Search in sources :

Example 6 with SPNegoSchemeFactory

use of org.apache.http.impl.auth.SPNegoSchemeFactory in project hbase by apache.

the class TestInfoServersACL method createHttpClient.

private CloseableHttpClient createHttpClient(String clientPrincipal) throws Exception {
    // Logs in with Kerberos via GSS
    GSSManager gssManager = GSSManager.getInstance();
    // jGSS Kerberos login constant
    Oid oid = new Oid("1.2.840.113554.1.2.2");
    GSSName gssClient = gssManager.createName(clientPrincipal, GSSName.NT_USER_NAME);
    GSSCredential credential = gssManager.createCredential(gssClient, GSSCredential.DEFAULT_LIFETIME, oid, GSSCredential.INITIATE_ONLY);
    Lookup<AuthSchemeProvider> authRegistry = RegistryBuilder.<AuthSchemeProvider>create().register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory(true, true)).build();
    BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider();
    credentialsProvider.setCredentials(AuthScope.ANY, new KerberosCredentials(credential));
    return HttpClients.custom().setDefaultAuthSchemeRegistry(authRegistry).setDefaultCredentialsProvider(credentialsProvider).build();
}
Also used : GSSName(org.ietf.jgss.GSSName) BasicCredentialsProvider(org.apache.http.impl.client.BasicCredentialsProvider) GSSCredential(org.ietf.jgss.GSSCredential) GSSManager(org.ietf.jgss.GSSManager) KerberosCredentials(org.apache.http.auth.KerberosCredentials) Oid(org.ietf.jgss.Oid) AuthSchemeProvider(org.apache.http.auth.AuthSchemeProvider) SPNegoSchemeFactory(org.apache.http.impl.auth.SPNegoSchemeFactory)

Example 7 with SPNegoSchemeFactory

use of org.apache.http.impl.auth.SPNegoSchemeFactory in project pentaho-kettle by pentaho.

the class SessionConfigurator method spnegoAuthenticate.

private Header spnegoAuthenticate(boolean stripPort, URI uri) throws Exception {
    SPNegoSchemeFactory spNegoSchemeFactory = new SPNegoSchemeFactory(stripPort);
    // using newInstance method instead of create method to be compatible httpclient library from 4.2 to 4.5
    // the create method was introduced at version 4.3
    SPNegoScheme spNegoScheme = (SPNegoScheme) spNegoSchemeFactory.newInstance(null);
    spNegoScheme.processChallenge(AUTHENTICATE_HEADER);
    return spNegoScheme.authenticate(credentials, new HttpGet(""), getContext(uri));
}
Also used : SPNegoScheme(org.apache.http.impl.auth.SPNegoScheme) HttpGet(org.apache.http.client.methods.HttpGet) SPNegoSchemeFactory(org.apache.http.impl.auth.SPNegoSchemeFactory)

Example 8 with SPNegoSchemeFactory

use of org.apache.http.impl.auth.SPNegoSchemeFactory in project ranger by apache.

the class ElasticSearchIndexBootStrapper method getRestClientBuilder.

public static RestClientBuilder getRestClientBuilder(String urls, String protocol, String user, String password, int port) {
    RestClientBuilder restClientBuilder = RestClient.builder(EmbeddedServerUtil.toArray(urls, ",").stream().map(x -> new HttpHost(x, port, protocol)).<HttpHost>toArray(i -> new HttpHost[i]));
    if (StringUtils.isNotBlank(user) && StringUtils.isNotBlank(password) && !user.equalsIgnoreCase("NONE") && !password.equalsIgnoreCase("NONE")) {
        if (password.contains("keytab") && new File(password).exists()) {
            final KerberosCredentialsProvider credentialsProvider = CredentialsProviderUtil.getKerberosCredentials(user, password);
            Lookup<AuthSchemeProvider> authSchemeRegistry = RegistryBuilder.<AuthSchemeProvider>create().register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory()).build();
            restClientBuilder.setHttpClientConfigCallback(clientBuilder -> {
                clientBuilder.setDefaultCredentialsProvider(credentialsProvider);
                clientBuilder.setDefaultAuthSchemeRegistry(authSchemeRegistry);
                return clientBuilder;
            });
        } else {
            final CredentialsProvider credentialsProvider = CredentialsProviderUtil.getBasicCredentials(user, password);
            restClientBuilder.setHttpClientConfigCallback(clientBuilder -> clientBuilder.setDefaultCredentialsProvider(credentialsProvider));
        }
    } else {
        LOG.severe("ElasticSearch Credentials not provided!!");
        final CredentialsProvider credentialsProvider = null;
        restClientBuilder.setHttpClientConfigCallback(clientBuilder -> clientBuilder.setDefaultCredentialsProvider(credentialsProvider));
    }
    return restClientBuilder;
}
Also used : RestClient(org.elasticsearch.client.RestClient) AuthSchemeProvider(org.apache.http.auth.AuthSchemeProvider) StringUtils(org.apache.commons.lang.StringUtils) RegistryBuilder(org.apache.http.config.RegistryBuilder) RestClientBuilder(org.elasticsearch.client.RestClientBuilder) XContentType(org.elasticsearch.common.xcontent.XContentType) AuthSchemes(org.apache.http.client.config.AuthSchemes) OpenIndexRequest(org.elasticsearch.action.admin.indices.open.OpenIndexRequest) Settings(org.elasticsearch.common.settings.Settings) KerberosCredentialsProvider(org.apache.ranger.authorization.credutils.kerberos.KerberosCredentialsProvider) Locale(java.util.Locale) CredentialReader(org.apache.ranger.credentialapi.CredentialReader) TimeValue(org.elasticsearch.common.unit.TimeValue) Lookup(org.apache.http.config.Lookup) RequestOptions(org.elasticsearch.client.RequestOptions) SPNegoSchemeFactory(org.apache.http.impl.auth.SPNegoSchemeFactory) Path(java.nio.file.Path) CreateIndexRequest(org.elasticsearch.client.indices.CreateIndexRequest) Files(java.nio.file.Files) IOException(java.io.IOException) KeyStore(java.security.KeyStore) Logger(java.util.logging.Logger) RestHighLevelClient(org.elasticsearch.client.RestHighLevelClient) File(java.io.File) StandardCharsets(java.nio.charset.StandardCharsets) TimeUnit(java.util.concurrent.TimeUnit) AtomicLong(java.util.concurrent.atomic.AtomicLong) Paths(java.nio.file.Paths) CredentialsProviderUtil(org.apache.ranger.authorization.credutils.CredentialsProviderUtil) CreateIndexResponse(org.elasticsearch.client.indices.CreateIndexResponse) CredentialsProvider(org.apache.http.client.CredentialsProvider) HttpHost(org.apache.http.HttpHost) KerberosCredentialsProvider(org.apache.ranger.authorization.credutils.kerberos.KerberosCredentialsProvider) HttpHost(org.apache.http.HttpHost) RestClientBuilder(org.elasticsearch.client.RestClientBuilder) AuthSchemeProvider(org.apache.http.auth.AuthSchemeProvider) SPNegoSchemeFactory(org.apache.http.impl.auth.SPNegoSchemeFactory) KerberosCredentialsProvider(org.apache.ranger.authorization.credutils.kerberos.KerberosCredentialsProvider) CredentialsProvider(org.apache.http.client.CredentialsProvider) File(java.io.File)

Example 9 with SPNegoSchemeFactory

use of org.apache.http.impl.auth.SPNegoSchemeFactory in project ranger by apache.

the class ElasticSearchAuditDestination method getRestClientBuilder.

public static RestClientBuilder getRestClientBuilder(String urls, String protocol, String user, String password, int port) {
    RestClientBuilder restClientBuilder = RestClient.builder(MiscUtil.toArray(urls, ",").stream().map(x -> new HttpHost(x, port, protocol)).<HttpHost>toArray(i -> new HttpHost[i]));
    if (StringUtils.isNotBlank(user) && StringUtils.isNotBlank(password) && !user.equalsIgnoreCase("NONE") && !password.equalsIgnoreCase("NONE")) {
        if (password.contains("keytab") && new File(password).exists()) {
            final KerberosCredentialsProvider credentialsProvider = CredentialsProviderUtil.getKerberosCredentials(user, password);
            Lookup<AuthSchemeProvider> authSchemeRegistry = RegistryBuilder.<AuthSchemeProvider>create().register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory()).build();
            restClientBuilder.setHttpClientConfigCallback(clientBuilder -> {
                clientBuilder.setDefaultCredentialsProvider(credentialsProvider);
                clientBuilder.setDefaultAuthSchemeRegistry(authSchemeRegistry);
                return clientBuilder;
            });
        } else {
            final CredentialsProvider credentialsProvider = CredentialsProviderUtil.getBasicCredentials(user, password);
            restClientBuilder.setHttpClientConfigCallback(clientBuilder -> clientBuilder.setDefaultCredentialsProvider(credentialsProvider));
        }
    } else {
        LOG.error("ElasticSearch Credentials not provided!!");
        final CredentialsProvider credentialsProvider = null;
        restClientBuilder.setHttpClientConfigCallback(clientBuilder -> clientBuilder.setDefaultCredentialsProvider(credentialsProvider));
    }
    return restClientBuilder;
}
Also used : RestClient(org.elasticsearch.client.RestClient) AuthSchemeProvider(org.apache.http.auth.AuthSchemeProvider) Arrays(java.util.Arrays) StringUtils(org.apache.commons.lang.StringUtils) RegistryBuilder(org.apache.http.config.RegistryBuilder) RestClientBuilder(org.elasticsearch.client.RestClientBuilder) Date(java.util.Date) LoggerFactory(org.slf4j.LoggerFactory) HashMap(java.util.HashMap) AuthSchemes(org.apache.http.client.config.AuthSchemes) OpenIndexRequest(org.elasticsearch.action.admin.indices.open.OpenIndexRequest) ArrayList(java.util.ArrayList) IndexRequest(org.elasticsearch.action.index.IndexRequest) KerberosCredentialsProvider(org.apache.ranger.authorization.credutils.kerberos.KerberosCredentialsProvider) Locale(java.util.Locale) Map(java.util.Map) Lookup(org.apache.http.config.Lookup) RequestOptions(org.elasticsearch.client.RequestOptions) SPNegoSchemeFactory(org.apache.http.impl.auth.SPNegoSchemeFactory) AuthzAuditEvent(org.apache.ranger.audit.model.AuthzAuditEvent) PrivilegedActionException(java.security.PrivilegedActionException) Properties(java.util.Properties) Logger(org.slf4j.Logger) BulkItemResponse(org.elasticsearch.action.bulk.BulkItemResponse) Collection(java.util.Collection) BulkResponse(org.elasticsearch.action.bulk.BulkResponse) KerberosTicket(javax.security.auth.kerberos.KerberosTicket) RestHighLevelClient(org.elasticsearch.client.RestHighLevelClient) File(java.io.File) Subject(javax.security.auth.Subject) TimeUnit(java.util.concurrent.TimeUnit) AtomicLong(java.util.concurrent.atomic.AtomicLong) MiscUtil(org.apache.ranger.audit.provider.MiscUtil) CredentialsProviderUtil(org.apache.ranger.authorization.credutils.CredentialsProviderUtil) AuditEventBase(org.apache.ranger.audit.model.AuditEventBase) CredentialsProvider(org.apache.http.client.CredentialsProvider) HttpHost(org.apache.http.HttpHost) BulkRequest(org.elasticsearch.action.bulk.BulkRequest) KerberosCredentialsProvider(org.apache.ranger.authorization.credutils.kerberos.KerberosCredentialsProvider) HttpHost(org.apache.http.HttpHost) RestClientBuilder(org.elasticsearch.client.RestClientBuilder) AuthSchemeProvider(org.apache.http.auth.AuthSchemeProvider) SPNegoSchemeFactory(org.apache.http.impl.auth.SPNegoSchemeFactory) KerberosCredentialsProvider(org.apache.ranger.authorization.credutils.kerberos.KerberosCredentialsProvider) CredentialsProvider(org.apache.http.client.CredentialsProvider) File(java.io.File)

Example 10 with SPNegoSchemeFactory

use of org.apache.http.impl.auth.SPNegoSchemeFactory in project jmeter by apache.

the class AuthManager method setupCredentials.

/**
     * Configure credentials and auth scheme on client if an authorization is 
     * available for url
     * @param client {@link HttpClient}
     * @param url URL to test 
     * @param credentialsProvider {@link CredentialsProvider}
     * @param localHost host running JMeter
     */
public void setupCredentials(HttpClient client, URL url, CredentialsProvider credentialsProvider, String localHost) {
    Authorization auth = getAuthForURL(url);
    if (auth != null) {
        String username = auth.getUser();
        String realm = auth.getRealm();
        String domain = auth.getDomain();
        if (log.isDebugEnabled()) {
            log.debug(username + " > D=" + domain + " R=" + realm + " M=" + auth.getMechanism());
        }
        if (Mechanism.KERBEROS.equals(auth.getMechanism())) {
            ((AbstractHttpClient) client).getAuthSchemes().register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory(isStripPort(url)));
            credentialsProvider.setCredentials(new AuthScope(null, -1, null), USE_JAAS_CREDENTIALS);
        } else {
            credentialsProvider.setCredentials(new AuthScope(url.getHost(), url.getPort(), realm.length() == 0 ? null : realm), new NTCredentials(username, auth.getPass(), localHost, domain));
        }
    }
}
Also used : AuthScope(org.apache.http.auth.AuthScope) SPNegoSchemeFactory(org.apache.http.impl.auth.SPNegoSchemeFactory) NTCredentials(org.apache.http.auth.NTCredentials)

Aggregations

SPNegoSchemeFactory (org.apache.http.impl.auth.SPNegoSchemeFactory)19 BasicCredentialsProvider (org.apache.http.impl.client.BasicCredentialsProvider)12 AuthSchemeProvider (org.apache.http.auth.AuthSchemeProvider)10 CredentialsProvider (org.apache.http.client.CredentialsProvider)8 HttpHost (org.apache.http.HttpHost)7 Lookup (org.apache.http.config.Lookup)7 Subject (javax.security.auth.Subject)6 KerberosTicket (javax.security.auth.kerberos.KerberosTicket)6 KerberosCredentials (org.apache.http.auth.KerberosCredentials)6 Principal (java.security.Principal)5 AuthScope (org.apache.http.auth.AuthScope)5 Credentials (org.apache.http.auth.Credentials)5 File (java.io.File)4 GSSCredential (org.ietf.jgss.GSSCredential)4 GSSManager (org.ietf.jgss.GSSManager)4 GSSName (org.ietf.jgss.GSSName)4 Oid (org.ietf.jgss.Oid)4 IOException (java.io.IOException)3 Locale (java.util.Locale)3 StringUtils (org.apache.commons.lang.StringUtils)3