org.ietf.jgss.GSSName Java Examples

The following examples show how to use org.ietf.jgss.GSSName. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source Project: Tomcat8-Source-Read   Author: chenmudu   File: LockOutRealm.java    License: MIT License 6 votes vote down vote up
/**
 * {@inheritDoc}
 */
@Override
public Principal authenticate(GSSContext gssContext, boolean storeCreds) {
    if (gssContext.isEstablished()) {
        String username = null;
        GSSName name = null;
        try {
            name = gssContext.getSrcName();
        } catch (GSSException e) {
            log.warn(sm.getString("realmBase.gssNameFail"), e);
            return null;
        }

        username = name.toString();

        Principal authenticatedUser = super.authenticate(gssContext, storeCreds);

        return filterLockedAccounts(username, authenticatedUser);
    }

    // Fail in all other cases
    return null;
}
 
Example #2
Source Project: openjdk-jdk9   Author: AdoptOpenJDK   File: CrossRealm.java    License: GNU General Public License v2.0 6 votes vote down vote up
static void xRealmAuth() throws Exception {
    Security.setProperty("auth.login.defaultCallbackHandler", "CrossRealm");
    System.setProperty("java.security.auth.login.config", "jaas-localkdc.conf");
    System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
    FileOutputStream fos = new FileOutputStream("jaas-localkdc.conf");
    fos.write(("com.sun.security.jgss.krb5.initiate {\n" +
            "    com.sun.security.auth.module.Krb5LoginModule\n" +
            "    required\n" +
            "    principal=dummy\n" +
            "    doNotPrompt=false\n" +
            "    useTicketCache=false\n" +
            "    ;\n" +
            "};").getBytes());
    fos.close();

    GSSManager m = GSSManager.getInstance();
    m.createContext(
            m.createName("[email protected]", GSSName.NT_HOSTBASED_SERVICE),
            GSSUtil.GSS_KRB5_MECH_OID,
            null,
            GSSContext.DEFAULT_LIFETIME).initSecContext(new byte[0], 0, 0);
}
 
Example #3
Source Project: jdk8u_jdk   Author: JetBrains   File: CrossRealm.java    License: GNU General Public License v2.0 6 votes vote down vote up
static void xRealmAuth() throws Exception {
    Security.setProperty("auth.login.defaultCallbackHandler", "CrossRealm");
    System.setProperty("java.security.auth.login.config", "jaas-localkdc.conf");
    System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
    FileOutputStream fos = new FileOutputStream("jaas-localkdc.conf");
    fos.write(("com.sun.security.jgss.krb5.initiate {\n" +
            "    com.sun.security.auth.module.Krb5LoginModule\n" +
            "    required\n" +
            "    principal=dummy\n" +
            "    doNotPrompt=false\n" +
            "    useTicketCache=false\n" +
            "    ;\n" +
            "};").getBytes());
    fos.close();

    GSSManager m = GSSManager.getInstance();
    m.createContext(
            m.createName("[email protected]", GSSName.NT_HOSTBASED_SERVICE),
            GSSUtil.GSS_KRB5_MECH_OID,
            null,
            GSSContext.DEFAULT_LIFETIME).initSecContext(new byte[0], 0, 0);
}
 
Example #4
Source Project: dragonwell8_jdk   Author: alibaba   File: Context.java    License: GNU General Public License v2.0 6 votes vote down vote up
/**
 * Starts as a client
 * @param target communication peer
 * @param mech GSS mech
 * @throws java.lang.Exception
 */
public void startAsClient(final String target, final Oid mech) throws Exception {
    doAs(new Action() {
        @Override
        public byte[] run(Context me, byte[] dummy) throws Exception {
            GSSManager m = GSSManager.getInstance();
            me.x = (ExtendedGSSContext)m.createContext(
                      target.indexOf('@') < 0 ?
                        m.createName(target, null) :
                        m.createName(target, GSSName.NT_HOSTBASED_SERVICE),
                    mech,
                    cred,
                    GSSContext.DEFAULT_LIFETIME);
            return null;
        }
    }, null);
}
 
Example #5
Source Project: jdk8u-dev-jdk   Author: frohoff   File: Context.java    License: GNU General Public License v2.0 6 votes vote down vote up
public Context impersonate(final String someone) throws Exception {
    try {
        GSSCredential creds = Subject.doAs(s, new PrivilegedExceptionAction<GSSCredential>() {
            @Override
            public GSSCredential run() throws Exception {
                GSSManager m = GSSManager.getInstance();
                GSSName other = m.createName(someone, GSSName.NT_USER_NAME);
                if (Context.this.cred == null) {
                    Context.this.cred = m.createCredential(GSSCredential.INITIATE_ONLY);
                }
                return ((ExtendedGSSCredential)Context.this.cred).impersonate(other);
            }
        });
        Context out = new Context();
        out.s = s;
        out.cred = creds;
        out.name = name + " as " + out.cred.getName().toString();
        return out;
    } catch (PrivilegedActionException pae) {
        throw pae.getException();
    }
}
 
Example #6
Source Project: spliceengine   Author: splicemachine   File: RemoteUserKerberos.java    License: GNU Affero General Public License v3.0 6 votes vote down vote up
public Connection getRemoteConnection(String hostname) throws SQLException {
    try {
        GSSCredential clientCr = context.getDelegCred();
        GSSName clientName = clientCr.getName(); 
        Subject subject = GSSUtil.createSubject(clientName, clientCr);
        String sslMode = PropertyUtil.getSystemProperty(Property.DRDA_PROP_SSL_MODE);
        String databaseURL = sslMode==null?
                String.format("jdbc:splice://%s/splicedb;principal=%s",hostname, clientName.toString()):
                String.format("jdbc:splice://%s/splicedb;principal=%s;ssl=%s",hostname, clientName.toString(), sslMode);
        return UserManagerService.loadPropertyManager().getUserFromSubject(subject).doAs(
                (PrivilegedExceptionAction<Connection>) () -> DriverManager.getConnection(databaseURL));
    } catch (Exception e) {
        throw new SQLException(SQLState.AUTH_ERROR_KERBEROS_CLIENT,
                SQLState.AUTH_ERROR_KERBEROS_CLIENT.substring(0,5), e);
    }
}
 
Example #7
Source Project: dragonwell8_jdk   Author: alibaba   File: CrossRealm.java    License: GNU General Public License v2.0 6 votes vote down vote up
static void xRealmAuth() throws Exception {
    Security.setProperty("auth.login.defaultCallbackHandler", "CrossRealm");
    System.setProperty("java.security.auth.login.config", "jaas-localkdc.conf");
    System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
    FileOutputStream fos = new FileOutputStream("jaas-localkdc.conf");
    fos.write(("com.sun.security.jgss.krb5.initiate {\n" +
            "    com.sun.security.auth.module.Krb5LoginModule\n" +
            "    required\n" +
            "    principal=dummy\n" +
            "    doNotPrompt=false\n" +
            "    useTicketCache=false\n" +
            "    ;\n" +
            "};").getBytes());
    fos.close();

    GSSManager m = GSSManager.getInstance();
    m.createContext(
            m.createName("[email protected]", GSSName.NT_HOSTBASED_SERVICE),
            GSSUtil.GSS_KRB5_MECH_OID,
            null,
            GSSContext.DEFAULT_LIFETIME).initSecContext(new byte[0], 0, 0);
}
 
Example #8
Source Project: openjdk-8   Author: bpupadhyaya   File: Context.java    License: GNU General Public License v2.0 6 votes vote down vote up
/**
 * Starts as a server with the specified service name
 * @param name the service name
 * @param mech GSS mech
 * @throws java.lang.Exception
 */
public void startAsServer(final String name, final Oid mech, final boolean asInitiator) throws Exception {
    doAs(new Action() {
        @Override
        public byte[] run(Context me, byte[] dummy) throws Exception {
            GSSManager m = GSSManager.getInstance();
            me.cred = m.createCredential(
                    name == null ? null :
                      (name.indexOf('@') < 0 ?
                        m.createName(name, null) :
                        m.createName(name, GSSName.NT_HOSTBASED_SERVICE)),
                    GSSCredential.INDEFINITE_LIFETIME,
                    mech,
                    asInitiator?
                            GSSCredential.INITIATE_AND_ACCEPT:
                            GSSCredential.ACCEPT_ONLY);
            me.x = (ExtendedGSSContext)m.createContext(me.cred);
            return null;
        }
    }, null);
}
 
Example #9
Source Project: TencentKona-8   Author: Tencent   File: Context.java    License: GNU General Public License v2.0 6 votes vote down vote up
/**
 * Starts as a server with the specified service name
 * @param name the service name
 * @param mech GSS mech
 * @throws java.lang.Exception
 */
public void startAsServer(final String name, final Oid mech, final boolean asInitiator) throws Exception {
    doAs(new Action() {
        @Override
        public byte[] run(Context me, byte[] dummy) throws Exception {
            GSSManager m = GSSManager.getInstance();
            me.cred = m.createCredential(
                    name == null ? null :
                      (name.indexOf('@') < 0 ?
                        m.createName(name, null) :
                        m.createName(name, GSSName.NT_HOSTBASED_SERVICE)),
                    GSSCredential.INDEFINITE_LIFETIME,
                    mech,
                    asInitiator?
                            GSSCredential.INITIATE_AND_ACCEPT:
                            GSSCredential.ACCEPT_ONLY);
            me.x = (ExtendedGSSContext)m.createContext(me.cred);
            return null;
        }
    }, null);
}
 
Example #10
Source Project: jdk8u-dev-jdk   Author: frohoff   File: CrossRealm.java    License: GNU General Public License v2.0 6 votes vote down vote up
static void xRealmAuth() throws Exception {
    Security.setProperty("auth.login.defaultCallbackHandler", "CrossRealm");
    System.setProperty("java.security.auth.login.config", "jaas-localkdc.conf");
    System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
    FileOutputStream fos = new FileOutputStream("jaas-localkdc.conf");
    fos.write(("com.sun.security.jgss.krb5.initiate {\n" +
            "    com.sun.security.auth.module.Krb5LoginModule\n" +
            "    required\n" +
            "    principal=dummy\n" +
            "    doNotPrompt=false\n" +
            "    useTicketCache=false\n" +
            "    ;\n" +
            "};").getBytes());
    fos.close();

    GSSManager m = GSSManager.getInstance();
    m.createContext(
            m.createName("[email protected]", GSSName.NT_HOSTBASED_SERVICE),
            GSSUtil.GSS_KRB5_MECH_OID,
            null,
            GSSContext.DEFAULT_LIFETIME).initSecContext(new byte[0], 0, 0);
}
 
Example #11
Source Project: jdk8u60   Author: chenghanpeng   File: Context.java    License: GNU General Public License v2.0 6 votes vote down vote up
public Context impersonate(final String someone) throws Exception {
    try {
        GSSCredential creds = Subject.doAs(s, new PrivilegedExceptionAction<GSSCredential>() {
            @Override
            public GSSCredential run() throws Exception {
                GSSManager m = GSSManager.getInstance();
                GSSName other = m.createName(someone, GSSName.NT_USER_NAME);
                if (Context.this.cred == null) {
                    Context.this.cred = m.createCredential(GSSCredential.INITIATE_ONLY);
                }
                return ((ExtendedGSSCredential)Context.this.cred).impersonate(other);
            }
        });
        Context out = new Context();
        out.s = s;
        out.cred = creds;
        out.name = name + " as " + out.cred.getName().toString();
        return out;
    } catch (PrivilegedActionException pae) {
        throw pae.getException();
    }
}
 
Example #12
Source Project: jdk8u-jdk   Author: lambdalab-mirror   File: Context.java    License: GNU General Public License v2.0 6 votes vote down vote up
/**
 * Starts as a client
 * @param target communication peer
 * @param mech GSS mech
 * @throws java.lang.Exception
 */
public void startAsClient(final String target, final Oid mech) throws Exception {
    doAs(new Action() {
        @Override
        public byte[] run(Context me, byte[] dummy) throws Exception {
            GSSManager m = GSSManager.getInstance();
            me.x = (ExtendedGSSContext)m.createContext(
                      target.indexOf('@') < 0 ?
                        m.createName(target, null) :
                        m.createName(target, GSSName.NT_HOSTBASED_SERVICE),
                    mech,
                    cred,
                    GSSContext.DEFAULT_LIFETIME);
            return null;
        }
    }, null);
}
 
Example #13
Source Project: openjdk-8-source   Author: keerath   File: Context.java    License: GNU General Public License v2.0 6 votes vote down vote up
/**
 * Starts as a server with the specified service name
 * @param name the service name
 * @param mech GSS mech
 * @throws java.lang.Exception
 */
public void startAsServer(final String name, final Oid mech, final boolean asInitiator) throws Exception {
    doAs(new Action() {
        @Override
        public byte[] run(Context me, byte[] dummy) throws Exception {
            GSSManager m = GSSManager.getInstance();
            me.cred = m.createCredential(
                    name == null ? null :
                      (name.indexOf('@') < 0 ?
                        m.createName(name, null) :
                        m.createName(name, GSSName.NT_HOSTBASED_SERVICE)),
                    GSSCredential.INDEFINITE_LIFETIME,
                    mech,
                    asInitiator?
                            GSSCredential.INITIATE_AND_ACCEPT:
                            GSSCredential.ACCEPT_ONLY);
            me.x = (ExtendedGSSContext)m.createContext(me.cred);
            return null;
        }
    }, null);
}
 
Example #14
Source Project: elasticsearch-shield-kerberos-realm   Author: codecentric   File: KerberizedClient.java    License: Apache License 2.0 6 votes vote down vote up
GSSContext initGSS() throws Exception {
    final GSSManager MANAGER = GSSManager.getInstance();

    final PrivilegedExceptionAction<GSSCredential> action = new PrivilegedExceptionAction<GSSCredential>() {
        @Override
        public GSSCredential run() throws GSSException {
            return MANAGER.createCredential(null, GSSCredential.DEFAULT_LIFETIME, KrbConstants.SPNEGO, GSSCredential.INITIATE_ONLY);
        }
    };

    final GSSCredential clientcreds = Subject.doAs(initiatorSubject, action);

    final GSSContext context = MANAGER.createContext(MANAGER.createName(acceptorPrincipal, GSSName.NT_USER_NAME, KrbConstants.SPNEGO),
            KrbConstants.SPNEGO, clientcreds, GSSContext.DEFAULT_LIFETIME);

    //TODO make configurable
    context.requestMutualAuth(true);
    context.requestConf(true);
    context.requestInteg(true);
    context.requestReplayDet(true);
    context.requestSequenceDet(true);
    context.requestCredDeleg(false);

    return context;
}
 
Example #15
Source Project: openjdk-jdk8u   Author: AdoptOpenJDK   File: Context.java    License: GNU General Public License v2.0 6 votes vote down vote up
/**
 * Starts as a server with the specified service name
 * @param name the service name
 * @param mech GSS mech
 * @throws java.lang.Exception
 */
public void startAsServer(final String name, final Oid mech, final boolean asInitiator) throws Exception {
    doAs(new Action() {
        @Override
        public byte[] run(Context me, byte[] dummy) throws Exception {
            GSSManager m = GSSManager.getInstance();
            me.cred = m.createCredential(
                    name == null ? null :
                      (name.indexOf('@') < 0 ?
                        m.createName(name, null) :
                        m.createName(name, GSSName.NT_HOSTBASED_SERVICE)),
                    GSSCredential.INDEFINITE_LIFETIME,
                    mech,
                    asInitiator?
                            GSSCredential.INITIATE_AND_ACCEPT:
                            GSSCredential.ACCEPT_ONLY);
            me.x = (ExtendedGSSContext)m.createContext(me.cred);
            return null;
        }
    }, null);
}
 
Example #16
Source Project: cxf   Author: apache   File: JAXRSKerberosBookTest.java    License: Apache License 2.0 6 votes vote down vote up
private void doTestGetBook123Proxy(String configFile) throws Exception {
    BookStore bs = JAXRSClientFactory.create("http://localhost:" + PORT, BookStore.class,
            configFile);
    WebClient.getConfig(bs).getOutInterceptors().add(new LoggingOutInterceptor());

    SpnegoAuthSupplier authSupplier = new SpnegoAuthSupplier();
    authSupplier.setServicePrincipalName("[email protected]");
    authSupplier.setServiceNameType(GSSName.NT_HOSTBASED_SERVICE);
    WebClient.getConfig(bs).getHttpConduit().setAuthSupplier(authSupplier);

    // just to verify the interface call goes through CGLIB proxy too
    Assert.assertEquals("http://localhost:" + PORT, WebClient.client(bs).getBaseURI().toString());
    Book b = bs.getBook("123");
    Assert.assertEquals(b.getId(), 123);
    b = bs.getBook("123");
    Assert.assertEquals(b.getId(), 123);
}
 
Example #17
Source Project: jdk8u-jdk   Author: frohoff   File: Context.java    License: GNU General Public License v2.0 6 votes vote down vote up
public Context impersonate(final String someone) throws Exception {
    try {
        GSSCredential creds = Subject.doAs(s, new PrivilegedExceptionAction<GSSCredential>() {
            @Override
            public GSSCredential run() throws Exception {
                GSSManager m = GSSManager.getInstance();
                GSSName other = m.createName(someone, GSSName.NT_USER_NAME);
                if (Context.this.cred == null) {
                    Context.this.cred = m.createCredential(GSSCredential.INITIATE_ONLY);
                }
                return ((ExtendedGSSCredential)Context.this.cred).impersonate(other);
            }
        });
        Context out = new Context();
        out.s = s;
        out.cred = creds;
        out.name = name + " as " + out.cred.getName().toString();
        return out;
    } catch (PrivilegedActionException pae) {
        throw pae.getException();
    }
}
 
Example #18
Source Project: ats-framework   Author: Axway   File: SPNegoSchemeFactory.java    License: Apache License 2.0 6 votes vote down vote up
private Oid getOidForType(
                           String type ) {

    if ("NT_USER_NAME".equals(type)) {
        return GSSName.NT_USER_NAME;
    } else if ("NT_HOSTBASED_SERVICE".equals(type)) {
        return GSSName.NT_HOSTBASED_SERVICE;
    } else if ("NT_MACHINE_UID_NAME".equals(type)) {
        return GSSName.NT_MACHINE_UID_NAME;
    } else if ("NT_STRING_UID_NAME".equals(type)) {
        return GSSName.NT_STRING_UID_NAME;
    } else if ("NT_ANONYMOUS".equals(type)) {
        return GSSName.NT_ANONYMOUS;
    } else if ("NT_EXPORT_NAME".equals(type)) {
        return GSSName.NT_EXPORT_NAME;
    }
    return GSSName.NT_USER_NAME;
}
 
Example #19
Source Project: ats-framework   Author: Axway   File: GGSSchemeBase.java    License: Apache License 2.0 6 votes vote down vote up
protected byte[] generateGSSToken(
                                   final byte[] input,
                                   final Oid oid ) throws GSSException {

    byte[] token = input;
    if (token == null) {
        token = new byte[0];
    }
    GSSManager manager = getManager();

    GSSName serverName = manager.createName(servicePrincipalName, servicePrincipalOid);

    GSSContext gssContext = manager.createContext(serverName.canonicalize(oid),
                                                  oid,
                                                  null,
                                                  GSSContext.DEFAULT_LIFETIME);
    gssContext.requestMutualAuth(true);
    gssContext.requestCredDeleg(true);
    // Get client to login if not already done
    return gssClient.negotiate(gssContext, token);
}
 
Example #20
Source Project: openjdk-8-source   Author: keerath   File: CrossRealm.java    License: GNU General Public License v2.0 6 votes vote down vote up
static void xRealmAuth() throws Exception {
    Security.setProperty("auth.login.defaultCallbackHandler", "CrossRealm");
    System.setProperty("java.security.auth.login.config", "jaas-localkdc.conf");
    System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
    FileOutputStream fos = new FileOutputStream("jaas-localkdc.conf");
    fos.write(("com.sun.security.jgss.krb5.initiate {\n" +
            "    com.sun.security.auth.module.Krb5LoginModule\n" +
            "    required\n" +
            "    principal=dummy\n" +
            "    doNotPrompt=false\n" +
            "    useTicketCache=false\n" +
            "    ;\n" +
            "};").getBytes());
    fos.close();

    GSSManager m = GSSManager.getInstance();
    m.createContext(
            m.createName("[email protected]", GSSName.NT_HOSTBASED_SERVICE),
            GSSUtil.GSS_KRB5_MECH_OID,
            null,
            GSSContext.DEFAULT_LIFETIME).initSecContext(new byte[0], 0, 0);
}
 
Example #21
Source Project: openjdk-jdk9   Author: AdoptOpenJDK   File: Context.java    License: GNU General Public License v2.0 6 votes vote down vote up
/**
 * Starts as a server with the specified service name
 * @param name the service name
 * @param mech GSS mech
 * @throws java.lang.Exception
 */
public void startAsServer(final String name, final Oid mech, final boolean asInitiator) throws Exception {
    doAs(new Action() {
        @Override
        public byte[] run(Context me, byte[] dummy) throws Exception {
            GSSManager m = GSSManager.getInstance();
            me.cred = m.createCredential(
                    name == null ? null :
                      (name.indexOf('@') < 0 ?
                        m.createName(name, null) :
                        m.createName(name, GSSName.NT_HOSTBASED_SERVICE)),
                    GSSCredential.INDEFINITE_LIFETIME,
                    mech,
                    asInitiator?
                            GSSCredential.INITIATE_AND_ACCEPT:
                            GSSCredential.ACCEPT_ONLY);
            me.x = m.createContext(me.cred);
            return null;
        }
    }, null);
}
 
Example #22
Source Project: jdk8u-dev-jdk   Author: frohoff   File: Context.java    License: GNU General Public License v2.0 6 votes vote down vote up
/**
 * Starts as a server with the specified service name
 * @param name the service name
 * @param mech GSS mech
 * @throws java.lang.Exception
 */
public void startAsServer(final String name, final Oid mech, final boolean asInitiator) throws Exception {
    doAs(new Action() {
        @Override
        public byte[] run(Context me, byte[] dummy) throws Exception {
            GSSManager m = GSSManager.getInstance();
            me.cred = m.createCredential(
                    name == null ? null :
                      (name.indexOf('@') < 0 ?
                        m.createName(name, null) :
                        m.createName(name, GSSName.NT_HOSTBASED_SERVICE)),
                    GSSCredential.INDEFINITE_LIFETIME,
                    mech,
                    asInitiator?
                            GSSCredential.INITIATE_AND_ACCEPT:
                            GSSCredential.ACCEPT_ONLY);
            me.x = (ExtendedGSSContext)m.createContext(me.cred);
            return null;
        }
    }, null);
}
 
Example #23
Source Project: jdk8u-dev-jdk   Author: frohoff   File: Context.java    License: GNU General Public License v2.0 6 votes vote down vote up
/**
 * Starts as a client
 * @param target communication peer
 * @param mech GSS mech
 * @throws java.lang.Exception
 */
public void startAsClient(final String target, final Oid mech) throws Exception {
    doAs(new Action() {
        @Override
        public byte[] run(Context me, byte[] dummy) throws Exception {
            GSSManager m = GSSManager.getInstance();
            me.x = (ExtendedGSSContext)m.createContext(
                      target.indexOf('@') < 0 ?
                        m.createName(target, null) :
                        m.createName(target, GSSName.NT_HOSTBASED_SERVICE),
                    mech,
                    cred,
                    GSSContext.DEFAULT_LIFETIME);
            return null;
        }
    }, null);
}
 
Example #24
Source Project: openjdk-jdk8u-backup   Author: AdoptOpenJDK   File: Context.java    License: GNU General Public License v2.0 6 votes vote down vote up
/**
 * Starts as a client
 * @param target communication peer
 * @param mech GSS mech
 * @throws java.lang.Exception
 */
public void startAsClient(final String target, final Oid mech) throws Exception {
    doAs(new Action() {
        @Override
        public byte[] run(Context me, byte[] dummy) throws Exception {
            GSSManager m = GSSManager.getInstance();
            me.x = (ExtendedGSSContext)m.createContext(
                      target.indexOf('@') < 0 ?
                        m.createName(target, null) :
                        m.createName(target, GSSName.NT_HOSTBASED_SERVICE),
                    mech,
                    cred,
                    GSSContext.DEFAULT_LIFETIME);
            return null;
        }
    }, null);
}
 
Example #25
Source Project: hottub   Author: dsrg-uoft   File: Context.java    License: GNU General Public License v2.0 6 votes vote down vote up
/**
 * Starts as a client
 * @param target communication peer
 * @param mech GSS mech
 * @throws java.lang.Exception
 */
public void startAsClient(final String target, final Oid mech) throws Exception {
    doAs(new Action() {
        @Override
        public byte[] run(Context me, byte[] dummy) throws Exception {
            GSSManager m = GSSManager.getInstance();
            me.x = (ExtendedGSSContext)m.createContext(
                      target.indexOf('@') < 0 ?
                        m.createName(target, null) :
                        m.createName(target, GSSName.NT_HOSTBASED_SERVICE),
                    mech,
                    cred,
                    GSSContext.DEFAULT_LIFETIME);
            return null;
        }
    }, null);
}
 
Example #26
Source Project: jdk8u_jdk   Author: JetBrains   File: Context.java    License: GNU General Public License v2.0 6 votes vote down vote up
/**
 * Starts as a client
 * @param target communication peer
 * @param mech GSS mech
 * @throws java.lang.Exception
 */
public void startAsClient(final String target, final Oid mech) throws Exception {
    doAs(new Action() {
        @Override
        public byte[] run(Context me, byte[] dummy) throws Exception {
            GSSManager m = GSSManager.getInstance();
            me.x = (ExtendedGSSContext)m.createContext(
                      target.indexOf('@') < 0 ?
                        m.createName(target, null) :
                        m.createName(target, GSSName.NT_HOSTBASED_SERVICE),
                    mech,
                    cred,
                    GSSContext.DEFAULT_LIFETIME);
            return null;
        }
    }, null);
}
 
Example #27
Source Project: openjdk-jdk8u-backup   Author: AdoptOpenJDK   File: CrossRealm.java    License: GNU General Public License v2.0 6 votes vote down vote up
static void xRealmAuth() throws Exception {
    Security.setProperty("auth.login.defaultCallbackHandler", "CrossRealm");
    System.setProperty("java.security.auth.login.config", "jaas-localkdc.conf");
    System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
    FileOutputStream fos = new FileOutputStream("jaas-localkdc.conf");
    fos.write(("com.sun.security.jgss.krb5.initiate {\n" +
            "    com.sun.security.auth.module.Krb5LoginModule\n" +
            "    required\n" +
            "    principal=dummy\n" +
            "    doNotPrompt=false\n" +
            "    useTicketCache=false\n" +
            "    ;\n" +
            "};").getBytes());
    fos.close();

    GSSManager m = GSSManager.getInstance();
    m.createContext(
            m.createName("[email protected]", GSSName.NT_HOSTBASED_SERVICE),
            GSSUtil.GSS_KRB5_MECH_OID,
            null,
            GSSContext.DEFAULT_LIFETIME).initSecContext(new byte[0], 0, 0);
}
 
Example #28
Source Project: hbase   Author: apache   File: TestInfoServersACL.java    License: Apache License 2.0 6 votes vote down vote up
private CloseableHttpClient createHttpClient(String clientPrincipal) throws Exception {
  // Logs in with Kerberos via GSS
  GSSManager gssManager = GSSManager.getInstance();
  // jGSS Kerberos login constant
  Oid oid = new Oid("1.2.840.113554.1.2.2");
  GSSName gssClient = gssManager.createName(clientPrincipal, GSSName.NT_USER_NAME);
  GSSCredential credential = gssManager.createCredential(
      gssClient, GSSCredential.DEFAULT_LIFETIME, oid, GSSCredential.INITIATE_ONLY);

  Lookup<AuthSchemeProvider> authRegistry = RegistryBuilder.<AuthSchemeProvider>create()
      .register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory(true, true)).build();

  BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider();
  credentialsProvider.setCredentials(AuthScope.ANY, new KerberosCredentials(credential));

  return HttpClients.custom().setDefaultAuthSchemeRegistry(authRegistry)
      .setDefaultCredentialsProvider(credentialsProvider).build();
}
 
Example #29
Source Project: cxf   Author: apache   File: KerberosDelegationTokenTest.java    License: Apache License 2.0 6 votes vote down vote up
@org.junit.Test
public void testKerberosTokenJAXRS() throws Exception {

    final String configLocation = "org/apache/cxf/systest/sts/kerberos/cxf-intermediary-jaxrs-client.xml";
    final String address = "https://localhost:" + INTERMEDIARY_PORT + "/doubleit/services/doubleit-rs";
    final int numToDouble = 35;

    WebClient client = WebClient.create(address, configLocation);
    client.type("text/plain").accept("text/plain");

    Map<String, Object> requestContext = WebClient.getConfig(client).getRequestContext();
    requestContext.put("auth.spnego.useKerberosOid", "true");
    requestContext.put("auth.spnego.requireCredDelegation", "true");

    SpnegoAuthSupplier authSupplier = new SpnegoAuthSupplier();
    authSupplier.setServicePrincipalName("[email protected]");
    authSupplier.setServiceNameType(GSSName.NT_HOSTBASED_SERVICE);
    WebClient.getConfig(client).getHttpConduit().setAuthSupplier(authSupplier);

    int resp = client.post(numToDouble, Integer.class);
    assertEquals(2 * numToDouble, resp);
}
 
Example #30
Source Project: openjdk-jdk9   Author: AdoptOpenJDK   File: Context.java    License: GNU General Public License v2.0 6 votes vote down vote up
/**
 * Starts as a client
 * @param target communication peer
 * @param mech GSS mech
 * @throws java.lang.Exception
 */
public void startAsClient(final String target, final Oid mech) throws Exception {
    doAs(new Action() {
        @Override
        public byte[] run(Context me, byte[] dummy) throws Exception {
            GSSManager m = GSSManager.getInstance();
            me.x = m.createContext(
                      target.indexOf('@') < 0 ?
                        m.createName(target, null) :
                        m.createName(target, GSSName.NT_HOSTBASED_SERVICE),
                    mech,
                    cred,
                    GSSContext.DEFAULT_LIFETIME);
            return null;
        }
    }, null);
}