Example 11 with SaslServer
use of javax.security.sasl.SaslServer in project zookeeper by apache.
the class SecurityUtils method createSaslServer.
/**
* Create an instance of a SaslServer. It will return null if there is an exception.
*
* @param subject subject
* @param protocol protocol
* @param serverName server name
* @param callbackHandler login callback handler
* @param LOG logger
* @return sasl server object
*/
public static SaslServer createSaslServer(final Subject subject, final String protocol, final String serverName, final CallbackHandler callbackHandler, final Logger LOG) {
if (subject != null) {
// principal name and hostname from zk server's subject.
if (subject.getPrincipals().size() > 0) {
try {
final Object[] principals = subject.getPrincipals().toArray();
final Principal servicePrincipal = (Principal) principals[0];
// e.g. servicePrincipalNameAndHostname :=
// "zookeeper/myhost.foo.com@FOO.COM"
final String servicePrincipalNameAndHostname = servicePrincipal.getName();
int indexOf = servicePrincipalNameAndHostname.indexOf("/");
// e.g. servicePrincipalName := "zookeeper"
final String servicePrincipalName = servicePrincipalNameAndHostname.substring(0, indexOf);
// e.g. serviceHostnameAndKerbDomain :=
// "myhost.foo.com@FOO.COM"
final String serviceHostnameAndKerbDomain = servicePrincipalNameAndHostname.substring(indexOf + 1);
indexOf = serviceHostnameAndKerbDomain.indexOf("@");
// e.g. serviceHostname := "myhost.foo.com"
final String serviceHostname = serviceHostnameAndKerbDomain.substring(0, indexOf);
// TODO: should depend on zoo.cfg specified mechs, but if
// subject is non-null, it can be assumed to be GSSAPI.
final String mech = "GSSAPI";
LOG.debug("serviceHostname is '{}'", serviceHostname);
LOG.debug("servicePrincipalName is '{}'", servicePrincipalName);
LOG.debug("SASL mechanism(mech) is '{}'", mech);
boolean usingNativeJgss = Boolean.getBoolean("sun.security.jgss.native");
if (usingNativeJgss) {
// """
try {
GSSManager manager = GSSManager.getInstance();
Oid krb5Mechanism = new Oid("1.2.840.113554.1.2.2");
GSSName gssName = manager.createName(servicePrincipalName + "@" + serviceHostname, GSSName.NT_HOSTBASED_SERVICE);
GSSCredential cred = manager.createCredential(gssName, GSSContext.DEFAULT_LIFETIME, krb5Mechanism, GSSCredential.ACCEPT_ONLY);
subject.getPrivateCredentials().add(cred);
LOG.debug("Added private credential to service principal name: '{}', GSSCredential name: {}", servicePrincipalName, cred.getName());
} catch (GSSException ex) {
LOG.warn("Cannot add private credential to subject; clients authentication may fail", ex);
}
}
try {
return Subject.doAs(subject, new PrivilegedExceptionAction<SaslServer>() {
public SaslServer run() {
try {
SaslServer saslServer;
saslServer = Sasl.createSaslServer(mech, servicePrincipalName, serviceHostname, null, callbackHandler);
return saslServer;
} catch (SaslException e) {
LOG.error("Zookeeper Server failed to create a SaslServer to interact with a client during session initiation", e);
return null;
}
}
});
} catch (PrivilegedActionException e) {
// TODO: exit server at this point(?)
LOG.error("Zookeeper Quorum member experienced a PrivilegedActionException exception while creating a SaslServer using a JAAS principal context", e);
}
} catch (IndexOutOfBoundsException e) {
LOG.error("server principal name/hostname determination error", e);
}
} else {
// TODO: use 'authMech=' value in zoo.cfg.
try {
SaslServer saslServer = Sasl.createSaslServer("DIGEST-MD5", protocol, serverName, null, callbackHandler);
return saslServer;
} catch (SaslException e) {
LOG.error("Zookeeper Quorum member failed to create a SaslServer to interact with a client during session initiation", e);
}
}
}
return null;
}
Also used :
GSSName(org.ietf.jgss.GSSName)
PrivilegedActionException(java.security.PrivilegedActionException)
SaslServer(javax.security.sasl.SaslServer)
Oid(org.ietf.jgss.Oid)
SaslException(javax.security.sasl.SaslException)
GSSException(org.ietf.jgss.GSSException)
GSSCredential(org.ietf.jgss.GSSCredential)
GSSManager(org.ietf.jgss.GSSManager)
Principal(java.security.Principal)
Example 12 with SaslServer
use of javax.security.sasl.SaslServer in project zookeeper by apache.
the class SaslQuorumAuthServer method authenticate.
@Override
public void authenticate(Socket sock, DataInputStream din) throws SaslException {
DataOutputStream dout = null;
SaslServer ss = null;
try {
if (!QuorumAuth.nextPacketIsAuth(din)) {
if (quorumRequireSasl) {
throw new SaslException("Learner not trying to authenticate" + " and authentication is required");
} else {
// let it through, we don't require auth
return;
}
}
byte[] token = receive(din);
int tries = 0;
dout = new DataOutputStream(sock.getOutputStream());
byte[] challenge = null;
ss = SecurityUtils.createSaslServer(serverLogin.getSubject(), QuorumAuth.QUORUM_SERVER_PROTOCOL_NAME, QuorumAuth.QUORUM_SERVER_SASL_DIGEST, serverLogin.callbackHandler, LOG);
while (!ss.isComplete()) {
challenge = ss.evaluateResponse(token);
if (!ss.isComplete()) {
// limited number of retries.
if (++tries > MAX_RETRIES) {
send(dout, challenge, QuorumAuth.Status.ERROR);
LOG.warn("Failed to authenticate using SASL, server addr: {}, retries={} exceeded.", sock.getRemoteSocketAddress(), tries);
break;
}
send(dout, challenge, QuorumAuth.Status.IN_PROGRESS);
token = receive(din);
}
}
// Authentication exchange has completed
if (ss.isComplete()) {
send(dout, challenge, QuorumAuth.Status.SUCCESS);
LOG.info("Successfully completed the authentication using SASL. learner addr: {}", sock.getRemoteSocketAddress());
}
} catch (Exception e) {
try {
if (dout != null) {
// send error message to the learner
send(dout, new byte[0], QuorumAuth.Status.ERROR);
}
} catch (IOException ioe) {
LOG.warn("Exception while sending failed status", ioe);
}
// handshake.
if (quorumRequireSasl) {
LOG.error("Failed to authenticate using SASL", e);
throw new SaslException("Failed to authenticate using SASL: " + e.getMessage());
} else {
LOG.warn("Failed to authenticate using SASL", e);
LOG.warn("Maintaining learner connection despite SASL authentication failure. server addr: {}, {}: {}", sock.getRemoteSocketAddress(), QuorumAuth.QUORUM_SERVER_SASL_AUTH_REQUIRED, quorumRequireSasl);
// let it through, we don't require auth
}
} finally {
if (ss != null) {
try {
ss.dispose();
} catch (SaslException e) {
LOG.error("SaslServer dispose() failed", e);
}
}
}
}
Also used :
DataOutputStream(java.io.DataOutputStream)
SaslServer(javax.security.sasl.SaslServer)
IOException(java.io.IOException)
SaslException(javax.security.sasl.SaslException)
LoginException(javax.security.auth.login.LoginException)
IOException(java.io.IOException)
SaslException(javax.security.sasl.SaslException)
Example 13 with SaslServer
use of javax.security.sasl.SaslServer in project zookeeper by apache.
the class ZooKeeperSaslServer method createSaslServer.
private SaslServer createSaslServer(final Login login) {
synchronized (login) {
Subject subject = login.getSubject();
if (subject != null) {
// server is using a JAAS-authenticated subject: determine service principal name and hostname from zk server's subject.
if (subject.getPrincipals().size() > 0) {
try {
final Object[] principals = subject.getPrincipals().toArray();
final Principal servicePrincipal = (Principal) principals[0];
// e.g. servicePrincipalNameAndHostname := "zookeeper/myhost.foo.com@FOO.COM"
final String servicePrincipalNameAndHostname = servicePrincipal.getName();
int indexOf = servicePrincipalNameAndHostname.indexOf("/");
// e.g. serviceHostnameAndKerbDomain := "myhost.foo.com@FOO.COM"
final String serviceHostnameAndKerbDomain = servicePrincipalNameAndHostname.substring(indexOf + 1, servicePrincipalNameAndHostname.length());
int indexOfAt = serviceHostnameAndKerbDomain.indexOf("@");
// Handle Kerberos Service as well as User Principal Names
final String servicePrincipalName, serviceHostname;
if (indexOf > 0) {
// e.g. servicePrincipalName := "zookeeper"
servicePrincipalName = servicePrincipalNameAndHostname.substring(0, indexOf);
// e.g. serviceHostname := "myhost.foo.com"
serviceHostname = serviceHostnameAndKerbDomain.substring(0, indexOfAt);
} else {
servicePrincipalName = servicePrincipalNameAndHostname.substring(0, indexOfAt);
serviceHostname = null;
}
// TODO: should depend on zoo.cfg specified mechs, but if subject is non-null, it can be assumed to be GSSAPI.
final String mech = "GSSAPI";
LOG.debug("serviceHostname is '" + serviceHostname + "'");
LOG.debug("servicePrincipalName is '" + servicePrincipalName + "'");
LOG.debug("SASL mechanism(mech) is '" + mech + "'");
boolean usingNativeJgss = Boolean.getBoolean("sun.security.jgss.native");
if (usingNativeJgss) {
// """
try {
GSSManager manager = GSSManager.getInstance();
Oid krb5Mechanism = new Oid("1.2.840.113554.1.2.2");
GSSName gssName = manager.createName(servicePrincipalName + "@" + serviceHostname, GSSName.NT_HOSTBASED_SERVICE);
GSSCredential cred = manager.createCredential(gssName, GSSContext.DEFAULT_LIFETIME, krb5Mechanism, GSSCredential.ACCEPT_ONLY);
subject.getPrivateCredentials().add(cred);
if (LOG.isDebugEnabled()) {
LOG.debug("Added private credential to subject: " + cred);
}
} catch (GSSException ex) {
LOG.warn("Cannot add private credential to subject; " + "clients authentication may fail", ex);
}
}
try {
return Subject.doAs(subject, new PrivilegedExceptionAction<SaslServer>() {
public SaslServer run() {
try {
SaslServer saslServer;
saslServer = Sasl.createSaslServer(mech, servicePrincipalName, serviceHostname, null, login.callbackHandler);
return saslServer;
} catch (SaslException e) {
LOG.error("Zookeeper Server failed to create a SaslServer to interact with a client during session initiation: " + e);
e.printStackTrace();
return null;
}
}
});
} catch (PrivilegedActionException e) {
// TODO: exit server at this point(?)
LOG.error("Zookeeper Quorum member experienced a PrivilegedActionException exception while creating a SaslServer using a JAAS principal context:" + e);
e.printStackTrace();
}
} catch (IndexOutOfBoundsException e) {
LOG.error("server principal name/hostname determination error: ", e);
}
} else {
// TODO: use 'authMech=' value in zoo.cfg.
try {
SaslServer saslServer = Sasl.createSaslServer("DIGEST-MD5", "zookeeper", "zk-sasl-md5", null, login.callbackHandler);
return saslServer;
} catch (SaslException e) {
LOG.error("Zookeeper Quorum member failed to create a SaslServer to interact with a client during session initiation", e);
}
}
}
}
LOG.error("failed to create saslServer object.");
return null;
}
Also used :
GSSName(org.ietf.jgss.GSSName)
PrivilegedActionException(java.security.PrivilegedActionException)
SaslServer(javax.security.sasl.SaslServer)
Oid(org.ietf.jgss.Oid)
SaslException(javax.security.sasl.SaslException)
Subject(javax.security.auth.Subject)
GSSException(org.ietf.jgss.GSSException)
GSSCredential(org.ietf.jgss.GSSCredential)
GSSManager(org.ietf.jgss.GSSManager)
Principal(java.security.Principal)
Example 14 with SaslServer
use of javax.security.sasl.SaslServer in project kafka by apache.
the class SaslServerAuthenticator method createSaslKerberosServer.
private SaslServer createSaslKerberosServer(final AuthCallbackHandler saslServerCallbackHandler, final Map<String, ?> configs) throws IOException {
// server is using a JAAS-authenticated subject: determine service principal name and hostname from kafka server's subject.
final Principal servicePrincipal = subject.getPrincipals().iterator().next();
KerberosName kerberosName;
try {
kerberosName = KerberosName.parse(servicePrincipal.getName());
} catch (IllegalArgumentException e) {
throw new KafkaException("Principal has name with unexpected format " + servicePrincipal);
}
final String servicePrincipalName = kerberosName.serviceName();
final String serviceHostname = kerberosName.hostName();
LOG.debug("Creating SaslServer for {} with mechanism {}", kerberosName, saslMechanism);
// As described in http://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/jgss-features.html:
// "To enable Java GSS to delegate to the native GSS library and its list of native mechanisms,
// set the system property "sun.security.jgss.native" to true"
// "In addition, when performing operations as a particular Subject, for example, Subject.doAs(...)
// or Subject.doAsPrivileged(...), the to-be-used GSSCredential should be added to Subject's
// private credential set. Otherwise, the GSS operations will fail since no credential is found."
boolean usingNativeJgss = Boolean.getBoolean("sun.security.jgss.native");
if (usingNativeJgss) {
try {
GSSManager manager = GSSManager.getInstance();
// This Oid is used to represent the Kerberos version 5 GSS-API mechanism. It is defined in
// RFC 1964.
Oid krb5Mechanism = new Oid("1.2.840.113554.1.2.2");
GSSName gssName = manager.createName(servicePrincipalName + "@" + serviceHostname, GSSName.NT_HOSTBASED_SERVICE);
GSSCredential cred = manager.createCredential(gssName, GSSContext.INDEFINITE_LIFETIME, krb5Mechanism, GSSCredential.ACCEPT_ONLY);
subject.getPrivateCredentials().add(cred);
} catch (GSSException ex) {
LOG.warn("Cannot add private credential to subject; clients authentication may fail", ex);
}
}
try {
return Subject.doAs(subject, new PrivilegedExceptionAction<SaslServer>() {
public SaslServer run() throws SaslException {
return Sasl.createSaslServer(saslMechanism, servicePrincipalName, serviceHostname, configs, saslServerCallbackHandler);
}
});
} catch (PrivilegedActionException e) {
throw new SaslException("Kafka Server failed to create a SaslServer to interact with a client during session authentication", e.getCause());
}
}
Also used :
GSSName(org.ietf.jgss.GSSName)
PrivilegedActionException(java.security.PrivilegedActionException)
SaslServer(javax.security.sasl.SaslServer)
KerberosName(org.apache.kafka.common.security.kerberos.KerberosName)
Oid(org.ietf.jgss.Oid)
SaslException(javax.security.sasl.SaslException)
GSSException(org.ietf.jgss.GSSException)
GSSCredential(org.ietf.jgss.GSSCredential)
GSSManager(org.ietf.jgss.GSSManager)
KafkaException(org.apache.kafka.common.KafkaException)
Principal(java.security.Principal)
KafkaPrincipal(org.apache.kafka.common.security.auth.KafkaPrincipal)
Example 15 with SaslServer
use of javax.security.sasl.SaslServer in project hbase by apache.
the class ThriftServer method run.
@Override
public int run(String[] args) throws Exception {
final Configuration conf = getConf();
TServer server = null;
Options options = getOptions();
CommandLine cmd = parseArguments(conf, options, args);
int workerThreads = 0;
int selectorThreads = 0;
// use unbounded queue by default
int maxCallQueueSize = -1;
/**
* This is to please both bin/hbase and bin/hbase-daemon. hbase-daemon provides "start" and "stop" arguments hbase
* should print the help if no argument is provided
*/
List<?> argList = cmd.getArgList();
if (cmd.hasOption("help") || !argList.contains("start") || argList.contains("stop")) {
printUsage();
return 1;
}
// Get address to bind
String bindAddress;
if (cmd.hasOption("bind")) {
bindAddress = cmd.getOptionValue("bind");
conf.set("hbase.thrift.info.bindAddress", bindAddress);
} else {
bindAddress = conf.get("hbase.thrift.info.bindAddress");
}
// Get read timeout
int readTimeout = THRIFT_SERVER_SOCKET_READ_TIMEOUT_DEFAULT;
if (cmd.hasOption(READ_TIMEOUT_OPTION)) {
try {
readTimeout = Integer.parseInt(cmd.getOptionValue(READ_TIMEOUT_OPTION));
} catch (NumberFormatException e) {
throw new RuntimeException("Could not parse the value provided for the timeout option", e);
}
} else {
readTimeout = conf.getInt(THRIFT_SERVER_SOCKET_READ_TIMEOUT_KEY, THRIFT_SERVER_SOCKET_READ_TIMEOUT_DEFAULT);
}
// Get port to bind to
int listenPort = 0;
try {
if (cmd.hasOption("port")) {
listenPort = Integer.parseInt(cmd.getOptionValue("port"));
} else {
listenPort = conf.getInt("hbase.regionserver.thrift.port", DEFAULT_LISTEN_PORT);
}
} catch (NumberFormatException e) {
throw new RuntimeException("Could not parse the value provided for the port option", e);
}
// Thrift's implementation uses '0' as a placeholder for 'use the default.'
int backlog = conf.getInt(BACKLOG_CONF_KEY, 0);
// Local hostname and user name,
// used only if QOP is configured.
String host = null;
String name = null;
UserProvider userProvider = UserProvider.instantiate(conf);
// login the server principal (if using secure Hadoop)
boolean securityEnabled = userProvider.isHadoopSecurityEnabled() && userProvider.isHBaseSecurityEnabled();
if (securityEnabled) {
host = Strings.domainNamePointerToHostName(DNS.getDefaultHost(conf.get("hbase.thrift.dns.interface", "default"), conf.get("hbase.thrift.dns.nameserver", "default")));
userProvider.login("hbase.thrift.keytab.file", "hbase.thrift.kerberos.principal", host);
}
UserGroupInformation realUser = userProvider.getCurrent().getUGI();
String stringQop = conf.get(THRIFT_QOP_KEY);
SaslUtil.QualityOfProtection qop = null;
if (stringQop != null) {
qop = SaslUtil.getQop(stringQop);
if (!securityEnabled) {
throw new IOException("Thrift server must" + " run in secure mode to support authentication");
}
// Extract the name from the principal
name = SecurityUtil.getUserFromPrincipal(conf.get("hbase.thrift.kerberos.principal"));
}
boolean nonblocking = cmd.hasOption("nonblocking");
boolean hsha = cmd.hasOption("hsha");
boolean selector = cmd.hasOption("selector");
ThriftMetrics metrics = new ThriftMetrics(conf, ThriftMetrics.ThriftServerType.TWO);
final JvmPauseMonitor pauseMonitor = new JvmPauseMonitor(conf, metrics.getSource());
String implType = "threadpool";
if (nonblocking) {
implType = "nonblocking";
} else if (hsha) {
implType = "hsha";
} else if (selector) {
implType = "selector";
}
conf.set("hbase.regionserver.thrift.server.type", implType);
conf.setInt("hbase.regionserver.thrift.port", listenPort);
registerFilters(conf);
// Construct correct ProtocolFactory
boolean compact = cmd.hasOption("compact") || conf.getBoolean("hbase.regionserver.thrift.compact", false);
TProtocolFactory protocolFactory = getTProtocolFactory(compact);
final ThriftHBaseServiceHandler hbaseHandler = new ThriftHBaseServiceHandler(conf, userProvider);
THBaseService.Iface handler = ThriftHBaseServiceHandler.newInstance(hbaseHandler, metrics);
final THBaseService.Processor p = new THBaseService.Processor(handler);
conf.setBoolean("hbase.regionserver.thrift.compact", compact);
TProcessor processor = p;
boolean framed = cmd.hasOption("framed") || conf.getBoolean("hbase.regionserver.thrift.framed", false) || nonblocking || hsha;
TTransportFactory transportFactory = getTTransportFactory(qop, name, host, framed, conf.getInt("hbase.regionserver.thrift.framed.max_frame_size_in_mb", 2) * 1024 * 1024);
InetSocketAddress inetSocketAddress = bindToPort(bindAddress, listenPort);
conf.setBoolean("hbase.regionserver.thrift.framed", framed);
if (qop != null) {
// Create a processor wrapper, to get the caller
processor = new TProcessor() {
@Override
public boolean process(TProtocol inProt, TProtocol outProt) throws TException {
TSaslServerTransport saslServerTransport = (TSaslServerTransport) inProt.getTransport();
SaslServer saslServer = saslServerTransport.getSaslServer();
String principal = saslServer.getAuthorizationID();
hbaseHandler.setEffectiveUser(principal);
return p.process(inProt, outProt);
}
};
}
if (cmd.hasOption("w")) {
workerThreads = Integer.parseInt(cmd.getOptionValue("w"));
}
if (cmd.hasOption("s")) {
selectorThreads = Integer.parseInt(cmd.getOptionValue("s"));
}
if (cmd.hasOption("q")) {
maxCallQueueSize = Integer.parseInt(cmd.getOptionValue("q"));
}
// check for user-defined info server port setting, if so override the conf
try {
if (cmd.hasOption("infoport")) {
String val = cmd.getOptionValue("infoport");
conf.setInt("hbase.thrift.info.port", Integer.parseInt(val));
log.debug("Web UI port set to " + val);
}
} catch (NumberFormatException e) {
log.error("Could not parse the value provided for the infoport option", e);
printUsage();
System.exit(1);
}
// Put up info server.
int port = conf.getInt("hbase.thrift.info.port", 9095);
if (port >= 0) {
conf.setLong("startcode", System.currentTimeMillis());
String a = conf.get("hbase.thrift.info.bindAddress", "0.0.0.0");
InfoServer infoServer = new InfoServer("thrift", a, port, false, conf);
infoServer.setAttribute("hbase.conf", conf);
infoServer.start();
}
if (nonblocking) {
server = getTNonBlockingServer(protocolFactory, processor, transportFactory, inetSocketAddress);
} else if (hsha) {
server = getTHsHaServer(protocolFactory, processor, transportFactory, workerThreads, maxCallQueueSize, inetSocketAddress, metrics);
} else if (selector) {
server = getTThreadedSelectorServer(protocolFactory, processor, transportFactory, workerThreads, selectorThreads, maxCallQueueSize, inetSocketAddress, metrics);
} else {
server = getTThreadPoolServer(protocolFactory, processor, transportFactory, workerThreads, inetSocketAddress, backlog, readTimeout, metrics);
}
final TServer tserver = server;
realUser.doAs(new PrivilegedAction<Object>() {
@Override
public Object run() {
pauseMonitor.start();
try {
tserver.serve();
return null;
} finally {
pauseMonitor.stop();
}
}
});
// when tserver.stop eventually happens we'll get here.
return 0;
}
Also used :
TException(org.apache.thrift.TException)
Options(org.apache.commons.cli.Options)
TProtocolFactory(org.apache.thrift.protocol.TProtocolFactory)
TProcessor(org.apache.thrift.TProcessor)
Configuration(org.apache.hadoop.conf.Configuration)
HBaseConfiguration(org.apache.hadoop.hbase.HBaseConfiguration)
TServer(org.apache.thrift.server.TServer)
InetSocketAddress(java.net.InetSocketAddress)
SaslServer(javax.security.sasl.SaslServer)
JvmPauseMonitor(org.apache.hadoop.hbase.util.JvmPauseMonitor)
TProcessor(org.apache.thrift.TProcessor)
UserProvider(org.apache.hadoop.hbase.security.UserProvider)
TProtocol(org.apache.thrift.protocol.TProtocol)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
THBaseService(org.apache.hadoop.hbase.thrift2.generated.THBaseService)
IOException(java.io.IOException)
TTransportFactory(org.apache.thrift.transport.TTransportFactory)
TSaslServerTransport(org.apache.thrift.transport.TSaslServerTransport)
CommandLine(org.apache.commons.cli.CommandLine)
ThriftMetrics(org.apache.hadoop.hbase.thrift.ThriftMetrics)
InfoServer(org.apache.hadoop.hbase.http.InfoServer)
SaslUtil(org.apache.hadoop.hbase.security.SaslUtil)
Aggregations
SaslServer (javax.security.sasl.SaslServer)27
SaslException (javax.security.sasl.SaslException)12
IOException (java.io.IOException)8
PrivilegedActionException (java.security.PrivilegedActionException)7
UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)6
Principal (java.security.Principal)5
DefaultKafkaPrincipalBuilder (org.apache.kafka.common.security.authenticator.DefaultKafkaPrincipalBuilder)5
KerberosName (org.apache.kafka.common.security.kerberos.KerberosName)4
TSaslServerTransport (org.apache.thrift.transport.TSaslServerTransport)4
InetSocketAddress (java.net.InetSocketAddress)3
HashMap (java.util.HashMap)3
Callback (javax.security.auth.callback.Callback)3
LoginException (javax.security.auth.login.LoginException)3
AuthorizeCallback (javax.security.sasl.AuthorizeCallback)3
KerberosShortNamer (org.apache.kafka.common.security.kerberos.KerberosShortNamer)3
GSSCredential (org.ietf.jgss.GSSCredential)3
GSSException (org.ietf.jgss.GSSException)3
GSSManager (org.ietf.jgss.GSSManager)3
GSSName (org.ietf.jgss.GSSName)3
Oid (org.ietf.jgss.Oid)3
