use of org.apache.zeppelin.realm.kerberos.KerberosRealm in project zeppelin by apache.
the class LoginRestApi method logout.
@POST
@Path("logout")
@ZeppelinApi
public Response logout() {
logoutCurrentUser();
Status status;
Map<String, String> data = new HashMap<>();
if (zConf.isAuthorizationHeaderClear()) {
status = Status.UNAUTHORIZED;
data.put("clearAuthorizationHeader", "true");
} else {
status = Status.FORBIDDEN;
data.put("clearAuthorizationHeader", "false");
}
if (isKnoxSSOEnabled()) {
KnoxJwtRealm knoxJwtRealm = getJTWRealm();
data.put("redirectURL", constructUrl(knoxJwtRealm.getProviderUrl(), knoxJwtRealm.getRedirectParam(), knoxJwtRealm.getLogout()));
data.put("isLogoutAPI", knoxJwtRealm.getLogoutAPI().toString());
} else if (isKerberosRealmEnabled()) {
KerberosRealm kerberosRealm = getKerberosRealm();
data.put("redirectURL", constructUrl(kerberosRealm.getProviderUrl(), kerberosRealm.getRedirectParam(), kerberosRealm.getLogout()));
data.put("isLogoutAPI", kerberosRealm.getLogoutAPI().toString());
}
JsonResponse<Map<String, String>> response = new JsonResponse<>(status, "", data);
LOG.info(response.toString());
return response.build();
}
use of org.apache.zeppelin.realm.kerberos.KerberosRealm in project zeppelin by apache.
the class LoginRestApi method getKerberosRealm.
private KerberosRealm getKerberosRealm() {
Collection<Realm> realmsList = authenticationService.getRealmsList();
if (realmsList != null) {
for (Realm realm : realmsList) {
String name = realm.getClass().getName();
LOG.debug("RealmClass.getName: {}", name);
if (name.equals("org.apache.zeppelin.realm.kerberos.KerberosRealm")) {
return (KerberosRealm) realm;
}
}
}
return null;
}
use of org.apache.zeppelin.realm.kerberos.KerberosRealm in project zeppelin by apache.
the class LoginRestApi method getLogin.
@GET
@ZeppelinApi
public Response getLogin(@Context HttpHeaders headers) {
JsonResponse<Map<String, String>> response = null;
if (isKnoxSSOEnabled()) {
KnoxJwtRealm knoxJwtRealm = getJTWRealm();
Cookie cookie = headers.getCookies().get(knoxJwtRealm.getCookieName());
if (cookie != null && cookie.getValue() != null) {
Subject currentUser = SecurityUtils.getSubject();
JWTAuthenticationToken token = new JWTAuthenticationToken(null, cookie.getValue());
try {
String name = knoxJwtRealm.getName(token);
if (!currentUser.isAuthenticated() || !currentUser.getPrincipal().equals(name)) {
response = proceedToLogin(currentUser, token);
}
} catch (ParseException e) {
LOG.error("ParseException in LoginRestApi: ", e);
}
}
if (response == null) {
Map<String, String> data = new HashMap<>();
data.put("redirectURL", constructUrl(knoxJwtRealm.getProviderUrl(), knoxJwtRealm.getRedirectParam(), knoxJwtRealm.getLogin()));
response = new JsonResponse<>(Status.OK, "", data);
}
return response.build();
}
KerberosRealm kerberosRealm = getKerberosRealm();
if (null != kerberosRealm) {
try {
Map<String, Cookie> cookies = headers.getCookies();
KerberosToken kerberosToken = KerberosRealm.getKerberosTokenFromCookies(cookies);
if (null != kerberosToken) {
Subject currentUser = SecurityUtils.getSubject();
String name = (String) kerberosToken.getPrincipal();
if (!currentUser.isAuthenticated() || !currentUser.getPrincipal().equals(name)) {
response = proceedToLogin(currentUser, kerberosToken);
}
}
if (null == response) {
LOG.warn("No Kerberos token received");
response = new JsonResponse<>(Status.UNAUTHORIZED, "", null);
}
return response.build();
} catch (AuthenticationException e) {
LOG.error("Error in Login", e);
}
}
return new JsonResponse<>(Status.METHOD_NOT_ALLOWED).build();
}
Aggregations