javax.security.auth.login.Configuration Java Examples
The following examples show how to use
javax.security.auth.login.Configuration.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: AuthenticationServlet.java From swellrt with Apache License 2.0 | 6 votes |
|
@Inject
public AuthenticationServlet(AccountStore accountStore,
Configuration configuration,
SessionManager sessionManager,
@Named(CoreSettingsNames.WAVE_SERVER_DOMAIN) String domain,
Config config
/* ,WelcomeRobot welcomeBot */) {
Preconditions.checkNotNull(accountStore, "AccountStore is null");
Preconditions.checkNotNull(configuration, "Configuration is null");
Preconditions.checkNotNull(sessionManager, "Session manager is null");
this.accountStore = accountStore;
this.configuration = configuration;
this.sessionManager = sessionManager;
this.domain = domain.toLowerCase();
this.isClientAuthEnabled = config.getBoolean("security.enable_clientauth");
this.clientAuthCertDomain = config.getString("security.clientauth_cert_domain").toLowerCase();
this.isRegistrationDisabled = config.getBoolean("administration.disable_registration");
this.isLoginPageDisabled = config.getBoolean("administration.disable_loginpage");
// this.welcomeBot = welcomeBot;
this.analyticsAccount = config.getString("administration.analytics_account");
}
Example #2
| Source File: LoginConfigImpl.java From openjdk-8-source with GNU General Public License v2.0 | 6 votes |
|
/**
* A new instance of LoginConfigImpl must be created for each login request
* since it's only used by a single (caller, mech) pair
* @param caller defined in GSSUtil as CALLER_XXX final fields
* @param oid defined in GSSUtil as XXX_MECH_OID final fields
*/
public LoginConfigImpl(GSSCaller caller, Oid mech) {
this.caller = caller;
if (mech.equals(GSSUtil.GSS_KRB5_MECH_OID)) {
mechName = "krb5";
} else {
throw new IllegalArgumentException(mech.toString() + " not supported");
}
config = java.security.AccessController.doPrivileged
(new java.security.PrivilegedAction <Configuration> () {
public Configuration run() {
return Configuration.getConfiguration();
}
});
}
Example #3
| Source File: AuthUtils.java From jstorm with Apache License 2.0 | 6 votes |
|
/**
* Construct a JAAS configuration object per storm configuration file
*
* @param storm_conf Storm configuration
* @return JAAS configuration object
*/
public static Configuration GetConfiguration(Map storm_conf) {
Configuration login_conf = null;
// find login file configuration from Storm configuration
String loginConfigurationFile = (String) storm_conf.get("java.security.auth.login.config");
if ((loginConfigurationFile != null) && (loginConfigurationFile.length() > 0)) {
File config_file = new File(loginConfigurationFile);
if (!config_file.canRead()) {
throw new RuntimeException("File " + loginConfigurationFile + " cannot be read.");
}
try {
URI config_uri = config_file.toURI();
login_conf = Configuration.getInstance("JavaLoginConfig", new URIParameter(config_uri));
} catch (Exception ex) {
throw new RuntimeException(ex);
}
}
return login_conf;
}
Example #4
| Source File: DynamicConfigurationTest.java From jdk8u-jdk with GNU General Public License v2.0 | 6 votes |
|
public static void testLogin(String confName, char[] passwd,
Configuration cf, boolean expectException) {
try {
CallbackHandler ch = new MyCallbackHandler("testUser", passwd);
LoginContext lc = new LoginContext(confName, new Subject(),
ch, cf);
lc.login();
if (expectException) {
throw new RuntimeException("Login Test failed: "
+ "expected LoginException not thrown");
}
} catch (LoginException le) {
if (!expectException) {
System.out.println("Login Test failed: "
+ "received Unexpected exception.");
throw new RuntimeException(le);
}
}
}
Example #5
| Source File: DynamicConfigurationTest.java From hottub with GNU General Public License v2.0 | 6 votes |
|
public static void testLogin(String confName, char[] passwd,
Configuration cf, boolean expectException) {
try {
CallbackHandler ch = new MyCallbackHandler("testUser", passwd);
LoginContext lc = new LoginContext(confName, new Subject(),
ch, cf);
lc.login();
if (expectException) {
throw new RuntimeException("Login Test failed: "
+ "expected LoginException not thrown");
}
} catch (LoginException le) {
if (!expectException) {
System.out.println("Login Test failed: "
+ "received Unexpected exception.");
throw new RuntimeException(le);
}
}
}
Example #6
| Source File: DynamicConfigurationTest.java From dragonwell8_jdk with GNU General Public License v2.0 | 6 votes |
|
public static void testLogin(String confName, char[] passwd,
Configuration cf, boolean expectException) {
try {
CallbackHandler ch = new MyCallbackHandler("testUser", passwd);
LoginContext lc = new LoginContext(confName, new Subject(),
ch, cf);
lc.login();
if (expectException) {
throw new RuntimeException("Login Test failed: "
+ "expected LoginException not thrown");
}
} catch (LoginException le) {
if (!expectException) {
System.out.println("Login Test failed: "
+ "received Unexpected exception.");
throw new RuntimeException(le);
}
}
}
Example #7
| Source File: DynamicConfigurationTest.java From jdk8u_jdk with GNU General Public License v2.0 | 6 votes |
|
public static void testLogin(String confName, char[] passwd,
Configuration cf, boolean expectException) {
try {
CallbackHandler ch = new MyCallbackHandler("testUser", passwd);
LoginContext lc = new LoginContext(confName, new Subject(),
ch, cf);
lc.login();
if (expectException) {
throw new RuntimeException("Login Test failed: "
+ "expected LoginException not thrown");
}
} catch (LoginException le) {
if (!expectException) {
System.out.println("Login Test failed: "
+ "received Unexpected exception.");
throw new RuntimeException(le);
}
}
}
Example #8
| Source File: SaslNettyServer.java From herddb with Apache License 2.0 | 6 votes |
|
public SaslServerCallbackHandler(Configuration configuration) throws IOException {
AppConfigurationEntry[] configurationEntries = configuration.getAppConfigurationEntry(JASS_SERVER_SECTION);
if (configurationEntries == null) {
String errorMessage = "Could not find a '" + JASS_SERVER_SECTION + "' entry in this configuration: Server cannot start.";
throw new IOException(errorMessage);
}
credentials.clear();
for (AppConfigurationEntry entry : configurationEntries) {
Map<String, ?> options = entry.getOptions();
// Populate DIGEST-MD5 user -> password map with JAAS configuration entries from the "Server" section.
// Usernames are distinguished from other options by prefixing the username with a "user_" prefix.
for (Map.Entry<String, ?> pair : options.entrySet()) {
String key = pair.getKey();
if (key.startsWith(USER_PREFIX)) {
String userName = key.substring(USER_PREFIX.length());
credentials.put(userName, (String) pair.getValue());
}
}
}
}
Example #9
| Source File: ZKSignerSecretProvider.java From hadoop with Apache License 2.0 | 6 votes |
|
private String setJaasConfiguration(Properties config) throws Exception {
String keytabFile = config.getProperty(ZOOKEEPER_KERBEROS_KEYTAB).trim();
if (keytabFile == null || keytabFile.length() == 0) {
throw new IllegalArgumentException(ZOOKEEPER_KERBEROS_KEYTAB
+ " must be specified");
}
String principal = config.getProperty(ZOOKEEPER_KERBEROS_PRINCIPAL)
.trim();
if (principal == null || principal.length() == 0) {
throw new IllegalArgumentException(ZOOKEEPER_KERBEROS_PRINCIPAL
+ " must be specified");
}
// This is equivalent to writing a jaas.conf file and setting the system
// property, "java.security.auth.login.config", to point to it
JaasConfiguration jConf =
new JaasConfiguration(JAAS_LOGIN_ENTRY_NAME, principal, keytabFile);
Configuration.setConfiguration(jConf);
return principal.split("[/@]")[0];
}
Example #10
| Source File: KerberosKDCUtil.java From light-oauth2 with Apache License 2.0 | 6 votes |
|
private static Configuration createJaasConfiguration() {
return new Configuration() {
@Override
public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
if (!"KDC".equals(name)) {
throw new IllegalArgumentException("Unexpected name '" + name + "'");
}
AppConfigurationEntry[] entries = new AppConfigurationEntry[1];
Map<String, Object> options = new HashMap<>();
options.put("debug", config.getDebug());
options.put("refreshKrb5Config", "true");
options.put("storeKey", "true");
if("true".equalsIgnoreCase(config.getUseKeyTab())) {
options.put("useKeyTab", config.getUseKeyTab());
options.put("keyTab", config.getKeyTab());
options.put("principal", config.getPrincipal());
}
options.put("isInitiator", "true");
entries[0] = new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule", REQUIRED, options);
return entries;
}
};
}
Example #11
| Source File: LoginModulesTest.java From keycloak with Apache License 2.0 | 6 votes |
|
private Configuration createJaasConfigurationForDirectGrant(String scope) {
return new Configuration() {
@Override
public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
Map<String, Object> options = new HashMap<>();
options.put(AbstractKeycloakLoginModule.KEYCLOAK_CONFIG_FILE_OPTION, DIRECT_GRANT_CONFIG_FILE.getAbsolutePath());
if (scope != null) {
options.put(DirectAccessGrantsLoginModule.SCOPE_OPTION, scope);
}
AppConfigurationEntry LMConfiguration = new AppConfigurationEntry(DirectAccessGrantsLoginModule.class.getName(), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options);
return new AppConfigurationEntry[] { LMConfiguration };
}
};
}
Example #12
| Source File: LoginConfigImpl.java From openjdk-jdk9 with GNU General Public License v2.0 | 6 votes |
|
/**
* A new instance of LoginConfigImpl must be created for each login request
* since it's only used by a single (caller, mech) pair
* @param caller defined in GSSUtil as CALLER_XXX final fields
* @param mech defined in GSSUtil as XXX_MECH_OID final fields
*/
public LoginConfigImpl(GSSCaller caller, Oid mech) {
this.caller = caller;
if (mech.equals(GSSUtil.GSS_KRB5_MECH_OID)) {
mechName = "krb5";
} else {
throw new IllegalArgumentException(mech.toString() + " not supported");
}
config = java.security.AccessController.doPrivileged
(new java.security.PrivilegedAction <Configuration> () {
public Configuration run() {
return Configuration.getConfiguration();
}
});
}
Example #13
| Source File: GetInstance.java From openjdk-jdk9 with GNU General Public License v2.0 | 6 votes |
|
private int testStringProvider(int testnum) throws Exception {
// get an instance of JavaLoginConfig from SUN
Configuration c = Configuration.getInstance(JAVA_CONFIG, null, "SUN");
doTest(c, testnum++);
// get an instance of JavaLoginConfig from SunRsaSign
try {
c = Configuration.getInstance(JAVA_CONFIG, null, "SunRsaSign");
throw new SecurityException("test " + testnum++ + " failed");
} catch (NoSuchAlgorithmException nsae) {
// good
System.out.println("test " + testnum++ + " passed");
}
// get an instance of JavaLoginConfig from FOO
try {
c = Configuration.getInstance(JAVA_CONFIG, null, "FOO");
throw new SecurityException("test " + testnum++ + " failed");
} catch (NoSuchProviderException nspe) {
// good
System.out.println("test " + testnum++ + " passed");
}
return testnum;
}
Example #14
| Source File: LoginConfigImpl.java From openjdk-8 with GNU General Public License v2.0 | 6 votes |
|
/**
* A new instance of LoginConfigImpl must be created for each login request
* since it's only used by a single (caller, mech) pair
* @param caller defined in GSSUtil as CALLER_XXX final fields
* @param oid defined in GSSUtil as XXX_MECH_OID final fields
*/
public LoginConfigImpl(GSSCaller caller, Oid mech) {
this.caller = caller;
if (mech.equals(GSSUtil.GSS_KRB5_MECH_OID)) {
mechName = "krb5";
} else {
throw new IllegalArgumentException(mech.toString() + " not supported");
}
config = java.security.AccessController.doPrivileged
(new java.security.PrivilegedAction <Configuration> () {
public Configuration run() {
return Configuration.getConfiguration();
}
});
}
Example #15
| Source File: SaslNettyServer.java From blazingcache with Apache License 2.0 | 6 votes |
|
public SaslServerCallbackHandler(Configuration configuration) throws IOException {
AppConfigurationEntry configurationEntries[] = configuration.getAppConfigurationEntry(SERVER_JAAS_SECTION);
if (configurationEntries == null) {
String errorMessage = "Could not find a '" + SERVER_JAAS_SECTION + "' entry in this configuration: Server cannot start.";
throw new IOException(errorMessage);
}
credentials.clear();
for (AppConfigurationEntry entry : configurationEntries) {
Map<String, ?> options = entry.getOptions();
// Populate DIGEST-MD5 user -> password map with JAAS configuration entries from the "Server" section.
// Usernames are distinguished from other options by prefixing the username with a "user_" prefix.
for (Map.Entry<String, ?> pair : options.entrySet()) {
String key = pair.getKey();
if (key.startsWith(USER_PREFIX)) {
String userName = key.substring(USER_PREFIX.length());
credentials.put(userName, (String) pair.getValue());
}
}
}
}
Example #16
| Source File: GetInstance.java From openjdk-jdk9 with GNU General Public License v2.0 | 6 votes |
|
private void doTest(Configuration c, int testnum) throws Exception {
testnum = doCommon(c, testnum);
// test getProvider
if ("SUN".equals(c.getProvider().getName())) {
System.out.println("test " + testnum + " (getProvider) passed");
} else {
throw new SecurityException("test " + testnum +
" (getProvider) failed");
}
// test getType
if (JAVA_CONFIG.equals(c.getType())) {
System.out.println("test " + testnum + " (getType) passed");
} else {
throw new SecurityException("test " + testnum +
" (getType) failed");
}
}
Example #17
| Source File: GetInstance.java From openjdk-jdk9 with GNU General Public License v2.0 | 6 votes |
|
private void doCustomTest(Configuration c,
int testnum,
Provider custom) throws Exception {
testnum = doCommon(c, testnum);
// test getProvider
if (custom == c.getProvider() &&
"GetInstanceProvider".equals(c.getProvider().getName())) {
System.out.println("test " + testnum + " (getProvider) passed");
} else {
throw new SecurityException
("test " + testnum + " (getProvider) failed");
}
// test getType
if ("GetInstanceConfigSpi".equals(c.getType())) {
System.out.println("test " + testnum + "(getType) passed");
} else {
throw new SecurityException("test " + testnum +
" (getType) failed");
}
}
Example #18
| Source File: ClientCallbackHandler.java From jstorm with Apache License 2.0 | 6 votes |
|
/**
* Constructor based on a JAAS configuration
*
* For digest, you should have a pair of user name and password defined.
*
* @param configuration
* @throws IOException
*/
public ClientCallbackHandler(Configuration configuration) throws IOException {
if (configuration == null)
return;
AppConfigurationEntry configurationEntries[] = configuration.getAppConfigurationEntry(AuthUtils.LOGIN_CONTEXT_CLIENT);
if (configurationEntries == null) {
String errorMessage = "Could not find a '" + AuthUtils.LOGIN_CONTEXT_CLIENT + "' entry in this configuration: Client cannot start.";
throw new IOException(errorMessage);
}
_password = "";
for (AppConfigurationEntry entry : configurationEntries) {
if (entry.getOptions().get(USERNAME) != null) {
_username = (String) entry.getOptions().get(USERNAME);
}
if (entry.getOptions().get(PASSWORD) != null) {
_password = (String) entry.getOptions().get(PASSWORD);
}
}
}
Example #19
| Source File: AuthUtils.java From knox with Apache License 2.0 | 6 votes |
|
public static Subject getKerberosSubject() {
Subject subject = null;
try {
Configuration jaasConf = getKerberosJAASConfiguration();
if (jaasConf != null) {
log.attemptingKerberosLogin(getKerberosLoginConfigLocation());
LoginContext lc = new LoginContext(JGSS_LOGIN_MODULE, null, null, jaasConf);
lc.login();
subject = lc.getSubject();
}
} catch (Exception e) {
log.failedKerberosLogin(getKerberosLoginConfigLocation(), JGSS_LOGIN_MODULE, e);
}
return subject;
}
Example #20
| Source File: TestSaslEnabledKafka.java From datacollector with Apache License 2.0 | 6 votes |
|
@BeforeClass
public static void beforeClass() throws Exception {
testDir = new File("target", UUID.randomUUID().toString()).getAbsoluteFile();
Assert.assertTrue(testDir.mkdirs());
File kdcDir = new File(testDir, KDC);
Assert.assertTrue(kdcDir.mkdirs());
keytabFile = new File(testDir, TEST_KEYTAB);
jaasConfigFile = new File(testDir, KAFKA_JAAS_CONF);
jaasConfigFile.createNewFile();
jaasConfigFile.setReadable(true);
String jaasConf = JAAS_CONF.replaceAll("keyTabFile", keytabFile.getAbsolutePath());
FileOutputStream outputStream = new FileOutputStream(jaasConfigFile);
IOUtils.write(jaasConf, outputStream);
outputStream.close();
plainTextPort = NetworkUtils.getRandomPort();
securePort = NetworkUtils.getRandomPort();
// reload configuration when getConfiguration is called next
Configuration.setConfiguration(null);
System.setProperty(JAVA_SECURITY_AUTH_LOGIN_CONFIG, jaasConfigFile.getAbsolutePath());
SecureKafkaBase.beforeClass();
}
Example #21
| Source File: GetInstance.java From openjdk-jdk9 with GNU General Public License v2.0 | 6 votes |
|
private int testProvider(int testnum) throws Exception {
// get an instance of JavaLoginConfig from SUN
Configuration c = Configuration.getInstance(JAVA_CONFIG,
null,
Security.getProvider("SUN"));
doTest(c, testnum++);
// get an instance of JavaLoginConfig from SunRsaSign
try {
c = Configuration.getInstance(JAVA_CONFIG,
null,
Security.getProvider("SunRsaSign"));
throw new SecurityException("test " + testnum++ + " failed");
} catch (NoSuchAlgorithmException nsae) {
// good
System.out.println("test " + testnum++ + " passed");
}
return testnum;
}
Example #22
| Source File: DynamicConfigurationTest.java From openjdk-jdk8u with GNU General Public License v2.0 | 6 votes |
|
public static void testLogin(String confName, char[] passwd,
Configuration cf, boolean expectException) {
try {
CallbackHandler ch = new MyCallbackHandler("testUser", passwd);
LoginContext lc = new LoginContext(confName, new Subject(),
ch, cf);
lc.login();
if (expectException) {
throw new RuntimeException("Login Test failed: "
+ "expected LoginException not thrown");
}
} catch (LoginException le) {
if (!expectException) {
System.out.println("Login Test failed: "
+ "received Unexpected exception.");
throw new RuntimeException(le);
}
}
}
Example #23
| Source File: TestWebDelegationToken.java From hadoop with Apache License 2.0 | 5 votes |
|
@Before
public void setUp() throws Exception {
// resetting hadoop security to simple
org.apache.hadoop.conf.Configuration conf =
new org.apache.hadoop.conf.Configuration();
UserGroupInformation.setConfiguration(conf);
jetty = createJettyServer();
}
Example #24
| Source File: MobiConfigurationImpl.java From mobi with GNU Affero General Public License v3.0 | 5 votes |
|
@Override
public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
if (name.equals("mobi")) {
return configEntryProviders.stream()
.map(AppConfigEntryProvider::getModuleConfig)
.map(map -> new AppConfigurationEntry(ProxyLoginModule.class.getName(),
AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL, map))
.toArray(AppConfigurationEntry[]::new);
} else {
return Configuration.getConfiguration().getAppConfigurationEntry(name);
}
}
Example #25
| Source File: JaasKrbUtil.java From deprecated-security-advanced-modules with Apache License 2.0 | 5 votes |
|
public static Subject loginUsingTicketCache(final String principal, final Path cachePath) throws LoginException {
final Set<Principal> principals = new HashSet<Principal>();
principals.add(new KerberosPrincipal(principal));
final Subject subject = new Subject(false, principals, new HashSet<Object>(), new HashSet<Object>());
final Configuration conf = useTicketCache(principal, cachePath);
final String confName = "TicketCacheConf";
final LoginContext loginContext = new LoginContext(confName, subject, null, conf);
loginContext.login();
return loginContext.getSubject();
}
Example #26
| Source File: AtlasPamAuthenticationProvider.java From atlas with Apache License 2.0 | 5 votes |
|
private void init() {
try {
AppConfigurationEntry appConfigurationEntry = new AppConfigurationEntry(
loginModuleName, controlFlag, options);
AppConfigurationEntry[] appConfigurationEntries = new AppConfigurationEntry[]{appConfigurationEntry};
Map<String, AppConfigurationEntry[]> appConfigurationEntriesOptions =
new HashMap<String, AppConfigurationEntry[]>();
appConfigurationEntriesOptions.put("SPRINGSECURITY",
appConfigurationEntries);
Configuration configuration = new InMemoryConfiguration(
appConfigurationEntriesOptions);
jaasAuthenticationProvider.setConfiguration(configuration);
UserAuthorityGranter authorityGranter = new UserAuthorityGranter();
UserAuthorityGranter[] authorityGranters = new UserAuthorityGranter[]{authorityGranter};
jaasAuthenticationProvider.setAuthorityGranters(authorityGranters);
jaasAuthenticationProvider.afterPropertiesSet();
if(LOG.isDebugEnabled()) {
LOG.debug("AtlasPAMAuthenticationProvider{" +
"jaasAuthenticationProvider='" + jaasAuthenticationProvider + '\'' +
", loginModuleName='" + loginModuleName + '\'' +
", controlFlag='" + controlFlag + '\'' +
", options='" + options + '}');
}
} catch (Exception e) {
LOG.error("Failed to init PAM Authentication", e);
}
}
Example #27
| Source File: InMemoryJAASConfigurationTicketBasedKafkaClientTest.java From atlas with Apache License 2.0 | 5 votes |
|
@Test
public void testGetAppConfigurationEntryStringForticketBasedKafkaClient() {
AppConfigurationEntry[] entries =
Configuration.getConfiguration().getAppConfigurationEntry("KafkaClient");
Assert.assertNotNull(entries);
Assert.assertEquals((String) entries[0].getOptions().get("useTicketCache"), "true");
}
Example #28
| Source File: TestSaslEnabledKafka.java From datacollector with Apache License 2.0 | 5 votes |
|
@AfterClass
public static void afterClass() {
SecureKafkaBase.afterClass();
System.clearProperty(JAVA_SECURITY_AUTH_LOGIN_CONFIG);
Configuration.setConfiguration(null);
if(jaasConfigFile.exists()) {
jaasConfigFile.delete();
}
if(keytabFile.exists()) {
keytabFile.delete();
}
}
Example #29
| Source File: InMemoryJAASConfiguration.java From incubator-atlas with Apache License 2.0 | 5 votes |
|
public static void init(Properties properties) throws AtlasException {
LOG.debug("==> InMemoryJAASConfiguration.init()");
if (properties != null && MapUtils.isNotEmpty(properties)) {
InMemoryJAASConfiguration conf = new InMemoryJAASConfiguration(properties);
Configuration.setConfiguration(conf);
} else {
throw new AtlasException("Failed to load JAAS application properties: properties NULL or empty!");
}
LOG.debug("<== InMemoryJAASConfiguration.init()");
}
Example #30
| Source File: RemoteConfigurationRegistryJAASConfigTest.java From knox with Apache License 2.0 | 5 votes |
|
private void shouldRaiseAnErrorWithMeaningfulErrorMessageIfAuthLoginConfigCannotBeRead() throws Exception {
final List<RemoteConfigurationRegistryConfig> registryConfigs = new ArrayList<>();
System.setProperty(GatewayConfig.KRB5_LOGIN_CONFIG, "nonExistingFilePath");
expectedException.expect(ConfigurationException.class);
expectedException.expectMessage(startsWith(RemoteConfigurationRegistryJAASConfig.JAAS_CONFIG_ERRROR_PREFIX));
try {
RemoteConfigurationRegistryJAASConfig.configure(registryConfigs, null);
} finally {
System.clearProperty(GatewayConfig.KRB5_LOGIN_CONFIG);
Configuration.setConfiguration(null);
}
}
