Examples with Subject - javax.security.auth.Subject

Example 6 with Subject

use of javax.security.auth.Subject in project hadoop by apache.

the class TestWebDelegationToken method doAsKerberosUser.

public static <T> T doAsKerberosUser(String principal, String keytab, final Callable<T> callable) throws Exception {
    LoginContext loginContext = null;
    try {
        Set<Principal> principals = new HashSet<Principal>();
        principals.add(new KerberosPrincipal(principal));
        Subject subject = new Subject(false, principals, new HashSet<Object>(), new HashSet<Object>());
        loginContext = new LoginContext("", subject, null, new KerberosConfiguration(principal, keytab));
        loginContext.login();
        subject = loginContext.getSubject();
        return Subject.doAs(subject, new PrivilegedExceptionAction<T>() {

            @Override
            public T run() throws Exception {
                return callable.call();
            }
        });
    } catch (PrivilegedActionException ex) {
        throw ex.getException();
    } finally {
        if (loginContext != null) {
            loginContext.logout();
        }
    }
}

Also used : KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) PrivilegedActionException(java.security.PrivilegedActionException) Subject(javax.security.auth.Subject) AuthenticationException(org.apache.hadoop.security.authentication.client.AuthenticationException) ServletException(javax.servlet.ServletException) PrivilegedActionException(java.security.PrivilegedActionException) IOException(java.io.IOException) LoginContext(javax.security.auth.login.LoginContext) KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) Principal(java.security.Principal) HashSet(java.util.HashSet)

Example 7 with Subject

use of javax.security.auth.Subject in project hadoop by apache.

the class TestUserGroupInformation method testCheckTGTAfterLoginFromSubjectHelper.

private void testCheckTGTAfterLoginFromSubjectHelper() throws Exception {
    // security on, default is remove default realm
    SecurityUtil.setAuthenticationMethod(AuthenticationMethod.KERBEROS, conf);
    UserGroupInformation.setConfiguration(conf);
    // Login from a pre-set subject with a keytab
    final Subject subject = new Subject();
    KeyTab keytab = KeyTab.getInstance();
    subject.getPrivateCredentials().add(keytab);
    UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
    ugi.doAs(new PrivilegedExceptionAction<Void>() {

        @Override
        public Void run() throws IOException {
            UserGroupInformation.loginUserFromSubject(subject);
            // this should not throw.
            UserGroupInformation.getLoginUser().checkTGTAndReloginFromKeytab();
            return null;
        }
    });
}

Also used : KeyTab(javax.security.auth.kerberos.KeyTab) IOException(java.io.IOException) Subject(javax.security.auth.Subject)

Example 8 with Subject

use of javax.security.auth.Subject in project hadoop by apache.

the class RegistryTestHelper method logLoginDetails.

/**
   * Log the details of a login context
   * @param name name to assert that the user is logged in as
   * @param loginContext the login context
   */
public static void logLoginDetails(String name, LoginContext loginContext) {
    assertNotNull("Null login context", loginContext);
    Subject subject = loginContext.getSubject();
    LOG.info("Logged in as {}:\n {}", name, subject);
}

Also used : Subject(javax.security.auth.Subject)

Example 9 with Subject

use of javax.security.auth.Subject in project hadoop by apache.

the class TestSecureLogins method createLoginContextZookeeperLocalhost.

public LoginContext createLoginContextZookeeperLocalhost() throws LoginException {
    String principalAndRealm = getPrincipalAndRealm(ZOOKEEPER_LOCALHOST);
    Set<Principal> principals = new HashSet<Principal>();
    principals.add(new KerberosPrincipal(ZOOKEEPER_LOCALHOST));
    Subject subject = new Subject(false, principals, new HashSet<Object>(), new HashSet<Object>());
    return new LoginContext("", subject, null, KerberosConfiguration.createServerConfig(ZOOKEEPER_LOCALHOST, keytab_zk));
}

Also used : KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) LoginContext(javax.security.auth.login.LoginContext) KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) Principal(java.security.Principal) Subject(javax.security.auth.Subject) HashSet(java.util.HashSet)

Example 10 with Subject

use of javax.security.auth.Subject in project hbase by apache.

the class DemoClient method getSubject.

static Subject getSubject() throws Exception {
    if (!secure)
        return new Subject();
    /*
       * To authenticate the DemoClient, kinit should be invoked ahead.
       * Here we try to get the Kerberos credential from the ticket cache.
       */
    LoginContext context = new LoginContext("", new Subject(), null, new Configuration() {

        @Override
        public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
            Map<String, String> options = new HashMap<>();
            options.put("useKeyTab", "false");
            options.put("storeKey", "false");
            options.put("doNotPrompt", "true");
            options.put("useTicketCache", "true");
            options.put("renewTGT", "true");
            options.put("refreshKrb5Config", "true");
            options.put("isInitiator", "true");
            String ticketCache = System.getenv("KRB5CCNAME");
            if (ticketCache != null) {
                options.put("ticketCache", ticketCache);
            }
            options.put("debug", "true");
            return new AppConfigurationEntry[] { new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options) };
        }
    });
    context.login();
    return context.getSubject();
}

Also used : AppConfigurationEntry(javax.security.auth.login.AppConfigurationEntry) LoginContext(javax.security.auth.login.LoginContext) Configuration(javax.security.auth.login.Configuration) HashMap(java.util.HashMap) Map(java.util.Map) TreeMap(java.util.TreeMap) SortedMap(java.util.SortedMap) Subject(javax.security.auth.Subject)

Aggregations

Subject (javax.security.auth.Subject)669 Test (org.testng.annotations.Test)131 Test (org.junit.Test)122 HashMap (java.util.HashMap)120 Principal (java.security.Principal)114 HashSet (java.util.HashSet)109 Set (java.util.Set)82 EntitlementException (com.sun.identity.entitlement.EntitlementException)64 LoginContext (javax.security.auth.login.LoginContext)62 LoginException (javax.security.auth.login.LoginException)49 ConditionDecision (com.sun.identity.entitlement.ConditionDecision)47 ResourceResponse (org.forgerock.json.resource.ResourceResponse)47 RealmContext (org.forgerock.openam.rest.RealmContext)46 Context (org.forgerock.services.context.Context)41 SSOToken (com.iplanet.sso.SSOToken)40 IOException (java.io.IOException)40 ClientContext (org.forgerock.services.context.ClientContext)40 Map (java.util.Map)38 SSOTokenContext (org.forgerock.openam.rest.resource.SSOTokenContext)38 ResourceException (org.forgerock.json.resource.ResourceException)37