Java Code Examples for javax.security.auth.login.Configuration#getAppConfigurationEntry()

The following examples show how to use javax.security.auth.login.Configuration#getAppConfigurationEntry() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: SaslNettyServer.java    From herddb with Apache License 2.0 6 votes vote down vote up
public SaslServerCallbackHandler(Configuration configuration) throws IOException {

            AppConfigurationEntry[] configurationEntries = configuration.getAppConfigurationEntry(JASS_SERVER_SECTION);

            if (configurationEntries == null) {
                String errorMessage = "Could not find a '" + JASS_SERVER_SECTION + "' entry in this configuration: Server cannot start.";

                throw new IOException(errorMessage);
            }
            credentials.clear();
            for (AppConfigurationEntry entry : configurationEntries) {
                Map<String, ?> options = entry.getOptions();
                // Populate DIGEST-MD5 user -> password map with JAAS configuration entries from the "Server" section.
                // Usernames are distinguished from other options by prefixing the username with a "user_" prefix.
                for (Map.Entry<String, ?> pair : options.entrySet()) {
                    String key = pair.getKey();
                    if (key.startsWith(USER_PREFIX)) {
                        String userName = key.substring(USER_PREFIX.length());
                        credentials.put(userName, (String) pair.getValue());
                    }
                }
            }
        }
 
Example 2
Source File: StormJaasCreator.java    From streamline with Apache License 2.0 6 votes vote down vote up
public StormJaasCreator() {
    try (InputStream configStream = getClass().getClassLoader().getResourceAsStream(STORM_JAAS_CONFIG_TEMPLATE)) {
        List<String> lines = IOUtils.readLines(configStream, Charset.forName("UTF-8"));
        stormJaasConfigTemplate = String.join("\n", lines);
    } catch (IOException | NullPointerException e) {
        throw new RuntimeException("Unable to read JAAS template file for Storm.");
    }

    Configuration configuration = Configuration.getConfiguration();
    AppConfigurationEntry[] streamlineConfigurations = configuration.getAppConfigurationEntry(Constants.JAAS_STREAMLINE_APP_CONFIG_ENTRY_NAME);
    if (streamlineConfigurations == null || streamlineConfigurations.length == 0) {
        throw new RuntimeException("Streamline is not initialized with JAAS config. Unable to create JAAS for Storm.");
    }

    AppConfigurationEntry streamlineConf = streamlineConfigurations[0];
    Map<String, ?> options = streamlineConf.getOptions();

    keyTabPath = (String) options.get("keyTab");
    streamlinePrincipal = (String) options.get("principal");
}
 
Example 3
Source File: SaslNettyServer.java    From blazingcache with Apache License 2.0 6 votes vote down vote up
public SaslServerCallbackHandler(Configuration configuration) throws IOException {

            AppConfigurationEntry configurationEntries[] = configuration.getAppConfigurationEntry(SERVER_JAAS_SECTION);

            if (configurationEntries == null) {
                String errorMessage = "Could not find a '" + SERVER_JAAS_SECTION + "' entry in this configuration: Server cannot start.";

                throw new IOException(errorMessage);
            }
            credentials.clear();
            for (AppConfigurationEntry entry : configurationEntries) {
                Map<String, ?> options = entry.getOptions();
                // Populate DIGEST-MD5 user -> password map with JAAS configuration entries from the "Server" section.
                // Usernames are distinguished from other options by prefixing the username with a "user_" prefix.
                for (Map.Entry<String, ?> pair : options.entrySet()) {
                    String key = pair.getKey();
                    if (key.startsWith(USER_PREFIX)) {
                        String userName = key.substring(USER_PREFIX.length());
                        credentials.put(userName, (String) pair.getValue());
                    }
                }
            }
        }
 
Example 4
Source File: ServerCallbackHandler.java    From jstorm with Apache License 2.0 6 votes vote down vote up
public ServerCallbackHandler(Configuration configuration) throws IOException {
    if (configuration == null)
        return;

    AppConfigurationEntry configurationEntries[] = configuration.getAppConfigurationEntry(AuthUtils.LOGIN_CONTEXT_SERVER);
    if (configurationEntries == null) {
        String errorMessage = "Could not find a '" + AuthUtils.LOGIN_CONTEXT_SERVER + "' entry in this configuration: Server cannot start.";
        throw new IOException(errorMessage);
    }
    credentials.clear();
    for (AppConfigurationEntry entry : configurationEntries) {
        Map<String, ?> options = entry.getOptions();
        // Populate DIGEST-MD5 user -> password map with JAAS configuration entries from the "Server" section.
        // Usernames are distinguished from other options by prefixing the username with a "user_" prefix.
        for (Map.Entry<String, ?> pair : options.entrySet()) {
            String key = pair.getKey();
            if (key.startsWith(USER_PREFIX)) {
                String userName = key.substring(USER_PREFIX.length());
                credentials.put(userName, (String) pair.getValue());
            }
        }
    }
}
 
Example 5
Source File: ClientCallbackHandler.java    From jstorm with Apache License 2.0 6 votes vote down vote up
/**
 * Constructor based on a JAAS configuration
 * 
 * For digest, you should have a pair of user name and password defined.
 * 
 * @param configuration
 * @throws IOException
 */
public ClientCallbackHandler(Configuration configuration) throws IOException {
    if (configuration == null)
        return;
    AppConfigurationEntry configurationEntries[] = configuration.getAppConfigurationEntry(AuthUtils.LOGIN_CONTEXT_CLIENT);
    if (configurationEntries == null) {
        String errorMessage = "Could not find a '" + AuthUtils.LOGIN_CONTEXT_CLIENT + "' entry in this configuration: Client cannot start.";
        throw new IOException(errorMessage);
    }

    _password = "";
    for (AppConfigurationEntry entry : configurationEntries) {
        if (entry.getOptions().get(USERNAME) != null) {
            _username = (String) entry.getOptions().get(USERNAME);
        }
        if (entry.getOptions().get(PASSWORD) != null) {
            _password = (String) entry.getOptions().get(PASSWORD);
        }
    }
}
 
Example 6
Source File: ZkClient.java    From DDMQ with Apache License 2.0 5 votes vote down vote up
private boolean isZkSaslEnabled() {
    boolean isSecurityEnabled = false;
    boolean zkSaslEnabled = Boolean.parseBoolean(System.getProperty(ZK_SASL_CLIENT, "true"));
    String zkLoginContextName = System.getProperty(ZK_LOGIN_CONTEXT_NAME_KEY, "Client");

    if (!zkSaslEnabled) {
        LOG.warn("Client SASL has been explicitly disabled with " + ZK_SASL_CLIENT);
        return false;
    }

    String loginConfigFile = System.getProperty(JAVA_LOGIN_CONFIG_PARAM);
    if (loginConfigFile != null && loginConfigFile.length() > 0) {
        LOG.info("JAAS File name: " + loginConfigFile);
        File configFile = new File(loginConfigFile);
        if (!configFile.canRead()) {
            throw new IllegalArgumentException("File " + loginConfigFile + "cannot be read.");
        }

        try {
            Configuration loginConf = Configuration.getConfiguration();
            isSecurityEnabled = loginConf.getAppConfigurationEntry(zkLoginContextName) != null;
        } catch (Exception e) {
            throw new ZkException(e);
        }
    }
    return isSecurityEnabled;
}
 
Example 7
Source File: ZkClient.java    From DDMQ with Apache License 2.0 5 votes vote down vote up
private boolean isZkSaslEnabled() {
    boolean isSecurityEnabled = false;
    boolean zkSaslEnabled = Boolean.parseBoolean(System.getProperty(ZK_SASL_CLIENT, "true"));
    String zkLoginContextName = System.getProperty(ZK_LOGIN_CONTEXT_NAME_KEY, "Client");

    if (!zkSaslEnabled) {
        LOG.warn("Client SASL has been explicitly disabled with " + ZK_SASL_CLIENT);
        return false;
    }

    String loginConfigFile = System.getProperty(JAVA_LOGIN_CONFIG_PARAM);
    if (loginConfigFile != null && loginConfigFile.length() > 0) {
        LOG.info("JAAS File name: " + loginConfigFile);
        File configFile = new File(loginConfigFile);
        if (!configFile.canRead()) {
            throw new IllegalArgumentException("File " + loginConfigFile + "cannot be read.");
        }

        try {
            Configuration loginConf = Configuration.getConfiguration();
            isSecurityEnabled = loginConf.getAppConfigurationEntry(zkLoginContextName) != null;
        } catch (Exception e) {
            throw new ZkException(e);
        }
    }
    return isSecurityEnabled;
}
 
Example 8
Source File: ZKConnectionImpl.java    From zkclient with Apache License 2.0 5 votes vote down vote up
private boolean isZkSaslEnabled() {
    boolean isSecurityEnabled = false;
    boolean zkSaslEnabled = Boolean.parseBoolean(System.getProperty(ZK_SASL_CLIENT, "true"));
    String zkLoginContextName = System.getProperty(ZK_LOGIN_CONTEXT_NAME_KEY, "Client");

    if (!zkSaslEnabled) {
        LOG.warn("Client SASL has been explicitly disabled with " + ZK_SASL_CLIENT);
        return false;
    }

    String loginConfigFile = System.getProperty(JAVA_LOGIN_CONFIG_PARAM);
    if (loginConfigFile != null && loginConfigFile.length() > 0) {
        LOG.info("JAAS File name: " + loginConfigFile);
        File configFile = new File(loginConfigFile);
        if (!configFile.canRead()) {
            throw new IllegalArgumentException("File " + loginConfigFile + "cannot be read.");
        }

        try {
            Configuration loginConf = Configuration.getConfiguration();
            isSecurityEnabled = loginConf.getAppConfigurationEntry(zkLoginContextName) != null;
        } catch (Exception e) {
            throw new ZKException(e);
        }
    }
    return isSecurityEnabled;
}
 
Example 9
Source File: AuthUtils.java    From jstorm with Apache License 2.0 5 votes vote down vote up
public static String get(Configuration configuration, String section, String key) throws IOException {
    AppConfigurationEntry configurationEntries[] = configuration.getAppConfigurationEntry(section);
    if (configurationEntries == null) {
        String errorMessage = "Could not find a '" + section + "' entry in this configuration.";
        throw new IOException(errorMessage);
    }

    for (AppConfigurationEntry entry : configurationEntries) {
        Object val = entry.getOptions().get(key);
        if (val != null)
            return (String) val;
    }
    return null;
}
 
Example 10
Source File: ServerCallbackHandler.java    From jstorm with Apache License 2.0 5 votes vote down vote up
public ServerCallbackHandler(Configuration configuration, Map stormConf) throws IOException {
    if (configuration == null)
        return;

    AppConfigurationEntry configurationEntries[] = configuration.getAppConfigurationEntry(AuthUtils.LOGIN_CONTEXT_SERVER);
    if (configurationEntries == null) {
        String errorMessage = "Could not find a '" + AuthUtils.LOGIN_CONTEXT_SERVER + "' entry in this configuration: Server cannot start.";
        LOG.error(errorMessage);
        throw new IOException(errorMessage);
    }

}
 
Example 11
Source File: ClientCallbackHandler.java    From jstorm with Apache License 2.0 5 votes vote down vote up
/**
 * Constructor based on a JAAS configuration
 * 
 * For digest, you should have a pair of user name and password defined in this figgure.
 * 
 * @param configuration
 * @throws IOException
 */
public ClientCallbackHandler(Configuration configuration) throws IOException {
    if (configuration == null)
        return;
    AppConfigurationEntry configurationEntries[] = configuration.getAppConfigurationEntry(AuthUtils.LOGIN_CONTEXT_CLIENT);
    if (configurationEntries == null) {
        String errorMessage = "Could not find a '" + AuthUtils.LOGIN_CONTEXT_CLIENT + "' entry in this configuration: Client cannot start.";
        LOG.error(errorMessage);
        throw new IOException(errorMessage);
    }
}
 
Example 12
Source File: SolrProcessor.java    From localization_nifi with Apache License 2.0 4 votes vote down vote up
@Override
protected final Collection<ValidationResult> customValidate(ValidationContext context) {
    final List<ValidationResult> problems = new ArrayList<>();

    if (SOLR_TYPE_CLOUD.equals(context.getProperty(SOLR_TYPE).getValue())) {
        final String collection = context.getProperty(COLLECTION).getValue();
        if (collection == null || collection.trim().isEmpty()) {
            problems.add(new ValidationResult.Builder()
                    .subject(COLLECTION.getName())
                    .input(collection).valid(false)
                    .explanation("A collection must specified for Solr Type of Cloud")
                    .build());
        }
    }

    // If a JAAS Client App Name is provided then the system property for the JAAS config file must be set,
    // and that config file must contain an entry for the name provided by the processor
    final String jaasAppName = context.getProperty(JAAS_CLIENT_APP_NAME).getValue();
    if (!StringUtils.isEmpty(jaasAppName)) {
        final String loginConf = System.getProperty(Krb5HttpClientConfigurer.LOGIN_CONFIG_PROP);
        if (StringUtils.isEmpty(loginConf)) {
            problems.add(new ValidationResult.Builder()
                    .subject(JAAS_CLIENT_APP_NAME.getDisplayName())
                    .valid(false)
                    .explanation("the system property " + Krb5HttpClientConfigurer.LOGIN_CONFIG_PROP + " must be set when providing a JAAS Client App Name")
                    .build());
        } else {
            final Configuration config = javax.security.auth.login.Configuration.getConfiguration();
            if (config.getAppConfigurationEntry(jaasAppName) == null) {
                problems.add(new ValidationResult.Builder()
                        .subject(JAAS_CLIENT_APP_NAME.getDisplayName())
                        .valid(false)
                        .explanation("'" + jaasAppName + "' does not exist in " + loginConf)
                        .build());
            }
        }
    }

    // For solr cloud the location will be the ZooKeeper host:port so we can't validate the SSLContext, but for standard solr
    // we can validate if the url starts with https we need an SSLContextService, if it starts with http we can't have an SSLContextService
    if (SOLR_TYPE_STANDARD.equals(context.getProperty(SOLR_TYPE).getValue())) {
        final String solrLocation = context.getProperty(SOLR_LOCATION).evaluateAttributeExpressions().getValue();
        if (solrLocation != null) {
            final SSLContextService sslContextService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
            if (solrLocation.startsWith("https:") && sslContextService == null) {
                problems.add(new ValidationResult.Builder()
                        .subject(SSL_CONTEXT_SERVICE.getDisplayName())
                        .valid(false)
                        .explanation("an SSLContextService must be provided when using https")
                        .build());
            } else if (solrLocation.startsWith("http:") && sslContextService != null) {
                problems.add(new ValidationResult.Builder()
                        .subject(SSL_CONTEXT_SERVICE.getDisplayName())
                        .valid(false)
                        .explanation("an SSLContextService can not be provided when using http")
                        .build());
            }
        }
    }

    // Validate that we username and password are provided together, or that neither are provided
    final String username = context.getProperty(BASIC_USERNAME).evaluateAttributeExpressions().getValue();
    final String password = context.getProperty(BASIC_PASSWORD).evaluateAttributeExpressions().getValue();

    if (!StringUtils.isBlank(username) && StringUtils.isBlank(password)) {
        problems.add(new ValidationResult.Builder()
                .subject(BASIC_PASSWORD.getDisplayName())
                .valid(false)
                .explanation("a password must be provided for the given username")
                .build());
    }

    if (!StringUtils.isBlank(password) && StringUtils.isBlank(username)) {
        problems.add(new ValidationResult.Builder()
                .subject(BASIC_USERNAME.getDisplayName())
                .valid(false)
                .explanation("a username must be provided for the given password")
                .build());
    }

    Collection<ValidationResult> otherProblems = this.additionalCustomValidation(context);
    if (otherProblems != null) {
        problems.addAll(otherProblems);
    }

    return problems;
}
 
Example 13
Source File: GetInstance.java    From openjdk-jdk9 with GNU General Public License v2.0 4 votes vote down vote up
private int doCommon(Configuration c, int testnum) throws Exception {

        AppConfigurationEntry[] entries = c.getAppConfigurationEntry("EMPTY");
        if (entries == null) {
            System.out.println("test " + testnum + ".1 passed");
        } else {
            throw new SecurityException("test " + testnum + ".1 failed");
        }

        entries = c.getAppConfigurationEntry("one");
        if (entries.length == 1 &&
            MOD0.equals(entries[0].getLoginModuleName()) &&
            AppConfigurationEntry.LoginModuleControlFlag.REQUIRED ==
                entries[0].getControlFlag()) {
            System.out.println("test " + testnum + ".2 passed");
        } else {
            throw new SecurityException("test " + testnum + ".2 failed");
        }

        entries = c.getAppConfigurationEntry("two");
        if (entries.length == 2 &&
            MOD0.equals(entries[0].getLoginModuleName()) &&
            AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT ==
                entries[0].getControlFlag() &&
            MOD1.equals(entries[1].getLoginModuleName()) &&
            AppConfigurationEntry.LoginModuleControlFlag.REQUIRED ==
                entries[1].getControlFlag()) {
            System.out.println("test " + testnum + ".3 passed");
        } else {
            throw new SecurityException("test " + testnum + ".3 failed");
        }

        entries = c.getAppConfigurationEntry("three");
        if (entries.length == 3 &&
            MOD0.equals(entries[0].getLoginModuleName()) &&
            AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT ==
                entries[0].getControlFlag() &&
            MOD1.equals(entries[1].getLoginModuleName()) &&
            AppConfigurationEntry.LoginModuleControlFlag.REQUIRED ==
                entries[1].getControlFlag() &&
            MOD2.equals(entries[2].getLoginModuleName()) &&
            AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL ==
                entries[2].getControlFlag()) {
            System.out.println("test " + testnum + ".4 passed");
        } else {
            throw new SecurityException("test " + testnum + ".4 failed");
        }

        return testnum;
    }
 
Example 14
Source File: GetInstance.java    From openjdk-jdk9 with GNU General Public License v2.0 4 votes vote down vote up
private void doTestURI(Configuration c,
                    Configuration.Parameters uriParam,
                    int testnum) throws Exception {

    AppConfigurationEntry[] entries = c.getAppConfigurationEntry("four");
    if (entries.length == 4 &&
        MOD0.equals(entries[0].getLoginModuleName()) &&
        AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT ==
            entries[0].getControlFlag() &&
        MOD1.equals(entries[1].getLoginModuleName()) &&
        AppConfigurationEntry.LoginModuleControlFlag.REQUIRED ==
            entries[1].getControlFlag() &&
        MOD2.equals(entries[2].getLoginModuleName()) &&
        AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL ==
            entries[2].getControlFlag() &&
        MOD3.equals(entries[3].getLoginModuleName()) &&
        AppConfigurationEntry.LoginModuleControlFlag.REQUIRED ==
            entries[3].getControlFlag()) {
        System.out.println("test " + testnum + ".1 passed");
    } else {
        throw new SecurityException("test " + testnum + ".1 failed");
    }

    // test getProvider
    if ("SUN".equals(c.getProvider().getName())) {
        System.out.println("test " + testnum + " (getProvider) passed");
    } else {
        throw new SecurityException("test " + testnum +
                    " (getProvider) failed");
    }

    // test getType
    if (JAVA_CONFIG.equals(c.getType())) {
        System.out.println("test " + testnum + " (getType) passed");
    } else {
        throw new SecurityException("test " + testnum +
                    " (getType) failed");
    }

    // test getParameters
    if (uriParam.equals(c.getParameters())) {
        System.out.println("test " + testnum + " (getParameters) passed");
    } else {
        throw new SecurityException("test " + testnum +
                    " (getParameters) failed");
    }
}
 
Example 15
Source File: PropertiesLoginModuleConfigurator.java    From activemq-artemis with Apache License 2.0 4 votes vote down vote up
public PropertiesLoginModuleConfigurator(String entryName, String brokerEtc) throws Exception {
   if (entryName == null || entryName.length() == 0) {
      entryName = "activemq";
   }

   Configuration securityConfig = Configuration.getConfiguration();
   AppConfigurationEntry[] entries = securityConfig.getAppConfigurationEntry(entryName);

   if (entries == null || entries.length == 0) {
      throw ActiveMQMessageBundle.BUNDLE.failedToLoadSecurityConfig();
   }

   int entriesInspected = 0;
   for (AppConfigurationEntry entry : entries) {
      entriesInspected++;
      if (entry.getLoginModuleName().equals(PropertiesLoginModule.class.getName())) {
         String userFileName = (String) entry.getOptions().get(USER_FILE_PROP_NAME);
         String roleFileName = (String) entry.getOptions().get(ROLE_FILE_PROP_NAME);

         File etcDir = new File(brokerEtc);
         File userFile = new File(etcDir, userFileName);
         File roleFile = new File(etcDir, roleFileName);

         if (!userFile.exists()) {
            throw ActiveMQMessageBundle.BUNDLE.failedToLoadUserFile(brokerEtc + userFileName);
         }

         if (!roleFile.exists()) {
            throw ActiveMQMessageBundle.BUNDLE.failedToLoadRoleFile(brokerEtc + roleFileName);
         }

         Configurations configs = new Configurations();
         userBuilder = configs.propertiesBuilder(userFile);
         roleBuilder = configs.propertiesBuilder(roleFile);
         userConfig = userBuilder.getConfiguration();
         roleConfig = roleBuilder.getConfiguration();

         String roleHeader = roleConfig.getLayout().getHeaderComment();
         String userHeader = userConfig.getLayout().getHeaderComment();

         if (userHeader == null) {
            if (userConfig.isEmpty()) {
               //clean and reset header
               userConfig.clear();
               userConfig.setHeader(LICENSE_HEADER);
            }
         }

         if (roleHeader == null) {
            if (roleConfig.isEmpty()) {
               //clean and reset header
               roleConfig.clear();
               roleConfig.setHeader(LICENSE_HEADER);
            }
         }
         return;
      }
   }

   if (entriesInspected == entries.length) {
      throw ActiveMQMessageBundle.BUNDLE.failedToFindLoginModuleEntry(entryName);
   }
}