getSecurityConfig();
    assertEquals(expectedConfig, actualConfig);
}
Also used : RealmConfig(com.hazelcast.config.security.RealmConfig) TokenIdentityConfig(com.hazelcast.config.security.TokenIdentityConfig) TlsAuthenticationConfig(com.hazelcast.config.security.TlsAuthenticationConfig) TokenIdentityConfig(com.hazelcast.config.security.TokenIdentityConfig) LdapAuthenticationConfig(com.hazelcast.config.security.LdapAuthenticationConfig) SemaphoreConfig(com.hazelcast.config.cp.SemaphoreConfig) CPSubsystemConfig(com.hazelcast.config.cp.CPSubsystemConfig) SimpleAuthenticationConfig(com.hazelcast.config.security.SimpleAuthenticationConfig) KerberosIdentityConfig(com.hazelcast.config.security.KerberosIdentityConfig) KerberosAuthenticationConfig(com.hazelcast.config.security.KerberosAuthenticationConfig) RealmConfig(com.hazelcast.config.security.RealmConfig) JaasAuthenticationConfig(com.hazelcast.config.security.JaasAuthenticationConfig) JetConfig(com.hazelcast.jet.config.JetConfig) FencedLockConfig(com.hazelcast.config.cp.FencedLockConfig) ParallelJVMTest(com.hazelcast.test.annotation.ParallelJVMTest) QuickTest(com.hazelcast.test.annotation.QuickTest) Test(org.junit.Test)

Aggregations

RealmConfig (com.hazelcast.config.security.RealmConfig)23 Test (org.junit.Test)18 QuickTest (com.hazelcast.test.annotation.QuickTest)16 JaasAuthenticationConfig (com.hazelcast.config.security.JaasAuthenticationConfig)12 KerberosIdentityConfig (com.hazelcast.config.security.KerberosIdentityConfig)11 ParallelJVMTest (com.hazelcast.test.annotation.ParallelJVMTest)11 KerberosAuthenticationConfig (com.hazelcast.config.security.KerberosAuthenticationConfig)10 SimpleAuthenticationConfig (com.hazelcast.config.security.SimpleAuthenticationConfig)10 CPSubsystemConfig (com.hazelcast.config.cp.CPSubsystemConfig)9 FencedLockConfig (com.hazelcast.config.cp.FencedLockConfig)9 SemaphoreConfig (com.hazelcast.config.cp.SemaphoreConfig)9 LdapAuthenticationConfig (com.hazelcast.config.security.LdapAuthenticationConfig)9 TokenIdentityConfig (com.hazelcast.config.security.TokenIdentityConfig)9 TlsAuthenticationConfig (com.hazelcast.config.security.TlsAuthenticationConfig)7 JetConfig (com.hazelcast.jet.config.JetConfig)7 LoginModuleConfig (com.hazelcast.config.LoginModuleConfig)5 Config (com.hazelcast.config.Config)3 CredentialsFactoryConfig (com.hazelcast.config.CredentialsFactoryConfig)3 PartitionGroupConfig (com.hazelcast.config.PartitionGroupConfig)3 HashSet (java.util.HashSet)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial