use of org.apache.zeppelin.realm.jwt.JWTAuthenticationToken in project zeppelin by apache.
the class LoginRestApi method getLogin.
@GET
@ZeppelinApi
public Response getLogin(@Context HttpHeaders headers) {
JsonResponse<Map<String, String>> response = null;
if (isKnoxSSOEnabled()) {
KnoxJwtRealm knoxJwtRealm = getJTWRealm();
Cookie cookie = headers.getCookies().get(knoxJwtRealm.getCookieName());
if (cookie != null && cookie.getValue() != null) {
Subject currentUser = SecurityUtils.getSubject();
JWTAuthenticationToken token = new JWTAuthenticationToken(null, cookie.getValue());
try {
String name = knoxJwtRealm.getName(token);
if (!currentUser.isAuthenticated() || !currentUser.getPrincipal().equals(name)) {
response = proceedToLogin(currentUser, token);
}
} catch (ParseException e) {
LOG.error("ParseException in LoginRestApi: ", e);
}
}
if (response == null) {
Map<String, String> data = new HashMap<>();
data.put("redirectURL", constructUrl(knoxJwtRealm.getProviderUrl(), knoxJwtRealm.getRedirectParam(), knoxJwtRealm.getLogin()));
response = new JsonResponse<>(Status.OK, "", data);
}
return response.build();
}
KerberosRealm kerberosRealm = getKerberosRealm();
if (null != kerberosRealm) {
try {
Map<String, Cookie> cookies = headers.getCookies();
KerberosToken kerberosToken = KerberosRealm.getKerberosTokenFromCookies(cookies);
if (null != kerberosToken) {
Subject currentUser = SecurityUtils.getSubject();
String name = (String) kerberosToken.getPrincipal();
if (!currentUser.isAuthenticated() || !currentUser.getPrincipal().equals(name)) {
response = proceedToLogin(currentUser, kerberosToken);
}
}
if (null == response) {
LOG.warn("No Kerberos token received");
response = new JsonResponse<>(Status.UNAUTHORIZED, "", null);
}
return response.build();
} catch (AuthenticationException e) {
LOG.error("Error in Login", e);
}
}
return new JsonResponse<>(Status.METHOD_NOT_ALLOWED).build();
}
Aggregations