Search in sources :

Example 66 with AppConfigurationEntry

use of javax.security.auth.login.AppConfigurationEntry in project flink by apache.

the class KerberosUtils method keytabEntry.

public static AppConfigurationEntry keytabEntry(String keytab, String principal) {
    checkNotNull(keytab, "keytab");
    checkNotNull(principal, "principal");
    Map<String, String> keytabKerberosOptions = new HashMap<>();
    if (IBM_JAVA) {
        keytabKerberosOptions.put("useKeytab", prependFileUri(keytab));
        keytabKerberosOptions.put("credsType", "both");
    } else {
        keytabKerberosOptions.put("keyTab", keytab);
        keytabKerberosOptions.put("doNotPrompt", "true");
        keytabKerberosOptions.put("useKeyTab", "true");
        keytabKerberosOptions.put("storeKey", "true");
    }
    keytabKerberosOptions.put("principal", principal);
    keytabKerberosOptions.put("refreshKrb5Config", "true");
    keytabKerberosOptions.putAll(debugOptions);
    AppConfigurationEntry keytabKerberosAce = new AppConfigurationEntry(KerberosUtil.getKrb5LoginModuleName(), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, keytabKerberosOptions);
    return keytabKerberosAce;
}
Also used : AppConfigurationEntry(javax.security.auth.login.AppConfigurationEntry) HashMap(java.util.HashMap)

Example 67 with AppConfigurationEntry

use of javax.security.auth.login.AppConfigurationEntry in project incubator-atlas by apache.

the class InMemoryJAASConfiguration method initialize.

private void initialize(Properties properties) {
    LOG.debug("==> InMemoryJAASConfiguration.initialize()");
    int prefixLen = JAAS_CONFIG_PREFIX_PARAM.length();
    Map<String, SortedSet<Integer>> jaasClients = new HashMap<>();
    for (String key : properties.stringPropertyNames()) {
        if (key.startsWith(JAAS_CONFIG_PREFIX_PARAM)) {
            String jaasKey = key.substring(prefixLen);
            StringTokenizer tokenizer = new StringTokenizer(jaasKey, ".");
            int tokenCount = tokenizer.countTokens();
            if (tokenCount > 0) {
                String clientId = tokenizer.nextToken();
                SortedSet<Integer> indexList = jaasClients.get(clientId);
                if (indexList == null) {
                    indexList = new TreeSet<>();
                    jaasClients.put(clientId, indexList);
                }
                String indexStr = tokenizer.nextToken();
                int indexId = isNumeric(indexStr) ? Integer.parseInt(indexStr) : -1;
                Integer clientIdIndex = Integer.valueOf(indexId);
                if (!indexList.contains(clientIdIndex)) {
                    indexList.add(clientIdIndex);
                }
            }
        }
    }
    for (String jaasClient : jaasClients.keySet()) {
        for (Integer index : jaasClients.get(jaasClient)) {
            String keyPrefix = JAAS_CONFIG_PREFIX_PARAM + jaasClient + ".";
            if (index > -1) {
                keyPrefix = keyPrefix + String.valueOf(index) + ".";
            }
            String keyParam = keyPrefix + JAAS_CONFIG_LOGIN_MODULE_NAME_PARAM;
            String loginModuleName = properties.getProperty(keyParam);
            if (loginModuleName == null) {
                LOG.error("Unable to add JAAS configuration for client [{}] as it is missing param [{}]. Skipping JAAS config for [{}]", jaasClient, keyParam, jaasClient);
                continue;
            } else {
                loginModuleName = loginModuleName.trim();
            }
            keyParam = keyPrefix + JAAS_CONFIG_LOGIN_MODULE_CONTROL_FLAG_PARAM;
            String controlFlag = properties.getProperty(keyParam);
            AppConfigurationEntry.LoginModuleControlFlag loginControlFlag = null;
            if (controlFlag != null) {
                controlFlag = controlFlag.trim().toLowerCase();
                switch(controlFlag) {
                    case "optional":
                        loginControlFlag = AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL;
                        break;
                    case "requisite":
                        loginControlFlag = AppConfigurationEntry.LoginModuleControlFlag.REQUISITE;
                        break;
                    case "sufficient":
                        loginControlFlag = AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT;
                        break;
                    case "required":
                        loginControlFlag = AppConfigurationEntry.LoginModuleControlFlag.REQUIRED;
                        break;
                    default:
                        String validValues = "optional|requisite|sufficient|required";
                        LOG.warn("Unknown JAAS configuration value for ({}) = [{}], valid value are [{}] using the default value, REQUIRED", keyParam, controlFlag, validValues);
                        loginControlFlag = AppConfigurationEntry.LoginModuleControlFlag.REQUIRED;
                        break;
                }
            } else {
                LOG.warn("Unable to find JAAS configuration ({}); using the default value, REQUIRED", keyParam);
                loginControlFlag = AppConfigurationEntry.LoginModuleControlFlag.REQUIRED;
            }
            Map<String, String> options = new HashMap<>();
            String optionPrefix = keyPrefix + JAAS_CONFIG_LOGIN_OPTIONS_PREFIX + ".";
            int optionPrefixLen = optionPrefix.length();
            for (String key : properties.stringPropertyNames()) {
                if (key.startsWith(optionPrefix)) {
                    String optionKey = key.substring(optionPrefixLen);
                    String optionVal = properties.getProperty(key);
                    if (optionVal != null) {
                        optionVal = optionVal.trim();
                        try {
                            if (optionKey.equalsIgnoreCase(JAAS_PRINCIPAL_PROP)) {
                                optionVal = SecurityUtil.getServerPrincipal(optionVal, (String) null);
                            }
                        } catch (IOException e) {
                            LOG.warn("Failed to build serverPrincipal. Using provided value:[{}]", optionVal);
                        }
                    }
                    options.put(optionKey, optionVal);
                }
            }
            AppConfigurationEntry entry = new AppConfigurationEntry(loginModuleName, loginControlFlag, options);
            if (LOG.isDebugEnabled()) {
                StringBuilder sb = new StringBuilder();
                sb.append("Adding client: [").append(jaasClient).append("{").append(index).append("}]\n");
                sb.append("\tloginModule: [").append(loginModuleName).append("]\n");
                sb.append("\tcontrolFlag: [").append(loginControlFlag).append("]\n");
                for (String key : options.keySet()) {
                    String val = options.get(key);
                    sb.append("\tOptions:  [").append(key).append("] => [").append(val).append("]\n");
                }
                LOG.debug(sb.toString());
            }
            List<AppConfigurationEntry> retList = applicationConfigEntryMap.get(jaasClient);
            if (retList == null) {
                retList = new ArrayList<>();
                applicationConfigEntryMap.put(jaasClient, retList);
            }
            retList.add(entry);
        }
    }
    LOG.debug("<== InMemoryJAASConfiguration.initialize({})", applicationConfigEntryMap);
}
Also used : HashMap(java.util.HashMap) IOException(java.io.IOException) SortedSet(java.util.SortedSet) StringTokenizer(java.util.StringTokenizer) AppConfigurationEntry(javax.security.auth.login.AppConfigurationEntry)

Example 68 with AppConfigurationEntry

use of javax.security.auth.login.AppConfigurationEntry in project jdk8u_jdk by JetBrains.

the class SecurityPolicy method test8077155.

static void test8077155() throws Exception {
    final String username = WEB_USER;
    final char[] password = WEB_PASS;
    SecurityManager security = new SecurityManager();
    Policy.setPolicy(new SecurityPolicy());
    System.setSecurityManager(security);
    CallbackHandler callback = new CallbackHandler() {

        @Override
        public void handle(Callback[] pCallbacks) throws IOException, UnsupportedCallbackException {
            for (Callback cb : pCallbacks) {
                if (cb instanceof NameCallback) {
                    NameCallback ncb = (NameCallback) cb;
                    ncb.setName(username);
                } else if (cb instanceof PasswordCallback) {
                    PasswordCallback pwdcb = (PasswordCallback) cb;
                    pwdcb.setPassword(password);
                }
            }
        }
    };
    final String jaasConfigName = "oracle.test.kerberos.login";
    final String krb5LoginModule = "com.sun.security.auth.module.Krb5LoginModule";
    Configuration loginConfig = new Configuration() {

        @Override
        public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
            if (!jaasConfigName.equals(name)) {
                return new AppConfigurationEntry[0];
            }
            Map<String, String> options = new HashMap<String, String>();
            options.put("useTicketCache", Boolean.FALSE.toString());
            options.put("useKeyTab", Boolean.FALSE.toString());
            return new AppConfigurationEntry[] { new AppConfigurationEntry(krb5LoginModule, LoginModuleControlFlag.REQUIRED, options) };
        }
    };
    // oracle context/subject/login
    LoginContext context = null;
    try {
        context = new LoginContext("oracle.test.kerberos.login", null, callback, loginConfig);
        context.login();
    } catch (LoginException ex) {
        ex.printStackTrace();
        throw new RuntimeException(ex);
    }
    Subject subject = context.getSubject();
    final PrivilegedExceptionAction<Object> test_action = new PrivilegedExceptionAction<Object>() {

        public Object run() throws Exception {
            testConnect();
            return null;
        }
    };
    System.err.println("\n\nExpecting to succeed when executing with the the logged in subject.");
    try {
        Subject.doAs(subject, test_action);
        System.err.println("\n\nConnection succeed when executing with the the logged in subject.");
    } catch (PrivilegedActionException e) {
        System.err.println("\n\nFailure unexpected when executing with the the logged in subject.");
        e.printStackTrace();
        throw new RuntimeException("Failed to login as subject");
    }
    try {
        System.err.println("\n\nExpecting to fail when running with the current user's login.");
        testConnect();
    } catch (Exception ex) {
        System.err.println("\nConnect failed when running with the current user's login:\n" + ex.getMessage());
    }
}
Also used : CallbackHandler(javax.security.auth.callback.CallbackHandler) Configuration(javax.security.auth.login.Configuration) HashMap(java.util.HashMap) Subject(javax.security.auth.Subject) LoginException(javax.security.auth.login.LoginException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) IOException(java.io.IOException) AppConfigurationEntry(javax.security.auth.login.AppConfigurationEntry) PasswordCallback(javax.security.auth.callback.PasswordCallback) NameCallback(javax.security.auth.callback.NameCallback) Callback(javax.security.auth.callback.Callback) NameCallback(javax.security.auth.callback.NameCallback) LoginContext(javax.security.auth.login.LoginContext) PasswordCallback(javax.security.auth.callback.PasswordCallback) LoginException(javax.security.auth.login.LoginException)

Example 69 with AppConfigurationEntry

use of javax.security.auth.login.AppConfigurationEntry in project jdk8u_jdk by JetBrains.

the class MyConfiguration method setupConfiguration.

private void setupConfiguration() {
    ptAE[0] = new AppConfigurationEntry("SmartLoginModule", optionOrder ? OPTIONAL : REQUIRED, map);
    ptAE[1] = new AppConfigurationEntry("DummyLoginModule", optionOrder ? SUFFICIENT : REQUIRED, map);
}
Also used : AppConfigurationEntry(javax.security.auth.login.AppConfigurationEntry)

Example 70 with AppConfigurationEntry

use of javax.security.auth.login.AppConfigurationEntry in project karaf by apache.

the class Config method getEntries.

public AppConfigurationEntry[] getEntries() {
    if (this.entries == null && this.modules != null) {
        Module[] modules = this.modules;
        AppConfigurationEntry[] entries = new AppConfigurationEntry[modules.length];
        for (int i = 0; i < modules.length; i++) {
            Map<String, Object> options = new HashMap<>();
            // put the bundle context in the options map
            // it's required to be able to use the encryption service
            // in the AbstractKarafLoginModule
            options.put(BundleContext.class.getName(), bundleContext);
            if (modules[i].getOptions() != null) {
                for (Map.Entry e : modules[i].getOptions().entrySet()) {
                    options.put(e.getKey().toString(), e.getValue());
                }
            }
            options.put(ProxyLoginModule.PROPERTY_MODULE, modules[i].getClassName());
            options.put(ProxyLoginModule.PROPERTY_BUNDLE, Long.toString(bundleContext.getBundle().getBundleId()));
            entries[i] = new AppConfigurationEntry(ProxyLoginModule.class.getName(), getControlFlag(modules[i].getFlags()), options);
        }
        this.entries = entries;
    }
    return this.entries;
}
Also used : AppConfigurationEntry(javax.security.auth.login.AppConfigurationEntry) HashMap(java.util.HashMap) ProxyLoginModule(org.apache.karaf.jaas.boot.ProxyLoginModule) Map(java.util.Map) HashMap(java.util.HashMap) BundleContext(org.osgi.framework.BundleContext)

Aggregations

AppConfigurationEntry (javax.security.auth.login.AppConfigurationEntry)76 HashMap (java.util.HashMap)31 Configuration (javax.security.auth.login.Configuration)26 Map (java.util.Map)13 Test (org.junit.Test)11 Subject (javax.security.auth.Subject)10 LoginContext (javax.security.auth.login.LoginContext)10 SSOException (com.iplanet.sso.SSOException)7 SMSException (com.sun.identity.sm.SMSException)7 HashSet (java.util.HashSet)7 JaasRealm (org.apache.karaf.jaas.config.JaasRealm)7 Set (java.util.Set)6 LoginException (javax.security.auth.login.LoginException)5 IOException (java.io.IOException)4 ConcurrentHashMap (java.util.concurrent.ConcurrentHashMap)4 CallbackHandler (javax.security.auth.callback.CallbackHandler)4 LoginModuleControlFlag (javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag)4 LoginModuleImpl (org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImpl)4 File (java.io.File)3 Principal (java.security.Principal)3