Example 71 with Configuration
use of javax.security.auth.login.Configuration in project polymap4-core by Polymap4.
the class SpnegoFilterConfig method moduleExists.
private boolean moduleExists(final String side, final String moduleName) {
// confirm that runtime loaded the login file
final Configuration config = Configuration.getConfiguration();
// we only expect one entry
final AppConfigurationEntry[] entry = config.getAppConfigurationEntry(moduleName);
// confirm that the module name exists in the file
if (null == entry) {
throw new IllegalArgumentException("The " + side + " module name " + "was not found in the login file: " + moduleName);
}
// confirm that the login module class was defined
if (0 == entry.length) {
throw new IllegalArgumentException("The " + side + " module name " + "exists but login module class not defined: " + moduleName);
}
// confirm that only one login module class specified
if (entry.length > 1) {
throw new IllegalArgumentException("Only one login module class " + "is supported for the " + side + " module: " + entry.length);
}
// confirm class name is "com.sun.security.auth.module.Krb5LoginModule"
if (!entry[0].getLoginModuleName().equals("com.sun.security.auth.module.Krb5LoginModule")) {
throw new UnsupportedOperationException("Login module class not " + "supported: " + entry[0].getLoginModuleName());
}
// confirm Control Flag is specified as REQUIRED
if (!entry[0].getControlFlag().equals(AppConfigurationEntry.LoginModuleControlFlag.REQUIRED)) {
throw new UnsupportedOperationException("Control Flag must " + "have a value of REQUIRED: " + entry[0].getControlFlag());
}
return true;
}
Also used :
AppConfigurationEntry(javax.security.auth.login.AppConfigurationEntry)
Configuration(javax.security.auth.login.Configuration)
Example 72 with Configuration
use of javax.security.auth.login.Configuration in project ranger by apache.
the class DbToSolrMigrationUtil method registerSolrClientJAAS.
private void registerSolrClientJAAS() {
logger.info("==> createSolrClient.registerSolrClientJAAS()");
Properties props = PropertiesUtil.getProps();
try {
// Refer InMemoryJAASConfiguration doc for JAAS Configuration
if (System.getProperty(PROP_JAVA_SECURITY_AUTH_LOGIN_CONFIG) == null) {
System.setProperty(PROP_JAVA_SECURITY_AUTH_LOGIN_CONFIG, "/dev/null");
}
logger.info("Loading SolrClient JAAS config from Ranger audit config if present...");
Configuration conf = InMemoryJAASConfiguration.init(props);
if (conf != null) {
Configuration.setConfiguration(conf);
}
} catch (Exception e) {
logger.error("ERROR: Unable to load SolrClient JAAS config from ranger admin config file. Audit migration to Secure Solr will fail...", e);
}
logger.info("<==createSolrClient.registerSolrClientJAAS()");
}
Also used :
InMemoryJAASConfiguration(org.apache.ranger.audit.utils.InMemoryJAASConfiguration)
Configuration(javax.security.auth.login.Configuration)
Properties(java.util.Properties)
IOException(java.io.IOException)
Example 73 with Configuration
use of javax.security.auth.login.Configuration in project ranger by apache.
the class RangerAuthenticationProvider method getUnixAuthentication.
public Authentication getUnixAuthentication(Authentication authentication) {
try {
String rangerLdapDefaultRole = PropertiesUtil.getProperty("ranger.ldap.default.role", "ROLE_USER");
DefaultJaasAuthenticationProvider jaasAuthenticationProvider = new DefaultJaasAuthenticationProvider();
String loginModuleName = "org.apache.ranger.authentication.unix.jaas.RemoteUnixLoginModule";
LoginModuleControlFlag controlFlag = LoginModuleControlFlag.REQUIRED;
Map<String, String> options = PropertiesUtil.getPropertiesMap();
AppConfigurationEntry appConfigurationEntry = new AppConfigurationEntry(loginModuleName, controlFlag, options);
AppConfigurationEntry[] appConfigurationEntries = new AppConfigurationEntry[] { appConfigurationEntry };
Map<String, AppConfigurationEntry[]> appConfigurationEntriesOptions = new HashMap<String, AppConfigurationEntry[]>();
appConfigurationEntriesOptions.put("SPRINGSECURITY", appConfigurationEntries);
Configuration configuration = new InMemoryConfiguration(appConfigurationEntriesOptions);
jaasAuthenticationProvider.setConfiguration(configuration);
RoleUserAuthorityGranter authorityGranter = new RoleUserAuthorityGranter();
RoleUserAuthorityGranter[] authorityGranters = new RoleUserAuthorityGranter[] { authorityGranter };
jaasAuthenticationProvider.setAuthorityGranters(authorityGranters);
jaasAuthenticationProvider.afterPropertiesSet();
String userName = authentication.getName();
String userPassword = "";
if (authentication.getCredentials() != null) {
userPassword = authentication.getCredentials().toString();
}
// getting user authenticated
if (userName != null && userPassword != null && !userName.trim().isEmpty() && !userPassword.trim().isEmpty()) {
final List<GrantedAuthority> grantedAuths = new ArrayList<>();
grantedAuths.add(new SimpleGrantedAuthority(rangerLdapDefaultRole));
final UserDetails principal = new User(userName, userPassword, grantedAuths);
final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(principal, userPassword, grantedAuths);
authentication = jaasAuthenticationProvider.authenticate(finalAuthentication);
authentication = getAuthenticationWithGrantedAuthority(authentication);
return authentication;
} else {
return authentication;
}
} catch (Exception e) {
logger.debug("Unix Authentication Failed:", e);
}
return authentication;
}
Also used :
DefaultJaasAuthenticationProvider(org.springframework.security.authentication.jaas.DefaultJaasAuthenticationProvider)
RoleUserAuthorityGranter(org.apache.ranger.authentication.unix.jaas.RoleUserAuthorityGranter)
User(org.springframework.security.core.userdetails.User)
Configuration(javax.security.auth.login.Configuration)
InMemoryConfiguration(org.springframework.security.authentication.jaas.memory.InMemoryConfiguration)
HashMap(java.util.HashMap)
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
GrantedAuthority(org.springframework.security.core.GrantedAuthority)
ArrayList(java.util.ArrayList)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
BadCredentialsException(org.springframework.security.authentication.BadCredentialsException)
AuthenticationException(org.springframework.security.core.AuthenticationException)
AuthenticationServiceException(org.springframework.security.authentication.AuthenticationServiceException)
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
AppConfigurationEntry(javax.security.auth.login.AppConfigurationEntry)
UserDetails(org.springframework.security.core.userdetails.UserDetails)
InMemoryConfiguration(org.springframework.security.authentication.jaas.memory.InMemoryConfiguration)
LoginModuleControlFlag(javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag)
Authentication(org.springframework.security.core.Authentication)
Example 74 with Configuration
use of javax.security.auth.login.Configuration in project ranger by apache.
the class RangerAuthenticationProvider method getPamAuthentication.
public Authentication getPamAuthentication(Authentication authentication) {
try {
String rangerLdapDefaultRole = PropertiesUtil.getProperty("ranger.ldap.default.role", "ROLE_USER");
DefaultJaasAuthenticationProvider jaasAuthenticationProvider = new DefaultJaasAuthenticationProvider();
String loginModuleName = "org.apache.ranger.authentication.unix.jaas.PamLoginModule";
LoginModuleControlFlag controlFlag = LoginModuleControlFlag.REQUIRED;
Map<String, String> options = PropertiesUtil.getPropertiesMap();
if (!options.containsKey("ranger.pam.service"))
options.put("ranger.pam.service", "ranger-admin");
AppConfigurationEntry appConfigurationEntry = new AppConfigurationEntry(loginModuleName, controlFlag, options);
AppConfigurationEntry[] appConfigurationEntries = new AppConfigurationEntry[] { appConfigurationEntry };
Map<String, AppConfigurationEntry[]> appConfigurationEntriesOptions = new HashMap<String, AppConfigurationEntry[]>();
appConfigurationEntriesOptions.put("SPRINGSECURITY", appConfigurationEntries);
Configuration configuration = new InMemoryConfiguration(appConfigurationEntriesOptions);
jaasAuthenticationProvider.setConfiguration(configuration);
RoleUserAuthorityGranter authorityGranter = new RoleUserAuthorityGranter();
RoleUserAuthorityGranter[] authorityGranters = new RoleUserAuthorityGranter[] { authorityGranter };
jaasAuthenticationProvider.setAuthorityGranters(authorityGranters);
jaasAuthenticationProvider.afterPropertiesSet();
String userName = authentication.getName();
String userPassword = "";
if (authentication.getCredentials() != null) {
userPassword = authentication.getCredentials().toString();
}
// getting user authenticated
if (userName != null && userPassword != null && !userName.trim().isEmpty() && !userPassword.trim().isEmpty()) {
final List<GrantedAuthority> grantedAuths = new ArrayList<>();
grantedAuths.add(new SimpleGrantedAuthority(rangerLdapDefaultRole));
final UserDetails principal = new User(userName, userPassword, grantedAuths);
final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(principal, userPassword, grantedAuths);
authentication = jaasAuthenticationProvider.authenticate(finalAuthentication);
authentication = getAuthenticationWithGrantedAuthority(authentication);
return authentication;
} else {
return authentication;
}
} catch (Exception e) {
logger.debug("Pam Authentication Failed:", e);
}
return authentication;
}
Also used :
DefaultJaasAuthenticationProvider(org.springframework.security.authentication.jaas.DefaultJaasAuthenticationProvider)
RoleUserAuthorityGranter(org.apache.ranger.authentication.unix.jaas.RoleUserAuthorityGranter)
User(org.springframework.security.core.userdetails.User)
Configuration(javax.security.auth.login.Configuration)
InMemoryConfiguration(org.springframework.security.authentication.jaas.memory.InMemoryConfiguration)
HashMap(java.util.HashMap)
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
GrantedAuthority(org.springframework.security.core.GrantedAuthority)
ArrayList(java.util.ArrayList)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
BadCredentialsException(org.springframework.security.authentication.BadCredentialsException)
AuthenticationException(org.springframework.security.core.AuthenticationException)
AuthenticationServiceException(org.springframework.security.authentication.AuthenticationServiceException)
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
AppConfigurationEntry(javax.security.auth.login.AppConfigurationEntry)
UserDetails(org.springframework.security.core.userdetails.UserDetails)
InMemoryConfiguration(org.springframework.security.authentication.jaas.memory.InMemoryConfiguration)
LoginModuleControlFlag(javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag)
Authentication(org.springframework.security.core.Authentication)
Example 75 with Configuration
use of javax.security.auth.login.Configuration in project calcite-avatica by apache.
the class KerberosConnectionTest method previousContextLoggedOut.
@Test
public void previousContextLoggedOut() throws Exception {
KerberosConnection krbUtil = mock(KerberosConnection.class);
Subject subject = new Subject();
Subject loggedInSubject = new Subject();
Configuration conf = mock(Configuration.class);
LoginContext originalContext = mock(LoginContext.class);
LoginContext context = mock(LoginContext.class);
// Call the real login(LoginContext, Configuration, Subject) method
when(krbUtil.login(any(LoginContext.class), any(Configuration.class), any(Subject.class))).thenCallRealMethod();
// Return a fake LoginContext
when(krbUtil.createLoginContext(conf)).thenReturn(context);
// Return a fake Subject from that fake LoginContext
when(context.getSubject()).thenReturn(loggedInSubject);
Entry<LoginContext, Subject> pair = krbUtil.login(originalContext, conf, subject);
// Verify we get the fake LoginContext and Subject
assertEquals(context, pair.getKey());
assertEquals(loggedInSubject, pair.getValue());
verify(originalContext).logout();
// login should be called on the LoginContext
verify(context).login();
}
Also used :
LoginContext(javax.security.auth.login.LoginContext)
Configuration(javax.security.auth.login.Configuration)
Subject(javax.security.auth.Subject)
Test(org.junit.Test)
Aggregations
Configuration (javax.security.auth.login.Configuration)100
AppConfigurationEntry (javax.security.auth.login.AppConfigurationEntry)47
LoginContext (javax.security.auth.login.LoginContext)30
HashMap (java.util.HashMap)27
Subject (javax.security.auth.Subject)22
Test (org.junit.Test)17
IOException (java.io.IOException)15
LoginException (javax.security.auth.login.LoginException)13
File (java.io.File)8
Principal (java.security.Principal)7
CallbackHandler (javax.security.auth.callback.CallbackHandler)7
URI (java.net.URI)6
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)6
ArrayList (java.util.ArrayList)6
Test (org.junit.jupiter.api.Test)5
URIParameter (java.security.URIParameter)4
Map (java.util.Map)4
Callback (javax.security.auth.callback.Callback)4
LoginModuleImpl (org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImpl)4
NoSuchProviderException (java.security.NoSuchProviderException)3
