Example 6 with GSSName
use of org.ietf.jgss.GSSName in project mongo-java-driver by mongodb.
the class GSSAPIAuthenticator method getGSSCredential.
private GSSCredential getGSSCredential(final String userName) throws GSSException {
Oid krb5Mechanism = new Oid(GSSAPI_OID);
GSSManager manager = GSSManager.getInstance();
GSSName name = manager.createName(userName, GSSName.NT_USER_NAME);
return manager.createCredential(name, GSSCredential.INDEFINITE_LIFETIME, krb5Mechanism, GSSCredential.INITIATE_ONLY);
}
Also used :
GSSName(org.ietf.jgss.GSSName)
GSSManager(org.ietf.jgss.GSSManager)
Oid(org.ietf.jgss.Oid)
Example 7 with GSSName
use of org.ietf.jgss.GSSName in project orientdb by orientechnologies.
the class OKerberosCredentialInterceptor method getServiceTicket.
private String getServiceTicket(final Subject subject, final String principal, final String servicePrincipalName) {
try {
GSSManager manager = GSSManager.getInstance();
GSSName serviceName = manager.createName(servicePrincipalName, GSSName.NT_USER_NAME);
Oid krb5Oid = new Oid("1.2.840.113554.1.2.2");
// Initiator.
final GSSContext context = manager.createContext(serviceName, krb5Oid, null, GSSContext.DEFAULT_LIFETIME);
if (context != null) {
// http://docs.oracle.com/javase/6/docs/technotes/guides/security/jgss/jgss-features.html
// When performing operations as a particular Subject, e.g. Subject.doAs(...) or Subject.doAsPrivileged(...),
// the to-be-used GSSCredential should be added to Subject's private credential set. Otherwise,
// the GSS operations will fail since no credential is found.
boolean useNativeJgss = Boolean.getBoolean("sun.security.jgss.native");
if (useNativeJgss) {
OLogManager.instance().info(this, "getServiceTicket() Using Native JGSS");
try {
GSSName clientName = manager.createName(principal, GSSName.NT_USER_NAME);
// null: indicates using the default principal.
GSSCredential cred = manager.createCredential(clientName, GSSContext.DEFAULT_LIFETIME, krb5Oid, GSSCredential.INITIATE_ONLY);
subject.getPrivateCredentials().add(cred);
} catch (GSSException gssEx) {
OLogManager.instance().error(this, "getServiceTicket() Use Native JGSS GSSException", gssEx);
}
}
// The GSS context initiation has to be performed as a privileged action.
byte[] serviceTicket = Subject.doAs(subject, new PrivilegedAction<byte[]>() {
public byte[] run() {
try {
byte[] token = new byte[0];
// This is a one pass context initialisation.
context.requestMutualAuth(false);
context.requestCredDeleg(false);
return context.initSecContext(token, 0, token.length);
} catch (Exception inner) {
OLogManager.instance().debug(this, "getServiceTicket() doAs() Exception", inner);
}
return null;
}
});
if (serviceTicket != null)
return OBase64Utils.encodeBytes(serviceTicket);
context.dispose();
} else {
OLogManager.instance().debug(this, "getServiceTicket() GSSContext is null!");
}
} catch (Exception ex) {
OLogManager.instance().error(this, "getServiceTicket() Exception", ex);
}
return null;
}
Also used :
GSSName(org.ietf.jgss.GSSName)
GSSException(org.ietf.jgss.GSSException)
GSSCredential(org.ietf.jgss.GSSCredential)
GSSManager(org.ietf.jgss.GSSManager)
GSSContext(org.ietf.jgss.GSSContext)
Oid(org.ietf.jgss.Oid)
OSecurityException(com.orientechnologies.orient.core.exception.OSecurityException)
LoginException(javax.security.auth.login.LoginException)
URISyntaxException(java.net.URISyntaxException)
GSSException(org.ietf.jgss.GSSException)
Example 8 with GSSName
use of org.ietf.jgss.GSSName in project jdk8u_jdk by JetBrains.
the class CtorTests2 method main.
/* standalone interface */
public static void main(String[] argv) throws Exception {
try {
GSSManager manager = GSSManager.getInstance();
GSSName name = manager.createName("anonymous", GSSName.NT_ANONYMOUS);
boolean anonymous = name.isAnonymous();
if (anonymous == false) {
throw new RuntimeException("GSSName.isAnonymous() returns false for GSSName.NT_ANONYMOUS");
}
} catch (GSSException e) {
System.out.println("Not supported, ignored!");
}
}
Also used :
GSSName(org.ietf.jgss.GSSName)
GSSException(org.ietf.jgss.GSSException)
GSSManager(org.ietf.jgss.GSSManager)
Example 9 with GSSName
use of org.ietf.jgss.GSSName in project jdk8u_jdk by JetBrains.
the class Context method impersonate.
public Context impersonate(final String someone) throws Exception {
try {
GSSCredential creds = Subject.doAs(s, new PrivilegedExceptionAction<GSSCredential>() {
@Override
public GSSCredential run() throws Exception {
GSSManager m = GSSManager.getInstance();
GSSName other = m.createName(someone, GSSName.NT_USER_NAME);
if (Context.this.cred == null) {
Context.this.cred = m.createCredential(GSSCredential.INITIATE_ONLY);
}
return ((ExtendedGSSCredential) Context.this.cred).impersonate(other);
}
});
Context out = new Context();
out.s = s;
out.cred = creds;
out.name = name + " as " + out.cred.getName().toString();
return out;
} catch (PrivilegedActionException pae) {
Exception e = pae.getException();
if (e instanceof InvocationTargetException) {
throw (Exception) ((InvocationTargetException) e).getTargetException();
} else {
throw e;
}
}
}
Also used :
LoginContext(javax.security.auth.login.LoginContext)
ExtendedGSSContext(com.sun.security.jgss.ExtendedGSSContext)
GSSContext(org.ietf.jgss.GSSContext)
GSSName(org.ietf.jgss.GSSName)
ExtendedGSSCredential(com.sun.security.jgss.ExtendedGSSCredential)
GSSCredential(org.ietf.jgss.GSSCredential)
PrivilegedActionException(java.security.PrivilegedActionException)
GSSManager(org.ietf.jgss.GSSManager)
PrivilegedActionException(java.security.PrivilegedActionException)
GSSException(org.ietf.jgss.GSSException)
InvocationTargetException(java.lang.reflect.InvocationTargetException)
InvocationTargetException(java.lang.reflect.InvocationTargetException)
Example 10 with GSSName
use of org.ietf.jgss.GSSName in project jdk8u_jdk by JetBrains.
the class ServiceCredsCombination method check.
/**
* Checks the correct bound
* @param a get a creds for this principal, null for default one
* @param b expected name, null for still unbound, "NOCRED" for no creds
* @param objs princs, keys and keytabs in the subject
*/
private static void check(final String a, String b, Object... objs) throws Exception {
Subject subj = new Subject();
for (Object obj : objs) {
if (obj instanceof KerberosPrincipal) {
subj.getPrincipals().add((KerberosPrincipal) obj);
} else if (obj instanceof KerberosKey || obj instanceof KeyTab) {
subj.getPrivateCredentials().add(obj);
}
}
final GSSManager man = GSSManager.getInstance();
try {
String result = Subject.doAs(subj, new PrivilegedExceptionAction<String>() {
@Override
public String run() throws GSSException {
GSSCredential cred = man.createCredential(a == null ? null : man.createName(r(a), null), GSSCredential.INDEFINITE_LIFETIME, GSSUtil.GSS_KRB5_MECH_OID, GSSCredential.ACCEPT_ONLY);
GSSName name = cred.getName();
return name == null ? null : name.toString();
}
});
if (!Objects.equals(result, r(b))) {
throw new Exception("Check failed: getInstance(" + a + ") has name " + result + ", not " + b);
}
} catch (PrivilegedActionException e) {
if (!"NOCRED".equals(b)) {
throw new Exception("Check failed: getInstance(" + a + ") is null " + ", but not one with name " + b);
}
}
}
Also used :
KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal)
GSSName(org.ietf.jgss.GSSName)
PrivilegedActionException(java.security.PrivilegedActionException)
Subject(javax.security.auth.Subject)
PrivilegedActionException(java.security.PrivilegedActionException)
GSSException(org.ietf.jgss.GSSException)
KerberosKey(javax.security.auth.kerberos.KerberosKey)
GSSException(org.ietf.jgss.GSSException)
KeyTab(javax.security.auth.kerberos.KeyTab)
GSSCredential(org.ietf.jgss.GSSCredential)
GSSManager(org.ietf.jgss.GSSManager)
Aggregations
GSSName (org.ietf.jgss.GSSName)31
GSSManager (org.ietf.jgss.GSSManager)24
Oid (org.ietf.jgss.Oid)20
GSSException (org.ietf.jgss.GSSException)19
GSSContext (org.ietf.jgss.GSSContext)16
GSSCredential (org.ietf.jgss.GSSCredential)13
Subject (javax.security.auth.Subject)9
Principal (java.security.Principal)7
PrivilegedActionException (java.security.PrivilegedActionException)6
IOException (java.io.IOException)4
Test (org.junit.Test)4
KerberosTicket (javax.security.auth.kerberos.KerberosTicket)3
KrbException (org.apache.kerby.kerberos.kerb.KrbException)3
ExtendedGSSContext (com.sun.security.jgss.ExtendedGSSContext)2
LoginContext (javax.security.auth.login.LoginContext)2
LoginException (javax.security.auth.login.LoginException)2
SaslException (javax.security.sasl.SaslException)2
SaslServer (javax.security.sasl.SaslServer)2
AvaticaCommonsHttpClientSpnegoImpl (org.apache.calcite.avatica.remote.AvaticaCommonsHttpClientSpnegoImpl)2
AuthenticationException (org.apache.hadoop.security.authentication.client.AuthenticationException)2
