Examples with Configuration javax.security.auth.login.Configuration used on opensource projects

Example 81 with Configuration

use of javax.security.auth.login.Configuration in project apache-kafka-on-k8s by banzaicloud.

the class JaasUtils method isZkSecurityEnabled.

public static boolean isZkSecurityEnabled() {
    boolean zkSaslEnabled = Boolean.parseBoolean(System.getProperty(ZK_SASL_CLIENT, "true"));
    String zkLoginContextName = System.getProperty(ZK_LOGIN_CONTEXT_NAME_KEY, "Client");
    boolean isSecurityEnabled;
    try {
        Configuration loginConf = Configuration.getConfiguration();
        isSecurityEnabled = loginConf.getAppConfigurationEntry(zkLoginContextName) != null;
    } catch (Exception e) {
        throw new KafkaException("Exception while loading Zookeeper JAAS login context '" + zkLoginContextName + "'", e);
    }
    if (isSecurityEnabled && !zkSaslEnabled) {
        LOG.error("JAAS configuration is present, but system property " + ZK_SASL_CLIENT + " is set to false, which disables " + "SASL in the ZooKeeper client");
        throw new KafkaException("Exception while determining if ZooKeeper is secure");
    }
    return isSecurityEnabled;
}

Example 82 with Configuration

use of javax.security.auth.login.Configuration in project presto by prestodb.

the class SpnegoHandler method createSession.

private Session createSession() throws LoginException, GSSException {
    // TODO: do we need to call logout() on the LoginContext?
    LoginContext loginContext = new LoginContext("", null, null, new Configuration() {

        @Override
        public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
            ImmutableMap.Builder<String, String> options = ImmutableMap.builder();
            options.put("refreshKrb5Config", "true");
            options.put("doNotPrompt", "true");
            options.put("useKeyTab", "true");
            if (getBoolean("presto.client.debugKerberos")) {
                options.put("debug", "true");
            }
            keytab.ifPresent(file -> options.put("keyTab", file.getAbsolutePath()));
            credentialCache.ifPresent(file -> {
                options.put("ticketCache", file.getAbsolutePath());
                options.put("useTicketCache", "true");
                options.put("renewTGT", "true");
            });
            principal.ifPresent(value -> options.put("principal", value));
            return new AppConfigurationEntry[] { new AppConfigurationEntry(Krb5LoginModule.class.getName(), REQUIRED, options.build()) };
        }
    });
    loginContext.login();
    Subject subject = loginContext.getSubject();
    Principal clientPrincipal = subject.getPrincipals().iterator().next();
    GSSCredential clientCredential = doAs(subject, () -> GSS_MANAGER.createCredential(GSS_MANAGER.createName(clientPrincipal.getName(), NT_USER_NAME), DEFAULT_LIFETIME, KERBEROS_OID, INITIATE_ONLY));
    return new Session(loginContext, clientCredential);
}

Example 83 with Configuration

use of javax.security.auth.login.Configuration in project storm by apache.

the class AutoTGT method populateCredentials.

@Override
public void populateCredentials(Map<String, String> credentials) {
    this.credentials = credentials;
    // Log the user in and get the TGT
    try {
        Configuration loginConf = ClientAuthUtils.getConfiguration(conf);
        ClientCallbackHandler clientCallbackHandler = new ClientCallbackHandler(conf);
        // login our user
        LoginContext lc = new LoginContext(ClientAuthUtils.LOGIN_CONTEXT_CLIENT, null, clientCallbackHandler, loginConf);
        try {
            lc.login();
            final Subject subject = lc.getSubject();
            KerberosTicket tgt = getTGT(subject);
            if (tgt == null) {
                // error
                throw new RuntimeException("Fail to verify user principal with section \"" + ClientAuthUtils.LOGIN_CONTEXT_CLIENT + "\" in login configuration file " + loginConf);
            }
            if (!tgt.isForwardable()) {
                throw new RuntimeException("The TGT found is not forwardable. Please use -f option with 'kinit'.");
            }
            if (!tgt.isRenewable()) {
                throw new RuntimeException("The TGT found is not renewable. Please use -r option with 'kinit'.");
            }
            if (tgt.getClientAddresses() != null) {
                throw new RuntimeException("The TGT found is not address-less. Please use -A option with 'kinit'.");
            }
            LOG.info("Pushing TGT for " + tgt.getClient() + " to topology.");
            saveTGT(tgt, credentials);
        } finally {
            lc.logout();
        }
    } catch (Exception e) {
        throw new RuntimeException(e);
    }
}

Example 84 with Configuration

use of javax.security.auth.login.Configuration in project storm by apache.

the class DigestSaslTransportPlugin method connect.

@Override
public TTransport connect(TTransport transport, String serverHost, String asUser) throws TTransportException, IOException {
    CallbackHandler clientCallbackHandler;
    WorkerToken token = WorkerTokenClientCallbackHandler.findWorkerTokenInSubject(type);
    if (token != null) {
        clientCallbackHandler = new WorkerTokenClientCallbackHandler(token);
    } else {
        Configuration loginConf = ClientAuthUtils.getConfiguration(conf);
        if (loginConf == null) {
            throw new IOException("Could not find any way to authenticate with the server.");
        }
        AppConfigurationEntry[] configurationEntries = loginConf.getAppConfigurationEntry(ClientAuthUtils.LOGIN_CONTEXT_CLIENT);
        if (configurationEntries == null) {
            String errorMessage = "Could not find a '" + ClientAuthUtils.LOGIN_CONTEXT_CLIENT + "' entry in this configuration: Client cannot start.";
            throw new IOException(errorMessage);
        }
        String username = "";
        String password = "";
        for (AppConfigurationEntry entry : configurationEntries) {
            Map options = entry.getOptions();
            username = (String) options.getOrDefault("username", username);
            password = (String) options.getOrDefault("password", password);
        }
        clientCallbackHandler = new SimpleSaslClientCallbackHandler(username, password);
    }
    TSaslClientTransport wrapperTransport = new TSaslClientTransport(DIGEST, null, ClientAuthUtils.SERVICE, serverHost, null, clientCallbackHandler, transport);
    wrapperTransport.open();
    LOG.debug("SASL DIGEST-MD5 client transport has been established");
    return wrapperTransport;
}

Example 85 with Configuration

use of javax.security.auth.login.Configuration in project storm by apache.

the class ClientAuthUtils method pullConfig.

/**
 * Pull a set of keys out of a Configuration.
 *
 * @param topoConf  The config containing the jaas conf file.
 * @param section       The app configuration entry name to get stuff from.
 * @return Return a map of the configs in conf.
 */
public static SortedMap<String, ?> pullConfig(Map<String, Object> topoConf, String section) throws IOException {
    Configuration configuration = ClientAuthUtils.getConfiguration(topoConf);
    AppConfigurationEntry[] configurationEntries = ClientAuthUtils.getEntries(configuration, section);
    if (configurationEntries == null) {
        return null;
    }
    TreeMap<String, Object> results = new TreeMap<>();
    for (AppConfigurationEntry entry : configurationEntries) {
        Map<String, ?> options = entry.getOptions();
        for (String key : options.keySet()) {
            results.put(key, options.get(key));
        }
    }
    return results;
}