Examples with KerberosPrincipal - javax.security.auth.kerberos.KerberosPrincipal

Example 26 with KerberosPrincipal

use of javax.security.auth.kerberos.KerberosPrincipal in project ddf by codice.

the class AttributeMapLoaderTest method testGetBaseDnNonX500.

@Test
public void testGetBaseDnNonX500() {
    Principal principal = new KerberosPrincipal(KERBEROS_PRINCIPAL);
    String baseDN = attributeMapLoader.getBaseDN(principal, DEFAULT_BASE_DN, false);
    String[] split = baseDN.replaceAll("\\s", "").split(",");
    assertArrayEquals(X500_DEFAULT_BASE_DN_ARR, split);
}

Also used : KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) X500Principal(javax.security.auth.x500.X500Principal) KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) Principal(java.security.Principal) Test(org.junit.Test)

Example 27 with KerberosPrincipal

use of javax.security.auth.kerberos.KerberosPrincipal in project ddf by codice.

the class AttributeMapLoaderTest method testKerberosGetUser.

@Test
public void testKerberosGetUser() {
    Principal principal = new KerberosPrincipal(KERBEROS_PRINCIPAL);
    assertEquals(TEST_USER, attributeMapLoader.getUser(principal));
}

Example 28 with KerberosPrincipal

use of javax.security.auth.kerberos.KerberosPrincipal in project qpid-broker-j by apache.

the class SimpleLDAPAuthenticationManagerTest method setUpKerberos.

private void setUpKerberos() throws Exception {
    final LdapServer ldapServer = LDAP.getLdapServer();
    final KdcServer kdcServer = ServerAnnotationProcessor.getKdcServer(LDAP.getDirectoryService(), ldapServer.getPort() + 1);
    kdcServer.getConfig().setPaEncTimestampRequired(false);
    final int port = kdcServer.getTransports()[0].getPort();
    final String krb5confPath = createKrb5Conf(port);
    SYSTEM_PROPERTY_SETTER.setSystemProperty("java.security.krb5.conf", krb5confPath);
    SYSTEM_PROPERTY_SETTER.setSystemProperty("java.security.krb5.realm", null);
    SYSTEM_PROPERTY_SETTER.setSystemProperty("java.security.krb5.kdc", null);
    final KerberosPrincipal servicePrincipal = new KerberosPrincipal(LDAP_SERVICE_NAME + "/" + HOSTNAME + "@" + REALM, KerberosPrincipal.KRB_NT_SRV_HST);
    final String servicePrincipalName = servicePrincipal.getName();
    ldapServer.setSaslHost(servicePrincipalName.substring(servicePrincipalName.indexOf("/") + 1, servicePrincipalName.indexOf("@")));
    ldapServer.setSaslPrincipal(servicePrincipalName);
    ldapServer.setSearchBaseDn(USERS_DN);
    createPrincipal("KDC", "KDC", "krbtgt", UUID.randomUUID().toString(), "krbtgt/" + REALM + "@" + REALM);
    createPrincipal("Service", "LDAP Service", "ldap", UUID.randomUUID().toString(), servicePrincipalName);
}

Also used : CreateLdapServer(org.apache.directory.server.annotations.CreateLdapServer) LdapServer(org.apache.directory.server.ldap.LdapServer) KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) KdcServer(org.apache.directory.server.kerberos.kdc.KdcServer) CreateKdcServer(org.apache.directory.server.annotations.CreateKdcServer)

Example 29 with KerberosPrincipal

use of javax.security.auth.kerberos.KerberosPrincipal in project qpid-broker-j by apache.

the class KerberosUtilities method createKerberosKeyTabLoginContext.

public LoginContext createKerberosKeyTabLoginContext(final String scopeName, final String principalName, final File keyTabFile) throws LoginException {
    final KerberosPrincipal principal = new KerberosPrincipal(principalName);
    final KeyTab keyTab = getKeyTab(principal, keyTabFile);
    final Subject subject = new Subject(false, Collections.singleton(principal), Collections.emptySet(), Collections.singleton(keyTab));
    return createLoginContext(scopeName, subject, createKeyTabConfiguration(scopeName, keyTabFile, principal.getName()));
}

Also used : KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) KeyTab(javax.security.auth.kerberos.KeyTab) Subject(javax.security.auth.Subject)

Example 30 with KerberosPrincipal

use of javax.security.auth.kerberos.KerberosPrincipal in project cxf by apache.

the class LdapClaimsHandler method retrieveClaimValues.

public ProcessedClaimCollection retrieveClaimValues(ClaimCollection claims, ClaimsParameters parameters) {
    final String user;
    boolean useLdapLookup = false;
    Principal principal = parameters.getPrincipal();
    if (principal instanceof KerberosPrincipal) {
        KerberosPrincipal kp = (KerberosPrincipal) principal;
        StringTokenizer st = new StringTokenizer(kp.getName(), "@");
        user = st.nextToken();
    } else if (principal instanceof X500Principal) {
        X500Principal x500p = (X500Principal) principal;
        LOG.warning("Unsupported principal type X500: " + x500p.getName());
        return new ProcessedClaimCollection();
    } else if (principal != null) {
        user = principal.getName();
        if (user == null) {
            LOG.warning("User must not be null");
            return new ProcessedClaimCollection();
        }
        useLdapLookup = LdapUtils.isDN(user);
    } else {
        LOG.warning("Principal is null");
        return new ProcessedClaimCollection();
    }
    if (LOG.isLoggable(Level.FINEST)) {
        LOG.finest("Retrieve claims for user " + user);
    }
    Map<String, Attribute> ldapAttributes = null;
    if (useLdapLookup) {
        AttributesMapper<Map<String, Attribute>> mapper = new AttributesMapper<Map<String, Attribute>>() {

            public Map<String, Attribute> mapFromAttributes(Attributes attrs) throws NamingException {
                Map<String, Attribute> map = new HashMap<>();
                NamingEnumeration<? extends Attribute> attrEnum = attrs.getAll();
                while (attrEnum.hasMore()) {
                    Attribute att = attrEnum.next();
                    map.put(att.getID(), att);
                }
                return map;
            }
        };
        ldapAttributes = ldap.lookup(user, mapper);
    } else {
        List<String> searchAttributeList = new ArrayList<>();
        for (Claim claim : claims) {
            String claimType = claim.getClaimType().toString();
            if (getClaimsLdapAttributeMapping().keySet().contains(claimType)) {
                searchAttributeList.add(getClaimsLdapAttributeMapping().get(claimType));
            } else {
                if (LOG.isLoggable(Level.FINER)) {
                    LOG.finer("Unsupported claim: " + claimType);
                }
            }
        }
        String[] searchAttributes = searchAttributeList.toArray(new String[0]);
        if (this.userBaseDn != null) {
            ldapAttributes = LdapUtils.getAttributesOfEntry(ldap, this.userBaseDn, this.getObjectClass(), this.getUserNameAttribute(), user, searchAttributes);
        }
        if (this.userBaseDNs != null && (ldapAttributes == null || ldapAttributes.isEmpty())) {
            for (String userBase : userBaseDNs) {
                ldapAttributes = LdapUtils.getAttributesOfEntry(ldap, userBase, this.getObjectClass(), this.getUserNameAttribute(), user, searchAttributes);
                if (ldapAttributes != null && !ldapAttributes.isEmpty()) {
                    // User found
                    break;
                }
            }
        }
    }
    if (ldapAttributes == null || ldapAttributes.isEmpty()) {
        // No result
        if (LOG.isLoggable(Level.INFO)) {
            LOG.info("User '" + user + "' not found");
        }
        return new ProcessedClaimCollection();
    }
    ProcessedClaimCollection claimsColl = new ProcessedClaimCollection();
    for (Claim claim : claims) {
        ProcessedClaim c = processClaim(claim, ldapAttributes, principal);
        if (c != null) {
            // c.setIssuer(issuer);
            // c.setOriginalIssuer(originalIssuer);
            // c.setNamespace(namespace);
            claimsColl.add(c);
        }
    }
    return claimsColl;
}

Also used : KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) Attribute(javax.naming.directory.Attribute) AttributesMapper(org.springframework.ldap.core.AttributesMapper) HashMap(java.util.HashMap) Attributes(javax.naming.directory.Attributes) ArrayList(java.util.ArrayList) StringTokenizer(java.util.StringTokenizer) X500Principal(javax.security.auth.x500.X500Principal) HashMap(java.util.HashMap) Map(java.util.Map) X500Principal(javax.security.auth.x500.X500Principal) KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) Principal(java.security.Principal) Claim(org.apache.cxf.rt.security.claims.Claim)

Aggregations

KerberosPrincipal (javax.security.auth.kerberos.KerberosPrincipal)71 Principal (java.security.Principal)36 Subject (javax.security.auth.Subject)31 HashSet (java.util.HashSet)21 LoginContext (javax.security.auth.login.LoginContext)20 Test (org.junit.Test)14 X500Principal (javax.security.auth.x500.X500Principal)13 KerberosTicket (javax.security.auth.kerberos.KerberosTicket)11 IOException (java.io.IOException)10 File (java.io.File)9 KerberosKey (javax.security.auth.kerberos.KerberosKey)9 PrivilegedActionException (java.security.PrivilegedActionException)8 StringTokenizer (java.util.StringTokenizer)6 PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)3 ArrayList (java.util.ArrayList)3 Date (java.util.Date)3 HashMap (java.util.HashMap)3 Properties (java.util.Properties)3 CallbackHandler (javax.security.auth.callback.CallbackHandler)3 KeyTab (javax.security.auth.kerberos.KeyTab)3