Example 1 with DEFAULT_LIFETIME
use of org.ietf.jgss.GSSCredential.DEFAULT_LIFETIME in project presto by prestodb.
the class SpnegoHandler method createSession.
private Session createSession() throws LoginException, GSSException {
// TODO: do we need to call logout() on the LoginContext?
LoginContext loginContext = new LoginContext("", null, null, new Configuration() {
@Override
public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
ImmutableMap.Builder<String, String> options = ImmutableMap.builder();
options.put("refreshKrb5Config", "true");
options.put("doNotPrompt", "true");
options.put("useKeyTab", "true");
if (getBoolean("presto.client.debugKerberos")) {
options.put("debug", "true");
}
keytab.ifPresent(file -> options.put("keyTab", file.getAbsolutePath()));
credentialCache.ifPresent(file -> {
options.put("ticketCache", file.getAbsolutePath());
options.put("useTicketCache", "true");
options.put("renewTGT", "true");
});
principal.ifPresent(value -> options.put("principal", value));
return new AppConfigurationEntry[] { new AppConfigurationEntry(Krb5LoginModule.class.getName(), REQUIRED, options.build()) };
}
});
loginContext.login();
Subject subject = loginContext.getSubject();
Principal clientPrincipal = subject.getPrincipals().iterator().next();
GSSCredential clientCredential = doAs(subject, () -> GSS_MANAGER.createCredential(GSS_MANAGER.createName(clientPrincipal.getName(), NT_USER_NAME), DEFAULT_LIFETIME, KERBEROS_OID, INITIATE_ONLY));
return new Session(loginContext, clientCredential);
}
Also used :
LoginException(javax.security.auth.login.LoginException)
AppConfigurationEntry(javax.security.auth.login.AppConfigurationEntry)
Authenticator(okhttp3.Authenticator)
AUTHORIZATION(com.google.common.net.HttpHeaders.AUTHORIZATION)
Throwables.throwIfUnchecked(com.google.common.base.Throwables.throwIfUnchecked)
LoginContext(javax.security.auth.login.LoginContext)
Duration(io.airlift.units.Duration)
WWW_AUTHENTICATE(com.google.common.net.HttpHeaders.WWW_AUTHENTICATE)
Route(okhttp3.Route)
InetAddress(java.net.InetAddress)
REQUIRED(javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag.REQUIRED)
Locale(java.util.Locale)
Objects.requireNonNull(java.util.Objects.requireNonNull)
Response(okhttp3.Response)
INDEFINITE_LIFETIME(org.ietf.jgss.GSSContext.INDEFINITE_LIFETIME)
INITIATE_ONLY(org.ietf.jgss.GSSCredential.INITIATE_ONLY)
Krb5LoginModule(com.sun.security.auth.module.Krb5LoginModule)
NT_USER_NAME(org.ietf.jgss.GSSName.NT_USER_NAME)
Splitter(com.google.common.base.Splitter)
Configuration(javax.security.auth.login.Configuration)
DEFAULT_LIFETIME(org.ietf.jgss.GSSCredential.DEFAULT_LIFETIME)
GSSContext(org.ietf.jgss.GSSContext)
GSSCredential(org.ietf.jgss.GSSCredential)
Interceptor(okhttp3.Interceptor)
Request(okhttp3.Request)
PrivilegedActionException(java.security.PrivilegedActionException)
ImmutableMap(com.google.common.collect.ImmutableMap)
Oid(org.ietf.jgss.Oid)
IOException(java.io.IOException)
GSSException(org.ietf.jgss.GSSException)
GuardedBy(javax.annotation.concurrent.GuardedBy)
PrivilegedExceptionAction(java.security.PrivilegedExceptionAction)
CharMatcher.whitespace(com.google.common.base.CharMatcher.whitespace)
UnknownHostException(java.net.UnknownHostException)
Throwables.throwIfInstanceOf(com.google.common.base.Throwables.throwIfInstanceOf)
Boolean.getBoolean(java.lang.Boolean.getBoolean)
Subject(javax.security.auth.Subject)
File(java.io.File)
String.format(java.lang.String.format)
GSSManager(org.ietf.jgss.GSSManager)
Base64(java.util.Base64)
Principal(java.security.Principal)
NT_HOSTBASED_SERVICE(org.ietf.jgss.GSSName.NT_HOSTBASED_SERVICE)
Optional(java.util.Optional)
SECONDS(java.util.concurrent.TimeUnit.SECONDS)
AppConfigurationEntry(javax.security.auth.login.AppConfigurationEntry)
LoginContext(javax.security.auth.login.LoginContext)
Configuration(javax.security.auth.login.Configuration)
GSSCredential(org.ietf.jgss.GSSCredential)
Subject(javax.security.auth.Subject)
Principal(java.security.Principal)
Aggregations
CharMatcher.whitespace (com.google.common.base.CharMatcher.whitespace)1
Splitter (com.google.common.base.Splitter)1
Throwables.throwIfInstanceOf (com.google.common.base.Throwables.throwIfInstanceOf)1
Throwables.throwIfUnchecked (com.google.common.base.Throwables.throwIfUnchecked)1
ImmutableMap (com.google.common.collect.ImmutableMap)1
AUTHORIZATION (com.google.common.net.HttpHeaders.AUTHORIZATION)1
WWW_AUTHENTICATE (com.google.common.net.HttpHeaders.WWW_AUTHENTICATE)1
Krb5LoginModule (com.sun.security.auth.module.Krb5LoginModule)1
Duration (io.airlift.units.Duration)1
File (java.io.File)1
IOException (java.io.IOException)1
Boolean.getBoolean (java.lang.Boolean.getBoolean)1
String.format (java.lang.String.format)1
InetAddress (java.net.InetAddress)1
UnknownHostException (java.net.UnknownHostException)1
Principal (java.security.Principal)1
PrivilegedActionException (java.security.PrivilegedActionException)1
PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)1
Base64 (java.util.Base64)1
Locale (java.util.Locale)1
