Examples with KerberosPrincipal javax.security.auth.kerberos.KerberosPrincipal used on opensource projects

Example 11 with KerberosPrincipal

use of javax.security.auth.kerberos.KerberosPrincipal in project karaf by apache.

the class GSSAPILdapLoginModuleTest method testSuccess.

@Test
public void testSuccess() throws Exception {
    Properties options = ldapLoginModuleOptions();
    GSSAPILdapLoginModule module = new GSSAPILdapLoginModule();
    Subject subject = new Subject();
    module.initialize(subject, new NamePasswordCallbackHandler("hnelson", "secret"), null, options);
    assertEquals("Precondition", 0, subject.getPrincipals().size());
    assertTrue(module.login());
    assertTrue(module.commit());
    assertEquals(3, subject.getPrincipals().size());
    boolean foundKrb5User = false;
    boolean foundUser = false;
    boolean foundRole = false;
    boolean foundTicket = false;
    for (Principal pr : subject.getPrincipals()) {
        if (pr instanceof KerberosPrincipal) {
            assertEquals("hnelson@EXAMPLE.COM", pr.getName());
            foundKrb5User = true;
        } else if (pr instanceof UserPrincipal) {
            assertEquals("hnelson", pr.getName());
            foundUser = true;
        } else if (pr instanceof RolePrincipal) {
            assertEquals("admin", pr.getName());
            foundRole = true;
        }
    }
    for (Object crd : subject.getPrivateCredentials()) {
        if (crd instanceof KerberosTicket) {
            assertEquals("hnelson@EXAMPLE.COM", ((KerberosTicket) crd).getClient().getName());
            assertEquals("krbtgt/EXAMPLE.COM@EXAMPLE.COM", ((KerberosTicket) crd).getServer().getName());
            foundTicket = true;
            break;
        }
    }
    assertTrue("Principals should contains kerberos user", foundKrb5User);
    assertTrue("Principals should contains ldap user", foundUser);
    assertTrue("Principals should contains ldap role", foundRole);
    assertTrue("PricatePrincipals should contains kerberos ticket", foundTicket);
    assertTrue(module.logout());
    assertEquals("Principals should be gone as the user has logged out", 0, subject.getPrincipals().size());
}

Example 12 with KerberosPrincipal

use of javax.security.auth.kerberos.KerberosPrincipal in project activemq-artemis by apache.

the class GSSAPIServerSASL method processSASL.

@Override
public byte[] processSASL(byte[] bytes) {
    try {
        if (jaasId == null) {
            // populate subject with acceptor private credentials
            LoginContext loginContext = new LoginContext(loginConfigScope);
            loginContext.login();
            jaasId = loginContext.getSubject();
        }
        if (saslServer == null) {
            saslServer = Subject.doAs(jaasId, (PrivilegedExceptionAction<SaslServer>) () -> Sasl.createSaslServer(NAME, null, null, new HashMap<String, String>(), new CallbackHandler() {

                @Override
                public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
                    for (Callback callback : callbacks) {
                        if (callback instanceof AuthorizeCallback) {
                            AuthorizeCallback authorizeCallback = (AuthorizeCallback) callback;
                            // only ok to authenticate as self
                            authorizeCallback.setAuthorized(authorizeCallback.getAuthenticationID().equals(authorizeCallback.getAuthorizationID()));
                        }
                    }
                }
            }));
        }
        byte[] challenge = Subject.doAs(jaasId, (PrivilegedExceptionAction<byte[]>) () -> saslServer.evaluateResponse(bytes));
        if (saslServer.isComplete()) {
            result = new PrincipalSASLResult(true, new KerberosPrincipal(saslServer.getAuthorizationID()));
        }
        return challenge;
    } catch (Exception outOfHere) {
        log.info("Error on sasl input: " + outOfHere.toString(), outOfHere);
        result = new PrincipalSASLResult(false, null);
    }
    return null;
}

Example 13 with KerberosPrincipal

use of javax.security.auth.kerberos.KerberosPrincipal in project registry by hortonworks.

the class TestKerberosAuthenticationHandler method testDynamicPrincipalDiscovery.

// dynamic configuration of HTTP principals
@Test(timeout = 60000)
public void testDynamicPrincipalDiscovery() throws Exception {
    String[] keytabUsers = new String[] { "HTTP/host1", "HTTP/host2", "HTTP2/host1", "XHTTP/host" };
    String keytab = KerberosTestUtils.getKeytabFile();
    getKdc().createPrincipal(new File(keytab), keytabUsers);
    // destroy handler created in setUp()
    handler.destroy();
    Properties props = new Properties();
    props.setProperty(KerberosAuthenticationHandler.KEYTAB, keytab);
    props.setProperty(KerberosAuthenticationHandler.PRINCIPAL, "*");
    handler = getNewAuthenticationHandler();
    handler.init(props);
    Assert.assertEquals(KerberosTestUtils.getKeytabFile(), handler.getKeytab());
    Set<KerberosPrincipal> loginPrincipals = handler.getPrincipals();
    for (String user : keytabUsers) {
        Principal principal = new KerberosPrincipal(user + "@" + KerberosTestUtils.getRealm());
        boolean expected = user.startsWith("HTTP/");
        Assert.assertEquals("checking for " + user, expected, loginPrincipals.contains(principal));
    }
}

Example 14 with KerberosPrincipal

use of javax.security.auth.kerberos.KerberosPrincipal in project registry by hortonworks.

the class KerberosTestUtils method doAs.

public static <T> T doAs(String principal, final Callable<T> callable) throws Exception {
    LoginContext loginContext = null;
    try {
        Set<Principal> principals = new HashSet<Principal>();
        principals.add(new KerberosPrincipal(KerberosTestUtils.getClientPrincipal()));
        Subject subject = new Subject(false, principals, new HashSet<Object>(), new HashSet<Object>());
        loginContext = new LoginContext("", subject, null, new KerberosConfiguration(principal));
        loginContext.login();
        subject = loginContext.getSubject();
        return Subject.doAs(subject, new PrivilegedExceptionAction<T>() {

            @Override
            public T run() throws Exception {
                return callable.call();
            }
        });
    } catch (PrivilegedActionException ex) {
        throw ex.getException();
    } finally {
        if (loginContext != null) {
            loginContext.logout();
        }
    }
}

Example 15 with KerberosPrincipal

use of javax.security.auth.kerberos.KerberosPrincipal in project hbase by apache.

the class HttpDoAsClient method getSubject.

static Subject getSubject() throws Exception {
    if (!secure) {
        return new Subject();
    }
    /*
     * To authenticate the DemoClient, kinit should be invoked ahead.
     * Here we try to get the Kerberos credential from the ticket cache.
     */
    LoginContext context;
    if (keyTab != null) {
        // To authenticate the HttpDoAsClient using principal and keyTab
        Set<Principal> principals = new HashSet<>();
        principals.add(new KerberosPrincipal(principal));
        Subject subject = new Subject(false, principals, new HashSet<>(), new HashSet<>());
        context = new LoginContext("", subject, null, new KerberosConfiguration(principal, keyTab));
    } else {
        /*
       * To authenticate the HttpDoAsClient, kinit should be invoked ahead. Here we try to
       * get the Kerberos credential from the ticket cache.
       */
        context = new LoginContext("", new Subject(), null, new KerberosConfiguration());
    }
    context.login();
    return context.getSubject();
}