Examples with ZKConfig - org.apache.zookeeper.common.ZKConfig

Example 1 with ZKConfig

use of org.apache.zookeeper.common.ZKConfig in project zookeeper by apache.

the class ServerCnxnFactory method configureSaslLogin.

/**
 * Initialize the server SASL if specified.
 *
 * If the user has specified a "ZooKeeperServer.LOGIN_CONTEXT_NAME_KEY"
 * or a jaas.conf using "java.security.auth.login.config"
 * the authentication is required and an exception is raised.
 * Otherwise no authentication is configured and no exception is raised.
 *
 * @throws IOException if jaas.conf is missing or there's an error in it.
 */
protected void configureSaslLogin() throws IOException {
    String serverSection = System.getProperty(ZooKeeperSaslServer.LOGIN_CONTEXT_NAME_KEY, ZooKeeperSaslServer.DEFAULT_LOGIN_CONTEXT_NAME);
    // Note that 'Configuration' here refers to javax.security.auth.login.Configuration.
    AppConfigurationEntry[] entries = null;
    SecurityException securityException = null;
    try {
        entries = Configuration.getConfiguration().getAppConfigurationEntry(serverSection);
    } catch (SecurityException e) {
        // handle below: might be harmless if the user doesn't intend to use JAAS authentication.
        securityException = e;
    }
    // we throw an exception otherwise we continue without authentication.
    if (entries == null) {
        String jaasFile = System.getProperty(Environment.JAAS_CONF_KEY);
        String loginContextName = System.getProperty(ZooKeeperSaslServer.LOGIN_CONTEXT_NAME_KEY);
        if (securityException != null && (loginContextName != null || jaasFile != null)) {
            String errorMessage = "No JAAS configuration section named '" + serverSection + "' was found";
            if (jaasFile != null) {
                errorMessage += " in '" + jaasFile + "'.";
            }
            if (loginContextName != null) {
                errorMessage += " But " + ZooKeeperSaslServer.LOGIN_CONTEXT_NAME_KEY + " was set.";
            }
            LOG.error(errorMessage);
            throw new IOException(errorMessage);
        }
        return;
    }
    // jaas.conf entry available
    try {
        saslServerCallbackHandler = new SaslServerCallbackHandler(Configuration.getConfiguration());
        login = new Login(serverSection, saslServerCallbackHandler, new ZKConfig());
        setLoginUser(login.getUserName());
        login.startThreadIfNeeded();
    } catch (LoginException e) {
        throw new IOException("Could not configure server because SASL configuration did not allow the " + " ZooKeeper server to authenticate itself properly: " + e);
    }
}

Also used : AppConfigurationEntry(javax.security.auth.login.AppConfigurationEntry) ZKConfig(org.apache.zookeeper.common.ZKConfig) SaslServerCallbackHandler(org.apache.zookeeper.server.auth.SaslServerCallbackHandler) LoginException(javax.security.auth.login.LoginException) IOException(java.io.IOException) Login(org.apache.zookeeper.Login)

Aggregations

IOException (java.io.IOException)1 AppConfigurationEntry (javax.security.auth.login.AppConfigurationEntry)1 LoginException (javax.security.auth.login.LoginException)1 Login (org.apache.zookeeper.Login)1 ZKConfig (org.apache.zookeeper.common.ZKConfig)1 SaslServerCallbackHandler (org.apache.zookeeper.server.auth.SaslServerCallbackHandler)1