Example 66 with Configuration
use of javax.security.auth.login.Configuration in project cdap by caskdata.
the class SecurityUtil method enableKerberosLogin.
/**
* Enables Kerberos authentication based on configuration.
*
* @param cConf configuration object.
*/
public static void enableKerberosLogin(CConfiguration cConf) throws IOException {
if (System.getProperty(Constants.External.JavaSecurity.ENV_AUTH_LOGIN_CONFIG) != null) {
LOG.warn("Environment variable '{}' was already set to {}. Not generating JAAS configuration.", Constants.External.JavaSecurity.ENV_AUTH_LOGIN_CONFIG, System.getProperty(Constants.External.JavaSecurity.ENV_AUTH_LOGIN_CONFIG));
return;
}
if (!isKerberosEnabled(cConf)) {
LOG.info("Kerberos login is not enabled. To enable Kerberos login, enable {} and configure {} and {}", Constants.Security.KERBEROS_ENABLED, Constants.Security.CFG_CDAP_MASTER_KRB_PRINCIPAL, Constants.Security.CFG_CDAP_MASTER_KRB_KEYTAB_PATH);
return;
}
Preconditions.checkArgument(cConf.get(Constants.Security.CFG_CDAP_MASTER_KRB_PRINCIPAL) != null, "Kerberos authentication is enabled, but " + Constants.Security.CFG_CDAP_MASTER_KRB_PRINCIPAL + " is not configured");
String principal = cConf.get(Constants.Security.CFG_CDAP_MASTER_KRB_PRINCIPAL);
principal = expandPrincipal(principal);
Preconditions.checkArgument(cConf.get(Constants.Security.CFG_CDAP_MASTER_KRB_KEYTAB_PATH) != null, "Kerberos authentication is enabled, but " + Constants.Security.CFG_CDAP_MASTER_KRB_KEYTAB_PATH + " is not configured");
File keytabFile = new File(cConf.get(Constants.Security.CFG_CDAP_MASTER_KRB_KEYTAB_PATH));
Preconditions.checkArgument(Files.isReadable(keytabFile.toPath()), "Keytab file is not a readable file: %s", keytabFile);
LOG.info("Using Kerberos principal {} and keytab {}", principal, keytabFile.getAbsolutePath());
System.setProperty(Constants.External.Zookeeper.ENV_AUTH_PROVIDER_1, "org.apache.zookeeper.server.auth.SASLAuthenticationProvider");
System.setProperty(Constants.External.Zookeeper.ENV_ALLOW_SASL_FAILED_CLIENTS, "true");
System.setProperty(ZooKeeperSaslClient.LOGIN_CONTEXT_NAME_KEY, "Client");
final Map<String, String> properties = new HashMap<>();
properties.put("doNotPrompt", "true");
properties.put("useKeyTab", "true");
properties.put("useTicketCache", "false");
properties.put("principal", principal);
properties.put("keyTab", keytabFile.getAbsolutePath());
final AppConfigurationEntry configurationEntry = new AppConfigurationEntry(KerberosUtil.getKrb5LoginModuleName(), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, properties);
Configuration configuration = new Configuration() {
@Override
public AppConfigurationEntry[] getAppConfigurationEntry(String s) {
return new AppConfigurationEntry[] { configurationEntry };
}
};
// apply the configuration
Configuration.setConfiguration(configuration);
}
Also used :
AppConfigurationEntry(javax.security.auth.login.AppConfigurationEntry)
CConfiguration(co.cask.cdap.common.conf.CConfiguration)
Configuration(javax.security.auth.login.Configuration)
HashMap(java.util.HashMap)
File(java.io.File)
Example 67 with Configuration
use of javax.security.auth.login.Configuration in project activemq-artemis by apache.
the class UserAction method getConfiguration.
FileBasedSecStoreConfig getConfiguration() throws Exception {
Configuration securityConfig = Configuration.getConfiguration();
AppConfigurationEntry[] entries = securityConfig.getAppConfigurationEntry(entry);
for (AppConfigurationEntry entry : entries) {
if (entry.getLoginModuleName().equals(PropertiesLoginModule.class.getName())) {
String userFileName = (String) entry.getOptions().get(USER_FILE_PROP_NAME);
String roleFileName = (String) entry.getOptions().get(ROLE_FILE_PROP_NAME);
File etcDir = new File(getBrokerEtc());
File userFile = new File(etcDir, userFileName);
File roleFile = new File(etcDir, roleFileName);
if (!userFile.exists() || !roleFile.exists()) {
throw new IllegalArgumentException("Couldn't find user file or role file!");
}
return new FileBasedSecStoreConfig(userFile, roleFile);
}
}
throw new IllegalArgumentException("Failed to load security file");
}
Also used :
AppConfigurationEntry(javax.security.auth.login.AppConfigurationEntry)
Configuration(javax.security.auth.login.Configuration)
File(java.io.File)
PropertiesLoginModule(org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule)
Example 68 with Configuration
use of javax.security.auth.login.Configuration in project jackrabbit-oak by apache.
the class PreAuthDefaultExternalLoginModuleTest method getConfiguration.
/**
* Example {
* your.org.PreAuthenticationLoginModule optional;
* org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImpl optional;
* org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule sufficient
* sync.handlerName="your-synchandler_name"
* idp.name="your_idp_name";
* };
*/
@Override
protected Configuration getConfiguration() {
return new Configuration() {
@Override
public AppConfigurationEntry[] getAppConfigurationEntry(String s) {
AppConfigurationEntry entry1 = new AppConfigurationEntry(PreAuthLoginModule.class.getName(), AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL, preAuthOptions);
AppConfigurationEntry entry2 = new AppConfigurationEntry(LoginModuleImpl.class.getName(), AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL, new HashMap<String, Object>());
AppConfigurationEntry entry3 = new AppConfigurationEntry(ExternalLoginModule.class.getName(), AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT, options);
return new AppConfigurationEntry[] { entry1, entry2, entry3 };
}
};
}
Also used :
ExternalLoginModule(org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule)
AppConfigurationEntry(javax.security.auth.login.AppConfigurationEntry)
LoginModuleImpl(org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImpl)
Configuration(javax.security.auth.login.Configuration)
Example 69 with Configuration
use of javax.security.auth.login.Configuration in project polymap4-core by Polymap4.
the class ConfigurationFactory method getConfigurations.
public Configuration[] getConfigurations() {
IExtensionRegistry registry = RegistryFactory.getRegistry();
IExtensionPoint point = registry.getExtensionPoint(POINT_PROVIDER);
IExtension[] extensions = point.getExtensions();
ArrayList returnValue = new ArrayList(extensions.length);
for (int i = 0; i < extensions.length; i++) {
IConfigurationElement[] elements = extensions[i].getConfigurationElements();
for (int j = 0; j < elements.length; j++) {
Configuration provider = readProvider(elements[j]);
if (provider != null)
returnValue.add(provider);
}
}
return (Configuration[]) returnValue.toArray(new Configuration[] {});
}
Also used :
Configuration(javax.security.auth.login.Configuration)
ArrayList(java.util.ArrayList)
Example 70 with Configuration
use of javax.security.auth.login.Configuration in project polymap4-core by Polymap4.
the class SpnegoFilterConfig method doServerModule.
/**
* Set the canUseKeyTab flag by determining if all LoginModule options
* have been set.
*
* <pre>
* my-spnego-login-module {
* com.sun.security.auth.module.Krb5LoginModule
* required
* storeKey=true
* useKeyTab=true
* keyTab="file:///C:/my_path/my_file.keytab"
* principal="my_preauth_account";
* };
* </pre>
*
* @param moduleName
*/
private void doServerModule(final String moduleName) {
assert moduleExists("server", moduleName);
this.serverLoginModule = moduleName;
// confirm that runtime loaded the login file
final Configuration config = Configuration.getConfiguration();
// we only expect one entry
final AppConfigurationEntry entry = config.getAppConfigurationEntry(moduleName)[0];
// get login module options
final Map<String, ?> opt = entry.getOptions();
// storeKey must be set to true
if (opt.containsKey("storeKey")) {
final Object store = opt.get("storeKey");
if (null == store || !Boolean.parseBoolean((String) store)) {
throw new UnsupportedOperationException("Login Module for server " + "must have storeKey option in login file set to true.");
}
} else {
throw new UnsupportedOperationException("Login Module for server does " + "not have the storeKey option defined in login file.");
}
if (opt.containsKey("useKeyTab") && opt.containsKey("principal") && opt.containsKey("keyTab")) {
this.canUseKeyTab = true;
} else {
this.canUseKeyTab = false;
}
}
Also used :
AppConfigurationEntry(javax.security.auth.login.AppConfigurationEntry)
Configuration(javax.security.auth.login.Configuration)
Aggregations
Configuration (javax.security.auth.login.Configuration)100
AppConfigurationEntry (javax.security.auth.login.AppConfigurationEntry)47
LoginContext (javax.security.auth.login.LoginContext)30
HashMap (java.util.HashMap)27
Subject (javax.security.auth.Subject)22
Test (org.junit.Test)17
IOException (java.io.IOException)15
LoginException (javax.security.auth.login.LoginException)13
File (java.io.File)8
Principal (java.security.Principal)7
CallbackHandler (javax.security.auth.callback.CallbackHandler)7
URI (java.net.URI)6
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)6
ArrayList (java.util.ArrayList)6
Test (org.junit.jupiter.api.Test)5
URIParameter (java.security.URIParameter)4
Map (java.util.Map)4
Callback (javax.security.auth.callback.Callback)4
LoginModuleImpl (org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImpl)4
NoSuchProviderException (java.security.NoSuchProviderException)3
