Search in sources :

Example 1 with NT_USER_NAME

use of org.ietf.jgss.GSSName.NT_USER_NAME in project presto by prestodb.

the class SpnegoHandler method createSession.

private Session createSession() throws LoginException, GSSException {
    // TODO: do we need to call logout() on the LoginContext?
    LoginContext loginContext = new LoginContext("", null, null, new Configuration() {

        @Override
        public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
            ImmutableMap.Builder<String, String> options = ImmutableMap.builder();
            options.put("refreshKrb5Config", "true");
            options.put("doNotPrompt", "true");
            options.put("useKeyTab", "true");
            if (getBoolean("presto.client.debugKerberos")) {
                options.put("debug", "true");
            }
            keytab.ifPresent(file -> options.put("keyTab", file.getAbsolutePath()));
            credentialCache.ifPresent(file -> {
                options.put("ticketCache", file.getAbsolutePath());
                options.put("useTicketCache", "true");
                options.put("renewTGT", "true");
            });
            principal.ifPresent(value -> options.put("principal", value));
            return new AppConfigurationEntry[] { new AppConfigurationEntry(Krb5LoginModule.class.getName(), REQUIRED, options.build()) };
        }
    });
    loginContext.login();
    Subject subject = loginContext.getSubject();
    Principal clientPrincipal = subject.getPrincipals().iterator().next();
    GSSCredential clientCredential = doAs(subject, () -> GSS_MANAGER.createCredential(GSS_MANAGER.createName(clientPrincipal.getName(), NT_USER_NAME), DEFAULT_LIFETIME, KERBEROS_OID, INITIATE_ONLY));
    return new Session(loginContext, clientCredential);
}
Also used : LoginException(javax.security.auth.login.LoginException) AppConfigurationEntry(javax.security.auth.login.AppConfigurationEntry) Authenticator(okhttp3.Authenticator) AUTHORIZATION(com.google.common.net.HttpHeaders.AUTHORIZATION) Throwables.throwIfUnchecked(com.google.common.base.Throwables.throwIfUnchecked) LoginContext(javax.security.auth.login.LoginContext) Duration(io.airlift.units.Duration) WWW_AUTHENTICATE(com.google.common.net.HttpHeaders.WWW_AUTHENTICATE) Route(okhttp3.Route) InetAddress(java.net.InetAddress) REQUIRED(javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag.REQUIRED) Locale(java.util.Locale) Objects.requireNonNull(java.util.Objects.requireNonNull) Response(okhttp3.Response) INDEFINITE_LIFETIME(org.ietf.jgss.GSSContext.INDEFINITE_LIFETIME) INITIATE_ONLY(org.ietf.jgss.GSSCredential.INITIATE_ONLY) Krb5LoginModule(com.sun.security.auth.module.Krb5LoginModule) NT_USER_NAME(org.ietf.jgss.GSSName.NT_USER_NAME) Splitter(com.google.common.base.Splitter) Configuration(javax.security.auth.login.Configuration) DEFAULT_LIFETIME(org.ietf.jgss.GSSCredential.DEFAULT_LIFETIME) GSSContext(org.ietf.jgss.GSSContext) GSSCredential(org.ietf.jgss.GSSCredential) Interceptor(okhttp3.Interceptor) Request(okhttp3.Request) PrivilegedActionException(java.security.PrivilegedActionException) ImmutableMap(com.google.common.collect.ImmutableMap) Oid(org.ietf.jgss.Oid) IOException(java.io.IOException) GSSException(org.ietf.jgss.GSSException) GuardedBy(javax.annotation.concurrent.GuardedBy) PrivilegedExceptionAction(java.security.PrivilegedExceptionAction) CharMatcher.whitespace(com.google.common.base.CharMatcher.whitespace) UnknownHostException(java.net.UnknownHostException) Throwables.throwIfInstanceOf(com.google.common.base.Throwables.throwIfInstanceOf) Boolean.getBoolean(java.lang.Boolean.getBoolean) Subject(javax.security.auth.Subject) File(java.io.File) String.format(java.lang.String.format) GSSManager(org.ietf.jgss.GSSManager) Base64(java.util.Base64) Principal(java.security.Principal) NT_HOSTBASED_SERVICE(org.ietf.jgss.GSSName.NT_HOSTBASED_SERVICE) Optional(java.util.Optional) SECONDS(java.util.concurrent.TimeUnit.SECONDS) AppConfigurationEntry(javax.security.auth.login.AppConfigurationEntry) LoginContext(javax.security.auth.login.LoginContext) Configuration(javax.security.auth.login.Configuration) GSSCredential(org.ietf.jgss.GSSCredential) Subject(javax.security.auth.Subject) Principal(java.security.Principal)

Aggregations

CharMatcher.whitespace (com.google.common.base.CharMatcher.whitespace)1 Splitter (com.google.common.base.Splitter)1 Throwables.throwIfInstanceOf (com.google.common.base.Throwables.throwIfInstanceOf)1 Throwables.throwIfUnchecked (com.google.common.base.Throwables.throwIfUnchecked)1 ImmutableMap (com.google.common.collect.ImmutableMap)1 AUTHORIZATION (com.google.common.net.HttpHeaders.AUTHORIZATION)1 WWW_AUTHENTICATE (com.google.common.net.HttpHeaders.WWW_AUTHENTICATE)1 Krb5LoginModule (com.sun.security.auth.module.Krb5LoginModule)1 Duration (io.airlift.units.Duration)1 File (java.io.File)1 IOException (java.io.IOException)1 Boolean.getBoolean (java.lang.Boolean.getBoolean)1 String.format (java.lang.String.format)1 InetAddress (java.net.InetAddress)1 UnknownHostException (java.net.UnknownHostException)1 Principal (java.security.Principal)1 PrivilegedActionException (java.security.PrivilegedActionException)1 PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)1 Base64 (java.util.Base64)1 Locale (java.util.Locale)1