Example 6 with Login
use of org.apache.zookeeper.Login in project bookkeeper by apache.
the class TGTRefreshThread method reLogin.
/**
* Re-login a principal. This method assumes that {@link #login(String)} has happened already.
*
* @throws javax.security.auth.login.LoginException on a failure
*/
// c.f. HADOOP-6559
private synchronized void reLogin() throws LoginException {
LoginContext login = container.getLogin();
if (login == null) {
throw new LoginException("login must be done first");
}
if (!hasSufficientTimeElapsed()) {
return;
}
LOG.info("Initiating logout for {}", container.getPrincipal());
synchronized (Login.class) {
// clear up the kerberos state. But the tokens are not cleared! As per
// the Java kerberos login module code, only the kerberos credentials
// are cleared
login.logout();
// login and also update the subject field of this instance to
// have the new credentials (pass it to the LoginContext constructor)
login = new LoginContext(container.getLoginContextName(), container.getSubject());
LOG.info("Initiating re-login for {}", container.getPrincipal());
login.login();
container.setLogin(login);
}
}
Also used :
LoginContext(javax.security.auth.login.LoginContext)
LoginException(javax.security.auth.login.LoginException)
Login(org.apache.zookeeper.Login)
Example 7 with Login
use of org.apache.zookeeper.Login in project zookeeper by apache.
the class ZooKeeperSaslClient method createSaslClient.
private SaslClient createSaslClient(final String servicePrincipal, final String loginContext) throws LoginException {
try {
if (!initializedLogin) {
synchronized (this) {
if (login == null) {
LOG.debug("JAAS loginContext is: {}", loginContext);
// note that the login object is static: it's shared amongst all zookeeper-related connections.
// in order to ensure the login is initialized only once, it must be synchronized the code snippet.
login = new Login(loginContext, new SaslClientCallbackHandler(null, "Client"), clientConfig);
login.startThreadIfNeeded();
initializedLogin = true;
}
}
}
return SecurityUtils.createSaslClient(login.getSubject(), servicePrincipal, "zookeeper", "zk-sasl-md5", LOG, "Client");
} catch (LoginException e) {
// We throw LoginExceptions...
throw e;
} catch (Exception e) {
// ..but consume (with a log message) all other types of exceptions.
LOG.error("Exception while trying to create SASL client.", e);
return null;
}
}
Also used :
LoginException(javax.security.auth.login.LoginException)
Login(org.apache.zookeeper.Login)
SaslClientCallbackHandler(org.apache.zookeeper.SaslClientCallbackHandler)
LoginException(javax.security.auth.login.LoginException)
PrivilegedActionException(java.security.PrivilegedActionException)
IOException(java.io.IOException)
SaslException(javax.security.sasl.SaslException)
Aggregations
Login (org.apache.zookeeper.Login)7
LoginException (javax.security.auth.login.LoginException)6
IOException (java.io.IOException)4
PrivilegedActionException (java.security.PrivilegedActionException)3
Subject (javax.security.auth.Subject)3
TreeMap (java.util.TreeMap)2
KerberosTicket (javax.security.auth.kerberos.KerberosTicket)2
AppConfigurationEntry (javax.security.auth.login.AppConfigurationEntry)2
SaslException (javax.security.sasl.SaslException)2
KerberosName (org.apache.zookeeper.server.auth.KerberosName)2
SaslServerCallbackHandler (org.apache.zookeeper.server.auth.SaslServerCallbackHandler)2
Principal (java.security.Principal)1
PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)1
CallbackHandler (javax.security.auth.callback.CallbackHandler)1
UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)1
LoginContext (javax.security.auth.login.LoginContext)1
SaslClient (javax.security.sasl.SaslClient)1
TSaslClientTransport (org.apache.thrift.transport.TSaslClientTransport)1
TSaslServerTransport (org.apache.thrift.transport.TSaslServerTransport)1
TTransport (org.apache.thrift.transport.TTransport)1
