Example 21 with KerberosPrincipal
use of javax.security.auth.kerberos.KerberosPrincipal in project zookeeper by apache.
the class MiniKdcTest method testKerberosLogin.
@Test
@Timeout(value = 60)
public void testKerberosLogin() throws Exception {
MiniKdc kdc = getKdc();
File workDir = getWorkDir();
LoginContext loginContext = null;
try {
String principal = "foo";
File keytab = new File(workDir, "foo.keytab");
kdc.createPrincipal(keytab, principal);
Set<Principal> principals = new HashSet<Principal>();
principals.add(new KerberosPrincipal(principal));
// client login
Subject subject = new Subject(false, principals, new HashSet<Object>(), new HashSet<Object>());
loginContext = new LoginContext("", subject, null, KerberosConfiguration.createClientConfig(principal, keytab));
loginContext.login();
subject = loginContext.getSubject();
assertEquals(1, subject.getPrincipals().size());
assertEquals(KerberosPrincipal.class, subject.getPrincipals().iterator().next().getClass());
assertEquals(principal + "@" + kdc.getRealm(), subject.getPrincipals().iterator().next().getName());
loginContext.logout();
// server login
subject = new Subject(false, principals, new HashSet<Object>(), new HashSet<Object>());
loginContext = new LoginContext("", subject, null, KerberosConfiguration.createServerConfig(principal, keytab));
loginContext.login();
subject = loginContext.getSubject();
assertEquals(1, subject.getPrincipals().size());
assertEquals(KerberosPrincipal.class, subject.getPrincipals().iterator().next().getClass());
assertEquals(principal + "@" + kdc.getRealm(), subject.getPrincipals().iterator().next().getName());
loginContext.logout();
} finally {
if (loginContext != null && loginContext.getSubject() != null && !loginContext.getSubject().getPrincipals().isEmpty()) {
loginContext.logout();
}
}
}
Also used :
KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal)
LoginContext(javax.security.auth.login.LoginContext)
File(java.io.File)
KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal)
Principal(java.security.Principal)
Subject(javax.security.auth.Subject)
HashSet(java.util.HashSet)
Test(org.junit.jupiter.api.Test)
Timeout(org.junit.jupiter.api.Timeout)
Example 22 with KerberosPrincipal
use of javax.security.auth.kerberos.KerberosPrincipal in project zookeeper by apache.
the class Login method getTGT.
private synchronized KerberosTicket getTGT() {
Set<KerberosTicket> tickets = subject.getPrivateCredentials(KerberosTicket.class);
for (KerberosTicket ticket : tickets) {
KerberosPrincipal server = ticket.getServer();
if (server.getName().equals("krbtgt/" + server.getRealm() + "@" + server.getRealm())) {
LOG.debug("Client principal is \"{}\".", ticket.getClient().getName());
LOG.debug("Server principal is \"{}\".", ticket.getServer().getName());
return ticket;
}
}
return null;
}
Also used :
KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal)
KerberosTicket(javax.security.auth.kerberos.KerberosTicket)
Example 23 with KerberosPrincipal
use of javax.security.auth.kerberos.KerberosPrincipal in project SSM by Intel-bigdata.
the class SecurityUtil method loginUsingKeytab.
public static Subject loginUsingKeytab(String principal, File keytabFile) throws IOException {
Set<Principal> principals = new HashSet<Principal>();
principals.add(new KerberosPrincipal(principal));
Subject subject = new Subject(false, principals, new HashSet<Object>(), new HashSet<Object>());
Configuration conf = useKeytab(principal, keytabFile);
String confName = "KeytabConf";
LoginContext loginContext = null;
try {
loginContext = new LoginContext(confName, subject, null, conf);
LOG.info("Login successful for user " + subject.getPrincipals().iterator().next().getName());
} catch (LoginException e) {
throw new IOException("Faill to create LoginContext for " + e);
}
try {
loginContext.login();
} catch (LoginException e) {
throw new IOException("Login failure for " + e);
}
return loginContext.getSubject();
}
Also used :
KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal)
LoginContext(javax.security.auth.login.LoginContext)
Configuration(javax.security.auth.login.Configuration)
LoginException(javax.security.auth.login.LoginException)
IOException(java.io.IOException)
KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal)
Principal(java.security.Principal)
Subject(javax.security.auth.Subject)
HashSet(java.util.HashSet)
Example 24 with KerberosPrincipal
use of javax.security.auth.kerberos.KerberosPrincipal in project ddf by codice.
the class SubjectUtils method getName.
/**
* Retrieves the user name from a given subject.
*
* @param subject Subject to get the user name from.
* @param defaultName Name to send back if no user name was found.
* @param returnDisplayName return formatted user name for displaying
* @return String representation of the user name if available or defaultName if no user name
* could be found or incoming subject was null.
*/
@Override
public String getName(Subject subject, String defaultName, boolean returnDisplayName) {
String name = defaultName;
if (subject != null) {
PrincipalCollection principals = subject.getPrincipals();
if (principals != null) {
Collection<SecurityAssertion> assertions = principals.byType(SecurityAssertion.class);
if (!assertions.isEmpty()) {
List<SecurityAssertion> assertionList = new ArrayList<>(assertions);
assertionList.sort(new SecurityAssertionComparator());
for (SecurityAssertion assertion : assertionList) {
Principal principal = assertion.getPrincipal();
if (principal instanceof KerberosPrincipal) {
StringTokenizer st = new StringTokenizer(principal.getName(), "@");
st = new StringTokenizer(st.nextToken(), "/");
name = st.nextToken();
} else {
name = principal.getName();
}
if (returnDisplayName) {
name = getDisplayName(principal, name);
}
if (StringUtils.isNotEmpty(name)) {
break;
}
}
} else {
// send back the primary principal as a string
name = principals.getPrimaryPrincipal().toString();
}
} else {
LOGGER.debug("No principals located in the incoming subject, cannot look up user name. Using default name of {}.", defaultName);
}
} else {
LOGGER.debug("Incoming subject was null, cannot look up user name. Using default name of {}.", defaultName);
}
LOGGER.debug("Sending back name {}.", name);
return name;
}
Also used :
KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal)
StringTokenizer(java.util.StringTokenizer)
ArrayList(java.util.ArrayList)
PrincipalCollection(org.apache.shiro.subject.PrincipalCollection)
SecurityAssertion(ddf.security.assertion.SecurityAssertion)
X500Principal(javax.security.auth.x500.X500Principal)
KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal)
Principal(java.security.Principal)
GuestPrincipal(ddf.security.principal.impl.GuestPrincipal)
Example 25 with KerberosPrincipal
use of javax.security.auth.kerberos.KerberosPrincipal in project ddf by codice.
the class PropertyFileClaimsHandlerTest method testGetUser.
@Test
public void testGetUser() {
PropertyFileClaimsHandler propertyFileClaimsHandler = new PropertyFileClaimsHandler();
Principal principal = mock(Principal.class);
when(principal.getName()).thenReturn("mydude");
String user = propertyFileClaimsHandler.getUser(principal);
assertEquals("mydude", user);
principal = new X500Principal("cn=myxman,ou=someunit,o=someorg");
user = propertyFileClaimsHandler.getUser(principal);
assertEquals("myxman", user);
principal = new KerberosPrincipal("mykman@SOMEDOMAIN.COM");
user = propertyFileClaimsHandler.getUser(principal);
assertEquals("mykman", user);
}
Also used :
KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal)
X500Principal(javax.security.auth.x500.X500Principal)
Principal(java.security.Principal)
X500Principal(javax.security.auth.x500.X500Principal)
KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal)
Test(org.junit.Test)
Aggregations
KerberosPrincipal (javax.security.auth.kerberos.KerberosPrincipal)71
Principal (java.security.Principal)36
Subject (javax.security.auth.Subject)31
HashSet (java.util.HashSet)21
LoginContext (javax.security.auth.login.LoginContext)20
Test (org.junit.Test)14
X500Principal (javax.security.auth.x500.X500Principal)13
KerberosTicket (javax.security.auth.kerberos.KerberosTicket)11
IOException (java.io.IOException)10
File (java.io.File)9
KerberosKey (javax.security.auth.kerberos.KerberosKey)9
PrivilegedActionException (java.security.PrivilegedActionException)8
StringTokenizer (java.util.StringTokenizer)6
PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)3
ArrayList (java.util.ArrayList)3
Date (java.util.Date)3
HashMap (java.util.HashMap)3
Properties (java.util.Properties)3
CallbackHandler (javax.security.auth.callback.CallbackHandler)3
KeyTab (javax.security.auth.kerberos.KeyTab)3
