use of javax.security.auth.login.AppConfigurationEntry in project kafka by apache.
the class JaasConfig method parseAppConfigurationEntry.
private AppConfigurationEntry parseAppConfigurationEntry(StreamTokenizer tokenizer) throws IOException {
String loginModule = tokenizer.sval;
if (tokenizer.nextToken() == StreamTokenizer.TT_EOF)
throw new IllegalArgumentException("Login module control flag not specified in JAAS config");
LoginModuleControlFlag controlFlag = loginModuleControlFlag(tokenizer.sval);
Map<String, String> options = new HashMap<>();
while (tokenizer.nextToken() != StreamTokenizer.TT_EOF && tokenizer.ttype != ';') {
String key = tokenizer.sval;
if (tokenizer.nextToken() != '=' || tokenizer.nextToken() == StreamTokenizer.TT_EOF || tokenizer.sval == null)
throw new IllegalArgumentException("Value not specified for key '" + key + "' in JAAS config");
String value = tokenizer.sval;
options.put(key, value);
}
if (tokenizer.ttype != ';')
throw new IllegalArgumentException("JAAS config entry not terminated by semi-colon");
return new AppConfigurationEntry(loginModule, controlFlag, options);
}
use of javax.security.auth.login.AppConfigurationEntry in project kafka by apache.
the class JaasContext method defaultContext.
private static JaasContext defaultContext(JaasContext.Type contextType, String listenerContextName, String globalContextName) {
String jaasConfigFile = System.getProperty(JaasUtils.JAVA_LOGIN_CONFIG_PARAM);
if (jaasConfigFile == null) {
if (contextType == Type.CLIENT) {
LOG.debug("System property '" + JaasUtils.JAVA_LOGIN_CONFIG_PARAM + "' and Kafka SASL property '" + SaslConfigs.SASL_JAAS_CONFIG + "' are not set, using default JAAS configuration.");
} else {
LOG.debug("System property '" + JaasUtils.JAVA_LOGIN_CONFIG_PARAM + "' is not set, using default JAAS " + "configuration.");
}
}
Configuration jaasConfig = Configuration.getConfiguration();
AppConfigurationEntry[] configEntries = null;
String contextName = globalContextName;
if (listenerContextName != null) {
configEntries = jaasConfig.getAppConfigurationEntry(listenerContextName);
if (configEntries != null)
contextName = listenerContextName;
}
if (configEntries == null)
configEntries = jaasConfig.getAppConfigurationEntry(globalContextName);
if (configEntries == null) {
String listenerNameText = listenerContextName == null ? "" : " or '" + listenerContextName + "'";
String errorMessage = "Could not find a '" + globalContextName + "'" + listenerNameText + " entry in the JAAS " + "configuration. System property '" + JaasUtils.JAVA_LOGIN_CONFIG_PARAM + "' is " + (jaasConfigFile == null ? "not set" : jaasConfigFile);
throw new IllegalArgumentException(errorMessage);
}
return new JaasContext(contextName, contextType, jaasConfig);
}
use of javax.security.auth.login.AppConfigurationEntry in project spring-security by spring-projects.
the class InMemoryConfigurationTests method setUp.
@Before
public void setUp() {
this.defaultEntries = new AppConfigurationEntry[] { new AppConfigurationEntry(TestLoginModule.class.getName(), LoginModuleControlFlag.REQUIRED, Collections.<String, Object>emptyMap()) };
this.mappedEntries = Collections.<String, AppConfigurationEntry[]>singletonMap("name", new AppConfigurationEntry[] { new AppConfigurationEntry(TestLoginModule.class.getName(), LoginModuleControlFlag.OPTIONAL, Collections.<String, Object>emptyMap()) });
}
use of javax.security.auth.login.AppConfigurationEntry in project hadoop by apache.
the class TestUGIWithMiniKdc method testAutoRenewalThreadRetryWithKdc.
@Test(timeout = 120000)
public void testAutoRenewalThreadRetryWithKdc() throws Exception {
GenericTestUtils.setLogLevel(UserGroupInformation.LOG, Level.DEBUG);
final Configuration conf = new Configuration();
// Relogin every 1 second
conf.setLong(HADOOP_KERBEROS_MIN_SECONDS_BEFORE_RELOGIN, 1);
SecurityUtil.setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, conf);
UserGroupInformation.setConfiguration(conf);
UserGroupInformation.setEnableRenewThreadCreationForTest(true);
LoginContext loginContext = null;
try {
final String principal = "foo";
final File workDir = new File(System.getProperty("test.dir", "target"));
final File keytab = new File(workDir, "foo.keytab");
final Set<Principal> principals = new HashSet<>();
principals.add(new KerberosPrincipal(principal));
setupKdc();
kdc.createPrincipal(keytab, principal);
// client login
final Subject subject = new Subject(false, principals, new HashSet<>(), new HashSet<>());
loginContext = new LoginContext("", subject, null, new javax.security.auth.login.Configuration() {
@Override
public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
Map<String, String> options = new HashMap<>();
options.put("principal", principal);
options.put("refreshKrb5Config", "true");
if (PlatformName.IBM_JAVA) {
options.put("useKeytab", keytab.getPath());
options.put("credsType", "both");
} else {
options.put("keyTab", keytab.getPath());
options.put("useKeyTab", "true");
options.put("storeKey", "true");
options.put("doNotPrompt", "true");
options.put("useTicketCache", "true");
options.put("renewTGT", "true");
options.put("isInitiator", Boolean.toString(true));
}
String ticketCache = System.getenv("KRB5CCNAME");
if (ticketCache != null) {
options.put("ticketCache", ticketCache);
}
options.put("debug", "true");
return new AppConfigurationEntry[] { new AppConfigurationEntry(KerberosUtil.getKrb5LoginModuleName(), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options) };
}
});
loginContext.login();
final Subject loginSubject = loginContext.getSubject();
UserGroupInformation.loginUserFromSubject(loginSubject);
// Verify retry happens. Do not verify retry count to reduce flakiness.
// Detailed back-off logic is tested separately in
// TestUserGroupInformation#testGetNextRetryTime
LambdaTestUtils.await(30000, 500, () -> {
final int count = UserGroupInformation.metrics.getRenewalFailures().value();
UserGroupInformation.LOG.info("Renew failure count is {}", count);
return count > 0;
});
} finally {
if (loginContext != null) {
loginContext.logout();
}
}
}
use of javax.security.auth.login.AppConfigurationEntry in project hadoop by apache.
the class TestJaasConfiguration method test.
// We won't test actually using it to authenticate because that gets messy and
// may conflict with other tests; but we can test that it otherwise behaves
// correctly
@Test
public void test() throws Exception {
String krb5LoginModuleName;
if (System.getProperty("java.vendor").contains("IBM")) {
krb5LoginModuleName = "com.ibm.security.auth.module.Krb5LoginModule";
} else {
krb5LoginModuleName = "com.sun.security.auth.module.Krb5LoginModule";
}
ZKSignerSecretProvider.JaasConfiguration jConf = new ZKSignerSecretProvider.JaasConfiguration("foo", "foo/localhost", "/some/location/foo.keytab");
AppConfigurationEntry[] entries = jConf.getAppConfigurationEntry("bar");
Assert.assertNull(entries);
entries = jConf.getAppConfigurationEntry("foo");
Assert.assertEquals(1, entries.length);
AppConfigurationEntry entry = entries[0];
Assert.assertEquals(AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, entry.getControlFlag());
Assert.assertEquals(krb5LoginModuleName, entry.getLoginModuleName());
Map<String, ?> options = entry.getOptions();
Assert.assertEquals("/some/location/foo.keytab", options.get("keyTab"));
Assert.assertEquals("foo/localhost", options.get("principal"));
Assert.assertEquals("true", options.get("useKeyTab"));
Assert.assertEquals("true", options.get("storeKey"));
Assert.assertEquals("false", options.get("useTicketCache"));
Assert.assertEquals("true", options.get("refreshKrb5Config"));
Assert.assertEquals(6, options.size());
}
Aggregations