Example 51 with Configuration
use of javax.security.auth.login.Configuration in project jdk8u_jdk by JetBrains.
the class MyCallbackHandler method main.
public static void main(String... args) {
String rightConfigName = "PT";
String wrongConfigName = "NT";
char[] rightPwd = new char[] { 't', 'e', 's', 't', 'P', 'a', 's', 's', 'w', 'o', 'r', 'd', '1' };
char[] wrongPwd = new char[] { 'w', 'r', 'o', 'n', 'g', 'P', 'a', 's', 's', 'w', 'o', 'r', 'd' };
// Test with wrong configuration name
// Expect LoginException when initiate a new LoginContext object
testConfigName(wrongConfigName, true);
System.out.println("Wrong Config Name Test passed ");
// Spedify two loginModules: SmartLoginModule and DummyLoginModule
// Flags: required-required
// Test with right password for SmartLoginModule
// No exception is expected
Configuration cf = new MyConfiguration();
testLogin(rightConfigName, rightPwd, cf, false);
System.out.println("Positive test passed");
// Spedify two loginModules: SmartLoginModule and DummyLoginModule
// Flags: required-required
// Test with wrong password for SmartLoginModule
// Expect LoginException by calling LoginContext.login() method
testLogin(rightConfigName, wrongPwd, cf, true);
System.out.println("Should fail test passed");
// Spedify two loginModules: SmartLoginModule and DummyLoginModule
// Change the flags from required-required to optional-sufficient
// Test with wrong password for SmartLoginModule, while DummyLoginModule
// always passes
// No Exception is expected
cf = new MyConfiguration(true);
testLogin(rightConfigName, wrongPwd, cf, false);
System.out.println("One module fails where are other module succeeeds " + "Test passed with optional-sufficient flags");
}
Also used :
Configuration(javax.security.auth.login.Configuration)
Example 52 with Configuration
use of javax.security.auth.login.Configuration in project cdap by caskdata.
the class SecurityUtil method enableKerberosLogin.
/**
* Enables Kerberos authentication based on configuration.
*
* @param cConf configuration object.
*/
public static void enableKerberosLogin(CConfiguration cConf) throws IOException {
if (System.getProperty(Constants.External.JavaSecurity.ENV_AUTH_LOGIN_CONFIG) != null) {
LOG.warn("Environment variable '{}' was already set to {}. Not generating JAAS configuration.", Constants.External.JavaSecurity.ENV_AUTH_LOGIN_CONFIG, System.getProperty(Constants.External.JavaSecurity.ENV_AUTH_LOGIN_CONFIG));
return;
}
if (!isKerberosEnabled(cConf)) {
LOG.info("Kerberos login is not enabled. To enable Kerberos login, enable {} and configure {} and {}", Constants.Security.KERBEROS_ENABLED, Constants.Security.CFG_CDAP_MASTER_KRB_PRINCIPAL, Constants.Security.CFG_CDAP_MASTER_KRB_KEYTAB_PATH);
return;
}
Preconditions.checkArgument(cConf.get(Constants.Security.CFG_CDAP_MASTER_KRB_PRINCIPAL) != null, "Kerberos authentication is enabled, but " + Constants.Security.CFG_CDAP_MASTER_KRB_PRINCIPAL + " is not configured");
String principal = cConf.get(Constants.Security.CFG_CDAP_MASTER_KRB_PRINCIPAL);
principal = expandPrincipal(principal);
Preconditions.checkArgument(cConf.get(Constants.Security.CFG_CDAP_MASTER_KRB_KEYTAB_PATH) != null, "Kerberos authentication is enabled, but " + Constants.Security.CFG_CDAP_MASTER_KRB_KEYTAB_PATH + " is not configured");
File keytabFile = new File(cConf.get(Constants.Security.CFG_CDAP_MASTER_KRB_KEYTAB_PATH));
Preconditions.checkArgument(Files.isReadable(keytabFile.toPath()), "Keytab file is not a readable file: %s", keytabFile);
LOG.info("Using Kerberos principal {} and keytab {}", principal, keytabFile.getAbsolutePath());
System.setProperty(Constants.External.Zookeeper.ENV_AUTH_PROVIDER_1, "org.apache.zookeeper.server.auth.SASLAuthenticationProvider");
System.setProperty(Constants.External.Zookeeper.ENV_ALLOW_SASL_FAILED_CLIENTS, "true");
System.setProperty(ZooKeeperSaslClient.LOGIN_CONTEXT_NAME_KEY, "Client");
final Map<String, String> properties = new HashMap<>();
properties.put("doNotPrompt", "true");
properties.put("useKeyTab", "true");
properties.put("useTicketCache", "false");
properties.put("principal", principal);
properties.put("keyTab", keytabFile.getAbsolutePath());
final AppConfigurationEntry configurationEntry = new AppConfigurationEntry(KerberosUtil.getKrb5LoginModuleName(), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, properties);
Configuration configuration = new Configuration() {
@Override
public AppConfigurationEntry[] getAppConfigurationEntry(String s) {
return new AppConfigurationEntry[] { configurationEntry };
}
};
// apply the configuration
Configuration.setConfiguration(configuration);
}
Also used :
AppConfigurationEntry(javax.security.auth.login.AppConfigurationEntry)
CConfiguration(co.cask.cdap.common.conf.CConfiguration)
Configuration(javax.security.auth.login.Configuration)
HashMap(java.util.HashMap)
File(java.io.File)
Aggregations
Configuration (javax.security.auth.login.Configuration)52
AppConfigurationEntry (javax.security.auth.login.AppConfigurationEntry)26
LoginContext (javax.security.auth.login.LoginContext)18
HashMap (java.util.HashMap)17
Subject (javax.security.auth.Subject)12
Test (org.junit.Test)9
IOException (java.io.IOException)7
LoginException (javax.security.auth.login.LoginException)5
File (java.io.File)4
URI (java.net.URI)4
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4
Callback (javax.security.auth.callback.Callback)4
CallbackHandler (javax.security.auth.callback.CallbackHandler)4
PasswordCallback (javax.security.auth.callback.PasswordCallback)4
LoginModuleImpl (org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImpl)4
URIParameter (java.security.URIParameter)3
Map (java.util.Map)3
NameCallback (javax.security.auth.callback.NameCallback)3
UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)3
SSOException (com.iplanet.sso.SSOException)2
