Search in sources :

Example 1 with KerberosRealm

use of org.apache.zeppelin.realm.kerberos.KerberosRealm in project zeppelin by apache.

the class LoginRestApi method logout.

@POST
@Path("logout")
@ZeppelinApi
public Response logout() {
    logoutCurrentUser();
    Status status;
    Map<String, String> data = new HashMap<>();
    if (zConf.isAuthorizationHeaderClear()) {
        status = Status.UNAUTHORIZED;
        data.put("clearAuthorizationHeader", "true");
    } else {
        status = Status.FORBIDDEN;
        data.put("clearAuthorizationHeader", "false");
    }
    if (isKnoxSSOEnabled()) {
        KnoxJwtRealm knoxJwtRealm = getJTWRealm();
        data.put("redirectURL", constructUrl(knoxJwtRealm.getProviderUrl(), knoxJwtRealm.getRedirectParam(), knoxJwtRealm.getLogout()));
        data.put("isLogoutAPI", knoxJwtRealm.getLogoutAPI().toString());
    } else if (isKerberosRealmEnabled()) {
        KerberosRealm kerberosRealm = getKerberosRealm();
        data.put("redirectURL", constructUrl(kerberosRealm.getProviderUrl(), kerberosRealm.getRedirectParam(), kerberosRealm.getLogout()));
        data.put("isLogoutAPI", kerberosRealm.getLogoutAPI().toString());
    }
    JsonResponse<Map<String, String>> response = new JsonResponse<>(status, "", data);
    LOG.info(response.toString());
    return response.build();
}
Also used : Status(javax.ws.rs.core.Response.Status) KerberosRealm(org.apache.zeppelin.realm.kerberos.KerberosRealm) HashMap(java.util.HashMap) KnoxJwtRealm(org.apache.zeppelin.realm.jwt.KnoxJwtRealm) HashMap(java.util.HashMap) Map(java.util.Map) JsonResponse(org.apache.zeppelin.server.JsonResponse) Path(javax.ws.rs.Path) ZeppelinApi(org.apache.zeppelin.annotation.ZeppelinApi) POST(javax.ws.rs.POST)

Example 2 with KerberosRealm

use of org.apache.zeppelin.realm.kerberos.KerberosRealm in project zeppelin by apache.

the class LoginRestApi method getKerberosRealm.

private KerberosRealm getKerberosRealm() {
    Collection<Realm> realmsList = authenticationService.getRealmsList();
    if (realmsList != null) {
        for (Realm realm : realmsList) {
            String name = realm.getClass().getName();
            LOG.debug("RealmClass.getName: {}", name);
            if (name.equals("org.apache.zeppelin.realm.kerberos.KerberosRealm")) {
                return (KerberosRealm) realm;
            }
        }
    }
    return null;
}
Also used : KerberosRealm(org.apache.zeppelin.realm.kerberos.KerberosRealm) Realm(org.apache.shiro.realm.Realm) KnoxJwtRealm(org.apache.zeppelin.realm.jwt.KnoxJwtRealm) KerberosRealm(org.apache.zeppelin.realm.kerberos.KerberosRealm)

Example 3 with KerberosRealm

use of org.apache.zeppelin.realm.kerberos.KerberosRealm in project zeppelin by apache.

the class LoginRestApi method getLogin.

@GET
@ZeppelinApi
public Response getLogin(@Context HttpHeaders headers) {
    JsonResponse<Map<String, String>> response = null;
    if (isKnoxSSOEnabled()) {
        KnoxJwtRealm knoxJwtRealm = getJTWRealm();
        Cookie cookie = headers.getCookies().get(knoxJwtRealm.getCookieName());
        if (cookie != null && cookie.getValue() != null) {
            Subject currentUser = SecurityUtils.getSubject();
            JWTAuthenticationToken token = new JWTAuthenticationToken(null, cookie.getValue());
            try {
                String name = knoxJwtRealm.getName(token);
                if (!currentUser.isAuthenticated() || !currentUser.getPrincipal().equals(name)) {
                    response = proceedToLogin(currentUser, token);
                }
            } catch (ParseException e) {
                LOG.error("ParseException in LoginRestApi: ", e);
            }
        }
        if (response == null) {
            Map<String, String> data = new HashMap<>();
            data.put("redirectURL", constructUrl(knoxJwtRealm.getProviderUrl(), knoxJwtRealm.getRedirectParam(), knoxJwtRealm.getLogin()));
            response = new JsonResponse<>(Status.OK, "", data);
        }
        return response.build();
    }
    KerberosRealm kerberosRealm = getKerberosRealm();
    if (null != kerberosRealm) {
        try {
            Map<String, Cookie> cookies = headers.getCookies();
            KerberosToken kerberosToken = KerberosRealm.getKerberosTokenFromCookies(cookies);
            if (null != kerberosToken) {
                Subject currentUser = SecurityUtils.getSubject();
                String name = (String) kerberosToken.getPrincipal();
                if (!currentUser.isAuthenticated() || !currentUser.getPrincipal().equals(name)) {
                    response = proceedToLogin(currentUser, kerberosToken);
                }
            }
            if (null == response) {
                LOG.warn("No Kerberos token received");
                response = new JsonResponse<>(Status.UNAUTHORIZED, "", null);
            }
            return response.build();
        } catch (AuthenticationException e) {
            LOG.error("Error in Login", e);
        }
    }
    return new JsonResponse<>(Status.METHOD_NOT_ALLOWED).build();
}
Also used : Cookie(javax.ws.rs.core.Cookie) KerberosRealm(org.apache.zeppelin.realm.kerberos.KerberosRealm) HashMap(java.util.HashMap) AuthenticationException(org.apache.shiro.authc.AuthenticationException) KerberosToken(org.apache.zeppelin.realm.kerberos.KerberosToken) KnoxJwtRealm(org.apache.zeppelin.realm.jwt.KnoxJwtRealm) Subject(org.apache.shiro.subject.Subject) JWTAuthenticationToken(org.apache.zeppelin.realm.jwt.JWTAuthenticationToken) ParseException(java.text.ParseException) HashMap(java.util.HashMap) Map(java.util.Map) ZeppelinApi(org.apache.zeppelin.annotation.ZeppelinApi) GET(javax.ws.rs.GET)

Aggregations

KnoxJwtRealm (org.apache.zeppelin.realm.jwt.KnoxJwtRealm)3 KerberosRealm (org.apache.zeppelin.realm.kerberos.KerberosRealm)3 HashMap (java.util.HashMap)2 Map (java.util.Map)2 ZeppelinApi (org.apache.zeppelin.annotation.ZeppelinApi)2 ParseException (java.text.ParseException)1 GET (javax.ws.rs.GET)1 POST (javax.ws.rs.POST)1 Path (javax.ws.rs.Path)1 Cookie (javax.ws.rs.core.Cookie)1 Status (javax.ws.rs.core.Response.Status)1 AuthenticationException (org.apache.shiro.authc.AuthenticationException)1 Realm (org.apache.shiro.realm.Realm)1 Subject (org.apache.shiro.subject.Subject)1 JWTAuthenticationToken (org.apache.zeppelin.realm.jwt.JWTAuthenticationToken)1 KerberosToken (org.apache.zeppelin.realm.kerberos.KerberosToken)1 JsonResponse (org.apache.zeppelin.server.JsonResponse)1