Examples with DelegationTokenCache org.apache.kafka.common.security.token.delegation.internals.DelegationTokenCache used on opensource projects

Search in sources :

Example 1 with DelegationTokenCache

use of org.apache.kafka.common.security.token.delegation.internals.DelegationTokenCache in project kafka by apache.

the class ScramSaslServerTest method setUp.

@BeforeEach
public void setUp() throws Exception {
    mechanism = ScramMechanism.SCRAM_SHA_256;
    formatter = new ScramFormatter(mechanism);
    CredentialCache.Cache<ScramCredential> credentialCache = new CredentialCache().createCache(mechanism.mechanismName(), ScramCredential.class);
    credentialCache.put(USER_A, formatter.generateCredential("passwordA", 4096));
    credentialCache.put(USER_B, formatter.generateCredential("passwordB", 4096));
    ScramServerCallbackHandler callbackHandler = new ScramServerCallbackHandler(credentialCache, new DelegationTokenCache(ScramMechanism.mechanismNames()));
    saslServer = new ScramSaslServer(mechanism, new HashMap<String, Object>(), callbackHandler);
}
Also used : ScramCredential(org.apache.kafka.common.security.scram.ScramCredential) HashMap(java.util.HashMap) CredentialCache(org.apache.kafka.common.security.authenticator.CredentialCache) DelegationTokenCache(org.apache.kafka.common.security.token.delegation.internals.DelegationTokenCache) BeforeEach(org.junit.jupiter.api.BeforeEach)

Example 2 with DelegationTokenCache

use of org.apache.kafka.common.security.token.delegation.internals.DelegationTokenCache in project kafka by apache.

the class SaslAuthenticatorTest method testTokenReauthenticationOverSaslScram.

@Test
public void testTokenReauthenticationOverSaslScram() throws Exception {
    SecurityProtocol securityProtocol = SecurityProtocol.SASL_SSL;
    TestJaasConfig jaasConfig = configureMechanisms("SCRAM-SHA-256", Arrays.asList("SCRAM-SHA-256"));
    // create jaas config for token auth
    Map<String, Object> options = new HashMap<>();
    String tokenId = "token1";
    String tokenHmac = "abcdefghijkl";
    // tokenId
    options.put("username", tokenId);
    // token hmac
    options.put("password", tokenHmac);
    // enable token authentication
    options.put(ScramLoginModule.TOKEN_AUTH_CONFIG, "true");
    jaasConfig.createOrUpdateEntry(TestJaasConfig.LOGIN_CONTEXT_CLIENT, ScramLoginModule.class.getName(), options);
    // ensure re-authentication based on token expiry rather than a default value
    saslServerConfigs.put(BrokerSecurityConfigs.CONNECTIONS_MAX_REAUTH_MS, Long.MAX_VALUE);
    /*
         * create a token cache that adjusts the token expiration dynamically so that
         * the first time the expiry is read during authentication we use it to define a
         * session expiration time that we can then sleep through; then the second time
         * the value is read (during re-authentication) it will be in the future.
         */
    Function<Integer, Long> tokenLifetime = callNum -> 10 * callNum * CONNECTIONS_MAX_REAUTH_MS_VALUE;
    DelegationTokenCache tokenCache = new DelegationTokenCache(ScramMechanism.mechanismNames()) {

        int callNum = 0;

        @Override
        public TokenInformation token(String tokenId) {
            TokenInformation baseTokenInfo = super.token(tokenId);
            long thisLifetimeMs = System.currentTimeMillis() + tokenLifetime.apply(++callNum).longValue();
            TokenInformation retvalTokenInfo = new TokenInformation(baseTokenInfo.tokenId(), baseTokenInfo.owner(), baseTokenInfo.renewers(), baseTokenInfo.issueTimestamp(), thisLifetimeMs, thisLifetimeMs);
            return retvalTokenInfo;
        }
    };
    server = createEchoServer(ListenerName.forSecurityProtocol(securityProtocol), securityProtocol, tokenCache);
    KafkaPrincipal owner = SecurityUtils.parseKafkaPrincipal("User:Owner");
    KafkaPrincipal renewer = SecurityUtils.parseKafkaPrincipal("User:Renewer1");
    TokenInformation tokenInfo = new TokenInformation(tokenId, owner, Collections.singleton(renewer), System.currentTimeMillis(), System.currentTimeMillis(), System.currentTimeMillis());
    server.tokenCache().addToken(tokenId, tokenInfo);
    updateTokenCredentialCache(tokenId, tokenHmac);
    // initial authentication must succeed
    createClientConnection(securityProtocol, "0");
    checkClientConnection("0");
    // ensure metrics are as expected before trying to re-authenticate
    server.verifyAuthenticationMetrics(1, 0);
    server.verifyReauthenticationMetrics(0, 0);
    /*
         * Now re-authenticate and ensure it succeeds. We have to sleep long enough so
         * that the current delegation token will be expired when the next write occurs;
         * this will trigger a re-authentication. Then the second time the delegation
         * token is read and transmitted to the server it will again have an expiration
         * date in the future.
         */
    delay(tokenLifetime.apply(1));
    checkClientConnection("0");
    server.verifyReauthenticationMetrics(1, 0);
}
Also used : BeforeEach(org.junit.jupiter.api.BeforeEach) MockTime(org.apache.kafka.common.utils.MockTime) Arrays(java.util.Arrays) ApiVersionsRequest(org.apache.kafka.common.requests.ApiVersionsRequest) SaslAuthenticateRequestData(org.apache.kafka.common.message.SaslAuthenticateRequestData) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) KafkaException(org.apache.kafka.common.KafkaException) AuthenticateCallbackHandler(org.apache.kafka.common.security.auth.AuthenticateCallbackHandler) SaslException(javax.security.sasl.SaslException) SaslClient(javax.security.sasl.SaslClient) OAuthBearerIllegalTokenException(org.apache.kafka.common.security.oauthbearer.internals.unsecured.OAuthBearerIllegalTokenException) ScramCredentialUtils(org.apache.kafka.common.security.scram.internals.ScramCredentialUtils) ApiVersionsResponse(org.apache.kafka.common.requests.ApiVersionsResponse) ListOffsetsResponse(org.apache.kafka.common.requests.ListOffsetsResponse) LogContext(org.apache.kafka.common.utils.LogContext) Map(java.util.Map) TestUtils(org.apache.kafka.test.TestUtils) Set(java.util.Set) ScramLoginModule(org.apache.kafka.common.security.scram.ScramLoginModule) RequestHeaderData(org.apache.kafka.common.message.RequestHeaderData) PlainServerCallbackHandler(org.apache.kafka.common.security.plain.internals.PlainServerCallbackHandler) StandardCharsets(java.nio.charset.StandardCharsets) SecurityUtils(org.apache.kafka.common.utils.SecurityUtils) LIST_OFFSETS(org.apache.kafka.common.protocol.ApiKeys.LIST_OFFSETS) ApiMessageType(org.apache.kafka.common.message.ApiMessageType) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) Assertions.assertTrue(org.junit.jupiter.api.Assertions.assertTrue) ListOffsetsTopicResponse(org.apache.kafka.common.message.ListOffsetsResponseData.ListOffsetsTopicResponse) OAuthBearerUnsecuredJws(org.apache.kafka.common.security.oauthbearer.internals.unsecured.OAuthBearerUnsecuredJws) Errors(org.apache.kafka.common.protocol.Errors) NetworkSend(org.apache.kafka.common.network.NetworkSend) AuthenticationContext(org.apache.kafka.common.security.auth.AuthenticationContext) Callback(javax.security.auth.callback.Callback) Assertions.assertThrows(org.junit.jupiter.api.Assertions.assertThrows) Assertions.fail(org.junit.jupiter.api.Assertions.fail) Password(org.apache.kafka.common.config.types.Password) Assertions.assertNotNull(org.junit.jupiter.api.Assertions.assertNotNull) Selector(org.apache.kafka.common.network.Selector) AbstractResponse(org.apache.kafka.common.requests.AbstractResponse) ApiVersionsRequestData(org.apache.kafka.common.message.ApiVersionsRequestData) RequestTestUtils(org.apache.kafka.common.requests.RequestTestUtils) ListOffsetsPartitionResponse(org.apache.kafka.common.message.ListOffsetsResponseData.ListOffsetsPartitionResponse) OAuthBearerConfigException(org.apache.kafka.common.security.oauthbearer.internals.unsecured.OAuthBearerConfigException) Supplier(java.util.function.Supplier) OAuthBearerTokenCallback(org.apache.kafka.common.security.oauthbearer.OAuthBearerTokenCallback) ArrayList(java.util.ArrayList) ListenerName(org.apache.kafka.common.network.ListenerName) NetworkClient(org.apache.kafka.clients.NetworkClient) SaslAuthenticateRequest(org.apache.kafka.common.requests.SaslAuthenticateRequest) PlainLoginModule(org.apache.kafka.common.security.plain.PlainLoginModule) Assertions.assertEquals(org.junit.jupiter.api.Assertions.assertEquals) SslConfigs(org.apache.kafka.common.config.SslConfigs) SaslAuthenticationException(org.apache.kafka.common.errors.SaslAuthenticationException) ScramFormatter(org.apache.kafka.common.security.scram.internals.ScramFormatter) SelectionKey(java.nio.channels.SelectionKey) IOException(java.io.IOException) SslClientAuth(org.apache.kafka.common.config.SslClientAuth) AfterEach(org.junit.jupiter.api.AfterEach) OAuthBearerUnsecuredLoginCallbackHandler(org.apache.kafka.common.security.oauthbearer.internals.unsecured.OAuthBearerUnsecuredLoginCallbackHandler) NameCallback(javax.security.auth.callback.NameCallback) KafkaPrincipalBuilder(org.apache.kafka.common.security.auth.KafkaPrincipalBuilder) CertStores(org.apache.kafka.common.network.CertStores) ChannelState(org.apache.kafka.common.network.ChannelState) LoginException(javax.security.auth.login.LoginException) Random(java.util.Random) AbstractRequest(org.apache.kafka.common.requests.AbstractRequest) ChannelBuilder(org.apache.kafka.common.network.ChannelBuilder) SecurityProtocol(org.apache.kafka.common.security.auth.SecurityProtocol) TokenInformation(org.apache.kafka.common.security.token.delegation.TokenInformation) ByteBuffer(java.nio.ByteBuffer) CallbackHandler(javax.security.auth.callback.CallbackHandler) RequestHeader(org.apache.kafka.common.requests.RequestHeader) Assertions.assertFalse(org.junit.jupiter.api.Assertions.assertFalse) AtomicInteger(java.util.concurrent.atomic.AtomicInteger) AssertionFailedError(org.opentest4j.AssertionFailedError) ApiVersionsResponseData(org.apache.kafka.common.message.ApiVersionsResponseData) Configuration(javax.security.auth.login.Configuration) PasswordCallback(javax.security.auth.callback.PasswordCallback) ByteBufferSend(org.apache.kafka.common.network.ByteBufferSend) Time(org.apache.kafka.common.utils.Time) OAuthBearerToken(org.apache.kafka.common.security.oauthbearer.OAuthBearerToken) BrokerSecurityConfigs(org.apache.kafka.common.config.internals.BrokerSecurityConfigs) TransportLayer(org.apache.kafka.common.network.TransportLayer) ApiVersionCollection(org.apache.kafka.common.message.ApiVersionsResponseData.ApiVersionCollection) DigestServerCallbackHandler(org.apache.kafka.common.security.authenticator.TestDigestLoginModule.DigestServerCallbackHandler) ScramMechanism(org.apache.kafka.common.security.scram.internals.ScramMechanism) InetSocketAddress(java.net.InetSocketAddress) Collectors(java.util.stream.Collectors) ListOffsetsResponseData(org.apache.kafka.common.message.ListOffsetsResponseData) SaslHandshakeRequestData(org.apache.kafka.common.message.SaslHandshakeRequestData) Test(org.junit.jupiter.api.Test) Base64(java.util.Base64) List(java.util.List) ChannelBuilders(org.apache.kafka.common.network.ChannelBuilders) ChannelMetadataRegistry(org.apache.kafka.common.network.ChannelMetadataRegistry) OAuthBearerLoginModule(org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule) IntStream(java.util.stream.IntStream) AppConfigurationEntry(javax.security.auth.login.AppConfigurationEntry) Encoder(java.util.Base64.Encoder) DelegationTokenCache(org.apache.kafka.common.security.token.delegation.internals.DelegationTokenCache) SaslAuthenticationContext(org.apache.kafka.common.security.auth.SaslAuthenticationContext) SaslChannelBuilder(org.apache.kafka.common.network.SaslChannelBuilder) HashMap(java.util.HashMap) JaasContext(org.apache.kafka.common.security.JaasContext) SchemaException(org.apache.kafka.common.protocol.types.SchemaException) Function(java.util.function.Function) LoginContext(javax.security.auth.login.LoginContext) MetadataRequest(org.apache.kafka.common.requests.MetadataRequest) SaslHandshakeResponse(org.apache.kafka.common.requests.SaslHandshakeResponse) ApiVersion(org.apache.kafka.common.message.ApiVersionsResponseData.ApiVersion) SaslConfigs(org.apache.kafka.common.config.SaslConfigs) Utils(org.apache.kafka.common.utils.Utils) ResponseHeader(org.apache.kafka.common.requests.ResponseHeader) SaslHandshakeRequest(org.apache.kafka.common.requests.SaslHandshakeRequest) Login(org.apache.kafka.common.security.auth.Login) ApiKeys(org.apache.kafka.common.protocol.ApiKeys) Subject(javax.security.auth.Subject) NetworkTestUtils(org.apache.kafka.common.network.NetworkTestUtils) Mode(org.apache.kafka.common.network.Mode) SslAuthenticationException(org.apache.kafka.common.errors.SslAuthenticationException) NioEchoServer(org.apache.kafka.common.network.NioEchoServer) TestSecurityConfig(org.apache.kafka.common.security.TestSecurityConfig) ScramCredential(org.apache.kafka.common.security.scram.ScramCredential) KafkaPrincipal(org.apache.kafka.common.security.auth.KafkaPrincipal) Collections(java.util.Collections) SSLPeerUnverifiedException(javax.net.ssl.SSLPeerUnverifiedException) HashMap(java.util.HashMap) SecurityProtocol(org.apache.kafka.common.security.auth.SecurityProtocol) TokenInformation(org.apache.kafka.common.security.token.delegation.TokenInformation) KafkaPrincipal(org.apache.kafka.common.security.auth.KafkaPrincipal) AtomicInteger(java.util.concurrent.atomic.AtomicInteger) ScramLoginModule(org.apache.kafka.common.security.scram.ScramLoginModule) DelegationTokenCache(org.apache.kafka.common.security.token.delegation.internals.DelegationTokenCache) Test(org.junit.jupiter.api.Test)

Aggregations

HashMap (java.util.HashMap)2 IOException (java.io.IOException)1 InetSocketAddress (java.net.InetSocketAddress)1 ByteBuffer (java.nio.ByteBuffer)1 SelectionKey (java.nio.channels.SelectionKey)1 StandardCharsets (java.nio.charset.StandardCharsets)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 ArrayList (java.util.ArrayList)1 Arrays (java.util.Arrays)1 Base64 (java.util.Base64)1 Encoder (java.util.Base64.Encoder)1 Collections (java.util.Collections)1 List (java.util.List)1 Map (java.util.Map)1 Random (java.util.Random)1 Set (java.util.Set)1 AtomicInteger (java.util.concurrent.atomic.AtomicInteger)1 Function (java.util.function.Function)1 Supplier (java.util.function.Supplier)1 Collectors (java.util.stream.Collectors)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial