Example 1 with KerberosRealm
use of org.apache.zeppelin.realm.kerberos.KerberosRealm in project zeppelin by apache.
the class LoginRestApi method logout.
@POST
@Path("logout")
@ZeppelinApi
public Response logout() {
logoutCurrentUser();
Status status;
Map<String, String> data = new HashMap<>();
if (zConf.isAuthorizationHeaderClear()) {
status = Status.UNAUTHORIZED;
data.put("clearAuthorizationHeader", "true");
} else {
status = Status.FORBIDDEN;
data.put("clearAuthorizationHeader", "false");
}
if (isKnoxSSOEnabled()) {
KnoxJwtRealm knoxJwtRealm = getJTWRealm();
data.put("redirectURL", constructUrl(knoxJwtRealm.getProviderUrl(), knoxJwtRealm.getRedirectParam(), knoxJwtRealm.getLogout()));
data.put("isLogoutAPI", knoxJwtRealm.getLogoutAPI().toString());
} else if (isKerberosRealmEnabled()) {
KerberosRealm kerberosRealm = getKerberosRealm();
data.put("redirectURL", constructUrl(kerberosRealm.getProviderUrl(), kerberosRealm.getRedirectParam(), kerberosRealm.getLogout()));
data.put("isLogoutAPI", kerberosRealm.getLogoutAPI().toString());
}
JsonResponse<Map<String, String>> response = new JsonResponse<>(status, "", data);
LOG.info(response.toString());
return response.build();
}
Also used :
Status(javax.ws.rs.core.Response.Status)
KerberosRealm(org.apache.zeppelin.realm.kerberos.KerberosRealm)
HashMap(java.util.HashMap)
KnoxJwtRealm(org.apache.zeppelin.realm.jwt.KnoxJwtRealm)
HashMap(java.util.HashMap)
Map(java.util.Map)
JsonResponse(org.apache.zeppelin.server.JsonResponse)
Path(javax.ws.rs.Path)
ZeppelinApi(org.apache.zeppelin.annotation.ZeppelinApi)
POST(javax.ws.rs.POST)
Example 2 with KerberosRealm
use of org.apache.zeppelin.realm.kerberos.KerberosRealm in project zeppelin by apache.
the class LoginRestApi method getKerberosRealm.
private KerberosRealm getKerberosRealm() {
Collection<Realm> realmsList = authenticationService.getRealmsList();
if (realmsList != null) {
for (Realm realm : realmsList) {
String name = realm.getClass().getName();
LOG.debug("RealmClass.getName: {}", name);
if (name.equals("org.apache.zeppelin.realm.kerberos.KerberosRealm")) {
return (KerberosRealm) realm;
}
}
}
return null;
}
Also used :
KerberosRealm(org.apache.zeppelin.realm.kerberos.KerberosRealm)
Realm(org.apache.shiro.realm.Realm)
KnoxJwtRealm(org.apache.zeppelin.realm.jwt.KnoxJwtRealm)
KerberosRealm(org.apache.zeppelin.realm.kerberos.KerberosRealm)
Example 3 with KerberosRealm
use of org.apache.zeppelin.realm.kerberos.KerberosRealm in project zeppelin by apache.
the class LoginRestApi method getLogin.
@GET
@ZeppelinApi
public Response getLogin(@Context HttpHeaders headers) {
JsonResponse<Map<String, String>> response = null;
if (isKnoxSSOEnabled()) {
KnoxJwtRealm knoxJwtRealm = getJTWRealm();
Cookie cookie = headers.getCookies().get(knoxJwtRealm.getCookieName());
if (cookie != null && cookie.getValue() != null) {
Subject currentUser = SecurityUtils.getSubject();
JWTAuthenticationToken token = new JWTAuthenticationToken(null, cookie.getValue());
try {
String name = knoxJwtRealm.getName(token);
if (!currentUser.isAuthenticated() || !currentUser.getPrincipal().equals(name)) {
response = proceedToLogin(currentUser, token);
}
} catch (ParseException e) {
LOG.error("ParseException in LoginRestApi: ", e);
}
}
if (response == null) {
Map<String, String> data = new HashMap<>();
data.put("redirectURL", constructUrl(knoxJwtRealm.getProviderUrl(), knoxJwtRealm.getRedirectParam(), knoxJwtRealm.getLogin()));
response = new JsonResponse<>(Status.OK, "", data);
}
return response.build();
}
KerberosRealm kerberosRealm = getKerberosRealm();
if (null != kerberosRealm) {
try {
Map<String, Cookie> cookies = headers.getCookies();
KerberosToken kerberosToken = KerberosRealm.getKerberosTokenFromCookies(cookies);
if (null != kerberosToken) {
Subject currentUser = SecurityUtils.getSubject();
String name = (String) kerberosToken.getPrincipal();
if (!currentUser.isAuthenticated() || !currentUser.getPrincipal().equals(name)) {
response = proceedToLogin(currentUser, kerberosToken);
}
}
if (null == response) {
LOG.warn("No Kerberos token received");
response = new JsonResponse<>(Status.UNAUTHORIZED, "", null);
}
return response.build();
} catch (AuthenticationException e) {
LOG.error("Error in Login", e);
}
}
return new JsonResponse<>(Status.METHOD_NOT_ALLOWED).build();
}
Also used :
Cookie(javax.ws.rs.core.Cookie)
KerberosRealm(org.apache.zeppelin.realm.kerberos.KerberosRealm)
HashMap(java.util.HashMap)
AuthenticationException(org.apache.shiro.authc.AuthenticationException)
KerberosToken(org.apache.zeppelin.realm.kerberos.KerberosToken)
KnoxJwtRealm(org.apache.zeppelin.realm.jwt.KnoxJwtRealm)
Subject(org.apache.shiro.subject.Subject)
JWTAuthenticationToken(org.apache.zeppelin.realm.jwt.JWTAuthenticationToken)
ParseException(java.text.ParseException)
HashMap(java.util.HashMap)
Map(java.util.Map)
ZeppelinApi(org.apache.zeppelin.annotation.ZeppelinApi)
GET(javax.ws.rs.GET)
Aggregations
KnoxJwtRealm (org.apache.zeppelin.realm.jwt.KnoxJwtRealm)3
KerberosRealm (org.apache.zeppelin.realm.kerberos.KerberosRealm)3
HashMap (java.util.HashMap)2
Map (java.util.Map)2
ZeppelinApi (org.apache.zeppelin.annotation.ZeppelinApi)2
ParseException (java.text.ParseException)1
GET (javax.ws.rs.GET)1
POST (javax.ws.rs.POST)1
Path (javax.ws.rs.Path)1
Cookie (javax.ws.rs.core.Cookie)1
Status (javax.ws.rs.core.Response.Status)1
AuthenticationException (org.apache.shiro.authc.AuthenticationException)1
Realm (org.apache.shiro.realm.Realm)1
Subject (org.apache.shiro.subject.Subject)1
JWTAuthenticationToken (org.apache.zeppelin.realm.jwt.JWTAuthenticationToken)1
KerberosToken (org.apache.zeppelin.realm.kerberos.KerberosToken)1
JsonResponse (org.apache.zeppelin.server.JsonResponse)1
