Example 11 with JaasContext
use of org.apache.kafka.common.security.JaasContext in project kafka by apache.
the class LoginManagerTest method testClientLoginManager.
@Test
public void testClientLoginManager() throws Exception {
Map<String, ?> configs = Collections.singletonMap("sasl.jaas.config", dynamicPlainContext);
JaasContext dynamicContext = JaasContext.loadClientContext(configs);
JaasContext staticContext = JaasContext.loadClientContext(Collections.emptyMap());
LoginManager dynamicLogin = LoginManager.acquireLoginManager(dynamicContext, "PLAIN", DefaultLogin.class, configs);
assertEquals(dynamicPlainContext, dynamicLogin.cacheKey());
LoginManager staticLogin = LoginManager.acquireLoginManager(staticContext, "SCRAM-SHA-256", DefaultLogin.class, configs);
assertNotSame(dynamicLogin, staticLogin);
assertEquals("KafkaClient", staticLogin.cacheKey());
assertSame(dynamicLogin, LoginManager.acquireLoginManager(dynamicContext, "PLAIN", DefaultLogin.class, configs));
assertSame(staticLogin, LoginManager.acquireLoginManager(staticContext, "SCRAM-SHA-256", DefaultLogin.class, configs));
verifyLoginManagerRelease(dynamicLogin, 2, dynamicContext, configs);
verifyLoginManagerRelease(staticLogin, 2, staticContext, configs);
}
Also used :
JaasContext(org.apache.kafka.common.security.JaasContext)
Test(org.junit.jupiter.api.Test)
Example 12 with JaasContext
use of org.apache.kafka.common.security.JaasContext in project kafka by apache.
the class PlainSaslServerTest method setUp.
@BeforeEach
public void setUp() {
TestJaasConfig jaasConfig = new TestJaasConfig();
Map<String, Object> options = new HashMap<>();
options.put("user_" + USER_A, PASSWORD_A);
options.put("user_" + USER_B, PASSWORD_B);
jaasConfig.addEntry("jaasContext", PlainLoginModule.class.getName(), options);
JaasContext jaasContext = new JaasContext("jaasContext", JaasContext.Type.SERVER, jaasConfig, null);
PlainServerCallbackHandler callbackHandler = new PlainServerCallbackHandler();
callbackHandler.configure(null, "PLAIN", jaasContext.configurationEntries());
saslServer = new PlainSaslServer(callbackHandler);
}
Also used :
JaasContext(org.apache.kafka.common.security.JaasContext)
HashMap(java.util.HashMap)
PlainLoginModule(org.apache.kafka.common.security.plain.PlainLoginModule)
TestJaasConfig(org.apache.kafka.common.security.authenticator.TestJaasConfig)
BeforeEach(org.junit.jupiter.api.BeforeEach)
Example 13 with JaasContext
use of org.apache.kafka.common.security.JaasContext in project apache-kafka-on-k8s by banzaicloud.
the class SaslAuthenticatorTest method startServerWithoutSaslAuthenticateHeader.
private NioEchoServer startServerWithoutSaslAuthenticateHeader(final SecurityProtocol securityProtocol, String saslMechanism) throws Exception {
final ListenerName listenerName = ListenerName.forSecurityProtocol(securityProtocol);
final Map<String, ?> configs = Collections.emptyMap();
final JaasContext jaasContext = JaasContext.loadServerContext(listenerName, saslMechanism, configs);
final Map<String, JaasContext> jaasContexts = Collections.singletonMap(saslMechanism, jaasContext);
boolean isScram = ScramMechanism.isScram(saslMechanism);
if (isScram)
ScramCredentialUtils.createCache(credentialCache, Arrays.asList(saslMechanism));
SaslChannelBuilder serverChannelBuilder = new SaslChannelBuilder(Mode.SERVER, jaasContexts, securityProtocol, listenerName, false, saslMechanism, true, credentialCache, null) {
@Override
protected SaslServerAuthenticator buildServerAuthenticator(Map<String, ?> configs, String id, TransportLayer transportLayer, Map<String, Subject> subjects) throws IOException {
return new SaslServerAuthenticator(configs, id, jaasContexts, subjects, null, credentialCache, listenerName, securityProtocol, transportLayer, null) {
@Override
protected ApiVersionsResponse apiVersionsResponse() {
List<ApiVersion> apiVersions = new ArrayList<>(ApiVersionsResponse.defaultApiVersionsResponse().apiVersions());
for (Iterator<ApiVersion> it = apiVersions.iterator(); it.hasNext(); ) {
ApiVersion apiVersion = it.next();
if (apiVersion.apiKey == ApiKeys.SASL_AUTHENTICATE.id) {
it.remove();
break;
}
}
return new ApiVersionsResponse(0, Errors.NONE, apiVersions);
}
@Override
protected void enableKafkaSaslAuthenticateHeaders(boolean flag) {
// Don't enable Kafka SASL_AUTHENTICATE headers
}
};
}
};
serverChannelBuilder.configure(saslServerConfigs);
server = new NioEchoServer(listenerName, securityProtocol, new TestSecurityConfig(saslServerConfigs), "localhost", serverChannelBuilder, credentialCache);
server.start();
return server;
}
Also used :
ApiVersion(org.apache.kafka.common.requests.ApiVersionsResponse.ApiVersion)
ApiVersionsResponse(org.apache.kafka.common.requests.ApiVersionsResponse)
ArrayList(java.util.ArrayList)
ListenerName(org.apache.kafka.common.network.ListenerName)
TransportLayer(org.apache.kafka.common.network.TransportLayer)
JaasContext(org.apache.kafka.common.security.JaasContext)
NioEchoServer(org.apache.kafka.common.network.NioEchoServer)
TestSecurityConfig(org.apache.kafka.common.security.TestSecurityConfig)
SaslChannelBuilder(org.apache.kafka.common.network.SaslChannelBuilder)
Map(java.util.Map)
HashMap(java.util.HashMap)
Example 14 with JaasContext
use of org.apache.kafka.common.security.JaasContext in project kafka by apache.
the class SaslChannelBuilderTest method createChannelBuilder.
private SaslChannelBuilder createChannelBuilder(SecurityProtocol securityProtocol, String saslMechanism) {
Class<?> loginModule = null;
switch(saslMechanism) {
case "PLAIN":
loginModule = PlainLoginModule.class;
break;
case "SCRAM-SHA-256":
loginModule = ScramLoginModule.class;
break;
case "OAUTHBEARER":
loginModule = OAuthBearerLoginModule.class;
break;
case "GSSAPI":
loginModule = TestGssapiLoginModule.class;
break;
default:
throw new IllegalArgumentException("Unsupported SASL mechanism " + saslMechanism);
}
TestJaasConfig jaasConfig = new TestJaasConfig();
jaasConfig.addEntry("jaasContext", loginModule.getName(), new HashMap<>());
JaasContext jaasContext = new JaasContext("jaasContext", JaasContext.Type.SERVER, jaasConfig, null);
Map<String, JaasContext> jaasContexts = Collections.singletonMap(saslMechanism, jaasContext);
return new SaslChannelBuilder(Mode.CLIENT, jaasContexts, securityProtocol, new ListenerName(saslMechanism), false, saslMechanism, true, null, null, null, Time.SYSTEM, new LogContext(), defaultApiVersionsSupplier());
}
Also used :
JaasContext(org.apache.kafka.common.security.JaasContext)
LogContext(org.apache.kafka.common.utils.LogContext)
TestJaasConfig(org.apache.kafka.common.security.authenticator.TestJaasConfig)
Example 15 with JaasContext
use of org.apache.kafka.common.security.JaasContext in project kafka by apache.
the class SaslChannelBuilderTest method testNativeGssapiCredentials.
@Test
public void testNativeGssapiCredentials() throws Exception {
System.setProperty(SaslChannelBuilder.GSS_NATIVE_PROP, "true");
TestJaasConfig jaasConfig = new TestJaasConfig();
jaasConfig.addEntry("jaasContext", TestGssapiLoginModule.class.getName(), new HashMap<>());
JaasContext jaasContext = new JaasContext("jaasContext", JaasContext.Type.SERVER, jaasConfig, null);
Map<String, JaasContext> jaasContexts = Collections.singletonMap("GSSAPI", jaasContext);
GSSManager gssManager = Mockito.mock(GSSManager.class);
GSSName gssName = Mockito.mock(GSSName.class);
Mockito.when(gssManager.createName(Mockito.anyString(), Mockito.any())).thenAnswer(unused -> gssName);
Oid oid = new Oid("1.2.840.113554.1.2.2");
Mockito.when(gssManager.createCredential(gssName, GSSContext.INDEFINITE_LIFETIME, oid, GSSCredential.ACCEPT_ONLY)).thenAnswer(unused -> Mockito.mock(GSSCredential.class));
SaslChannelBuilder channelBuilder1 = createGssapiChannelBuilder(jaasContexts, gssManager);
assertEquals(1, channelBuilder1.subject("GSSAPI").getPrincipals().size());
assertEquals(1, channelBuilder1.subject("GSSAPI").getPrivateCredentials().size());
SaslChannelBuilder channelBuilder2 = createGssapiChannelBuilder(jaasContexts, gssManager);
assertEquals(1, channelBuilder2.subject("GSSAPI").getPrincipals().size());
assertEquals(1, channelBuilder2.subject("GSSAPI").getPrivateCredentials().size());
assertSame(channelBuilder1.subject("GSSAPI"), channelBuilder2.subject("GSSAPI"));
Mockito.verify(gssManager, Mockito.times(1)).createCredential(gssName, GSSContext.INDEFINITE_LIFETIME, oid, GSSCredential.ACCEPT_ONLY);
}
Also used :
GSSName(org.ietf.jgss.GSSName)
JaasContext(org.apache.kafka.common.security.JaasContext)
GSSCredential(org.ietf.jgss.GSSCredential)
GSSManager(org.ietf.jgss.GSSManager)
Oid(org.ietf.jgss.Oid)
TestJaasConfig(org.apache.kafka.common.security.authenticator.TestJaasConfig)
Test(org.junit.jupiter.api.Test)
Aggregations
JaasContext (org.apache.kafka.common.security.JaasContext)21
HashMap (java.util.HashMap)10
ListenerName (org.apache.kafka.common.network.ListenerName)9
Map (java.util.Map)6
SaslChannelBuilder (org.apache.kafka.common.network.SaslChannelBuilder)5
TestJaasConfig (org.apache.kafka.common.security.authenticator.TestJaasConfig)5
List (java.util.List)4
Subject (javax.security.auth.Subject)4
TransportLayer (org.apache.kafka.common.network.TransportLayer)4
ApiVersionsResponse (org.apache.kafka.common.requests.ApiVersionsResponse)4
LogContext (org.apache.kafka.common.utils.LogContext)4
NioEchoServer (org.apache.kafka.common.network.NioEchoServer)3
TestSecurityConfig (org.apache.kafka.common.security.TestSecurityConfig)3
PlainLoginModule (org.apache.kafka.common.security.plain.PlainLoginModule)3
Test (org.junit.jupiter.api.Test)3
IOException (java.io.IOException)2
InetSocketAddress (java.net.InetSocketAddress)2
KafkaException (org.apache.kafka.common.KafkaException)2
ApiVersionsResponseData (org.apache.kafka.common.message.ApiVersionsResponseData)2
ApiVersion (org.apache.kafka.common.message.ApiVersionsResponseData.ApiVersion)2
