Search in sources :

Example 16 with AppConfigurationEntry

use of javax.security.auth.login.AppConfigurationEntry in project storm by apache.

the class AuthUtilsTest method makeDigestPayloadTest.

@Test
public void makeDigestPayloadTest() throws NoSuchAlgorithmException {
    String section = "user-pass-section";
    Map<String, String> optionMap = new HashMap<String, String>();
    String user = "user";
    String pass = "pass";
    optionMap.put("username", user);
    optionMap.put("password", pass);
    AppConfigurationEntry entry = Mockito.mock(AppConfigurationEntry.class);
    Mockito.<Map<String, ?>>when(entry.getOptions()).thenReturn(optionMap);
    Configuration mockConfig = Mockito.mock(Configuration.class);
    Mockito.when(mockConfig.getAppConfigurationEntry(section)).thenReturn(new AppConfigurationEntry[] { entry });
    MessageDigest digest = MessageDigest.getInstance("SHA-512");
    byte[] output = digest.digest((user + ":" + pass).getBytes());
    String sha = Hex.encodeHexString(output);
    // previous code used this method to generate the string, ensure the two match
    StringBuilder builder = new StringBuilder();
    for (byte b : output) {
        builder.append(String.format("%02x", b));
    }
    String stringFormatMethod = builder.toString();
    Assert.assertEquals(AuthUtils.makeDigestPayload(mockConfig, "user-pass-section"), sha);
    Assert.assertEquals(sha, stringFormatMethod);
}
Also used : AppConfigurationEntry(javax.security.auth.login.AppConfigurationEntry) Configuration(javax.security.auth.login.Configuration) HashMap(java.util.HashMap) MessageDigest(java.security.MessageDigest) Test(org.junit.Test)

Example 17 with AppConfigurationEntry

use of javax.security.auth.login.AppConfigurationEntry in project storm by apache.

the class AuthUtilsTest method getFirstValueForValidKeyTest.

@Test
public void getFirstValueForValidKeyTest() throws IOException {
    String k = "the-key";
    String expected = "good-value";
    Map<String, String> optionMap = new HashMap<String, String>();
    optionMap.put(k, expected);
    Map<String, String> badOptionMap = new HashMap<String, String>();
    badOptionMap.put(k, "bad-value");
    AppConfigurationEntry emptyEntry = Mockito.mock(AppConfigurationEntry.class);
    AppConfigurationEntry badEntry = Mockito.mock(AppConfigurationEntry.class);
    AppConfigurationEntry goodEntry = Mockito.mock(AppConfigurationEntry.class);
    Mockito.<Map<String, ?>>when(emptyEntry.getOptions()).thenReturn(new HashMap<String, String>());
    Mockito.<Map<String, ?>>when(badEntry.getOptions()).thenReturn(badOptionMap);
    Mockito.<Map<String, ?>>when(goodEntry.getOptions()).thenReturn(optionMap);
    String section = "bogus-section";
    Configuration mockConfig = Mockito.mock(Configuration.class);
    Mockito.when(mockConfig.getAppConfigurationEntry(section)).thenReturn(new AppConfigurationEntry[] { emptyEntry, goodEntry, badEntry });
    Assert.assertEquals(AuthUtils.get(mockConfig, section, k), expected);
}
Also used : AppConfigurationEntry(javax.security.auth.login.AppConfigurationEntry) Configuration(javax.security.auth.login.Configuration) HashMap(java.util.HashMap) Test(org.junit.Test)

Example 18 with AppConfigurationEntry

use of javax.security.auth.login.AppConfigurationEntry in project storm by apache.

the class AuthUtils method pullConfig.

/**
     * Pull a set of keys out of a Configuration.
     * @param configuration The config to pull the key/value pairs out of.
     * @param section The app configuration entry name to get stuff from.
     * @return Return a map of the configs in conf.
     */
public static SortedMap<String, ?> pullConfig(Configuration configuration, String section) throws IOException {
    AppConfigurationEntry[] configurationEntries = AuthUtils.getEntries(configuration, section);
    if (configurationEntries == null) {
        return null;
    }
    TreeMap<String, Object> results = new TreeMap<>();
    for (AppConfigurationEntry entry : configurationEntries) {
        Map<String, ?> options = entry.getOptions();
        for (String key : options.keySet()) {
            results.put(key, options.get(key));
        }
    }
    return results;
}
Also used : AppConfigurationEntry(javax.security.auth.login.AppConfigurationEntry) TreeMap(java.util.TreeMap)

Example 19 with AppConfigurationEntry

use of javax.security.auth.login.AppConfigurationEntry in project zookeeper by apache.

the class ServerCnxnFactory method configureSaslLogin.

/**
     * Initialize the server SASL if specified.
     *
     * If the user has specified a "ZooKeeperServer.LOGIN_CONTEXT_NAME_KEY"
     * or a jaas.conf using "java.security.auth.login.config"
     * the authentication is required and an exception is raised.
     * Otherwise no authentication is configured and no exception is raised.
     *
     * @throws IOException if jaas.conf is missing or there's an error in it.
     */
protected void configureSaslLogin() throws IOException {
    String serverSection = System.getProperty(ZooKeeperSaslServer.LOGIN_CONTEXT_NAME_KEY, ZooKeeperSaslServer.DEFAULT_LOGIN_CONTEXT_NAME);
    // Note that 'Configuration' here refers to javax.security.auth.login.Configuration.
    AppConfigurationEntry[] entries = null;
    SecurityException securityException = null;
    try {
        entries = Configuration.getConfiguration().getAppConfigurationEntry(serverSection);
    } catch (SecurityException e) {
        // handle below: might be harmless if the user doesn't intend to use JAAS authentication.
        securityException = e;
    }
    // we throw an exception otherwise we continue without authentication.
    if (entries == null) {
        String jaasFile = System.getProperty(Environment.JAAS_CONF_KEY);
        String loginContextName = System.getProperty(ZooKeeperSaslServer.LOGIN_CONTEXT_NAME_KEY);
        if (securityException != null && (loginContextName != null || jaasFile != null)) {
            String errorMessage = "No JAAS configuration section named '" + serverSection + "' was found";
            if (jaasFile != null) {
                errorMessage += "in '" + jaasFile + "'.";
            }
            if (loginContextName != null) {
                errorMessage += " But " + ZooKeeperSaslServer.LOGIN_CONTEXT_NAME_KEY + " was set.";
            }
            LOG.error(errorMessage);
            throw new IOException(errorMessage);
        }
        return;
    }
    // jaas.conf entry available
    try {
        saslServerCallbackHandler = new SaslServerCallbackHandler(Configuration.getConfiguration());
        login = new Login(serverSection, saslServerCallbackHandler, new ZKConfig());
        login.startThreadIfNeeded();
    } catch (LoginException e) {
        throw new IOException("Could not configure server because SASL configuration did not allow the " + " ZooKeeper server to authenticate itself properly: " + e);
    }
}
Also used : AppConfigurationEntry(javax.security.auth.login.AppConfigurationEntry) ZKConfig(org.apache.zookeeper.common.ZKConfig) SaslServerCallbackHandler(org.apache.zookeeper.server.auth.SaslServerCallbackHandler) LoginException(javax.security.auth.login.LoginException) IOException(java.io.IOException) Login(org.apache.zookeeper.Login)

Example 20 with AppConfigurationEntry

use of javax.security.auth.login.AppConfigurationEntry in project zookeeper by apache.

the class JaasConfiguration method addSection.

/**
     * Add a section to the jaas.conf
     * @param name Section name
     * @param loginModuleName Login module name
     * @param conf login key/value args
     */
public void addSection(String name, String loginModuleName, final Map<String, String> conf) {
    AppConfigurationEntry[] entries = new AppConfigurationEntry[1];
    entries[0] = new AppConfigurationEntry(loginModuleName, LoginModuleControlFlag.REQUIRED, conf);
    this.sections.put(name, entries);
}
Also used : AppConfigurationEntry(javax.security.auth.login.AppConfigurationEntry)

Aggregations

AppConfigurationEntry (javax.security.auth.login.AppConfigurationEntry)74 HashMap (java.util.HashMap)30 Configuration (javax.security.auth.login.Configuration)25 Map (java.util.Map)13 Test (org.junit.Test)11 Subject (javax.security.auth.Subject)10 LoginContext (javax.security.auth.login.LoginContext)10 SSOException (com.iplanet.sso.SSOException)7 SMSException (com.sun.identity.sm.SMSException)7 HashSet (java.util.HashSet)7 JaasRealm (org.apache.karaf.jaas.config.JaasRealm)7 Set (java.util.Set)6 LoginException (javax.security.auth.login.LoginException)5 IOException (java.io.IOException)4 ConcurrentHashMap (java.util.concurrent.ConcurrentHashMap)4 CallbackHandler (javax.security.auth.callback.CallbackHandler)4 LoginModuleControlFlag (javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag)4 LoginModuleImpl (org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImpl)4 File (java.io.File)3 Principal (java.security.Principal)3