Examples with SPNegoSchemeFactory org.apache.http.impl.auth.SPNegoSchemeFactory used on opensource projects

Search in sources :

Example 6 with SPNegoSchemeFactory

use of org.apache.http.impl.auth.SPNegoSchemeFactory in project hbase by apache.

the class TestInfoServersACL method createHttpClient.

private CloseableHttpClient createHttpClient(String clientPrincipal) throws Exception {
    // Logs in with Kerberos via GSS
    GSSManager gssManager = GSSManager.getInstance();
    // jGSS Kerberos login constant
    Oid oid = new Oid("1.2.840.113554.1.2.2");
    GSSName gssClient = gssManager.createName(clientPrincipal, GSSName.NT_USER_NAME);
    GSSCredential credential = gssManager.createCredential(gssClient, GSSCredential.DEFAULT_LIFETIME, oid, GSSCredential.INITIATE_ONLY);
    Lookup<AuthSchemeProvider> authRegistry = RegistryBuilder.<AuthSchemeProvider>create().register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory(true, true)).build();
    BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider();
    credentialsProvider.setCredentials(AuthScope.ANY, new KerberosCredentials(credential));
    return HttpClients.custom().setDefaultAuthSchemeRegistry(authRegistry).setDefaultCredentialsProvider(credentialsProvider).build();
}
Also used : GSSName(org.ietf.jgss.GSSName) BasicCredentialsProvider(org.apache.http.impl.client.BasicCredentialsProvider) GSSCredential(org.ietf.jgss.GSSCredential) GSSManager(org.ietf.jgss.GSSManager) KerberosCredentials(org.apache.http.auth.KerberosCredentials) Oid(org.ietf.jgss.Oid) AuthSchemeProvider(org.apache.http.auth.AuthSchemeProvider) SPNegoSchemeFactory(org.apache.http.impl.auth.SPNegoSchemeFactory)

Example 7 with SPNegoSchemeFactory

use of org.apache.http.impl.auth.SPNegoSchemeFactory in project pentaho-kettle by pentaho.

the class SessionConfigurator method spnegoAuthenticate.

private Header spnegoAuthenticate(boolean stripPort, URI uri) throws Exception {
    SPNegoSchemeFactory spNegoSchemeFactory = new SPNegoSchemeFactory(stripPort);
    // using newInstance method instead of create method to be compatible httpclient library from 4.2 to 4.5
    // the create method was introduced at version 4.3
    SPNegoScheme spNegoScheme = (SPNegoScheme) spNegoSchemeFactory.newInstance(null);
    spNegoScheme.processChallenge(AUTHENTICATE_HEADER);
    return spNegoScheme.authenticate(credentials, new HttpGet(""), getContext(uri));
}
Also used : SPNegoScheme(org.apache.http.impl.auth.SPNegoScheme) HttpGet(org.apache.http.client.methods.HttpGet) SPNegoSchemeFactory(org.apache.http.impl.auth.SPNegoSchemeFactory)

Example 8 with SPNegoSchemeFactory

use of org.apache.http.impl.auth.SPNegoSchemeFactory in project ranger by apache.

the class ElasticSearchIndexBootStrapper method getRestClientBuilder.

public static RestClientBuilder getRestClientBuilder(String urls, String protocol, String user, String password, int port) {
    RestClientBuilder restClientBuilder = RestClient.builder(EmbeddedServerUtil.toArray(urls, ",").stream().map(x -> new HttpHost(x, port, protocol)).<HttpHost>toArray(i -> new HttpHost[i]));
    if (StringUtils.isNotBlank(user) && StringUtils.isNotBlank(password) && !user.equalsIgnoreCase("NONE") && !password.equalsIgnoreCase("NONE")) {
        if (password.contains("keytab") && new File(password).exists()) {
            final KerberosCredentialsProvider credentialsProvider = CredentialsProviderUtil.getKerberosCredentials(user, password);
            Lookup<AuthSchemeProvider> authSchemeRegistry = RegistryBuilder.<AuthSchemeProvider>create().register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory()).build();
            restClientBuilder.setHttpClientConfigCallback(clientBuilder -> {
                clientBuilder.setDefaultCredentialsProvider(credentialsProvider);
                clientBuilder.setDefaultAuthSchemeRegistry(authSchemeRegistry);
                return clientBuilder;
            });
        } else {
            final CredentialsProvider credentialsProvider = CredentialsProviderUtil.getBasicCredentials(user, password);
            restClientBuilder.setHttpClientConfigCallback(clientBuilder -> clientBuilder.setDefaultCredentialsProvider(credentialsProvider));
        }
    } else {
        LOG.severe("ElasticSearch Credentials not provided!!");
        final CredentialsProvider credentialsProvider = null;
        restClientBuilder.setHttpClientConfigCallback(clientBuilder -> clientBuilder.setDefaultCredentialsProvider(credentialsProvider));
    }
    return restClientBuilder;
}
Also used : RestClient(org.elasticsearch.client.RestClient) AuthSchemeProvider(org.apache.http.auth.AuthSchemeProvider) StringUtils(org.apache.commons.lang.StringUtils) RegistryBuilder(org.apache.http.config.RegistryBuilder) RestClientBuilder(org.elasticsearch.client.RestClientBuilder) XContentType(org.elasticsearch.common.xcontent.XContentType) AuthSchemes(org.apache.http.client.config.AuthSchemes) OpenIndexRequest(org.elasticsearch.action.admin.indices.open.OpenIndexRequest) Settings(org.elasticsearch.common.settings.Settings) KerberosCredentialsProvider(org.apache.ranger.authorization.credutils.kerberos.KerberosCredentialsProvider) Locale(java.util.Locale) CredentialReader(org.apache.ranger.credentialapi.CredentialReader) TimeValue(org.elasticsearch.common.unit.TimeValue) Lookup(org.apache.http.config.Lookup) RequestOptions(org.elasticsearch.client.RequestOptions) SPNegoSchemeFactory(org.apache.http.impl.auth.SPNegoSchemeFactory) Path(java.nio.file.Path) CreateIndexRequest(org.elasticsearch.client.indices.CreateIndexRequest) Files(java.nio.file.Files) IOException(java.io.IOException) KeyStore(java.security.KeyStore) Logger(java.util.logging.Logger) RestHighLevelClient(org.elasticsearch.client.RestHighLevelClient) File(java.io.File) StandardCharsets(java.nio.charset.StandardCharsets) TimeUnit(java.util.concurrent.TimeUnit) AtomicLong(java.util.concurrent.atomic.AtomicLong) Paths(java.nio.file.Paths) CredentialsProviderUtil(org.apache.ranger.authorization.credutils.CredentialsProviderUtil) CreateIndexResponse(org.elasticsearch.client.indices.CreateIndexResponse) CredentialsProvider(org.apache.http.client.CredentialsProvider) HttpHost(org.apache.http.HttpHost) KerberosCredentialsProvider(org.apache.ranger.authorization.credutils.kerberos.KerberosCredentialsProvider) HttpHost(org.apache.http.HttpHost) RestClientBuilder(org.elasticsearch.client.RestClientBuilder) AuthSchemeProvider(org.apache.http.auth.AuthSchemeProvider) SPNegoSchemeFactory(org.apache.http.impl.auth.SPNegoSchemeFactory) KerberosCredentialsProvider(org.apache.ranger.authorization.credutils.kerberos.KerberosCredentialsProvider) CredentialsProvider(org.apache.http.client.CredentialsProvider) File(java.io.File)

Example 9 with SPNegoSchemeFactory

use of org.apache.http.impl.auth.SPNegoSchemeFactory in project ranger by apache.

the class ElasticSearchAuditDestination method getRestClientBuilder.

public static RestClientBuilder getRestClientBuilder(String urls, String protocol, String user, String password, int port) {
    RestClientBuilder restClientBuilder = RestClient.builder(MiscUtil.toArray(urls, ",").stream().map(x -> new HttpHost(x, port, protocol)).<HttpHost>toArray(i -> new HttpHost[i]));
    if (StringUtils.isNotBlank(user) && StringUtils.isNotBlank(password) && !user.equalsIgnoreCase("NONE") && !password.equalsIgnoreCase("NONE")) {
        if (password.contains("keytab") && new File(password).exists()) {
            final KerberosCredentialsProvider credentialsProvider = CredentialsProviderUtil.getKerberosCredentials(user, password);
            Lookup<AuthSchemeProvider> authSchemeRegistry = RegistryBuilder.<AuthSchemeProvider>create().register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory()).build();
            restClientBuilder.setHttpClientConfigCallback(clientBuilder -> {
                clientBuilder.setDefaultCredentialsProvider(credentialsProvider);
                clientBuilder.setDefaultAuthSchemeRegistry(authSchemeRegistry);
                return clientBuilder;
            });
        } else {
            final CredentialsProvider credentialsProvider = CredentialsProviderUtil.getBasicCredentials(user, password);
            restClientBuilder.setHttpClientConfigCallback(clientBuilder -> clientBuilder.setDefaultCredentialsProvider(credentialsProvider));
        }
    } else {
        LOG.error("ElasticSearch Credentials not provided!!");
        final CredentialsProvider credentialsProvider = null;
        restClientBuilder.setHttpClientConfigCallback(clientBuilder -> clientBuilder.setDefaultCredentialsProvider(credentialsProvider));
    }
    return restClientBuilder;
}
Also used : RestClient(org.elasticsearch.client.RestClient) AuthSchemeProvider(org.apache.http.auth.AuthSchemeProvider) Arrays(java.util.Arrays) StringUtils(org.apache.commons.lang.StringUtils) RegistryBuilder(org.apache.http.config.RegistryBuilder) RestClientBuilder(org.elasticsearch.client.RestClientBuilder) Date(java.util.Date) LoggerFactory(org.slf4j.LoggerFactory) HashMap(java.util.HashMap) AuthSchemes(org.apache.http.client.config.AuthSchemes) OpenIndexRequest(org.elasticsearch.action.admin.indices.open.OpenIndexRequest) ArrayList(java.util.ArrayList) IndexRequest(org.elasticsearch.action.index.IndexRequest) KerberosCredentialsProvider(org.apache.ranger.authorization.credutils.kerberos.KerberosCredentialsProvider) Locale(java.util.Locale) Map(java.util.Map) Lookup(org.apache.http.config.Lookup) RequestOptions(org.elasticsearch.client.RequestOptions) SPNegoSchemeFactory(org.apache.http.impl.auth.SPNegoSchemeFactory) AuthzAuditEvent(org.apache.ranger.audit.model.AuthzAuditEvent) PrivilegedActionException(java.security.PrivilegedActionException) Properties(java.util.Properties) Logger(org.slf4j.Logger) BulkItemResponse(org.elasticsearch.action.bulk.BulkItemResponse) Collection(java.util.Collection) BulkResponse(org.elasticsearch.action.bulk.BulkResponse) KerberosTicket(javax.security.auth.kerberos.KerberosTicket) RestHighLevelClient(org.elasticsearch.client.RestHighLevelClient) File(java.io.File) Subject(javax.security.auth.Subject) TimeUnit(java.util.concurrent.TimeUnit) AtomicLong(java.util.concurrent.atomic.AtomicLong) MiscUtil(org.apache.ranger.audit.provider.MiscUtil) CredentialsProviderUtil(org.apache.ranger.authorization.credutils.CredentialsProviderUtil) AuditEventBase(org.apache.ranger.audit.model.AuditEventBase) CredentialsProvider(org.apache.http.client.CredentialsProvider) HttpHost(org.apache.http.HttpHost) BulkRequest(org.elasticsearch.action.bulk.BulkRequest) KerberosCredentialsProvider(org.apache.ranger.authorization.credutils.kerberos.KerberosCredentialsProvider) HttpHost(org.apache.http.HttpHost) RestClientBuilder(org.elasticsearch.client.RestClientBuilder) AuthSchemeProvider(org.apache.http.auth.AuthSchemeProvider) SPNegoSchemeFactory(org.apache.http.impl.auth.SPNegoSchemeFactory) KerberosCredentialsProvider(org.apache.ranger.authorization.credutils.kerberos.KerberosCredentialsProvider) CredentialsProvider(org.apache.http.client.CredentialsProvider) File(java.io.File)

Example 10 with SPNegoSchemeFactory

use of org.apache.http.impl.auth.SPNegoSchemeFactory in project jmeter by apache.

the class AuthManager method setupCredentials.

/**
     * Configure credentials and auth scheme on client if an authorization is 
     * available for url
     * @param client {@link HttpClient}
     * @param url URL to test 
     * @param credentialsProvider {@link CredentialsProvider}
     * @param localHost host running JMeter
     */
public void setupCredentials(HttpClient client, URL url, CredentialsProvider credentialsProvider, String localHost) {
    Authorization auth = getAuthForURL(url);
    if (auth != null) {
        String username = auth.getUser();
        String realm = auth.getRealm();
        String domain = auth.getDomain();
        if (log.isDebugEnabled()) {
            log.debug(username + " > D=" + domain + " R=" + realm + " M=" + auth.getMechanism());
        }
        if (Mechanism.KERBEROS.equals(auth.getMechanism())) {
            ((AbstractHttpClient) client).getAuthSchemes().register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory(isStripPort(url)));
            credentialsProvider.setCredentials(new AuthScope(null, -1, null), USE_JAAS_CREDENTIALS);
        } else {
            credentialsProvider.setCredentials(new AuthScope(url.getHost(), url.getPort(), realm.length() == 0 ? null : realm), new NTCredentials(username, auth.getPass(), localHost, domain));
        }
    }
}
Also used : AuthScope(org.apache.http.auth.AuthScope) SPNegoSchemeFactory(org.apache.http.impl.auth.SPNegoSchemeFactory) NTCredentials(org.apache.http.auth.NTCredentials)

Aggregations

SPNegoSchemeFactory (org.apache.http.impl.auth.SPNegoSchemeFactory)19 BasicCredentialsProvider (org.apache.http.impl.client.BasicCredentialsProvider)12 AuthSchemeProvider (org.apache.http.auth.AuthSchemeProvider)10 CredentialsProvider (org.apache.http.client.CredentialsProvider)8 HttpHost (org.apache.http.HttpHost)7 Lookup (org.apache.http.config.Lookup)7 Subject (javax.security.auth.Subject)6 KerberosTicket (javax.security.auth.kerberos.KerberosTicket)6 KerberosCredentials (org.apache.http.auth.KerberosCredentials)6 Principal (java.security.Principal)5 AuthScope (org.apache.http.auth.AuthScope)5 Credentials (org.apache.http.auth.Credentials)5 File (java.io.File)4 GSSCredential (org.ietf.jgss.GSSCredential)4 GSSManager (org.ietf.jgss.GSSManager)4 GSSName (org.ietf.jgss.GSSName)4 Oid (org.ietf.jgss.Oid)4 IOException (java.io.IOException)3 Locale (java.util.Locale)3 StringUtils (org.apache.commons.lang.StringUtils)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial