Java Code Examples for javax.security.auth.kerberos.KerberosPrincipal#getName()
The following examples show how to use
javax.security.auth.kerberos.KerberosPrincipal#getName() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: SimpleLDAPAuthenticationManagerTest.java From qpid-broker-j with Apache License 2.0 | 7 votes |
|
private void setUpKerberos() throws Exception
{
final LdapServer ldapServer = LDAP.getLdapServer();
final KdcServer kdcServer =
ServerAnnotationProcessor.getKdcServer(LDAP.getDirectoryService(), ldapServer.getPort() + 1);
kdcServer.getConfig().setPaEncTimestampRequired(false);
final int port = kdcServer.getTransports()[0].getPort();
final String krb5confPath = createKrb5Conf(port);
SYSTEM_PROPERTY_SETTER.setSystemProperty("java.security.krb5.conf", krb5confPath);
SYSTEM_PROPERTY_SETTER.setSystemProperty("java.security.krb5.realm", null);
SYSTEM_PROPERTY_SETTER.setSystemProperty("java.security.krb5.kdc", null);
final KerberosPrincipal servicePrincipal =
new KerberosPrincipal(LDAP_SERVICE_NAME + "/" + HOSTNAME + "@" + REALM,
KerberosPrincipal.KRB_NT_SRV_HST);
final String servicePrincipalName = servicePrincipal.getName();
ldapServer.setSaslHost(servicePrincipalName.substring(servicePrincipalName.indexOf("/") + 1,
servicePrincipalName.indexOf("@")));
ldapServer.setSaslPrincipal(servicePrincipalName);
ldapServer.setSearchBaseDn(USERS_DN);
createPrincipal("KDC", "KDC", "krbtgt", UUID.randomUUID().toString(), "krbtgt/" + REALM + "@" + REALM);
createPrincipal("Service", "LDAP Service", "ldap", UUID.randomUUID().toString(), servicePrincipalName);
}
Example 2
| Source File: Krb5Util.java From dragonwell8_jdk with GNU General Public License v2.0 | 6 votes |
|
public static Credentials ticketToCreds(KerberosTicket kerbTicket)
throws KrbException, IOException {
KerberosPrincipal clientAlias = KerberosSecrets
.getJavaxSecurityAuthKerberosAccess()
.kerberosTicketGetClientAlias(kerbTicket);
KerberosPrincipal serverAlias = KerberosSecrets
.getJavaxSecurityAuthKerberosAccess()
.kerberosTicketGetServerAlias(kerbTicket);
return new Credentials(
kerbTicket.getEncoded(),
kerbTicket.getClient().getName(),
(clientAlias != null ? clientAlias.getName() : null),
kerbTicket.getServer().getName(),
(serverAlias != null ? serverAlias.getName() : null),
kerbTicket.getSessionKey().getEncoded(),
kerbTicket.getSessionKeyType(),
kerbTicket.getFlags(),
kerbTicket.getAuthTime(),
kerbTicket.getStartTime(),
kerbTicket.getEndTime(),
kerbTicket.getRenewTill(),
kerbTicket.getClientAddresses());
}
Example 3
| Source File: Krb5Util.java From TencentKona-8 with GNU General Public License v2.0 | 6 votes |
|
public static Credentials ticketToCreds(KerberosTicket kerbTicket)
throws KrbException, IOException {
KerberosPrincipal clientAlias = KerberosSecrets
.getJavaxSecurityAuthKerberosAccess()
.kerberosTicketGetClientAlias(kerbTicket);
KerberosPrincipal serverAlias = KerberosSecrets
.getJavaxSecurityAuthKerberosAccess()
.kerberosTicketGetServerAlias(kerbTicket);
return new Credentials(
kerbTicket.getEncoded(),
kerbTicket.getClient().getName(),
(clientAlias != null ? clientAlias.getName() : null),
kerbTicket.getServer().getName(),
(serverAlias != null ? serverAlias.getName() : null),
kerbTicket.getSessionKey().getEncoded(),
kerbTicket.getSessionKeyType(),
kerbTicket.getFlags(),
kerbTicket.getAuthTime(),
kerbTicket.getStartTime(),
kerbTicket.getEndTime(),
kerbTicket.getRenewTill(),
kerbTicket.getClientAddresses());
}
Example 4
| Source File: Krb5Util.java From openjdk-jdk8u with GNU General Public License v2.0 | 6 votes |
|
public static Credentials ticketToCreds(KerberosTicket kerbTicket)
throws KrbException, IOException {
KerberosPrincipal clientAlias = KerberosSecrets
.getJavaxSecurityAuthKerberosAccess()
.kerberosTicketGetClientAlias(kerbTicket);
KerberosPrincipal serverAlias = KerberosSecrets
.getJavaxSecurityAuthKerberosAccess()
.kerberosTicketGetServerAlias(kerbTicket);
return new Credentials(
kerbTicket.getEncoded(),
kerbTicket.getClient().getName(),
(clientAlias != null ? clientAlias.getName() : null),
kerbTicket.getServer().getName(),
(serverAlias != null ? serverAlias.getName() : null),
kerbTicket.getSessionKey().getEncoded(),
kerbTicket.getSessionKeyType(),
kerbTicket.getFlags(),
kerbTicket.getAuthTime(),
kerbTicket.getStartTime(),
kerbTicket.getEndTime(),
kerbTicket.getRenewTill(),
kerbTicket.getClientAddresses());
}
Example 5
| Source File: UserGroupInformation.java From hadoop with Apache License 2.0 | 6 votes |
|
/**
* Create a UserGroupInformation from a Subject with Kerberos principal.
*
* @param user The KerberosPrincipal to use in UGI
*
* @throws IOException if the kerberos login fails
*/
public static UserGroupInformation getUGIFromSubject(Subject subject)
throws IOException {
if (subject == null) {
throw new IOException("Subject must not be null");
}
if (subject.getPrincipals(KerberosPrincipal.class).isEmpty()) {
throw new IOException("Provided Subject must contain a KerberosPrincipal");
}
KerberosPrincipal principal =
subject.getPrincipals(KerberosPrincipal.class).iterator().next();
User ugiUser = new User(principal.getName(),
AuthenticationMethod.KERBEROS, null);
subject.getPrincipals().add(ugiUser);
UserGroupInformation ugi = new UserGroupInformation(subject);
ugi.setLogin(null);
ugi.setAuthenticationMethod(AuthenticationMethod.KERBEROS);
return ugi;
}
Example 6
| Source File: UserGroupInformation.java From big-c with Apache License 2.0 | 6 votes |
|
/**
* Create a UserGroupInformation from a Subject with Kerberos principal.
*
* @param user The KerberosPrincipal to use in UGI
*
* @throws IOException if the kerberos login fails
*/
public static UserGroupInformation getUGIFromSubject(Subject subject)
throws IOException {
if (subject == null) {
throw new IOException("Subject must not be null");
}
if (subject.getPrincipals(KerberosPrincipal.class).isEmpty()) {
throw new IOException("Provided Subject must contain a KerberosPrincipal");
}
KerberosPrincipal principal =
subject.getPrincipals(KerberosPrincipal.class).iterator().next();
User ugiUser = new User(principal.getName(),
AuthenticationMethod.KERBEROS, null);
subject.getPrincipals().add(ugiUser);
UserGroupInformation ugi = new UserGroupInformation(subject);
ugi.setLogin(null);
ugi.setAuthenticationMethod(AuthenticationMethod.KERBEROS);
return ugi;
}
Example 7
| Source File: Krb5Util.java From jdk8u_jdk with GNU General Public License v2.0 | 6 votes |
|
public static Credentials ticketToCreds(KerberosTicket kerbTicket)
throws KrbException, IOException {
KerberosPrincipal clientAlias = KerberosSecrets
.getJavaxSecurityAuthKerberosAccess()
.kerberosTicketGetClientAlias(kerbTicket);
KerberosPrincipal serverAlias = KerberosSecrets
.getJavaxSecurityAuthKerberosAccess()
.kerberosTicketGetServerAlias(kerbTicket);
return new Credentials(
kerbTicket.getEncoded(),
kerbTicket.getClient().getName(),
(clientAlias != null ? clientAlias.getName() : null),
kerbTicket.getServer().getName(),
(serverAlias != null ? serverAlias.getName() : null),
kerbTicket.getSessionKey().getEncoded(),
kerbTicket.getSessionKeyType(),
kerbTicket.getFlags(),
kerbTicket.getAuthTime(),
kerbTicket.getStartTime(),
kerbTicket.getEndTime(),
kerbTicket.getRenewTill(),
kerbTicket.getClientAddresses());
}
Example 8
| Source File: SpnegoAuthScheme.java From elasticsearch-hadoop with Apache License 2.0 | 6 votes |
|
/**
* Creates the negotiator if it is not yet created, or does nothing if the negotiator is already initialized.
* @param requestURI request being authenticated
* @param spnegoCredentials The user and service principals
* @throws UnknownHostException If the service principal is host based, and if the request URI cannot be resolved to a FQDN
* @throws AuthenticationException If the service principal is malformed
* @throws GSSException If the negotiator cannot be created.
*/
private void initializeNegotiator(URI requestURI, SpnegoCredentials spnegoCredentials) throws UnknownHostException, AuthenticationException, GSSException {
// Initialize negotiator
if (spnegoNegotiator == null) {
// Determine host principal
String servicePrincipal = spnegoCredentials.getServicePrincipalName();
if (spnegoCredentials.getServicePrincipalName().contains(HOSTNAME_PATTERN)) {
String fqdn = getFQDN(requestURI);
String[] components = spnegoCredentials.getServicePrincipalName().split("[/@]");
if (components.length != 3 || !components[1].equals(HOSTNAME_PATTERN)) {
throw new AuthenticationException("Malformed service principal name [" + spnegoCredentials.getServicePrincipalName()
+ "]. To use host substitution, the principal must be of the format [serviceName/[email protected]].");
}
servicePrincipal = components[0] + "/" + fqdn.toLowerCase() + "@" + components[2];
}
User userInfo = spnegoCredentials.getUserProvider().getUser();
KerberosPrincipal principal = userInfo.getKerberosPrincipal();
if (principal == null) {
throw new EsHadoopIllegalArgumentException("Could not locate Kerberos Principal on currently logged in user.");
}
spnegoNegotiator = new SpnegoNegotiator(principal.getName(), servicePrincipal);
}
}
Example 9
| Source File: KerberosTest.java From jcifs with GNU Lesser General Public License v2.1 | 5 votes |
|
/**
* @param principal
* @return
* @throws RealmException
*/
protected static PrincipalName convertPrincipal ( KerberosPrincipal principal ) throws RealmException {
PrincipalName principalName = new PrincipalName(
principal.getName() + PrincipalName.NAME_REALM_SEPARATOR + principal.getRealm(),
PrincipalName.KRB_NT_PRINCIPAL);
return principalName;
}
Example 10
| Source File: KerberosTest.java From jcifs-ng with GNU Lesser General Public License v2.1 | 5 votes |
|
/**
* @param principal
* @return
* @throws RealmException
*/
protected static PrincipalName convertPrincipal ( KerberosPrincipal principal ) throws RealmException {
PrincipalName principalName = new PrincipalName(
principal.getName() + PrincipalName.NAME_REALM_SEPARATOR + principal.getRealm(),
PrincipalName.KRB_NT_PRINCIPAL);
return principalName;
}
Example 11
| Source File: JdkUser.java From elasticsearch-hadoop with Apache License 2.0 | 5 votes |
|
@Override
public String getUserName() {
KerberosPrincipal principal = getKerberosPrincipal();
if (principal == null) {
return null;
}
return principal.getName();
}
Example 12
| Source File: Samba2FileSystem.java From iaf with Apache License 2.0 | 4 votes |
|
private AuthenticationContext authenticate() throws FileSystemException {
CredentialFactory credentialFactory = new CredentialFactory(getAuthAlias(), getUsername(), getPassword());
if (StringUtils.isNotEmpty(credentialFactory.getUsername())) {
if(StringUtils.equalsIgnoreCase(authType, "NTLM")) {
return new AuthenticationContext(getUsername(), password.toCharArray(), getDomain());
}else if(StringUtils.equalsIgnoreCase(authType, "SPNEGO")) {
if(!StringUtils.isEmpty(getKdc()) && !StringUtils.isEmpty(getRealm())) {
System.setProperty("java.security.krb5.kdc", getKdc());
System.setProperty("java.security.krb5.realm", getRealm());
}
HashMap<String, String> loginParams = new HashMap<String, String>();
loginParams.put("principal", getUsername());
LoginContext lc;
try {
lc = new LoginContext(getUsername(), null,
new UsernameAndPasswordCallbackHandler(getUsername(), getPassword()),
new KerberosLoginConfiguration(loginParams));
lc.login();
Subject subject = lc.getSubject();
KerberosPrincipal krbPrincipal = subject.getPrincipals(KerberosPrincipal.class).iterator().next();
Oid spnego = new Oid(SPNEGO_OID);
Oid kerberos5 = new Oid(KERBEROS5_OID);
final GSSManager manager = GSSManager.getInstance();
final GSSName name = manager.createName(krbPrincipal.toString(), GSSName.NT_USER_NAME);
Set<Oid> mechs = new HashSet<Oid>(Arrays.asList(manager.getMechsForName(name.getStringNameType())));
final Oid mech;
if (mechs.contains(kerberos5)) {
mech = kerberos5;
} else if (mechs.contains(spnego)) {
mech = spnego;
} else {
throw new IllegalArgumentException("No mechanism found");
}
GSSCredential creds = Subject.doAs(subject, new PrivilegedExceptionAction<GSSCredential>() {
@Override
public GSSCredential run() throws GSSException {
return manager.createCredential(name, GSSCredential.DEFAULT_LIFETIME, mech, GSSCredential.INITIATE_ONLY);
}
});
GSSAuthenticationContext auth = new GSSAuthenticationContext(krbPrincipal.getName(), krbPrincipal.getRealm(), subject, creds);
return auth;
} catch (Exception e) {
if(e.getMessage().contains("Cannot locate default realm")) {
throw new FileSystemException("Please fill the kdc and realm field or provide krb5.conf file including realm",e);
}
throw new FileSystemException(e);
}
}
}
return null;
}
