Search in sources :

Example 51 with AppConfigurationEntry

use of javax.security.auth.login.AppConfigurationEntry in project kafka by apache.

the class JaasConfig method parseAppConfigurationEntry.

private AppConfigurationEntry parseAppConfigurationEntry(StreamTokenizer tokenizer) throws IOException {
    String loginModule = tokenizer.sval;
    if (tokenizer.nextToken() == StreamTokenizer.TT_EOF)
        throw new IllegalArgumentException("Login module control flag not specified in JAAS config");
    LoginModuleControlFlag controlFlag = loginModuleControlFlag(tokenizer.sval);
    Map<String, String> options = new HashMap<>();
    while (tokenizer.nextToken() != StreamTokenizer.TT_EOF && tokenizer.ttype != ';') {
        String key = tokenizer.sval;
        if (tokenizer.nextToken() != '=' || tokenizer.nextToken() == StreamTokenizer.TT_EOF || tokenizer.sval == null)
            throw new IllegalArgumentException("Value not specified for key '" + key + "' in JAAS config");
        String value = tokenizer.sval;
        options.put(key, value);
    }
    if (tokenizer.ttype != ';')
        throw new IllegalArgumentException("JAAS config entry not terminated by semi-colon");
    return new AppConfigurationEntry(loginModule, controlFlag, options);
}
Also used : AppConfigurationEntry(javax.security.auth.login.AppConfigurationEntry) LoginModuleControlFlag(javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag) HashMap(java.util.HashMap)

Example 52 with AppConfigurationEntry

use of javax.security.auth.login.AppConfigurationEntry in project kafka by apache.

the class JaasContext method defaultContext.

private static JaasContext defaultContext(JaasContext.Type contextType, String listenerContextName, String globalContextName) {
    String jaasConfigFile = System.getProperty(JaasUtils.JAVA_LOGIN_CONFIG_PARAM);
    if (jaasConfigFile == null) {
        if (contextType == Type.CLIENT) {
            LOG.debug("System property '" + JaasUtils.JAVA_LOGIN_CONFIG_PARAM + "' and Kafka SASL property '" + SaslConfigs.SASL_JAAS_CONFIG + "' are not set, using default JAAS configuration.");
        } else {
            LOG.debug("System property '" + JaasUtils.JAVA_LOGIN_CONFIG_PARAM + "' is not set, using default JAAS " + "configuration.");
        }
    }
    Configuration jaasConfig = Configuration.getConfiguration();
    AppConfigurationEntry[] configEntries = null;
    String contextName = globalContextName;
    if (listenerContextName != null) {
        configEntries = jaasConfig.getAppConfigurationEntry(listenerContextName);
        if (configEntries != null)
            contextName = listenerContextName;
    }
    if (configEntries == null)
        configEntries = jaasConfig.getAppConfigurationEntry(globalContextName);
    if (configEntries == null) {
        String listenerNameText = listenerContextName == null ? "" : " or '" + listenerContextName + "'";
        String errorMessage = "Could not find a '" + globalContextName + "'" + listenerNameText + " entry in the JAAS " + "configuration. System property '" + JaasUtils.JAVA_LOGIN_CONFIG_PARAM + "' is " + (jaasConfigFile == null ? "not set" : jaasConfigFile);
        throw new IllegalArgumentException(errorMessage);
    }
    return new JaasContext(contextName, contextType, jaasConfig);
}
Also used : AppConfigurationEntry(javax.security.auth.login.AppConfigurationEntry) Configuration(javax.security.auth.login.Configuration)

Example 53 with AppConfigurationEntry

use of javax.security.auth.login.AppConfigurationEntry in project spring-security by spring-projects.

the class InMemoryConfigurationTests method setUp.

@Before
public void setUp() {
    this.defaultEntries = new AppConfigurationEntry[] { new AppConfigurationEntry(TestLoginModule.class.getName(), LoginModuleControlFlag.REQUIRED, Collections.<String, Object>emptyMap()) };
    this.mappedEntries = Collections.<String, AppConfigurationEntry[]>singletonMap("name", new AppConfigurationEntry[] { new AppConfigurationEntry(TestLoginModule.class.getName(), LoginModuleControlFlag.OPTIONAL, Collections.<String, Object>emptyMap()) });
}
Also used : AppConfigurationEntry(javax.security.auth.login.AppConfigurationEntry) TestLoginModule(org.springframework.security.authentication.jaas.TestLoginModule) Before(org.junit.Before)

Example 54 with AppConfigurationEntry

use of javax.security.auth.login.AppConfigurationEntry in project hadoop by apache.

the class TestUGIWithMiniKdc method testAutoRenewalThreadRetryWithKdc.

@Test(timeout = 120000)
public void testAutoRenewalThreadRetryWithKdc() throws Exception {
    GenericTestUtils.setLogLevel(UserGroupInformation.LOG, Level.DEBUG);
    final Configuration conf = new Configuration();
    // Relogin every 1 second
    conf.setLong(HADOOP_KERBEROS_MIN_SECONDS_BEFORE_RELOGIN, 1);
    SecurityUtil.setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, conf);
    UserGroupInformation.setConfiguration(conf);
    UserGroupInformation.setEnableRenewThreadCreationForTest(true);
    LoginContext loginContext = null;
    try {
        final String principal = "foo";
        final File workDir = new File(System.getProperty("test.dir", "target"));
        final File keytab = new File(workDir, "foo.keytab");
        final Set<Principal> principals = new HashSet<>();
        principals.add(new KerberosPrincipal(principal));
        setupKdc();
        kdc.createPrincipal(keytab, principal);
        // client login
        final Subject subject = new Subject(false, principals, new HashSet<>(), new HashSet<>());
        loginContext = new LoginContext("", subject, null, new javax.security.auth.login.Configuration() {

            @Override
            public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
                Map<String, String> options = new HashMap<>();
                options.put("principal", principal);
                options.put("refreshKrb5Config", "true");
                if (PlatformName.IBM_JAVA) {
                    options.put("useKeytab", keytab.getPath());
                    options.put("credsType", "both");
                } else {
                    options.put("keyTab", keytab.getPath());
                    options.put("useKeyTab", "true");
                    options.put("storeKey", "true");
                    options.put("doNotPrompt", "true");
                    options.put("useTicketCache", "true");
                    options.put("renewTGT", "true");
                    options.put("isInitiator", Boolean.toString(true));
                }
                String ticketCache = System.getenv("KRB5CCNAME");
                if (ticketCache != null) {
                    options.put("ticketCache", ticketCache);
                }
                options.put("debug", "true");
                return new AppConfigurationEntry[] { new AppConfigurationEntry(KerberosUtil.getKrb5LoginModuleName(), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options) };
            }
        });
        loginContext.login();
        final Subject loginSubject = loginContext.getSubject();
        UserGroupInformation.loginUserFromSubject(loginSubject);
        // Verify retry happens. Do not verify retry count to reduce flakiness.
        // Detailed back-off logic is tested separately in
        // TestUserGroupInformation#testGetNextRetryTime
        LambdaTestUtils.await(30000, 500, () -> {
            final int count = UserGroupInformation.metrics.getRenewalFailures().value();
            UserGroupInformation.LOG.info("Renew failure count is {}", count);
            return count > 0;
        });
    } finally {
        if (loginContext != null) {
            loginContext.logout();
        }
    }
}
Also used : KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) Configuration(org.apache.hadoop.conf.Configuration) HashMap(java.util.HashMap) Subject(javax.security.auth.Subject) AppConfigurationEntry(javax.security.auth.login.AppConfigurationEntry) LoginContext(javax.security.auth.login.LoginContext) File(java.io.File) KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) Principal(java.security.Principal) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 55 with AppConfigurationEntry

use of javax.security.auth.login.AppConfigurationEntry in project hadoop by apache.

the class TestJaasConfiguration method test.

// We won't test actually using it to authenticate because that gets messy and
// may conflict with other tests; but we can test that it otherwise behaves
// correctly
@Test
public void test() throws Exception {
    String krb5LoginModuleName;
    if (System.getProperty("java.vendor").contains("IBM")) {
        krb5LoginModuleName = "com.ibm.security.auth.module.Krb5LoginModule";
    } else {
        krb5LoginModuleName = "com.sun.security.auth.module.Krb5LoginModule";
    }
    ZKSignerSecretProvider.JaasConfiguration jConf = new ZKSignerSecretProvider.JaasConfiguration("foo", "foo/localhost", "/some/location/foo.keytab");
    AppConfigurationEntry[] entries = jConf.getAppConfigurationEntry("bar");
    Assert.assertNull(entries);
    entries = jConf.getAppConfigurationEntry("foo");
    Assert.assertEquals(1, entries.length);
    AppConfigurationEntry entry = entries[0];
    Assert.assertEquals(AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, entry.getControlFlag());
    Assert.assertEquals(krb5LoginModuleName, entry.getLoginModuleName());
    Map<String, ?> options = entry.getOptions();
    Assert.assertEquals("/some/location/foo.keytab", options.get("keyTab"));
    Assert.assertEquals("foo/localhost", options.get("principal"));
    Assert.assertEquals("true", options.get("useKeyTab"));
    Assert.assertEquals("true", options.get("storeKey"));
    Assert.assertEquals("false", options.get("useTicketCache"));
    Assert.assertEquals("true", options.get("refreshKrb5Config"));
    Assert.assertEquals(6, options.size());
}
Also used : AppConfigurationEntry(javax.security.auth.login.AppConfigurationEntry) Test(org.junit.Test)

Aggregations

AppConfigurationEntry (javax.security.auth.login.AppConfigurationEntry)76 HashMap (java.util.HashMap)31 Configuration (javax.security.auth.login.Configuration)26 Map (java.util.Map)13 Test (org.junit.Test)11 Subject (javax.security.auth.Subject)10 LoginContext (javax.security.auth.login.LoginContext)10 SSOException (com.iplanet.sso.SSOException)7 SMSException (com.sun.identity.sm.SMSException)7 HashSet (java.util.HashSet)7 JaasRealm (org.apache.karaf.jaas.config.JaasRealm)7 Set (java.util.Set)6 LoginException (javax.security.auth.login.LoginException)5 IOException (java.io.IOException)4 ConcurrentHashMap (java.util.concurrent.ConcurrentHashMap)4 CallbackHandler (javax.security.auth.callback.CallbackHandler)4 LoginModuleControlFlag (javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag)4 LoginModuleImpl (org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImpl)4 File (java.io.File)3 Principal (java.security.Principal)3