org.ietf.jgss.GSSName Java Examples
The following examples show how to use
org.ietf.jgss.GSSName.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source Project: Tomcat8-Source-Read Author: chenmudu File: LockOutRealm.java License: MIT License | 6 votes |
|
/**
* {@inheritDoc}
*/
@Override
public Principal authenticate(GSSContext gssContext, boolean storeCreds) {
if (gssContext.isEstablished()) {
String username = null;
GSSName name = null;
try {
name = gssContext.getSrcName();
} catch (GSSException e) {
log.warn(sm.getString("realmBase.gssNameFail"), e);
return null;
}
username = name.toString();
Principal authenticatedUser = super.authenticate(gssContext, storeCreds);
return filterLockedAccounts(username, authenticatedUser);
}
// Fail in all other cases
return null;
}
Example #2
| Source Project: openjdk-jdk9 Author: AdoptOpenJDK File: CrossRealm.java License: GNU General Public License v2.0 | 6 votes |
|
static void xRealmAuth() throws Exception {
Security.setProperty("auth.login.defaultCallbackHandler", "CrossRealm");
System.setProperty("java.security.auth.login.config", "jaas-localkdc.conf");
System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
FileOutputStream fos = new FileOutputStream("jaas-localkdc.conf");
fos.write(("com.sun.security.jgss.krb5.initiate {\n" +
" com.sun.security.auth.module.Krb5LoginModule\n" +
" required\n" +
" principal=dummy\n" +
" doNotPrompt=false\n" +
" useTicketCache=false\n" +
" ;\n" +
"};").getBytes());
fos.close();
GSSManager m = GSSManager.getInstance();
m.createContext(
m.createName("[email protected]", GSSName.NT_HOSTBASED_SERVICE),
GSSUtil.GSS_KRB5_MECH_OID,
null,
GSSContext.DEFAULT_LIFETIME).initSecContext(new byte[0], 0, 0);
}
Example #3
| Source Project: jdk8u_jdk Author: JetBrains File: CrossRealm.java License: GNU General Public License v2.0 | 6 votes |
|
static void xRealmAuth() throws Exception {
Security.setProperty("auth.login.defaultCallbackHandler", "CrossRealm");
System.setProperty("java.security.auth.login.config", "jaas-localkdc.conf");
System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
FileOutputStream fos = new FileOutputStream("jaas-localkdc.conf");
fos.write(("com.sun.security.jgss.krb5.initiate {\n" +
" com.sun.security.auth.module.Krb5LoginModule\n" +
" required\n" +
" principal=dummy\n" +
" doNotPrompt=false\n" +
" useTicketCache=false\n" +
" ;\n" +
"};").getBytes());
fos.close();
GSSManager m = GSSManager.getInstance();
m.createContext(
m.createName("[email protected]", GSSName.NT_HOSTBASED_SERVICE),
GSSUtil.GSS_KRB5_MECH_OID,
null,
GSSContext.DEFAULT_LIFETIME).initSecContext(new byte[0], 0, 0);
}
Example #4
| Source Project: dragonwell8_jdk Author: alibaba File: Context.java License: GNU General Public License v2.0 | 6 votes |
|
/**
* Starts as a client
* @param target communication peer
* @param mech GSS mech
* @throws java.lang.Exception
*/
public void startAsClient(final String target, final Oid mech) throws Exception {
doAs(new Action() {
@Override
public byte[] run(Context me, byte[] dummy) throws Exception {
GSSManager m = GSSManager.getInstance();
me.x = (ExtendedGSSContext)m.createContext(
target.indexOf('@') < 0 ?
m.createName(target, null) :
m.createName(target, GSSName.NT_HOSTBASED_SERVICE),
mech,
cred,
GSSContext.DEFAULT_LIFETIME);
return null;
}
}, null);
}
Example #5
| Source Project: jdk8u-dev-jdk Author: frohoff File: Context.java License: GNU General Public License v2.0 | 6 votes |
|
public Context impersonate(final String someone) throws Exception {
try {
GSSCredential creds = Subject.doAs(s, new PrivilegedExceptionAction<GSSCredential>() {
@Override
public GSSCredential run() throws Exception {
GSSManager m = GSSManager.getInstance();
GSSName other = m.createName(someone, GSSName.NT_USER_NAME);
if (Context.this.cred == null) {
Context.this.cred = m.createCredential(GSSCredential.INITIATE_ONLY);
}
return ((ExtendedGSSCredential)Context.this.cred).impersonate(other);
}
});
Context out = new Context();
out.s = s;
out.cred = creds;
out.name = name + " as " + out.cred.getName().toString();
return out;
} catch (PrivilegedActionException pae) {
throw pae.getException();
}
}
Example #6
| Source Project: spliceengine Author: splicemachine File: RemoteUserKerberos.java License: GNU Affero General Public License v3.0 | 6 votes |
|
public Connection getRemoteConnection(String hostname) throws SQLException {
try {
GSSCredential clientCr = context.getDelegCred();
GSSName clientName = clientCr.getName();
Subject subject = GSSUtil.createSubject(clientName, clientCr);
String sslMode = PropertyUtil.getSystemProperty(Property.DRDA_PROP_SSL_MODE);
String databaseURL = sslMode==null?
String.format("jdbc:splice://%s/splicedb;principal=%s",hostname, clientName.toString()):
String.format("jdbc:splice://%s/splicedb;principal=%s;ssl=%s",hostname, clientName.toString(), sslMode);
return UserManagerService.loadPropertyManager().getUserFromSubject(subject).doAs(
(PrivilegedExceptionAction<Connection>) () -> DriverManager.getConnection(databaseURL));
} catch (Exception e) {
throw new SQLException(SQLState.AUTH_ERROR_KERBEROS_CLIENT,
SQLState.AUTH_ERROR_KERBEROS_CLIENT.substring(0,5), e);
}
}
Example #7
| Source Project: dragonwell8_jdk Author: alibaba File: CrossRealm.java License: GNU General Public License v2.0 | 6 votes |
|
static void xRealmAuth() throws Exception {
Security.setProperty("auth.login.defaultCallbackHandler", "CrossRealm");
System.setProperty("java.security.auth.login.config", "jaas-localkdc.conf");
System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
FileOutputStream fos = new FileOutputStream("jaas-localkdc.conf");
fos.write(("com.sun.security.jgss.krb5.initiate {\n" +
" com.sun.security.auth.module.Krb5LoginModule\n" +
" required\n" +
" principal=dummy\n" +
" doNotPrompt=false\n" +
" useTicketCache=false\n" +
" ;\n" +
"};").getBytes());
fos.close();
GSSManager m = GSSManager.getInstance();
m.createContext(
m.createName("[email protected]", GSSName.NT_HOSTBASED_SERVICE),
GSSUtil.GSS_KRB5_MECH_OID,
null,
GSSContext.DEFAULT_LIFETIME).initSecContext(new byte[0], 0, 0);
}
Example #8
| Source Project: openjdk-8 Author: bpupadhyaya File: Context.java License: GNU General Public License v2.0 | 6 votes |
|
/**
* Starts as a server with the specified service name
* @param name the service name
* @param mech GSS mech
* @throws java.lang.Exception
*/
public void startAsServer(final String name, final Oid mech, final boolean asInitiator) throws Exception {
doAs(new Action() {
@Override
public byte[] run(Context me, byte[] dummy) throws Exception {
GSSManager m = GSSManager.getInstance();
me.cred = m.createCredential(
name == null ? null :
(name.indexOf('@') < 0 ?
m.createName(name, null) :
m.createName(name, GSSName.NT_HOSTBASED_SERVICE)),
GSSCredential.INDEFINITE_LIFETIME,
mech,
asInitiator?
GSSCredential.INITIATE_AND_ACCEPT:
GSSCredential.ACCEPT_ONLY);
me.x = (ExtendedGSSContext)m.createContext(me.cred);
return null;
}
}, null);
}
Example #9
| Source Project: TencentKona-8 Author: Tencent File: Context.java License: GNU General Public License v2.0 | 6 votes |
|
/**
* Starts as a server with the specified service name
* @param name the service name
* @param mech GSS mech
* @throws java.lang.Exception
*/
public void startAsServer(final String name, final Oid mech, final boolean asInitiator) throws Exception {
doAs(new Action() {
@Override
public byte[] run(Context me, byte[] dummy) throws Exception {
GSSManager m = GSSManager.getInstance();
me.cred = m.createCredential(
name == null ? null :
(name.indexOf('@') < 0 ?
m.createName(name, null) :
m.createName(name, GSSName.NT_HOSTBASED_SERVICE)),
GSSCredential.INDEFINITE_LIFETIME,
mech,
asInitiator?
GSSCredential.INITIATE_AND_ACCEPT:
GSSCredential.ACCEPT_ONLY);
me.x = (ExtendedGSSContext)m.createContext(me.cred);
return null;
}
}, null);
}
Example #10
| Source Project: jdk8u-dev-jdk Author: frohoff File: CrossRealm.java License: GNU General Public License v2.0 | 6 votes |
|
static void xRealmAuth() throws Exception {
Security.setProperty("auth.login.defaultCallbackHandler", "CrossRealm");
System.setProperty("java.security.auth.login.config", "jaas-localkdc.conf");
System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
FileOutputStream fos = new FileOutputStream("jaas-localkdc.conf");
fos.write(("com.sun.security.jgss.krb5.initiate {\n" +
" com.sun.security.auth.module.Krb5LoginModule\n" +
" required\n" +
" principal=dummy\n" +
" doNotPrompt=false\n" +
" useTicketCache=false\n" +
" ;\n" +
"};").getBytes());
fos.close();
GSSManager m = GSSManager.getInstance();
m.createContext(
m.createName("[email protected]", GSSName.NT_HOSTBASED_SERVICE),
GSSUtil.GSS_KRB5_MECH_OID,
null,
GSSContext.DEFAULT_LIFETIME).initSecContext(new byte[0], 0, 0);
}
Example #11
| Source Project: jdk8u60 Author: chenghanpeng File: Context.java License: GNU General Public License v2.0 | 6 votes |
|
public Context impersonate(final String someone) throws Exception {
try {
GSSCredential creds = Subject.doAs(s, new PrivilegedExceptionAction<GSSCredential>() {
@Override
public GSSCredential run() throws Exception {
GSSManager m = GSSManager.getInstance();
GSSName other = m.createName(someone, GSSName.NT_USER_NAME);
if (Context.this.cred == null) {
Context.this.cred = m.createCredential(GSSCredential.INITIATE_ONLY);
}
return ((ExtendedGSSCredential)Context.this.cred).impersonate(other);
}
});
Context out = new Context();
out.s = s;
out.cred = creds;
out.name = name + " as " + out.cred.getName().toString();
return out;
} catch (PrivilegedActionException pae) {
throw pae.getException();
}
}
Example #12
| Source Project: jdk8u-jdk Author: lambdalab-mirror File: Context.java License: GNU General Public License v2.0 | 6 votes |
|
/**
* Starts as a client
* @param target communication peer
* @param mech GSS mech
* @throws java.lang.Exception
*/
public void startAsClient(final String target, final Oid mech) throws Exception {
doAs(new Action() {
@Override
public byte[] run(Context me, byte[] dummy) throws Exception {
GSSManager m = GSSManager.getInstance();
me.x = (ExtendedGSSContext)m.createContext(
target.indexOf('@') < 0 ?
m.createName(target, null) :
m.createName(target, GSSName.NT_HOSTBASED_SERVICE),
mech,
cred,
GSSContext.DEFAULT_LIFETIME);
return null;
}
}, null);
}
Example #13
| Source Project: openjdk-8-source Author: keerath File: Context.java License: GNU General Public License v2.0 | 6 votes |
|
/**
* Starts as a server with the specified service name
* @param name the service name
* @param mech GSS mech
* @throws java.lang.Exception
*/
public void startAsServer(final String name, final Oid mech, final boolean asInitiator) throws Exception {
doAs(new Action() {
@Override
public byte[] run(Context me, byte[] dummy) throws Exception {
GSSManager m = GSSManager.getInstance();
me.cred = m.createCredential(
name == null ? null :
(name.indexOf('@') < 0 ?
m.createName(name, null) :
m.createName(name, GSSName.NT_HOSTBASED_SERVICE)),
GSSCredential.INDEFINITE_LIFETIME,
mech,
asInitiator?
GSSCredential.INITIATE_AND_ACCEPT:
GSSCredential.ACCEPT_ONLY);
me.x = (ExtendedGSSContext)m.createContext(me.cred);
return null;
}
}, null);
}
Example #14
| Source Project: elasticsearch-shield-kerberos-realm Author: codecentric File: KerberizedClient.java License: Apache License 2.0 | 6 votes |
|
GSSContext initGSS() throws Exception {
final GSSManager MANAGER = GSSManager.getInstance();
final PrivilegedExceptionAction<GSSCredential> action = new PrivilegedExceptionAction<GSSCredential>() {
@Override
public GSSCredential run() throws GSSException {
return MANAGER.createCredential(null, GSSCredential.DEFAULT_LIFETIME, KrbConstants.SPNEGO, GSSCredential.INITIATE_ONLY);
}
};
final GSSCredential clientcreds = Subject.doAs(initiatorSubject, action);
final GSSContext context = MANAGER.createContext(MANAGER.createName(acceptorPrincipal, GSSName.NT_USER_NAME, KrbConstants.SPNEGO),
KrbConstants.SPNEGO, clientcreds, GSSContext.DEFAULT_LIFETIME);
//TODO make configurable
context.requestMutualAuth(true);
context.requestConf(true);
context.requestInteg(true);
context.requestReplayDet(true);
context.requestSequenceDet(true);
context.requestCredDeleg(false);
return context;
}
Example #15
| Source Project: openjdk-jdk8u Author: AdoptOpenJDK File: Context.java License: GNU General Public License v2.0 | 6 votes |
|
/**
* Starts as a server with the specified service name
* @param name the service name
* @param mech GSS mech
* @throws java.lang.Exception
*/
public void startAsServer(final String name, final Oid mech, final boolean asInitiator) throws Exception {
doAs(new Action() {
@Override
public byte[] run(Context me, byte[] dummy) throws Exception {
GSSManager m = GSSManager.getInstance();
me.cred = m.createCredential(
name == null ? null :
(name.indexOf('@') < 0 ?
m.createName(name, null) :
m.createName(name, GSSName.NT_HOSTBASED_SERVICE)),
GSSCredential.INDEFINITE_LIFETIME,
mech,
asInitiator?
GSSCredential.INITIATE_AND_ACCEPT:
GSSCredential.ACCEPT_ONLY);
me.x = (ExtendedGSSContext)m.createContext(me.cred);
return null;
}
}, null);
}
Example #16
| Source Project: cxf Author: apache File: JAXRSKerberosBookTest.java License: Apache License 2.0 | 6 votes |
|
private void doTestGetBook123Proxy(String configFile) throws Exception {
BookStore bs = JAXRSClientFactory.create("http://localhost:" + PORT, BookStore.class,
configFile);
WebClient.getConfig(bs).getOutInterceptors().add(new LoggingOutInterceptor());
SpnegoAuthSupplier authSupplier = new SpnegoAuthSupplier();
authSupplier.setServicePrincipalName("[email protected]");
authSupplier.setServiceNameType(GSSName.NT_HOSTBASED_SERVICE);
WebClient.getConfig(bs).getHttpConduit().setAuthSupplier(authSupplier);
// just to verify the interface call goes through CGLIB proxy too
Assert.assertEquals("http://localhost:" + PORT, WebClient.client(bs).getBaseURI().toString());
Book b = bs.getBook("123");
Assert.assertEquals(b.getId(), 123);
b = bs.getBook("123");
Assert.assertEquals(b.getId(), 123);
}
Example #17
| Source Project: jdk8u-jdk Author: frohoff File: Context.java License: GNU General Public License v2.0 | 6 votes |
|
public Context impersonate(final String someone) throws Exception {
try {
GSSCredential creds = Subject.doAs(s, new PrivilegedExceptionAction<GSSCredential>() {
@Override
public GSSCredential run() throws Exception {
GSSManager m = GSSManager.getInstance();
GSSName other = m.createName(someone, GSSName.NT_USER_NAME);
if (Context.this.cred == null) {
Context.this.cred = m.createCredential(GSSCredential.INITIATE_ONLY);
}
return ((ExtendedGSSCredential)Context.this.cred).impersonate(other);
}
});
Context out = new Context();
out.s = s;
out.cred = creds;
out.name = name + " as " + out.cred.getName().toString();
return out;
} catch (PrivilegedActionException pae) {
throw pae.getException();
}
}
Example #18
| Source Project: ats-framework Author: Axway File: SPNegoSchemeFactory.java License: Apache License 2.0 | 6 votes |
|
private Oid getOidForType(
String type ) {
if ("NT_USER_NAME".equals(type)) {
return GSSName.NT_USER_NAME;
} else if ("NT_HOSTBASED_SERVICE".equals(type)) {
return GSSName.NT_HOSTBASED_SERVICE;
} else if ("NT_MACHINE_UID_NAME".equals(type)) {
return GSSName.NT_MACHINE_UID_NAME;
} else if ("NT_STRING_UID_NAME".equals(type)) {
return GSSName.NT_STRING_UID_NAME;
} else if ("NT_ANONYMOUS".equals(type)) {
return GSSName.NT_ANONYMOUS;
} else if ("NT_EXPORT_NAME".equals(type)) {
return GSSName.NT_EXPORT_NAME;
}
return GSSName.NT_USER_NAME;
}
Example #19
| Source Project: ats-framework Author: Axway File: GGSSchemeBase.java License: Apache License 2.0 | 6 votes |
|
protected byte[] generateGSSToken(
final byte[] input,
final Oid oid ) throws GSSException {
byte[] token = input;
if (token == null) {
token = new byte[0];
}
GSSManager manager = getManager();
GSSName serverName = manager.createName(servicePrincipalName, servicePrincipalOid);
GSSContext gssContext = manager.createContext(serverName.canonicalize(oid),
oid,
null,
GSSContext.DEFAULT_LIFETIME);
gssContext.requestMutualAuth(true);
gssContext.requestCredDeleg(true);
// Get client to login if not already done
return gssClient.negotiate(gssContext, token);
}
Example #20
| Source Project: openjdk-8-source Author: keerath File: CrossRealm.java License: GNU General Public License v2.0 | 6 votes |
|
static void xRealmAuth() throws Exception {
Security.setProperty("auth.login.defaultCallbackHandler", "CrossRealm");
System.setProperty("java.security.auth.login.config", "jaas-localkdc.conf");
System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
FileOutputStream fos = new FileOutputStream("jaas-localkdc.conf");
fos.write(("com.sun.security.jgss.krb5.initiate {\n" +
" com.sun.security.auth.module.Krb5LoginModule\n" +
" required\n" +
" principal=dummy\n" +
" doNotPrompt=false\n" +
" useTicketCache=false\n" +
" ;\n" +
"};").getBytes());
fos.close();
GSSManager m = GSSManager.getInstance();
m.createContext(
m.createName("[email protected]", GSSName.NT_HOSTBASED_SERVICE),
GSSUtil.GSS_KRB5_MECH_OID,
null,
GSSContext.DEFAULT_LIFETIME).initSecContext(new byte[0], 0, 0);
}
Example #21
| Source Project: openjdk-jdk9 Author: AdoptOpenJDK File: Context.java License: GNU General Public License v2.0 | 6 votes |
|
/**
* Starts as a server with the specified service name
* @param name the service name
* @param mech GSS mech
* @throws java.lang.Exception
*/
public void startAsServer(final String name, final Oid mech, final boolean asInitiator) throws Exception {
doAs(new Action() {
@Override
public byte[] run(Context me, byte[] dummy) throws Exception {
GSSManager m = GSSManager.getInstance();
me.cred = m.createCredential(
name == null ? null :
(name.indexOf('@') < 0 ?
m.createName(name, null) :
m.createName(name, GSSName.NT_HOSTBASED_SERVICE)),
GSSCredential.INDEFINITE_LIFETIME,
mech,
asInitiator?
GSSCredential.INITIATE_AND_ACCEPT:
GSSCredential.ACCEPT_ONLY);
me.x = m.createContext(me.cred);
return null;
}
}, null);
}
Example #22
| Source Project: jdk8u-dev-jdk Author: frohoff File: Context.java License: GNU General Public License v2.0 | 6 votes |
|
/**
* Starts as a server with the specified service name
* @param name the service name
* @param mech GSS mech
* @throws java.lang.Exception
*/
public void startAsServer(final String name, final Oid mech, final boolean asInitiator) throws Exception {
doAs(new Action() {
@Override
public byte[] run(Context me, byte[] dummy) throws Exception {
GSSManager m = GSSManager.getInstance();
me.cred = m.createCredential(
name == null ? null :
(name.indexOf('@') < 0 ?
m.createName(name, null) :
m.createName(name, GSSName.NT_HOSTBASED_SERVICE)),
GSSCredential.INDEFINITE_LIFETIME,
mech,
asInitiator?
GSSCredential.INITIATE_AND_ACCEPT:
GSSCredential.ACCEPT_ONLY);
me.x = (ExtendedGSSContext)m.createContext(me.cred);
return null;
}
}, null);
}
Example #23
| Source Project: jdk8u-dev-jdk Author: frohoff File: Context.java License: GNU General Public License v2.0 | 6 votes |
|
/**
* Starts as a client
* @param target communication peer
* @param mech GSS mech
* @throws java.lang.Exception
*/
public void startAsClient(final String target, final Oid mech) throws Exception {
doAs(new Action() {
@Override
public byte[] run(Context me, byte[] dummy) throws Exception {
GSSManager m = GSSManager.getInstance();
me.x = (ExtendedGSSContext)m.createContext(
target.indexOf('@') < 0 ?
m.createName(target, null) :
m.createName(target, GSSName.NT_HOSTBASED_SERVICE),
mech,
cred,
GSSContext.DEFAULT_LIFETIME);
return null;
}
}, null);
}
Example #24
| Source Project: openjdk-jdk8u-backup Author: AdoptOpenJDK File: Context.java License: GNU General Public License v2.0 | 6 votes |
|
/**
* Starts as a client
* @param target communication peer
* @param mech GSS mech
* @throws java.lang.Exception
*/
public void startAsClient(final String target, final Oid mech) throws Exception {
doAs(new Action() {
@Override
public byte[] run(Context me, byte[] dummy) throws Exception {
GSSManager m = GSSManager.getInstance();
me.x = (ExtendedGSSContext)m.createContext(
target.indexOf('@') < 0 ?
m.createName(target, null) :
m.createName(target, GSSName.NT_HOSTBASED_SERVICE),
mech,
cred,
GSSContext.DEFAULT_LIFETIME);
return null;
}
}, null);
}
Example #25
| Source Project: hottub Author: dsrg-uoft File: Context.java License: GNU General Public License v2.0 | 6 votes |
|
/**
* Starts as a client
* @param target communication peer
* @param mech GSS mech
* @throws java.lang.Exception
*/
public void startAsClient(final String target, final Oid mech) throws Exception {
doAs(new Action() {
@Override
public byte[] run(Context me, byte[] dummy) throws Exception {
GSSManager m = GSSManager.getInstance();
me.x = (ExtendedGSSContext)m.createContext(
target.indexOf('@') < 0 ?
m.createName(target, null) :
m.createName(target, GSSName.NT_HOSTBASED_SERVICE),
mech,
cred,
GSSContext.DEFAULT_LIFETIME);
return null;
}
}, null);
}
Example #26
| Source Project: jdk8u_jdk Author: JetBrains File: Context.java License: GNU General Public License v2.0 | 6 votes |
|
/**
* Starts as a client
* @param target communication peer
* @param mech GSS mech
* @throws java.lang.Exception
*/
public void startAsClient(final String target, final Oid mech) throws Exception {
doAs(new Action() {
@Override
public byte[] run(Context me, byte[] dummy) throws Exception {
GSSManager m = GSSManager.getInstance();
me.x = (ExtendedGSSContext)m.createContext(
target.indexOf('@') < 0 ?
m.createName(target, null) :
m.createName(target, GSSName.NT_HOSTBASED_SERVICE),
mech,
cred,
GSSContext.DEFAULT_LIFETIME);
return null;
}
}, null);
}
Example #27
| Source Project: openjdk-jdk8u-backup Author: AdoptOpenJDK File: CrossRealm.java License: GNU General Public License v2.0 | 6 votes |
|
static void xRealmAuth() throws Exception {
Security.setProperty("auth.login.defaultCallbackHandler", "CrossRealm");
System.setProperty("java.security.auth.login.config", "jaas-localkdc.conf");
System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
FileOutputStream fos = new FileOutputStream("jaas-localkdc.conf");
fos.write(("com.sun.security.jgss.krb5.initiate {\n" +
" com.sun.security.auth.module.Krb5LoginModule\n" +
" required\n" +
" principal=dummy\n" +
" doNotPrompt=false\n" +
" useTicketCache=false\n" +
" ;\n" +
"};").getBytes());
fos.close();
GSSManager m = GSSManager.getInstance();
m.createContext(
m.createName("[email protected]", GSSName.NT_HOSTBASED_SERVICE),
GSSUtil.GSS_KRB5_MECH_OID,
null,
GSSContext.DEFAULT_LIFETIME).initSecContext(new byte[0], 0, 0);
}
Example #28
| Source Project: hbase Author: apache File: TestInfoServersACL.java License: Apache License 2.0 | 6 votes |
|
private CloseableHttpClient createHttpClient(String clientPrincipal) throws Exception {
// Logs in with Kerberos via GSS
GSSManager gssManager = GSSManager.getInstance();
// jGSS Kerberos login constant
Oid oid = new Oid("1.2.840.113554.1.2.2");
GSSName gssClient = gssManager.createName(clientPrincipal, GSSName.NT_USER_NAME);
GSSCredential credential = gssManager.createCredential(
gssClient, GSSCredential.DEFAULT_LIFETIME, oid, GSSCredential.INITIATE_ONLY);
Lookup<AuthSchemeProvider> authRegistry = RegistryBuilder.<AuthSchemeProvider>create()
.register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory(true, true)).build();
BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider();
credentialsProvider.setCredentials(AuthScope.ANY, new KerberosCredentials(credential));
return HttpClients.custom().setDefaultAuthSchemeRegistry(authRegistry)
.setDefaultCredentialsProvider(credentialsProvider).build();
}
Example #29
| Source Project: cxf Author: apache File: KerberosDelegationTokenTest.java License: Apache License 2.0 | 6 votes |
|
@org.junit.Test
public void testKerberosTokenJAXRS() throws Exception {
final String configLocation = "org/apache/cxf/systest/sts/kerberos/cxf-intermediary-jaxrs-client.xml";
final String address = "https://localhost:" + INTERMEDIARY_PORT + "/doubleit/services/doubleit-rs";
final int numToDouble = 35;
WebClient client = WebClient.create(address, configLocation);
client.type("text/plain").accept("text/plain");
Map<String, Object> requestContext = WebClient.getConfig(client).getRequestContext();
requestContext.put("auth.spnego.useKerberosOid", "true");
requestContext.put("auth.spnego.requireCredDelegation", "true");
SpnegoAuthSupplier authSupplier = new SpnegoAuthSupplier();
authSupplier.setServicePrincipalName("[email protected]");
authSupplier.setServiceNameType(GSSName.NT_HOSTBASED_SERVICE);
WebClient.getConfig(client).getHttpConduit().setAuthSupplier(authSupplier);
int resp = client.post(numToDouble, Integer.class);
assertEquals(2 * numToDouble, resp);
}
Example #30
| Source Project: openjdk-jdk9 Author: AdoptOpenJDK File: Context.java License: GNU General Public License v2.0 | 6 votes |
|
/**
* Starts as a client
* @param target communication peer
* @param mech GSS mech
* @throws java.lang.Exception
*/
public void startAsClient(final String target, final Oid mech) throws Exception {
doAs(new Action() {
@Override
public byte[] run(Context me, byte[] dummy) throws Exception {
GSSManager m = GSSManager.getInstance();
me.x = m.createContext(
target.indexOf('@') < 0 ?
m.createName(target, null) :
m.createName(target, GSSName.NT_HOSTBASED_SERVICE),
mech,
cred,
GSSContext.DEFAULT_LIFETIME);
return null;
}
}, null);
}
