Example 71 with AppConfigurationEntry
use of javax.security.auth.login.AppConfigurationEntry in project jackrabbit-oak by apache.
the class LoginContextProviderImplTest method testGetLoginContextWithConfigurationPreset.
@Test
public void testGetLoginContextWithConfigurationPreset() throws Exception {
Configuration.setConfiguration(new Configuration() {
@Override
public AppConfigurationEntry[] getAppConfigurationEntry(String applicationName) {
return new AppConfigurationEntry[] { new AppConfigurationEntry(GuestLoginModule.class.getName(), AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL, new HashMap()) };
}
});
LoginContextProvider provider = new LoginContextProviderImpl(AuthenticationConfiguration.DEFAULT_APP_NAME, ConfigurationParameters.EMPTY, getContentRepository(), getSecurityProvider(), new DefaultWhiteboard());
LoginContext ctx = provider.getLoginContext(null, null);
ctx.login();
assertFalse(ctx.getSubject().getPublicCredentials(GuestCredentials.class).isEmpty());
}
Also used :
AppConfigurationEntry(javax.security.auth.login.AppConfigurationEntry)
JaasLoginContext(org.apache.jackrabbit.oak.spi.security.authentication.JaasLoginContext)
LoginContext(org.apache.jackrabbit.oak.spi.security.authentication.LoginContext)
Configuration(javax.security.auth.login.Configuration)
AuthenticationConfiguration(org.apache.jackrabbit.oak.spi.security.authentication.AuthenticationConfiguration)
HashMap(java.util.HashMap)
LoginContextProvider(org.apache.jackrabbit.oak.spi.security.authentication.LoginContextProvider)
DefaultWhiteboard(org.apache.jackrabbit.oak.spi.whiteboard.DefaultWhiteboard)
AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest)
Test(org.junit.Test)
Example 72 with AppConfigurationEntry
use of javax.security.auth.login.AppConfigurationEntry in project jackrabbit-oak by apache.
the class TokenLoginModuleCredentialsSupportTest method getConfiguration.
@Override
protected Configuration getConfiguration() {
return new Configuration() {
@Override
public AppConfigurationEntry[] getAppConfigurationEntry(String s) {
AppConfigurationEntry tokenEntry = new AppConfigurationEntry(TokenLoginModule.class.getName(), AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT, Collections.<String, Object>emptyMap());
AppConfigurationEntry testEntry = new AppConfigurationEntry(TestLoginModule.class.getName(), AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT, ImmutableMap.of("credsSupport", credentialsSupport));
AppConfigurationEntry defaultEntry = new AppConfigurationEntry(LoginModuleImpl.class.getName(), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, Collections.<String, Object>emptyMap());
return new AppConfigurationEntry[] { tokenEntry, testEntry, defaultEntry };
}
};
}
Also used :
AppConfigurationEntry(javax.security.auth.login.AppConfigurationEntry)
LoginModuleImpl(org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImpl)
CompositeTokenConfiguration(org.apache.jackrabbit.oak.spi.security.authentication.token.CompositeTokenConfiguration)
TokenConfiguration(org.apache.jackrabbit.oak.spi.security.authentication.token.TokenConfiguration)
Configuration(javax.security.auth.login.Configuration)
Example 73 with AppConfigurationEntry
use of javax.security.auth.login.AppConfigurationEntry in project karaf by apache.
the class Config method getEntries.
public AppConfigurationEntry[] getEntries() {
if (this.entries == null && this.modules != null) {
Module[] modules = this.modules;
AppConfigurationEntry[] entries = new AppConfigurationEntry[modules.length];
for (int i = 0; i < modules.length; i++) {
Map<String, Object> options = new HashMap<>();
// put the bundle context in the options map
// it's required to be able to use the encryption service
// in the AbstractKarafLoginModule
options.put(BundleContext.class.getName(), bundleContext);
if (modules[i].getOptions() != null) {
for (Map.Entry e : modules[i].getOptions().entrySet()) {
options.put(e.getKey().toString(), e.getValue());
}
}
options.put(ProxyLoginModule.PROPERTY_MODULE, modules[i].getClassName());
options.put(ProxyLoginModule.PROPERTY_BUNDLE, Long.toString(bundleContext.getBundle().getBundleId()));
entries[i] = new AppConfigurationEntry(ProxyLoginModule.class.getName(), getControlFlag(modules[i].getFlags()), options);
}
this.entries = entries;
}
return this.entries;
}
Also used :
AppConfigurationEntry(javax.security.auth.login.AppConfigurationEntry)
HashMap(java.util.HashMap)
ProxyLoginModule(org.apache.karaf.jaas.boot.ProxyLoginModule)
Map(java.util.Map)
HashMap(java.util.HashMap)
BundleContext(org.osgi.framework.BundleContext)
Example 74 with AppConfigurationEntry
use of javax.security.auth.login.AppConfigurationEntry in project cdap by caskdata.
the class SecurityUtil method enableKerberosLogin.
/**
* Enables Kerberos authentication based on configuration.
*
* @param cConf configuration object.
*/
public static void enableKerberosLogin(CConfiguration cConf) throws IOException {
if (System.getProperty(Constants.External.JavaSecurity.ENV_AUTH_LOGIN_CONFIG) != null) {
LOG.warn("Environment variable '{}' was already set to {}. Not generating JAAS configuration.", Constants.External.JavaSecurity.ENV_AUTH_LOGIN_CONFIG, System.getProperty(Constants.External.JavaSecurity.ENV_AUTH_LOGIN_CONFIG));
return;
}
if (!isKerberosEnabled(cConf)) {
LOG.info("Kerberos login is not enabled. To enable Kerberos login, enable {} and configure {} and {}", Constants.Security.KERBEROS_ENABLED, Constants.Security.CFG_CDAP_MASTER_KRB_PRINCIPAL, Constants.Security.CFG_CDAP_MASTER_KRB_KEYTAB_PATH);
return;
}
Preconditions.checkArgument(cConf.get(Constants.Security.CFG_CDAP_MASTER_KRB_PRINCIPAL) != null, "Kerberos authentication is enabled, but " + Constants.Security.CFG_CDAP_MASTER_KRB_PRINCIPAL + " is not configured");
String principal = cConf.get(Constants.Security.CFG_CDAP_MASTER_KRB_PRINCIPAL);
principal = expandPrincipal(principal);
Preconditions.checkArgument(cConf.get(Constants.Security.CFG_CDAP_MASTER_KRB_KEYTAB_PATH) != null, "Kerberos authentication is enabled, but " + Constants.Security.CFG_CDAP_MASTER_KRB_KEYTAB_PATH + " is not configured");
File keytabFile = new File(cConf.get(Constants.Security.CFG_CDAP_MASTER_KRB_KEYTAB_PATH));
Preconditions.checkArgument(Files.isReadable(keytabFile.toPath()), "Keytab file is not a readable file: %s", keytabFile);
LOG.info("Using Kerberos principal {} and keytab {}", principal, keytabFile.getAbsolutePath());
System.setProperty(Constants.External.Zookeeper.ENV_AUTH_PROVIDER_1, "org.apache.zookeeper.server.auth.SASLAuthenticationProvider");
System.setProperty(Constants.External.Zookeeper.ENV_ALLOW_SASL_FAILED_CLIENTS, "true");
System.setProperty(ZooKeeperSaslClient.LOGIN_CONTEXT_NAME_KEY, "Client");
final Map<String, String> properties = new HashMap<>();
properties.put("doNotPrompt", "true");
properties.put("useKeyTab", "true");
properties.put("useTicketCache", "false");
properties.put("principal", principal);
properties.put("keyTab", keytabFile.getAbsolutePath());
final AppConfigurationEntry configurationEntry = new AppConfigurationEntry(KerberosUtil.getKrb5LoginModuleName(), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, properties);
Configuration configuration = new Configuration() {
@Override
public AppConfigurationEntry[] getAppConfigurationEntry(String s) {
return new AppConfigurationEntry[] { configurationEntry };
}
};
// apply the configuration
Configuration.setConfiguration(configuration);
}
Also used :
AppConfigurationEntry(javax.security.auth.login.AppConfigurationEntry)
CConfiguration(co.cask.cdap.common.conf.CConfiguration)
Configuration(javax.security.auth.login.Configuration)
HashMap(java.util.HashMap)
File(java.io.File)
Aggregations
AppConfigurationEntry (javax.security.auth.login.AppConfigurationEntry)74
HashMap (java.util.HashMap)30
Configuration (javax.security.auth.login.Configuration)25
Map (java.util.Map)13
Test (org.junit.Test)11
Subject (javax.security.auth.Subject)10
LoginContext (javax.security.auth.login.LoginContext)10
SSOException (com.iplanet.sso.SSOException)7
SMSException (com.sun.identity.sm.SMSException)7
HashSet (java.util.HashSet)7
JaasRealm (org.apache.karaf.jaas.config.JaasRealm)7
Set (java.util.Set)6
LoginException (javax.security.auth.login.LoginException)5
IOException (java.io.IOException)4
ConcurrentHashMap (java.util.concurrent.ConcurrentHashMap)4
CallbackHandler (javax.security.auth.callback.CallbackHandler)4
LoginModuleControlFlag (javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag)4
LoginModuleImpl (org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImpl)4
File (java.io.File)3
Principal (java.security.Principal)3
