use of javax.security.auth.kerberos.KerberosPrincipal in project hadoop by apache.
the class TestSecureLogins method createLoginContextZookeeperLocalhost.
public LoginContext createLoginContextZookeeperLocalhost() throws LoginException {
String principalAndRealm = getPrincipalAndRealm(ZOOKEEPER_LOCALHOST);
Set<Principal> principals = new HashSet<Principal>();
principals.add(new KerberosPrincipal(ZOOKEEPER_LOCALHOST));
Subject subject = new Subject(false, principals, new HashSet<Object>(), new HashSet<Object>());
return new LoginContext("", subject, null, KerberosConfiguration.createServerConfig(ZOOKEEPER_LOCALHOST, keytab_zk));
}
use of javax.security.auth.kerberos.KerberosPrincipal in project hadoop by apache.
the class TestWebDelegationToken method doAsKerberosUser.
public static <T> T doAsKerberosUser(String principal, String keytab, final Callable<T> callable) throws Exception {
LoginContext loginContext = null;
try {
Set<Principal> principals = new HashSet<Principal>();
principals.add(new KerberosPrincipal(principal));
Subject subject = new Subject(false, principals, new HashSet<Object>(), new HashSet<Object>());
loginContext = new LoginContext("", subject, null, new KerberosConfiguration(principal, keytab));
loginContext.login();
subject = loginContext.getSubject();
return Subject.doAs(subject, new PrivilegedExceptionAction<T>() {
@Override
public T run() throws Exception {
return callable.call();
}
});
} catch (PrivilegedActionException ex) {
throw ex.getException();
} finally {
if (loginContext != null) {
loginContext.logout();
}
}
}
use of javax.security.auth.kerberos.KerberosPrincipal in project jdk8u_jdk by JetBrains.
the class ServiceCredsCombination method check.
/**
* Checks the correct bound
* @param a get a creds for this principal, null for default one
* @param b expected name, null for still unbound, "NOCRED" for no creds
* @param objs princs, keys and keytabs in the subject
*/
private static void check(final String a, String b, Object... objs) throws Exception {
Subject subj = new Subject();
for (Object obj : objs) {
if (obj instanceof KerberosPrincipal) {
subj.getPrincipals().add((KerberosPrincipal) obj);
} else if (obj instanceof KerberosKey || obj instanceof KeyTab) {
subj.getPrivateCredentials().add(obj);
}
}
final GSSManager man = GSSManager.getInstance();
try {
String result = Subject.doAs(subj, new PrivilegedExceptionAction<String>() {
@Override
public String run() throws GSSException {
GSSCredential cred = man.createCredential(a == null ? null : man.createName(r(a), null), GSSCredential.INDEFINITE_LIFETIME, GSSUtil.GSS_KRB5_MECH_OID, GSSCredential.ACCEPT_ONLY);
GSSName name = cred.getName();
return name == null ? null : name.toString();
}
});
if (!Objects.equals(result, r(b))) {
throw new Exception("Check failed: getInstance(" + a + ") has name " + result + ", not " + b);
}
} catch (PrivilegedActionException e) {
if (!"NOCRED".equals(b)) {
throw new Exception("Check failed: getInstance(" + a + ") is null " + ", but not one with name " + b);
}
}
}
use of javax.security.auth.kerberos.KerberosPrincipal in project jdk8u_jdk by JetBrains.
the class Implies method main.
public static void main(String[] args) throws Exception {
X500Principal duke = new X500Principal("CN=Duke");
// should not throw NullPointerException
testImplies(duke, (Subject) null, false);
Set<Principal> principals = new HashSet<>();
principals.add(duke);
testImplies(duke, principals, true);
X500Principal tux = new X500Principal("CN=Tux");
principals.add(tux);
testImplies(duke, principals, true);
principals.add(new KerberosPrincipal("duke@java.com"));
testImplies(duke, principals, true);
principals.clear();
principals.add(tux);
testImplies(duke, principals, false);
System.out.println("test passed");
}
use of javax.security.auth.kerberos.KerberosPrincipal in project presto by prestodb.
the class SpnegoFilter method authenticate.
private Optional<Result> authenticate(String token) throws GSSException {
GSSContext context = doAs(loginContext.getSubject(), () -> gssManager.createContext(serverCredential));
try {
byte[] inputToken = Base64.getDecoder().decode(token);
byte[] outputToken = context.acceptSecContext(inputToken, 0, inputToken.length);
// if it can't be set up in a single challenge-response cycle
if (context.isEstablished()) {
return Optional.of(new Result(Optional.ofNullable(outputToken), new KerberosPrincipal(context.getSrcName().toString())));
}
LOG.debug("Failed to establish GSS context for token %s", token);
} catch (GSSException e) {
// ignore and fail the authentication
LOG.debug(e, "Authentication failed for token %s", token);
} finally {
try {
context.dispose();
} catch (GSSException e) {
// ignore
}
}
return Optional.empty();
}
Aggregations