Search in sources :

Example 51 with Configuration

use of javax.security.auth.login.Configuration in project jdk8u_jdk by JetBrains.

the class MyCallbackHandler method main.

public static void main(String... args) {
    String rightConfigName = "PT";
    String wrongConfigName = "NT";
    char[] rightPwd = new char[] { 't', 'e', 's', 't', 'P', 'a', 's', 's', 'w', 'o', 'r', 'd', '1' };
    char[] wrongPwd = new char[] { 'w', 'r', 'o', 'n', 'g', 'P', 'a', 's', 's', 'w', 'o', 'r', 'd' };
    // Test with wrong configuration name
    // Expect LoginException when initiate a new LoginContext object
    testConfigName(wrongConfigName, true);
    System.out.println("Wrong Config Name Test passed ");
    // Spedify two loginModules: SmartLoginModule and DummyLoginModule
    // Flags: required-required
    // Test with right password for SmartLoginModule
    // No exception is expected
    Configuration cf = new MyConfiguration();
    testLogin(rightConfigName, rightPwd, cf, false);
    System.out.println("Positive test passed");
    // Spedify two loginModules: SmartLoginModule and DummyLoginModule
    // Flags: required-required
    // Test with wrong password for SmartLoginModule
    // Expect LoginException by calling LoginContext.login() method
    testLogin(rightConfigName, wrongPwd, cf, true);
    System.out.println("Should fail test passed");
    // Spedify two loginModules: SmartLoginModule and DummyLoginModule
    // Change the flags from required-required to optional-sufficient
    // Test with wrong password for SmartLoginModule, while DummyLoginModule
    // always passes
    // No Exception is expected
    cf = new MyConfiguration(true);
    testLogin(rightConfigName, wrongPwd, cf, false);
    System.out.println("One module fails where are other module succeeeds " + "Test passed with optional-sufficient flags");
}
Also used : Configuration(javax.security.auth.login.Configuration)

Example 52 with Configuration

use of javax.security.auth.login.Configuration in project cdap by caskdata.

the class SecurityUtil method enableKerberosLogin.

/**
   * Enables Kerberos authentication based on configuration.
   *
   * @param cConf configuration object.
   */
public static void enableKerberosLogin(CConfiguration cConf) throws IOException {
    if (System.getProperty(Constants.External.JavaSecurity.ENV_AUTH_LOGIN_CONFIG) != null) {
        LOG.warn("Environment variable '{}' was already set to {}. Not generating JAAS configuration.", Constants.External.JavaSecurity.ENV_AUTH_LOGIN_CONFIG, System.getProperty(Constants.External.JavaSecurity.ENV_AUTH_LOGIN_CONFIG));
        return;
    }
    if (!isKerberosEnabled(cConf)) {
        LOG.info("Kerberos login is not enabled. To enable Kerberos login, enable {} and configure {} and {}", Constants.Security.KERBEROS_ENABLED, Constants.Security.CFG_CDAP_MASTER_KRB_PRINCIPAL, Constants.Security.CFG_CDAP_MASTER_KRB_KEYTAB_PATH);
        return;
    }
    Preconditions.checkArgument(cConf.get(Constants.Security.CFG_CDAP_MASTER_KRB_PRINCIPAL) != null, "Kerberos authentication is enabled, but " + Constants.Security.CFG_CDAP_MASTER_KRB_PRINCIPAL + " is not configured");
    String principal = cConf.get(Constants.Security.CFG_CDAP_MASTER_KRB_PRINCIPAL);
    principal = expandPrincipal(principal);
    Preconditions.checkArgument(cConf.get(Constants.Security.CFG_CDAP_MASTER_KRB_KEYTAB_PATH) != null, "Kerberos authentication is enabled, but " + Constants.Security.CFG_CDAP_MASTER_KRB_KEYTAB_PATH + " is not configured");
    File keytabFile = new File(cConf.get(Constants.Security.CFG_CDAP_MASTER_KRB_KEYTAB_PATH));
    Preconditions.checkArgument(Files.isReadable(keytabFile.toPath()), "Keytab file is not a readable file: %s", keytabFile);
    LOG.info("Using Kerberos principal {} and keytab {}", principal, keytabFile.getAbsolutePath());
    System.setProperty(Constants.External.Zookeeper.ENV_AUTH_PROVIDER_1, "org.apache.zookeeper.server.auth.SASLAuthenticationProvider");
    System.setProperty(Constants.External.Zookeeper.ENV_ALLOW_SASL_FAILED_CLIENTS, "true");
    System.setProperty(ZooKeeperSaslClient.LOGIN_CONTEXT_NAME_KEY, "Client");
    final Map<String, String> properties = new HashMap<>();
    properties.put("doNotPrompt", "true");
    properties.put("useKeyTab", "true");
    properties.put("useTicketCache", "false");
    properties.put("principal", principal);
    properties.put("keyTab", keytabFile.getAbsolutePath());
    final AppConfigurationEntry configurationEntry = new AppConfigurationEntry(KerberosUtil.getKrb5LoginModuleName(), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, properties);
    Configuration configuration = new Configuration() {

        @Override
        public AppConfigurationEntry[] getAppConfigurationEntry(String s) {
            return new AppConfigurationEntry[] { configurationEntry };
        }
    };
    // apply the configuration
    Configuration.setConfiguration(configuration);
}
Also used : AppConfigurationEntry(javax.security.auth.login.AppConfigurationEntry) CConfiguration(co.cask.cdap.common.conf.CConfiguration) Configuration(javax.security.auth.login.Configuration) HashMap(java.util.HashMap) File(java.io.File)

Aggregations

Configuration (javax.security.auth.login.Configuration)52 AppConfigurationEntry (javax.security.auth.login.AppConfigurationEntry)26 LoginContext (javax.security.auth.login.LoginContext)18 HashMap (java.util.HashMap)17 Subject (javax.security.auth.Subject)12 Test (org.junit.Test)9 IOException (java.io.IOException)7 LoginException (javax.security.auth.login.LoginException)5 File (java.io.File)4 URI (java.net.URI)4 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4 Callback (javax.security.auth.callback.Callback)4 CallbackHandler (javax.security.auth.callback.CallbackHandler)4 PasswordCallback (javax.security.auth.callback.PasswordCallback)4 LoginModuleImpl (org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImpl)4 URIParameter (java.security.URIParameter)3 Map (java.util.Map)3 NameCallback (javax.security.auth.callback.NameCallback)3 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)3 SSOException (com.iplanet.sso.SSOException)2