Search in sources :

Example 1 with KerberosToken

use of org.apache.zeppelin.realm.kerberos.KerberosToken in project zeppelin by apache.

the class LoginRestApi method getLogin.

@GET
@ZeppelinApi
public Response getLogin(@Context HttpHeaders headers) {
    JsonResponse<Map<String, String>> response = null;
    if (isKnoxSSOEnabled()) {
        KnoxJwtRealm knoxJwtRealm = getJTWRealm();
        Cookie cookie = headers.getCookies().get(knoxJwtRealm.getCookieName());
        if (cookie != null && cookie.getValue() != null) {
            Subject currentUser = SecurityUtils.getSubject();
            JWTAuthenticationToken token = new JWTAuthenticationToken(null, cookie.getValue());
            try {
                String name = knoxJwtRealm.getName(token);
                if (!currentUser.isAuthenticated() || !currentUser.getPrincipal().equals(name)) {
                    response = proceedToLogin(currentUser, token);
                }
            } catch (ParseException e) {
                LOG.error("ParseException in LoginRestApi: ", e);
            }
        }
        if (response == null) {
            Map<String, String> data = new HashMap<>();
            data.put("redirectURL", constructUrl(knoxJwtRealm.getProviderUrl(), knoxJwtRealm.getRedirectParam(), knoxJwtRealm.getLogin()));
            response = new JsonResponse<>(Status.OK, "", data);
        }
        return response.build();
    }
    KerberosRealm kerberosRealm = getKerberosRealm();
    if (null != kerberosRealm) {
        try {
            Map<String, Cookie> cookies = headers.getCookies();
            KerberosToken kerberosToken = KerberosRealm.getKerberosTokenFromCookies(cookies);
            if (null != kerberosToken) {
                Subject currentUser = SecurityUtils.getSubject();
                String name = (String) kerberosToken.getPrincipal();
                if (!currentUser.isAuthenticated() || !currentUser.getPrincipal().equals(name)) {
                    response = proceedToLogin(currentUser, kerberosToken);
                }
            }
            if (null == response) {
                LOG.warn("No Kerberos token received");
                response = new JsonResponse<>(Status.UNAUTHORIZED, "", null);
            }
            return response.build();
        } catch (AuthenticationException e) {
            LOG.error("Error in Login", e);
        }
    }
    return new JsonResponse<>(Status.METHOD_NOT_ALLOWED).build();
}
Also used : Cookie(javax.ws.rs.core.Cookie) KerberosRealm(org.apache.zeppelin.realm.kerberos.KerberosRealm) HashMap(java.util.HashMap) AuthenticationException(org.apache.shiro.authc.AuthenticationException) KerberosToken(org.apache.zeppelin.realm.kerberos.KerberosToken) KnoxJwtRealm(org.apache.zeppelin.realm.jwt.KnoxJwtRealm) Subject(org.apache.shiro.subject.Subject) JWTAuthenticationToken(org.apache.zeppelin.realm.jwt.JWTAuthenticationToken) ParseException(java.text.ParseException) HashMap(java.util.HashMap) Map(java.util.Map) ZeppelinApi(org.apache.zeppelin.annotation.ZeppelinApi) GET(javax.ws.rs.GET)

Aggregations

ParseException (java.text.ParseException)1 HashMap (java.util.HashMap)1 Map (java.util.Map)1 GET (javax.ws.rs.GET)1 Cookie (javax.ws.rs.core.Cookie)1 AuthenticationException (org.apache.shiro.authc.AuthenticationException)1 Subject (org.apache.shiro.subject.Subject)1 ZeppelinApi (org.apache.zeppelin.annotation.ZeppelinApi)1 JWTAuthenticationToken (org.apache.zeppelin.realm.jwt.JWTAuthenticationToken)1 KnoxJwtRealm (org.apache.zeppelin.realm.jwt.KnoxJwtRealm)1 KerberosRealm (org.apache.zeppelin.realm.kerberos.KerberosRealm)1 KerberosToken (org.apache.zeppelin.realm.kerberos.KerberosToken)1