use of javax.security.auth.kerberos.KerberosPrincipal in project athenz by yahoo.
the class KerberosAuthority method login.
@SuppressWarnings({ "unchecked", "rawtypes" })
public synchronized void login(boolean logoutFirst) {
long now = System.currentTimeMillis();
if ((now - lastLogin) < loginWindow) {
// recently logged in so dont bother do it again
return;
}
Subject subject = null;
if (servicePrincipal != null) {
Set<java.security.Principal> principals = new HashSet<>(1);
principals.add(new KerberosPrincipal(servicePrincipal));
subject = new Subject(false, principals, new HashSet<>(), new HashSet<>());
}
LoginConfig loginConfig = new LoginConfig(keyTabConfFile, servicePrincipal);
initState = null;
try {
// NOTE: if no callback handler specified
// LoginContext uses the auth.login.defaultCallbackHandler security property for the fully
// qualified class name of a default handler implementation
LoginContext loginContext;
CallbackHandler loginHandler = null;
if (loginCallbackHandler != null && !loginCallbackHandler.isEmpty()) {
Class cbhandlerClass = Class.forName(loginCallbackHandler);
loginHandler = (CallbackHandler) cbhandlerClass.getConstructor(String.class, String.class).newInstance(servicePrincipal, null);
}
if (subject == null) {
loginContext = new LoginContext(jaasConfigSection, Objects.requireNonNull(loginHandler));
} else {
loginContext = new LoginContext(jaasConfigSection, subject, loginHandler, loginConfig);
}
if (logoutFirst) {
loginContext.logout();
}
loginContext.login();
subject = loginContext.getSubject();
serviceSubject.set(subject);
lastLogin = System.currentTimeMillis();
} catch (Exception exc) {
initState = exc;
String params = "svc-princ=" + servicePrincipal + " login-callback=" + loginCallbackHandler + " keytab=" + keyTabConfFile + " jaas-section=" + jaasConfigSection;
LOG.error("KerberosAuthority:initialize: Login context failure: config params=({}) exc: {}", params, exc.getMessage());
}
}
use of javax.security.auth.kerberos.KerberosPrincipal in project pentaho-kettle by pentaho.
the class SessionConfigurator method getServiceSubject.
private Subject getServiceSubject(ClientLoginConfig loginConfig) throws Exception {
Set<Principal> princ = new HashSet<>(1);
princ.add(new KerberosPrincipal(this.principal));
Subject sub = new Subject(false, princ, new HashSet(), new HashSet());
loginContext = new LoginContext("", sub, null, loginConfig);
loginContext.login();
return loginContext.getSubject();
}
use of javax.security.auth.kerberos.KerberosPrincipal in project ranger by apache.
the class CredentialsProviderUtil method getTGT.
public static synchronized KerberosTicket getTGT(Subject subject) {
Set<KerberosTicket> tickets = subject.getPrivateCredentials(KerberosTicket.class);
for (KerberosTicket ticket : tickets) {
KerberosPrincipal server = ticket.getServer();
if (server.getName().equals("krbtgt/" + server.getRealm() + "@" + server.getRealm())) {
if (logger.isDebugEnabled()) {
logger.debug("Client principal is \"" + ticket.getClient().getName() + "\".");
logger.debug("Server principal is \"" + ticket.getServer().getName() + "\".");
}
return ticket;
}
}
return null;
}
use of javax.security.auth.kerberos.KerberosPrincipal in project hadoop by apache.
the class AbstractSecureRegistryTest method login.
/**
* Log in, defaulting to the client context
* @param principal principal
* @param context context
* @param keytab keytab
* @return the logged in context
* @throws LoginException failure to log in
* @throws FileNotFoundException no keytab
*/
protected LoginContext login(String principal, String context, File keytab) throws LoginException, FileNotFoundException {
LOG.info("Logging in as {} in context {} with keytab {}", principal, context, keytab);
if (!keytab.exists()) {
throw new FileNotFoundException(keytab.getAbsolutePath());
}
Set<Principal> principals = new HashSet<Principal>();
principals.add(new KerberosPrincipal(principal));
Subject subject = new Subject(false, principals, new HashSet<Object>(), new HashSet<Object>());
LoginContext login;
login = new LoginContext(context, subject, null, KerberosConfiguration.createClientConfig(principal, keytab));
login.login();
return login;
}
use of javax.security.auth.kerberos.KerberosPrincipal in project hadoop by apache.
the class TestUGIWithMiniKdc method testAutoRenewalThreadRetryWithKdc.
@Test(timeout = 120000)
public void testAutoRenewalThreadRetryWithKdc() throws Exception {
GenericTestUtils.setLogLevel(UserGroupInformation.LOG, Level.DEBUG);
final Configuration conf = new Configuration();
// Relogin every 1 second
conf.setLong(HADOOP_KERBEROS_MIN_SECONDS_BEFORE_RELOGIN, 1);
SecurityUtil.setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, conf);
UserGroupInformation.setConfiguration(conf);
UserGroupInformation.setEnableRenewThreadCreationForTest(true);
LoginContext loginContext = null;
try {
final String principal = "foo";
final File workDir = new File(System.getProperty("test.dir", "target"));
final File keytab = new File(workDir, "foo.keytab");
final Set<Principal> principals = new HashSet<>();
principals.add(new KerberosPrincipal(principal));
setupKdc();
kdc.createPrincipal(keytab, principal);
// client login
final Subject subject = new Subject(false, principals, new HashSet<>(), new HashSet<>());
loginContext = new LoginContext("", subject, null, new javax.security.auth.login.Configuration() {
@Override
public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
Map<String, String> options = new HashMap<>();
options.put("principal", principal);
options.put("refreshKrb5Config", "true");
if (PlatformName.IBM_JAVA) {
options.put("useKeytab", keytab.getPath());
options.put("credsType", "both");
} else {
options.put("keyTab", keytab.getPath());
options.put("useKeyTab", "true");
options.put("storeKey", "true");
options.put("doNotPrompt", "true");
options.put("useTicketCache", "true");
options.put("renewTGT", "true");
options.put("isInitiator", Boolean.toString(true));
}
String ticketCache = System.getenv("KRB5CCNAME");
if (ticketCache != null) {
options.put("ticketCache", ticketCache);
}
options.put("debug", "true");
return new AppConfigurationEntry[] { new AppConfigurationEntry(KerberosUtil.getKrb5LoginModuleName(), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options) };
}
});
loginContext.login();
final Subject loginSubject = loginContext.getSubject();
UserGroupInformation.loginUserFromSubject(loginSubject);
// Verify retry happens. Do not verify retry count to reduce flakiness.
// Detailed back-off logic is tested separately in
// TestUserGroupInformation#testGetNextRetryTime
LambdaTestUtils.await(30000, 500, () -> {
final int count = UserGroupInformation.metrics.getRenewalFailures().value();
UserGroupInformation.LOG.info("Renew failure count is {}", count);
return count > 0;
});
} finally {
if (loginContext != null) {
loginContext.logout();
}
}
}
Aggregations