Java Code Examples for javax.security.auth.login.Configuration

The following are top voted examples for showing how to use javax.security.auth.login.Configuration. These examples are extracted from open source projects. You can vote up the examples you like and your votes will be used in our system to generate more good examples.
Example 1
Project: kafka-0.11.0.0-src-with-comment   File: JaasUtils.java   View source code 7 votes vote down vote up
public static boolean isZkSecurityEnabled() {
    boolean zkSaslEnabled = Boolean.parseBoolean(System.getProperty(ZK_SASL_CLIENT, "true"));
    String zkLoginContextName = System.getProperty(ZK_LOGIN_CONTEXT_NAME_KEY, "Client");

    boolean isSecurityEnabled;
    try {
        Configuration loginConf = Configuration.getConfiguration();
        isSecurityEnabled = loginConf.getAppConfigurationEntry(zkLoginContextName) != null;
    } catch (Exception e) {
        throw new KafkaException("Exception while loading Zookeeper JAAS login context '" + zkLoginContextName + "'", e);
    }
    if (isSecurityEnabled && !zkSaslEnabled) {
        LOG.error("JAAS configuration is present, but system property " +
                    ZK_SASL_CLIENT + " is set to false, which disables " +
                    "SASL in the ZooKeeper client");
        throw new KafkaException("Exception while determining if ZooKeeper is secure");
    }

    return isSecurityEnabled;
}
 
Example 2
Project: calcite-avatica   File: KerberosConnection.java   View source code 7 votes vote down vote up
/**
 * Performs a kerberos login, possibly logging out first.
 *
 * @param prevContext The LoginContext from the previous login, or null
 * @param conf JAAS Configuration object
 * @param subject The JAAS Subject
 * @return The context and subject from the login
 * @throws LoginException If the login failed.
 */
Entry<LoginContext, Subject> login(LoginContext prevContext, Configuration conf,
    Subject subject) throws LoginException {
  // Is synchronized by the caller

  // If a context was provided, perform a logout first
  if (null != prevContext) {
    prevContext.logout();
  }

  // Create a LoginContext given the Configuration and Subject
  LoginContext loginContext = createLoginContext(conf);
  // Invoke the login
  loginContext.login();
  // Get the Subject from the context and verify it's non-null (null would imply failure)
  Subject loggedInSubject = loginContext.getSubject();
  if (null == loggedInSubject) {
    throw new RuntimeException("Failed to perform Kerberos login");
  }

  // Send it back to the caller to use with launchRenewalThread
  return new AbstractMap.SimpleEntry<>(loginContext, loggedInSubject);
}
 
Example 3
Project: ditb   File: DemoClient.java   View source code 7 votes vote down vote up
static Subject getSubject() throws Exception {
  if (!secure) return new Subject();

  /*
   * To authenticate the DemoClient, kinit should be invoked ahead.
   * Here we try to get the Kerberos credential from the ticket cache.
   */
  LoginContext context = new LoginContext("", new Subject(), null,
    new Configuration() {
      @Override
      public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
        Map<String, String> options = new HashMap<String, String>();
        options.put("useKeyTab", "false");
        options.put("storeKey", "false");
        options.put("doNotPrompt", "true");
        options.put("useTicketCache", "true");
        options.put("renewTGT", "true");
        options.put("refreshKrb5Config", "true");
        options.put("isInitiator", "true");
        String ticketCache = System.getenv("KRB5CCNAME");
        if (ticketCache != null) {
          options.put("ticketCache", ticketCache);
        }
        options.put("debug", "true");

        return new AppConfigurationEntry[]{
            new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule",
                AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
                options)};
      }
    });
  context.login();
  return context.getSubject();
}
 
Example 4
Project: fuck_zookeeper   File: SaslServerCallbackHandler.java   View source code 6 votes vote down vote up
public SaslServerCallbackHandler(Configuration configuration) throws IOException {
    String serverSection = System.getProperty(ZooKeeperSaslServer.LOGIN_CONTEXT_NAME_KEY,
                                              ZooKeeperSaslServer.DEFAULT_LOGIN_CONTEXT_NAME);
    AppConfigurationEntry configurationEntries[] = configuration.getAppConfigurationEntry(serverSection);

    if (configurationEntries == null) {
        String errorMessage = "Could not find a 'Server' entry in this configuration: Server cannot start.";
        LOG.error(errorMessage);
        throw new IOException(errorMessage);
    }
    credentials.clear();
    for(AppConfigurationEntry entry: configurationEntries) {
        Map<String,?> options = entry.getOptions();
        // Populate DIGEST-MD5 user -> password map with JAAS configuration entries from the "Server" section.
        // Usernames are distinguished from other options by prefixing the username with a "user_" prefix.
        for(Map.Entry<String, ?> pair : options.entrySet()) {
            String key = pair.getKey();
            if (key.startsWith(USER_PREFIX)) {
                String userName = key.substring(USER_PREFIX.length());
                credentials.put(userName,(String)pair.getValue());
            }
        }
    }
}
 
Example 5
Project: joai-project   File: AuthUtils.java   View source code 6 votes vote down vote up
/**
 *  Gets the the specified AppConfigurationEntry from the login configuration
 *
 * @param  loginModuleClass  class name of loginModule to get
 * @return                   The configuredLoginModule value
 */
public static AppConfigurationEntry getConfiguredLoginModule(String loginModuleClass) {
	Configuration config = Configuration.getConfiguration();
	try {
		if (loginModuleClass == null || loginModuleClass.trim().length() == 0)
			throw new Exception("no loginModuleClass provided");
		if (config == null)
			throw new Exception("No configuration found");
		AppConfigurationEntry[] entries = config.getAppConfigurationEntry("NCS");
		if (entries == null)
			throw new Exception("No app config entries found");
		for (int i = 0; i < entries.length; i++) {
			AppConfigurationEntry entry = entries[i];
			String name = entry.getLoginModuleName();
			if (loginModuleClass.equals(name))
				return entry;
		}
	} catch (Throwable e) {
		prtlnErr("getConfiguredLoginModule WARNING: " + e.getMessage());
	}
	return null;
}
 
Example 6
Project: https-github.com-apache-zookeeper   File: SaslServerCallbackHandler.java   View source code 6 votes vote down vote up
public SaslServerCallbackHandler(Configuration configuration) throws IOException {
    String serverSection = System.getProperty(ZooKeeperSaslServer.LOGIN_CONTEXT_NAME_KEY,
                                              ZooKeeperSaslServer.DEFAULT_LOGIN_CONTEXT_NAME);
    AppConfigurationEntry configurationEntries[] = configuration.getAppConfigurationEntry(serverSection);

    if (configurationEntries == null) {
        String errorMessage = "Could not find a 'Server' entry in this configuration: Server cannot start.";
        LOG.error(errorMessage);
        throw new IOException(errorMessage);
    }
    credentials.clear();
    for(AppConfigurationEntry entry: configurationEntries) {
        Map<String,?> options = entry.getOptions();
        // Populate DIGEST-MD5 user -> password map with JAAS configuration entries from the "Server" section.
        // Usernames are distinguished from other options by prefixing the username with a "user_" prefix.
        for(Map.Entry<String, ?> pair : options.entrySet()) {
            String key = pair.getKey();
            if (key.startsWith(USER_PREFIX)) {
                String userName = key.substring(USER_PREFIX.length());
                credentials.put(userName,(String)pair.getValue());
            }
        }
    }
}
 
Example 7
Project: OpenJSharp   File: LoginConfigImpl.java   View source code 6 votes vote down vote up
/**
 * A new instance of LoginConfigImpl must be created for each login request
 * since it's only used by a single (caller, mech) pair
 * @param caller defined in GSSUtil as CALLER_XXX final fields
 * @param oid defined in GSSUtil as XXX_MECH_OID final fields
 */
public LoginConfigImpl(GSSCaller caller, Oid mech) {

    this.caller = caller;

    if (mech.equals(GSSUtil.GSS_KRB5_MECH_OID)) {
        mechName = "krb5";
    } else {
        throw new IllegalArgumentException(mech.toString() + " not supported");
    }
    config = java.security.AccessController.doPrivileged
            (new java.security.PrivilegedAction <Configuration> () {
        public Configuration run() {
            return Configuration.getConfiguration();
        }
    });
}
 
Example 8
Project: hadoop   File: ZKSignerSecretProvider.java   View source code 6 votes vote down vote up
private String setJaasConfiguration(Properties config) throws Exception {
  String keytabFile = config.getProperty(ZOOKEEPER_KERBEROS_KEYTAB).trim();
  if (keytabFile == null || keytabFile.length() == 0) {
    throw new IllegalArgumentException(ZOOKEEPER_KERBEROS_KEYTAB
            + " must be specified");
  }
  String principal = config.getProperty(ZOOKEEPER_KERBEROS_PRINCIPAL)
          .trim();
  if (principal == null || principal.length() == 0) {
    throw new IllegalArgumentException(ZOOKEEPER_KERBEROS_PRINCIPAL
            + " must be specified");
  }

  // This is equivalent to writing a jaas.conf file and setting the system
  // property, "java.security.auth.login.config", to point to it
  JaasConfiguration jConf =
          new JaasConfiguration(JAAS_LOGIN_ENTRY_NAME, principal, keytabFile);
  Configuration.setConfiguration(jConf);
  return principal.split("[/@]")[0];
}
 
Example 9
Project: jdk8u-jdk   File: LoginConfigImpl.java   View source code 6 votes vote down vote up
/**
 * A new instance of LoginConfigImpl must be created for each login request
 * since it's only used by a single (caller, mech) pair
 * @param caller defined in GSSUtil as CALLER_XXX final fields
 * @param oid defined in GSSUtil as XXX_MECH_OID final fields
 */
public LoginConfigImpl(GSSCaller caller, Oid mech) {

    this.caller = caller;

    if (mech.equals(GSSUtil.GSS_KRB5_MECH_OID)) {
        mechName = "krb5";
    } else {
        throw new IllegalArgumentException(mech.toString() + " not supported");
    }
    config = java.security.AccessController.doPrivileged
            (new java.security.PrivilegedAction <Configuration> () {
        public Configuration run() {
            return Configuration.getConfiguration();
        }
    });
}
 
Example 10
Project: jdk8u-jdk   File: DynamicConfigurationTest.java   View source code 6 votes vote down vote up
public static void testLogin(String confName, char[] passwd,
        Configuration cf, boolean expectException) {
    try {
        CallbackHandler ch = new MyCallbackHandler("testUser", passwd);
        LoginContext lc = new LoginContext(confName, new Subject(),
                ch, cf);
        lc.login();
        if (expectException) {
            throw new RuntimeException("Login Test failed: "
                    + "expected LoginException not thrown");
        }
    } catch (LoginException le) {
        if (!expectException) {
            System.out.println("Login Test failed: "
                    + "received Unexpected exception.");
            throw new RuntimeException(le);
        }
    }
}
 
Example 11
Project: openjdk-jdk10   File: LoginConfigImpl.java   View source code 6 votes vote down vote up
/**
 * A new instance of LoginConfigImpl must be created for each login request
 * since it's only used by a single (caller, mech) pair
 * @param caller defined in GSSUtil as CALLER_XXX final fields
 * @param mech defined in GSSUtil as XXX_MECH_OID final fields
 */
public LoginConfigImpl(GSSCaller caller, Oid mech) {

    this.caller = caller;

    if (mech.equals(GSSUtil.GSS_KRB5_MECH_OID)) {
        mechName = "krb5";
    } else {
        throw new IllegalArgumentException(mech.toString() + " not supported");
    }
    config = java.security.AccessController.doPrivileged
            (new java.security.PrivilegedAction <Configuration> () {
        public Configuration run() {
            return Configuration.getConfiguration();
        }
    });
}
 
Example 12
Project: openjdk-jdk10   File: AllPlatforms.java   View source code 6 votes vote down vote up
static void login(String test, String... conf) throws Exception {
    System.out.println("Testing " + test + "...");

    StringBuilder sb = new StringBuilder();
    sb.append("hello {\n");
    for (int i=0; i<conf.length; i+=2) {
        sb.append("    com.sun.security.auth.module." + conf[i]
                + " " + conf[i+1] + ";\n");
    }
    sb.append("};\n");
    Files.write(Paths.get(test), sb.toString().getBytes());

    // Must be called. Configuration has an internal static field.
    Configuration.setConfiguration(null);
    System.setProperty("java.security.auth.login.config", test);

    LoginContext lc = new LoginContext("hello");
    lc.login();
    System.out.println(lc.getSubject());
}
 
Example 13
Project: openjdk-jdk10   File: GetInstance.java   View source code 6 votes vote down vote up
private int testDefault(int testnum) throws Exception {
    // get an instance of the default ConfigSpiFile
    Configuration c = Configuration.getInstance(JAVA_CONFIG, null);
    doTest(c, testnum++);

    // get an instance of FooConfig
    try {
        c = Configuration.getInstance("FooConfig", null);
        throw new SecurityException("test " + testnum++ + " failed");
    } catch (NoSuchAlgorithmException nsae) {
        // good
        System.out.println("test " + testnum++ + " passed");
    }

    return testnum;
}
 
Example 14
Project: openjdk-jdk10   File: GetInstance.java   View source code 6 votes vote down vote up
private int testStringProvider(int testnum) throws Exception {
    // get an instance of JavaLoginConfig from SUN
    Configuration c = Configuration.getInstance(JAVA_CONFIG, null, "SUN");
    doTest(c, testnum++);

    // get an instance of JavaLoginConfig from SunRsaSign
    try {
        c = Configuration.getInstance(JAVA_CONFIG, null, "SunRsaSign");
        throw new SecurityException("test " + testnum++ + " failed");
    } catch (NoSuchAlgorithmException nsae) {
        // good
        System.out.println("test " + testnum++ + " passed");
    }

    // get an instance of JavaLoginConfig from FOO
    try {
        c = Configuration.getInstance(JAVA_CONFIG, null, "FOO");
        throw new SecurityException("test " + testnum++ + " failed");
    } catch (NoSuchProviderException nspe) {
        // good
        System.out.println("test " + testnum++ + " passed");
    }

    return testnum;
}
 
Example 15
Project: openjdk-jdk10   File: GetInstance.java   View source code 6 votes vote down vote up
private int testProvider(int testnum) throws Exception {
    // get an instance of JavaLoginConfig from SUN
    Configuration c = Configuration.getInstance(JAVA_CONFIG,
                            null,
                            Security.getProvider("SUN"));
    doTest(c, testnum++);

    // get an instance of JavaLoginConfig from SunRsaSign
    try {
        c = Configuration.getInstance(JAVA_CONFIG,
                            null,
                            Security.getProvider("SunRsaSign"));
        throw new SecurityException("test " + testnum++ + " failed");
    } catch (NoSuchAlgorithmException nsae) {
        // good
        System.out.println("test " + testnum++ + " passed");
    }

    return testnum;
}
 
Example 16
Project: openjdk-jdk10   File: GetInstance.java   View source code 6 votes vote down vote up
private void doCustomTest(Configuration c,
                    int testnum,
                    Provider custom) throws Exception {

    testnum = doCommon(c, testnum);

    // test getProvider
    if (custom == c.getProvider() &&
        "GetInstanceProvider".equals(c.getProvider().getName())) {
        System.out.println("test " + testnum + " (getProvider) passed");
    } else {
        throw new SecurityException
                    ("test " + testnum + " (getProvider) failed");
    }

    // test getType
    if ("GetInstanceConfigSpi".equals(c.getType())) {
        System.out.println("test " + testnum + "(getType) passed");
    } else {
        throw new SecurityException("test " + testnum +
                    " (getType) failed");
    }
}
 
Example 17
Project: openjdk-jdk10   File: GetInstance.java   View source code 6 votes vote down vote up
private void doTest(Configuration c, int testnum) throws Exception {
    testnum = doCommon(c, testnum);

    // test getProvider
    if ("SUN".equals(c.getProvider().getName())) {
        System.out.println("test " + testnum + " (getProvider) passed");
    } else {
        throw new SecurityException("test " + testnum +
                    " (getProvider) failed");
    }

    // test getType
    if (JAVA_CONFIG.equals(c.getType())) {
        System.out.println("test " + testnum + " (getType) passed");
    } else {
        throw new SecurityException("test " + testnum +
                    " (getType) failed");
    }
}
 
Example 18
Project: openjdk-jdk10   File: DynamicConfigurationTest.java   View source code 6 votes vote down vote up
public static void testLogin(String confName, char[] passwd,
        Configuration cf, boolean expectException) {
    try {
        CallbackHandler ch = new MyCallbackHandler("testUser", passwd);
        LoginContext lc = new LoginContext(confName, new Subject(),
                ch, cf);
        lc.login();
        if (expectException) {
            throw new RuntimeException("Login Test failed: "
                    + "expected LoginException not thrown");
        }
    } catch (LoginException le) {
        if (!expectException) {
            System.out.println("Login Test failed: "
                    + "received Unexpected exception.");
            throw new RuntimeException(le);
        }
    }
}
 
Example 19
Project: calcite-avatica   File: KerberosConnectionTest.java   View source code 6 votes vote down vote up
@Test public void noPreviousContextOnLogin() throws Exception {
  KerberosConnection krbUtil = mock(KerberosConnection.class);
  Subject subject = new Subject();
  Subject loggedInSubject = new Subject();
  Configuration conf = mock(Configuration.class);
  LoginContext context = mock(LoginContext.class);

  // Call the real login(LoginContext, Configuration, Subject) method
  when(krbUtil.login(nullable(LoginContext.class), any(Configuration.class), any(Subject.class)))
      .thenCallRealMethod();
  // Return a fake LoginContext
  when(krbUtil.createLoginContext(conf)).thenReturn(context);
  // Return a fake Subject from that fake LoginContext
  when(context.getSubject()).thenReturn(loggedInSubject);

  Entry<LoginContext, Subject> pair = krbUtil.login(null, conf, subject);

  // Verify we get the fake LoginContext and Subject
  assertEquals(context, pair.getKey());
  assertEquals(loggedInSubject, pair.getValue());

  // login should be called on the LoginContext
  verify(context).login();
}
 
Example 20
Project: ZooKeeper   File: SaslQuorumAuthLearner.java   View source code 6 votes vote down vote up
public SaslQuorumAuthLearner(boolean quorumRequireSasl,
        String quorumServicePrincipal, String loginContext)
                throws SaslException {
    this.quorumRequireSasl = quorumRequireSasl;
    this.quorumServicePrincipal = quorumServicePrincipal;
    try {
        AppConfigurationEntry entries[] = Configuration
            .getConfiguration()
            .getAppConfigurationEntry(loginContext);
        if (entries == null || entries.length == 0) {
            throw new LoginException("SASL-authentication failed because"
                                     + " the specified JAAS configuration "
                                     + "section '" + loginContext
                                     + "' could not be found.");
        }
        this.learnerLogin = new Login(loginContext,
                                new SaslClientCallbackHandler(null, "QuorumLearner"));
        this.learnerLogin.startThreadIfNeeded();
    } catch (LoginException e) {
        throw new SaslException("Failed to initialize authentication mechanism using SASL", e);
    }
}
 
Example 21
Project: ZooKeeper   File: SaslQuorumAuthServer.java   View source code 6 votes vote down vote up
public SaslQuorumAuthServer(boolean quorumRequireSasl, String loginContext, Set<String> authzHosts)
        throws SaslException {
    this.quorumRequireSasl = quorumRequireSasl;
    try {
        AppConfigurationEntry entries[] = Configuration.getConfiguration()
                .getAppConfigurationEntry(loginContext);
        if (entries == null || entries.length == 0) {
            throw new LoginException("SASL-authentication failed"
                    + " because the specified JAAS configuration "
                    + "section '" + loginContext + "' could not be found.");
        }
        SaslQuorumServerCallbackHandler saslServerCallbackHandler = new SaslQuorumServerCallbackHandler(
                Configuration.getConfiguration(), loginContext, authzHosts);
        serverLogin = new Login(loginContext, saslServerCallbackHandler);
        serverLogin.startThreadIfNeeded();
    } catch (Throwable e) {
        throw new SaslException(
                "Failed to initialize authentication mechanism using SASL",
                e);
    }
}
 
Example 22
Project: ZooKeeper   File: SaslQuorumServerCallbackHandler.java   View source code 6 votes vote down vote up
public SaslQuorumServerCallbackHandler(Configuration configuration,
        String serverSection, Set<String> authzHosts) throws IOException {
    AppConfigurationEntry configurationEntries[] = configuration.getAppConfigurationEntry(serverSection);

    if (configurationEntries == null) {
        String errorMessage = "Could not find a '" + serverSection + "' entry in this configuration: Server cannot start.";
        LOG.error(errorMessage);
        throw new IOException(errorMessage);
    }
    credentials.clear();
    for(AppConfigurationEntry entry: configurationEntries) {
        Map<String,?> options = entry.getOptions();
        // Populate DIGEST-MD5 user -> password map with JAAS configuration entries from the "QuorumServer" section.
        // Usernames are distinguished from other options by prefixing the username with a "user_" prefix.
        for(Map.Entry<String, ?> pair : options.entrySet()) {
            String key = pair.getKey();
            if (key.startsWith(USER_PREFIX)) {
                String userName = key.substring(USER_PREFIX.length());
                credentials.put(userName,(String)pair.getValue());
            }
        }
    }

    // authorized host lists
    this.authzHosts = authzHosts;
}
 
Example 23
Project: ZooKeeper   File: SaslServerCallbackHandler.java   View source code 6 votes vote down vote up
public SaslServerCallbackHandler(Configuration configuration)
        throws IOException {
    String serverSection = System.getProperty(
            ZooKeeperSaslServer.LOGIN_CONTEXT_NAME_KEY,
            ZooKeeperSaslServer.DEFAULT_LOGIN_CONTEXT_NAME);
    AppConfigurationEntry configurationEntries[] = configuration.getAppConfigurationEntry(serverSection);

    if (configurationEntries == null) {
        String errorMessage = "Could not find a '" + serverSection + "' entry in this configuration: Server cannot start.";
        LOG.error(errorMessage);
        throw new IOException(errorMessage);
    }
    credentials.clear();
    for(AppConfigurationEntry entry: configurationEntries) {
        Map<String,?> options = entry.getOptions();
        // Populate DIGEST-MD5 user -> password map with JAAS configuration entries from the "Server" section.
        // Usernames are distinguished from other options by prefixing the username with a "user_" prefix.
        for(Map.Entry<String, ?> pair : options.entrySet()) {
            String key = pair.getKey();
            if (key.startsWith(USER_PREFIX)) {
                String userName = key.substring(USER_PREFIX.length());
                credentials.put(userName,(String)pair.getValue());
            }
        }
    }
}
 
Example 24
Project: ditb   File: HttpDoAsClient.java   View source code 6 votes vote down vote up
static Subject getSubject() throws Exception {
  if (!secure) return new Subject();
  /*
   * To authenticate the DemoClient, kinit should be invoked ahead.
   * Here we try to get the Kerberos credential from the ticket cache.
   */
  LoginContext context = new LoginContext("", new Subject(), null,
      new Configuration() {
        @Override
        public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
          Map<String, String> options = new HashMap<String, String>();
          options.put("useKeyTab", "false");
          options.put("storeKey", "false");
          options.put("doNotPrompt", "true");
          options.put("useTicketCache", "true");
          options.put("renewTGT", "true");
          options.put("refreshKrb5Config", "true");
          options.put("isInitiator", "true");
          String ticketCache = System.getenv("KRB5CCNAME");
          if (ticketCache != null) {
            options.put("ticketCache", ticketCache);
          }
          options.put("debug", "true");

          return new AppConfigurationEntry[]{
              new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule",
                  AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
                  options)};
        }
      });
  context.login();
  return context.getSubject();
}
 
Example 25
Project: openjdk9   File: LoginConfigImpl.java   View source code 6 votes vote down vote up
/**
 * A new instance of LoginConfigImpl must be created for each login request
 * since it's only used by a single (caller, mech) pair
 * @param caller defined in GSSUtil as CALLER_XXX final fields
 * @param mech defined in GSSUtil as XXX_MECH_OID final fields
 */
public LoginConfigImpl(GSSCaller caller, Oid mech) {

    this.caller = caller;

    if (mech.equals(GSSUtil.GSS_KRB5_MECH_OID)) {
        mechName = "krb5";
    } else {
        throw new IllegalArgumentException(mech.toString() + " not supported");
    }
    config = java.security.AccessController.doPrivileged
            (new java.security.PrivilegedAction <Configuration> () {
        public Configuration run() {
            return Configuration.getConfiguration();
        }
    });
}
 
Example 26
Project: openjdk9   File: AllPlatforms.java   View source code 6 votes vote down vote up
static void login(String test, String... conf) throws Exception {
    System.out.println("Testing " + test + "...");

    StringBuilder sb = new StringBuilder();
    sb.append("hello {\n");
    for (int i=0; i<conf.length; i+=2) {
        sb.append("    com.sun.security.auth.module." + conf[i]
                + " " + conf[i+1] + ";\n");
    }
    sb.append("};\n");
    Files.write(Paths.get(test), sb.toString().getBytes());

    // Must be called. Configuration has an internal static field.
    Configuration.setConfiguration(null);
    System.setProperty("java.security.auth.login.config", test);

    LoginContext lc = new LoginContext("hello");
    lc.login();
    System.out.println(lc.getSubject());
}
 
Example 27
Project: openjdk9   File: DynamicConfigurationTest.java   View source code 6 votes vote down vote up
public static void testLogin(String confName, char[] passwd,
        Configuration cf, boolean expectException) {
    try {
        CallbackHandler ch = new MyCallbackHandler("testUser", passwd);
        LoginContext lc = new LoginContext(confName, new Subject(),
                ch, cf);
        lc.login();
        if (expectException) {
            throw new RuntimeException("Login Test failed: "
                    + "expected LoginException not thrown");
        }
    } catch (LoginException le) {
        if (!expectException) {
            System.out.println("Login Test failed: "
                    + "received Unexpected exception.");
            throw new RuntimeException(le);
        }
    }
}
 
Example 28
Project: aliyun-oss-hadoop-fs   File: ZKSignerSecretProvider.java   View source code 6 votes vote down vote up
private String setJaasConfiguration(Properties config) throws Exception {
  String keytabFile = config.getProperty(ZOOKEEPER_KERBEROS_KEYTAB).trim();
  if (keytabFile == null || keytabFile.length() == 0) {
    throw new IllegalArgumentException(ZOOKEEPER_KERBEROS_KEYTAB
            + " must be specified");
  }
  String principal = config.getProperty(ZOOKEEPER_KERBEROS_PRINCIPAL)
          .trim();
  if (principal == null || principal.length() == 0) {
    throw new IllegalArgumentException(ZOOKEEPER_KERBEROS_PRINCIPAL
            + " must be specified");
  }

  // This is equivalent to writing a jaas.conf file and setting the system
  // property, "java.security.auth.login.config", to point to it
  JaasConfiguration jConf =
          new JaasConfiguration(JAAS_LOGIN_ENTRY_NAME, principal, keytabFile);
  Configuration.setConfiguration(jConf);
  return principal.split("[/@]")[0];
}
 
Example 29
Project: kafka   File: SaslServerAuthenticator.java   View source code 6 votes vote down vote up
private void createSaslServer(String mechanism) throws IOException {
    this.saslMechanism = mechanism;
    callbackHandler = new SaslServerCallbackHandler(Configuration.getConfiguration(), kerberosNamer);
    callbackHandler.configure(configs, Mode.SERVER, subject, saslMechanism);
    if (mechanism.equals(SaslConfigs.GSSAPI_MECHANISM)) {
        if (subject.getPrincipals().isEmpty())
            throw new IllegalArgumentException("subject must have at least one principal");
        saslServer = createSaslKerberosServer(callbackHandler, configs);
    } else {
        try {
            saslServer = Subject.doAs(subject, new PrivilegedExceptionAction<SaslServer>() {
                public SaslServer run() throws SaslException {
                    return Sasl.createSaslServer(saslMechanism, "kafka", host, configs, callbackHandler);
                }
            });
        } catch (PrivilegedActionException e) {
            throw new SaslException("Kafka Server failed to create a SaslServer to interact with a client during session authentication", e.getCause());
        }
    }
}
 
Example 30
Project: kafka   File: AbstractLogin.java   View source code 6 votes vote down vote up
@Override
public LoginContext login() throws LoginException {
    String jaasConfigFile = System.getProperty(JaasUtils.JAVA_LOGIN_CONFIG_PARAM);
    if (jaasConfigFile == null) {
        log.debug("System property '" + JaasUtils.JAVA_LOGIN_CONFIG_PARAM + "' is not set, using default JAAS configuration.");
    }
    AppConfigurationEntry[] configEntries = Configuration.getConfiguration().getAppConfigurationEntry(loginContextName);
    if (configEntries == null) {
        String errorMessage = "Could not find a '" + loginContextName + "' entry in the JAAS configuration. System property '" +
            JaasUtils.JAVA_LOGIN_CONFIG_PARAM + "' is " + (jaasConfigFile == null ? "not set" : jaasConfigFile);
        throw new IllegalArgumentException(errorMessage);
    }

    loginContext = new LoginContext(loginContextName, new LoginCallbackHandler());
    loginContext.login();
    log.info("Successfully logged in.");
    return loginContext;
}
 
Example 31
Project: kafka   File: JaasUtils.java   View source code 6 votes vote down vote up
public static boolean isZkSecurityEnabled() {
    boolean isSecurityEnabled = false;
    boolean zkSaslEnabled = Boolean.parseBoolean(System.getProperty(ZK_SASL_CLIENT, "true"));
    String zkLoginContextName = System.getProperty(ZK_LOGIN_CONTEXT_NAME_KEY, "Client");

    try {
        Configuration loginConf = Configuration.getConfiguration();
        isSecurityEnabled = loginConf.getAppConfigurationEntry(zkLoginContextName) != null;
    } catch (Exception e) {
        throw new KafkaException("Exception while loading Zookeeper JAAS login context '" + zkLoginContextName + "'", e);
    }
    if (isSecurityEnabled && !zkSaslEnabled) {
        LOG.error("JAAS configuration is present, but system property " +
                    ZK_SASL_CLIENT + " is set to false, which disables " +
                    "SASL in the ZooKeeper client");
        throw new KafkaException("Exception while determining if ZooKeeper is secure");
    }

    return isSecurityEnabled;
}
 
Example 32
Project: herddb   File: SaslNettyServer.java   View source code 6 votes vote down vote up
public SaslServerCallbackHandler(Configuration configuration) throws IOException {

            AppConfigurationEntry configurationEntries[] = configuration.getAppConfigurationEntry(JASS_SERVER_SECTION);

            if (configurationEntries == null) {
                String errorMessage = "Could not find a '" + JASS_SERVER_SECTION + "' entry in this configuration: Server cannot start.";

                throw new IOException(errorMessage);
            }
            credentials.clear();
            for (AppConfigurationEntry entry : configurationEntries) {
                Map<String, ?> options = entry.getOptions();
                // Populate DIGEST-MD5 user -> password map with JAAS configuration entries from the "Server" section.
                // Usernames are distinguished from other options by prefixing the username with a "user_" prefix.
                for (Map.Entry<String, ?> pair : options.entrySet()) {
                    String key = pair.getKey();
                    if (key.startsWith(USER_PREFIX)) {
                        String userName = key.substring(USER_PREFIX.length());
                        credentials.put(userName, (String) pair.getValue());
                    }
                }
            }
        }
 
Example 33
Project: herddb   File: SaslNettyClient.java   View source code 6 votes vote down vote up
private Subject loginClient() throws SaslException, PrivilegedActionException, LoginException {
    String clientSection = "HerdDBClient";
    AppConfigurationEntry[] entries = Configuration.getConfiguration().getAppConfigurationEntry(clientSection);
    if (entries == null) {
        LOG.log(Level.FINEST, "No JAAS Configuration found with section HerdDBClient");
        return null;
    }
    try {
        LoginContext loginContext = new LoginContext(clientSection, new ClientCallbackHandler(null));
        loginContext.login();
        LOG.log(Level.SEVERE, "Using JAAS Configuration subject: " + loginContext.getSubject());
        return loginContext.getSubject();
    } catch (LoginException error) {
        LOG.log(Level.SEVERE, "Error JAAS Configuration subject: " + error, error);
        return null;
    }
}
 
Example 34
Project: StreamProcessingInfrastructure   File: SaslServerCallbackHandler.java   View source code 6 votes vote down vote up
public SaslServerCallbackHandler(Configuration configuration) throws IOException {
    String serverSection = System.getProperty(ZooKeeperSaslServer.LOGIN_CONTEXT_NAME_KEY,
                                              ZooKeeperSaslServer.DEFAULT_LOGIN_CONTEXT_NAME);
    AppConfigurationEntry configurationEntries[] = configuration.getAppConfigurationEntry(serverSection);

    if (configurationEntries == null) {
        String errorMessage = "Could not find a 'Server' entry in this configuration: Server cannot start.";
        LOG.error(errorMessage);
        throw new IOException(errorMessage);
    }
    credentials.clear();
    for(AppConfigurationEntry entry: configurationEntries) {
        Map<String,?> options = entry.getOptions();
        // Populate DIGEST-MD5 user -> password map with JAAS configuration entries from the "Server" section.
        // Usernames are distinguished from other options by prefixing the username with a "user_" prefix.
        for(Map.Entry<String, ?> pair : options.entrySet()) {
            String key = pair.getKey();
            if (key.startsWith(USER_PREFIX)) {
                String userName = key.substring(USER_PREFIX.length());
                credentials.put(userName,(String)pair.getValue());
            }
        }
    }
}
 
Example 35
Project: OSCAR-ConCert   File: LdapLoginModuleTest.java   View source code 6 votes vote down vote up
/**
 * Tests various authentication methods
 */
public void testAuthMethods() {
	// null should the same as "simple"
	for (String authMethod : new String[] { null, "simple", "DIGEST-MD5" }) {
		OscarConfiguration config = (OscarConfiguration) Configuration.getConfiguration();
		config.setOption(LdapLoginModule.OPTION_AUTH_METHOD, authMethod);

		// now test the end-to-end login	
		try {
			LoginContext loginContext = LoginModuleFactory.createContext(new OscarCallbackHandler("oscardoc", "mac2002"));
			loginContext.login();
			loginContext.logout();
		} catch (LoginException e) {
			fail();
		}
	}
}
 
Example 36
Project: bigstreams   File: SaslServerCallbackHandler.java   View source code 6 votes vote down vote up
public SaslServerCallbackHandler(Configuration configuration) throws IOException {
    String serverSection = System.getProperty(ZooKeeperSaslServer.LOGIN_CONTEXT_NAME_KEY,
                                              ZooKeeperSaslServer.DEFAULT_LOGIN_CONTEXT_NAME);
    AppConfigurationEntry configurationEntries[] = configuration.getAppConfigurationEntry(serverSection);

    if (configurationEntries == null) {
        String errorMessage = "Could not find a 'Server' entry in this configuration: Server cannot start.";
        LOG.error(errorMessage);
        throw new IOException(errorMessage);
    }
    credentials.clear();
    for(AppConfigurationEntry entry: configurationEntries) {
        Map<String,?> options = entry.getOptions();
        // Populate DIGEST-MD5 user -> password map with JAAS configuration entries from the "Server" section.
        // Usernames are distinguished from other options by prefixing the username with a "user_" prefix.
        for(Map.Entry<String, ?> pair : options.entrySet()) {
            String key = pair.getKey();
            if (key.startsWith(USER_PREFIX)) {
                String userName = key.substring(USER_PREFIX.length());
                credentials.put(userName,(String)pair.getValue());
            }
        }
    }
}
 
Example 37
Project: zookeeper-src-learning   File: SaslServerCallbackHandler.java   View source code 6 votes vote down vote up
public SaslServerCallbackHandler(Configuration configuration) throws IOException {
    String serverSection = System.getProperty(ZooKeeperSaslServer.LOGIN_CONTEXT_NAME_KEY,
                                              ZooKeeperSaslServer.DEFAULT_LOGIN_CONTEXT_NAME);
    AppConfigurationEntry configurationEntries[] = configuration.getAppConfigurationEntry(serverSection);

    if (configurationEntries == null) {
        String errorMessage = "Could not find a 'Server' entry in this configuration: Server cannot start.";
        LOG.error(errorMessage);
        throw new IOException(errorMessage);
    }
    credentials.clear();
    for(AppConfigurationEntry entry: configurationEntries) {
        Map<String,?> options = entry.getOptions();
        // Populate DIGEST-MD5 user -> password map with JAAS configuration entries from the "Server" section.
        // Usernames are distinguished from other options by prefixing the username with a "user_" prefix.
        for(Map.Entry<String, ?> pair : options.entrySet()) {
            String key = pair.getKey();
            if (key.startsWith(USER_PREFIX)) {
                String userName = key.substring(USER_PREFIX.length());
                credentials.put(userName,(String)pair.getValue());
            }
        }
    }
}
 
Example 38
Project: big-c   File: ZKSignerSecretProvider.java   View source code 6 votes vote down vote up
private String setJaasConfiguration(Properties config) throws Exception {
  String keytabFile = config.getProperty(ZOOKEEPER_KERBEROS_KEYTAB).trim();
  if (keytabFile == null || keytabFile.length() == 0) {
    throw new IllegalArgumentException(ZOOKEEPER_KERBEROS_KEYTAB
            + " must be specified");
  }
  String principal = config.getProperty(ZOOKEEPER_KERBEROS_PRINCIPAL)
          .trim();
  if (principal == null || principal.length() == 0) {
    throw new IllegalArgumentException(ZOOKEEPER_KERBEROS_PRINCIPAL
            + " must be specified");
  }

  // This is equivalent to writing a jaas.conf file and setting the system
  // property, "java.security.auth.login.config", to point to it
  JaasConfiguration jConf =
          new JaasConfiguration(JAAS_LOGIN_ENTRY_NAME, principal, keytabFile);
  Configuration.setConfiguration(jConf);
  return principal.split("[/@]")[0];
}
 
Example 39
Project: zookeeper   File: SaslServerCallbackHandler.java   View source code 6 votes vote down vote up
public SaslServerCallbackHandler(Configuration configuration) throws IOException {
    String serverSection = System.getProperty(ZooKeeperSaslServer.LOGIN_CONTEXT_NAME_KEY,
                                              ZooKeeperSaslServer.DEFAULT_LOGIN_CONTEXT_NAME);
    AppConfigurationEntry configurationEntries[] = configuration.getAppConfigurationEntry(serverSection);

    if (configurationEntries == null) {
        String errorMessage = "Could not find a 'Server' entry in this configuration: Server cannot start.";
        LOG.error(errorMessage);
        throw new IOException(errorMessage);
    }
    credentials.clear();
    for(AppConfigurationEntry entry: configurationEntries) {
        Map<String,?> options = entry.getOptions();
        // Populate DIGEST-MD5 user -> password map with JAAS configuration entries from the "Server" section.
        // Usernames are distinguished from other options by prefixing the username with a "user_" prefix.
        for(Map.Entry<String, ?> pair : options.entrySet()) {
            String key = pair.getKey();
            if (key.startsWith(USER_PREFIX)) {
                String userName = key.substring(USER_PREFIX.length());
                credentials.put(userName,(String)pair.getValue());
            }
        }
    }
}
 
Example 40
Project: jdk8u_jdk   File: LoginConfigImpl.java   View source code 6 votes vote down vote up
/**
 * A new instance of LoginConfigImpl must be created for each login request
 * since it's only used by a single (caller, mech) pair
 * @param caller defined in GSSUtil as CALLER_XXX final fields
 * @param oid defined in GSSUtil as XXX_MECH_OID final fields
 */
public LoginConfigImpl(GSSCaller caller, Oid mech) {

    this.caller = caller;

    if (mech.equals(GSSUtil.GSS_KRB5_MECH_OID)) {
        mechName = "krb5";
    } else {
        throw new IllegalArgumentException(mech.toString() + " not supported");
    }
    config = java.security.AccessController.doPrivileged
            (new java.security.PrivilegedAction <Configuration> () {
        public Configuration run() {
            return Configuration.getConfiguration();
        }
    });
}