Search in sources :

Example 1 with KerberosPrincipal

use of javax.security.auth.kerberos.KerberosPrincipal in project hadoop by apache.

the class TestSecureLogins method createLoginContextZookeeperLocalhost.

public LoginContext createLoginContextZookeeperLocalhost() throws LoginException {
    String principalAndRealm = getPrincipalAndRealm(ZOOKEEPER_LOCALHOST);
    Set<Principal> principals = new HashSet<Principal>();
    principals.add(new KerberosPrincipal(ZOOKEEPER_LOCALHOST));
    Subject subject = new Subject(false, principals, new HashSet<Object>(), new HashSet<Object>());
    return new LoginContext("", subject, null, KerberosConfiguration.createServerConfig(ZOOKEEPER_LOCALHOST, keytab_zk));
}
Also used : KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) LoginContext(javax.security.auth.login.LoginContext) KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) Principal(java.security.Principal) Subject(javax.security.auth.Subject) HashSet(java.util.HashSet)

Example 2 with KerberosPrincipal

use of javax.security.auth.kerberos.KerberosPrincipal in project hadoop by apache.

the class TestWebDelegationToken method doAsKerberosUser.

public static <T> T doAsKerberosUser(String principal, String keytab, final Callable<T> callable) throws Exception {
    LoginContext loginContext = null;
    try {
        Set<Principal> principals = new HashSet<Principal>();
        principals.add(new KerberosPrincipal(principal));
        Subject subject = new Subject(false, principals, new HashSet<Object>(), new HashSet<Object>());
        loginContext = new LoginContext("", subject, null, new KerberosConfiguration(principal, keytab));
        loginContext.login();
        subject = loginContext.getSubject();
        return Subject.doAs(subject, new PrivilegedExceptionAction<T>() {

            @Override
            public T run() throws Exception {
                return callable.call();
            }
        });
    } catch (PrivilegedActionException ex) {
        throw ex.getException();
    } finally {
        if (loginContext != null) {
            loginContext.logout();
        }
    }
}
Also used : KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) PrivilegedActionException(java.security.PrivilegedActionException) Subject(javax.security.auth.Subject) AuthenticationException(org.apache.hadoop.security.authentication.client.AuthenticationException) ServletException(javax.servlet.ServletException) PrivilegedActionException(java.security.PrivilegedActionException) IOException(java.io.IOException) LoginContext(javax.security.auth.login.LoginContext) KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) Principal(java.security.Principal) HashSet(java.util.HashSet)

Example 3 with KerberosPrincipal

use of javax.security.auth.kerberos.KerberosPrincipal in project jdk8u_jdk by JetBrains.

the class ServiceCredsCombination method check.

/**
     * Checks the correct bound
     * @param a get a creds for this principal, null for default one
     * @param b expected name, null for still unbound, "NOCRED" for no creds
     * @param objs princs, keys and keytabs in the subject
     */
private static void check(final String a, String b, Object... objs) throws Exception {
    Subject subj = new Subject();
    for (Object obj : objs) {
        if (obj instanceof KerberosPrincipal) {
            subj.getPrincipals().add((KerberosPrincipal) obj);
        } else if (obj instanceof KerberosKey || obj instanceof KeyTab) {
            subj.getPrivateCredentials().add(obj);
        }
    }
    final GSSManager man = GSSManager.getInstance();
    try {
        String result = Subject.doAs(subj, new PrivilegedExceptionAction<String>() {

            @Override
            public String run() throws GSSException {
                GSSCredential cred = man.createCredential(a == null ? null : man.createName(r(a), null), GSSCredential.INDEFINITE_LIFETIME, GSSUtil.GSS_KRB5_MECH_OID, GSSCredential.ACCEPT_ONLY);
                GSSName name = cred.getName();
                return name == null ? null : name.toString();
            }
        });
        if (!Objects.equals(result, r(b))) {
            throw new Exception("Check failed: getInstance(" + a + ") has name " + result + ", not " + b);
        }
    } catch (PrivilegedActionException e) {
        if (!"NOCRED".equals(b)) {
            throw new Exception("Check failed: getInstance(" + a + ") is null " + ", but not one with name " + b);
        }
    }
}
Also used : KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) GSSName(org.ietf.jgss.GSSName) PrivilegedActionException(java.security.PrivilegedActionException) Subject(javax.security.auth.Subject) PrivilegedActionException(java.security.PrivilegedActionException) GSSException(org.ietf.jgss.GSSException) KerberosKey(javax.security.auth.kerberos.KerberosKey) GSSException(org.ietf.jgss.GSSException) KeyTab(javax.security.auth.kerberos.KeyTab) GSSCredential(org.ietf.jgss.GSSCredential) GSSManager(org.ietf.jgss.GSSManager)

Example 4 with KerberosPrincipal

use of javax.security.auth.kerberos.KerberosPrincipal in project jdk8u_jdk by JetBrains.

the class Implies method main.

public static void main(String[] args) throws Exception {
    X500Principal duke = new X500Principal("CN=Duke");
    // should not throw NullPointerException
    testImplies(duke, (Subject) null, false);
    Set<Principal> principals = new HashSet<>();
    principals.add(duke);
    testImplies(duke, principals, true);
    X500Principal tux = new X500Principal("CN=Tux");
    principals.add(tux);
    testImplies(duke, principals, true);
    principals.add(new KerberosPrincipal("duke@java.com"));
    testImplies(duke, principals, true);
    principals.clear();
    principals.add(tux);
    testImplies(duke, principals, false);
    System.out.println("test passed");
}
Also used : KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) X500Principal(javax.security.auth.x500.X500Principal) Principal(java.security.Principal) X500Principal(javax.security.auth.x500.X500Principal) KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) HashSet(java.util.HashSet)

Example 5 with KerberosPrincipal

use of javax.security.auth.kerberos.KerberosPrincipal in project presto by prestodb.

the class SpnegoFilter method authenticate.

private Optional<Result> authenticate(String token) throws GSSException {
    GSSContext context = doAs(loginContext.getSubject(), () -> gssManager.createContext(serverCredential));
    try {
        byte[] inputToken = Base64.getDecoder().decode(token);
        byte[] outputToken = context.acceptSecContext(inputToken, 0, inputToken.length);
        // if it can't be set up in a single challenge-response cycle
        if (context.isEstablished()) {
            return Optional.of(new Result(Optional.ofNullable(outputToken), new KerberosPrincipal(context.getSrcName().toString())));
        }
        LOG.debug("Failed to establish GSS context for token %s", token);
    } catch (GSSException e) {
        // ignore and fail the authentication
        LOG.debug(e, "Authentication failed for token %s", token);
    } finally {
        try {
            context.dispose();
        } catch (GSSException e) {
        // ignore
        }
    }
    return Optional.empty();
}
Also used : KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) GSSException(org.ietf.jgss.GSSException) GSSContext(org.ietf.jgss.GSSContext)

Aggregations

KerberosPrincipal (javax.security.auth.kerberos.KerberosPrincipal)71 Principal (java.security.Principal)36 Subject (javax.security.auth.Subject)31 HashSet (java.util.HashSet)21 LoginContext (javax.security.auth.login.LoginContext)20 Test (org.junit.Test)14 X500Principal (javax.security.auth.x500.X500Principal)13 KerberosTicket (javax.security.auth.kerberos.KerberosTicket)11 IOException (java.io.IOException)10 File (java.io.File)9 KerberosKey (javax.security.auth.kerberos.KerberosKey)9 PrivilegedActionException (java.security.PrivilegedActionException)8 StringTokenizer (java.util.StringTokenizer)6 PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)3 ArrayList (java.util.ArrayList)3 Date (java.util.Date)3 HashMap (java.util.HashMap)3 Properties (java.util.Properties)3 CallbackHandler (javax.security.auth.callback.CallbackHandler)3 KeyTab (javax.security.auth.kerberos.KeyTab)3