Examples with SPNegoSchemeFactory org.apache.http.impl.auth.SPNegoSchemeFactory used on opensource projects

Example 11 with SPNegoSchemeFactory

use of org.apache.http.impl.auth.SPNegoSchemeFactory in project lucene-solr by apache.

the class Krb5HttpClientBuilder method getBuilder.

public SolrHttpClientBuilder getBuilder(SolrHttpClientBuilder builder) {
    if (System.getProperty(LOGIN_CONFIG_PROP) != null) {
        String configValue = System.getProperty(LOGIN_CONFIG_PROP);
        if (configValue != null) {
            logger.info("Setting up SPNego auth with config: " + configValue);
            final String useSubjectCredsProp = "javax.security.auth.useSubjectCredsOnly";
            String useSubjectCredsVal = System.getProperty(useSubjectCredsProp);
            // authentication mechanism can load the credentials from the JAAS configuration.
            if (useSubjectCredsVal == null) {
                System.setProperty(useSubjectCredsProp, "false");
            } else if (!useSubjectCredsVal.toLowerCase(Locale.ROOT).equals("false")) {
                // Don't overwrite the prop value if it's already been written to something else,
                // but log because it is likely the Credentials won't be loaded correctly.
                logger.warn("System Property: " + useSubjectCredsProp + " set to: " + useSubjectCredsVal + " not false.  SPNego authentication may not be successful.");
            }
            javax.security.auth.login.Configuration.setConfiguration(jaasConfig);
            //Enable only SPNEGO authentication scheme.
            builder.setAuthSchemeRegistryProvider(() -> {
                Lookup<AuthSchemeProvider> authProviders = RegistryBuilder.<AuthSchemeProvider>create().register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory(true, false)).build();
                return authProviders;
            });
            // Get the credentials from the JAAS configuration rather than here
            Credentials useJaasCreds = new Credentials() {

                public String getPassword() {
                    return null;
                }

                public Principal getUserPrincipal() {
                    return null;
                }
            };
            HttpClientUtil.setCookiePolicy(SolrPortAwareCookieSpecFactory.POLICY_NAME);
            builder.setCookieSpecRegistryProvider(() -> {
                SolrPortAwareCookieSpecFactory cookieFactory = new SolrPortAwareCookieSpecFactory();
                Lookup<CookieSpecProvider> cookieRegistry = RegistryBuilder.<CookieSpecProvider>create().register(SolrPortAwareCookieSpecFactory.POLICY_NAME, cookieFactory).build();
                return cookieRegistry;
            });
            builder.setDefaultCredentialsProvider(() -> {
                CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
                credentialsProvider.setCredentials(AuthScope.ANY, useJaasCreds);
                return credentialsProvider;
            });
            HttpClientUtil.addRequestInterceptor(bufferedEntityInterceptor);
        }
    } else {
        logger.warn("{} is configured without specifying system property '{}'", getClass().getName(), LOGIN_CONFIG_PROP);
    }
    return builder;
}

Example 12 with SPNegoSchemeFactory

use of org.apache.http.impl.auth.SPNegoSchemeFactory in project ovirt-engine-sdk-java by oVirt.

the class ConnectionBuilder42 method createHttpClient.

/**
 * Creates HttpClient
 */
@Override
protected HttpClient createHttpClient() {
    int port = getPort();
    Credentials credentials = null;
    AuthSchemeRegistry schemeRegistry = new AuthSchemeRegistry();
    AuthScope authScope = new AuthScope(getHost(), port, AuthScope.ANY_REALM, AuthScope.ANY_SCHEME);
    // Create credentials:
    if (user != null && user.length() > 0) {
        schemeRegistry.register(AuthPolicy.BASIC, new BasicSchemeFactory());
        credentials = new UsernamePasswordCredentials(user, password);
    } else if (kerberos) {
        schemeRegistry.register(AuthPolicy.SPNEGO, new SPNegoSchemeFactory(true));
        credentials = new Credentials() {

            @Override
            public Principal getUserPrincipal() {
                return null;
            }

            @Override
            public String getPassword() {
                return null;
            }
        };
    }
    // Create http client:
    DefaultHttpClient client = new DefaultHttpClient(new PoolingClientConnectionManager(createConnectionSocketFactoryRegistry()));
    client.setAuthSchemes(schemeRegistry);
    client.getCredentialsProvider().setCredentials(authScope, credentials);
    client.getParams().setParameter(ClientPNames.COOKIE_POLICY, CookiePolicy.IGNORE_COOKIES);
    // Set request timeout:
    if (timeout != -1) {
        HttpConnectionParams.setSoTimeout(client.getParams(), timeout);
    }
    // Compress/decompress entities if compressing enabled:
    if (compress) {
        return new HttpClient42(new DecompressingHttpClient(client));
    }
    return new HttpClient42(client);
}

Example 13 with SPNegoSchemeFactory

use of org.apache.http.impl.auth.SPNegoSchemeFactory in project ovirt-engine-sdk-java by oVirt.

the class ConnectionBuilder45 method createHttpClient.

/**
 * Creates HttpClient
 */
@Override
protected HttpClient createHttpClient() {
    int port = getPort();
    Lookup<AuthSchemeProvider> authSchemeProvider = null;
    CredentialsProvider credsProvider = new BasicCredentialsProvider();
    AuthScope authScope = new AuthScope(getHost(), port, AuthScope.ANY_REALM, AuthScope.ANY_SCHEME);
    if (user != null && user.length() > 0) {
        credsProvider.setCredentials(authScope, new UsernamePasswordCredentials(user, password));
    } else if (kerberos) {
        authSchemeProvider = RegistryBuilder.<AuthSchemeProvider>create().register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory(true)).build();
        credsProvider.setCredentials(authScope, new Credentials() {

            @Override
            public Principal getUserPrincipal() {
                return null;
            }

            @Override
            public String getPassword() {
                return null;
            }
        });
    }
    RequestConfig globalConfig = RequestConfig.custom().setCookieSpec(CookieSpecs.IGNORE_COOKIES).setConnectTimeout(timeout).build();
    HttpClientBuilder clientBuilder = HttpClientBuilder.create().setConnectionManager(new PoolingHttpClientConnectionManager(createConnectionSocketFactoryRegistry())).setDefaultRequestConfig(globalConfig).setDefaultCredentialsProvider(credsProvider).setDefaultAuthSchemeRegistry(authSchemeProvider);
    if (!compress) {
        clientBuilder.disableContentCompression();
    }
    return new HttpClient45(clientBuilder.build());
}

Example 14 with SPNegoSchemeFactory

use of org.apache.http.impl.auth.SPNegoSchemeFactory in project ranger by apache.

the class ElasticSearchMgr method getRestClientBuilder.

public static RestClientBuilder getRestClientBuilder(String urls, String protocol, String user, String password, int port) {
    RestClientBuilder restClientBuilder = RestClient.builder(MiscUtil.toArray(urls, ",").stream().map(x -> new HttpHost(x, port, protocol)).<HttpHost>toArray(i -> new HttpHost[i]));
    if (StringUtils.isNotBlank(user) && StringUtils.isNotBlank(password) && !user.equalsIgnoreCase("NONE") && !password.equalsIgnoreCase("NONE")) {
        if (password.contains("keytab") && new File(password).exists()) {
            final KerberosCredentialsProvider credentialsProvider = CredentialsProviderUtil.getKerberosCredentials(user, password);
            Lookup<AuthSchemeProvider> authSchemeRegistry = RegistryBuilder.<AuthSchemeProvider>create().register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory()).build();
            restClientBuilder.setHttpClientConfigCallback(clientBuilder -> {
                clientBuilder.setDefaultCredentialsProvider(credentialsProvider);
                clientBuilder.setDefaultAuthSchemeRegistry(authSchemeRegistry);
                return clientBuilder;
            });
        } else {
            final CredentialsProvider credentialsProvider = CredentialsProviderUtil.getBasicCredentials(user, password);
            restClientBuilder.setHttpClientConfigCallback(clientBuilder -> clientBuilder.setDefaultCredentialsProvider(credentialsProvider));
        }
    } else {
        logger.error("ElasticSearch Credentials not provided!!");
        final CredentialsProvider credentialsProvider = null;
        restClientBuilder.setHttpClientConfigCallback(clientBuilder -> clientBuilder.setDefaultCredentialsProvider(credentialsProvider));
    }
    return restClientBuilder;
}

Example 15 with SPNegoSchemeFactory

use of org.apache.http.impl.auth.SPNegoSchemeFactory in project calcite-avatica by apache.

the class AvaticaCommonsHttpClientImpl method setGSSCredential.

public void setGSSCredential(GSSCredential credential) {
    this.authRegistry = RegistryBuilder.<AuthSchemeProvider>create().register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory(STRIP_PORT_ON_SERVER_LOOKUP, USE_CANONICAL_HOSTNAME)).build();
    this.credentialsProvider = new BasicCredentialsProvider();
    if (null != credential) {
        // Non-null credential should be used directly with KerberosCredentials.
        // This is never set by the JDBC driver, nor the tests
        this.credentialsProvider.setCredentials(AuthScope.ANY, new KerberosCredentials(credential));
    } else {
        // A null credential implies that the user is logged in via JAAS using the
        // java.security.auth.login.config system property
        this.credentialsProvider.setCredentials(AuthScope.ANY, EmptyCredentials.INSTANCE);
    }
}