use of javax.security.auth.login.AppConfigurationEntry in project flink by apache.
the class KerberosUtils method keytabEntry.
public static AppConfigurationEntry keytabEntry(String keytab, String principal) {
checkNotNull(keytab, "keytab");
checkNotNull(principal, "principal");
Map<String, String> keytabKerberosOptions = new HashMap<>();
if (IBM_JAVA) {
keytabKerberosOptions.put("useKeytab", prependFileUri(keytab));
keytabKerberosOptions.put("credsType", "both");
} else {
keytabKerberosOptions.put("keyTab", keytab);
keytabKerberosOptions.put("doNotPrompt", "true");
keytabKerberosOptions.put("useKeyTab", "true");
keytabKerberosOptions.put("storeKey", "true");
}
keytabKerberosOptions.put("principal", principal);
keytabKerberosOptions.put("refreshKrb5Config", "true");
keytabKerberosOptions.putAll(debugOptions);
AppConfigurationEntry keytabKerberosAce = new AppConfigurationEntry(KerberosUtil.getKrb5LoginModuleName(), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, keytabKerberosOptions);
return keytabKerberosAce;
}
use of javax.security.auth.login.AppConfigurationEntry in project incubator-atlas by apache.
the class InMemoryJAASConfiguration method initialize.
private void initialize(Properties properties) {
LOG.debug("==> InMemoryJAASConfiguration.initialize()");
int prefixLen = JAAS_CONFIG_PREFIX_PARAM.length();
Map<String, SortedSet<Integer>> jaasClients = new HashMap<>();
for (String key : properties.stringPropertyNames()) {
if (key.startsWith(JAAS_CONFIG_PREFIX_PARAM)) {
String jaasKey = key.substring(prefixLen);
StringTokenizer tokenizer = new StringTokenizer(jaasKey, ".");
int tokenCount = tokenizer.countTokens();
if (tokenCount > 0) {
String clientId = tokenizer.nextToken();
SortedSet<Integer> indexList = jaasClients.get(clientId);
if (indexList == null) {
indexList = new TreeSet<>();
jaasClients.put(clientId, indexList);
}
String indexStr = tokenizer.nextToken();
int indexId = isNumeric(indexStr) ? Integer.parseInt(indexStr) : -1;
Integer clientIdIndex = Integer.valueOf(indexId);
if (!indexList.contains(clientIdIndex)) {
indexList.add(clientIdIndex);
}
}
}
}
for (String jaasClient : jaasClients.keySet()) {
for (Integer index : jaasClients.get(jaasClient)) {
String keyPrefix = JAAS_CONFIG_PREFIX_PARAM + jaasClient + ".";
if (index > -1) {
keyPrefix = keyPrefix + String.valueOf(index) + ".";
}
String keyParam = keyPrefix + JAAS_CONFIG_LOGIN_MODULE_NAME_PARAM;
String loginModuleName = properties.getProperty(keyParam);
if (loginModuleName == null) {
LOG.error("Unable to add JAAS configuration for client [{}] as it is missing param [{}]. Skipping JAAS config for [{}]", jaasClient, keyParam, jaasClient);
continue;
} else {
loginModuleName = loginModuleName.trim();
}
keyParam = keyPrefix + JAAS_CONFIG_LOGIN_MODULE_CONTROL_FLAG_PARAM;
String controlFlag = properties.getProperty(keyParam);
AppConfigurationEntry.LoginModuleControlFlag loginControlFlag = null;
if (controlFlag != null) {
controlFlag = controlFlag.trim().toLowerCase();
switch(controlFlag) {
case "optional":
loginControlFlag = AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL;
break;
case "requisite":
loginControlFlag = AppConfigurationEntry.LoginModuleControlFlag.REQUISITE;
break;
case "sufficient":
loginControlFlag = AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT;
break;
case "required":
loginControlFlag = AppConfigurationEntry.LoginModuleControlFlag.REQUIRED;
break;
default:
String validValues = "optional|requisite|sufficient|required";
LOG.warn("Unknown JAAS configuration value for ({}) = [{}], valid value are [{}] using the default value, REQUIRED", keyParam, controlFlag, validValues);
loginControlFlag = AppConfigurationEntry.LoginModuleControlFlag.REQUIRED;
break;
}
} else {
LOG.warn("Unable to find JAAS configuration ({}); using the default value, REQUIRED", keyParam);
loginControlFlag = AppConfigurationEntry.LoginModuleControlFlag.REQUIRED;
}
Map<String, String> options = new HashMap<>();
String optionPrefix = keyPrefix + JAAS_CONFIG_LOGIN_OPTIONS_PREFIX + ".";
int optionPrefixLen = optionPrefix.length();
for (String key : properties.stringPropertyNames()) {
if (key.startsWith(optionPrefix)) {
String optionKey = key.substring(optionPrefixLen);
String optionVal = properties.getProperty(key);
if (optionVal != null) {
optionVal = optionVal.trim();
try {
if (optionKey.equalsIgnoreCase(JAAS_PRINCIPAL_PROP)) {
optionVal = SecurityUtil.getServerPrincipal(optionVal, (String) null);
}
} catch (IOException e) {
LOG.warn("Failed to build serverPrincipal. Using provided value:[{}]", optionVal);
}
}
options.put(optionKey, optionVal);
}
}
AppConfigurationEntry entry = new AppConfigurationEntry(loginModuleName, loginControlFlag, options);
if (LOG.isDebugEnabled()) {
StringBuilder sb = new StringBuilder();
sb.append("Adding client: [").append(jaasClient).append("{").append(index).append("}]\n");
sb.append("\tloginModule: [").append(loginModuleName).append("]\n");
sb.append("\tcontrolFlag: [").append(loginControlFlag).append("]\n");
for (String key : options.keySet()) {
String val = options.get(key);
sb.append("\tOptions: [").append(key).append("] => [").append(val).append("]\n");
}
LOG.debug(sb.toString());
}
List<AppConfigurationEntry> retList = applicationConfigEntryMap.get(jaasClient);
if (retList == null) {
retList = new ArrayList<>();
applicationConfigEntryMap.put(jaasClient, retList);
}
retList.add(entry);
}
}
LOG.debug("<== InMemoryJAASConfiguration.initialize({})", applicationConfigEntryMap);
}
use of javax.security.auth.login.AppConfigurationEntry in project jdk8u_jdk by JetBrains.
the class SecurityPolicy method test8077155.
static void test8077155() throws Exception {
final String username = WEB_USER;
final char[] password = WEB_PASS;
SecurityManager security = new SecurityManager();
Policy.setPolicy(new SecurityPolicy());
System.setSecurityManager(security);
CallbackHandler callback = new CallbackHandler() {
@Override
public void handle(Callback[] pCallbacks) throws IOException, UnsupportedCallbackException {
for (Callback cb : pCallbacks) {
if (cb instanceof NameCallback) {
NameCallback ncb = (NameCallback) cb;
ncb.setName(username);
} else if (cb instanceof PasswordCallback) {
PasswordCallback pwdcb = (PasswordCallback) cb;
pwdcb.setPassword(password);
}
}
}
};
final String jaasConfigName = "oracle.test.kerberos.login";
final String krb5LoginModule = "com.sun.security.auth.module.Krb5LoginModule";
Configuration loginConfig = new Configuration() {
@Override
public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
if (!jaasConfigName.equals(name)) {
return new AppConfigurationEntry[0];
}
Map<String, String> options = new HashMap<String, String>();
options.put("useTicketCache", Boolean.FALSE.toString());
options.put("useKeyTab", Boolean.FALSE.toString());
return new AppConfigurationEntry[] { new AppConfigurationEntry(krb5LoginModule, LoginModuleControlFlag.REQUIRED, options) };
}
};
// oracle context/subject/login
LoginContext context = null;
try {
context = new LoginContext("oracle.test.kerberos.login", null, callback, loginConfig);
context.login();
} catch (LoginException ex) {
ex.printStackTrace();
throw new RuntimeException(ex);
}
Subject subject = context.getSubject();
final PrivilegedExceptionAction<Object> test_action = new PrivilegedExceptionAction<Object>() {
public Object run() throws Exception {
testConnect();
return null;
}
};
System.err.println("\n\nExpecting to succeed when executing with the the logged in subject.");
try {
Subject.doAs(subject, test_action);
System.err.println("\n\nConnection succeed when executing with the the logged in subject.");
} catch (PrivilegedActionException e) {
System.err.println("\n\nFailure unexpected when executing with the the logged in subject.");
e.printStackTrace();
throw new RuntimeException("Failed to login as subject");
}
try {
System.err.println("\n\nExpecting to fail when running with the current user's login.");
testConnect();
} catch (Exception ex) {
System.err.println("\nConnect failed when running with the current user's login:\n" + ex.getMessage());
}
}
use of javax.security.auth.login.AppConfigurationEntry in project jdk8u_jdk by JetBrains.
the class MyConfiguration method setupConfiguration.
private void setupConfiguration() {
ptAE[0] = new AppConfigurationEntry("SmartLoginModule", optionOrder ? OPTIONAL : REQUIRED, map);
ptAE[1] = new AppConfigurationEntry("DummyLoginModule", optionOrder ? SUFFICIENT : REQUIRED, map);
}
use of javax.security.auth.login.AppConfigurationEntry in project karaf by apache.
the class Config method getEntries.
public AppConfigurationEntry[] getEntries() {
if (this.entries == null && this.modules != null) {
Module[] modules = this.modules;
AppConfigurationEntry[] entries = new AppConfigurationEntry[modules.length];
for (int i = 0; i < modules.length; i++) {
Map<String, Object> options = new HashMap<>();
// put the bundle context in the options map
// it's required to be able to use the encryption service
// in the AbstractKarafLoginModule
options.put(BundleContext.class.getName(), bundleContext);
if (modules[i].getOptions() != null) {
for (Map.Entry e : modules[i].getOptions().entrySet()) {
options.put(e.getKey().toString(), e.getValue());
}
}
options.put(ProxyLoginModule.PROPERTY_MODULE, modules[i].getClassName());
options.put(ProxyLoginModule.PROPERTY_BUNDLE, Long.toString(bundleContext.getBundle().getBundleId()));
entries[i] = new AppConfigurationEntry(ProxyLoginModule.class.getName(), getControlFlag(modules[i].getFlags()), options);
}
this.entries = entries;
}
return this.entries;
}
Aggregations