Java Code Examples for com.sun.security.auth.module.Krb5LoginModule#login()
The following examples show how to use
com.sun.security.auth.module.Krb5LoginModule#login() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: Context.java From openjdk-jdk8u with GNU General Public License v2.0 | 7 votes |
|
/**
* Logins with username/keytab as a new subject,
*/
public static Context fromUserKtab(Subject s,
String user, String ktab, boolean storeKey) throws Exception {
Context out = new Context();
out.name = user;
out.s = s;
Krb5LoginModule krb5 = new Krb5LoginModule();
Map<String, String> map = new HashMap<>();
map.put("isInitiator", "false");
map.put("doNotPrompt", "true");
map.put("useTicketCache", "false");
map.put("useKeyTab", "true");
map.put("keyTab", ktab);
map.put("principal", user);
if (storeKey) {
map.put("storeKey", "true");
}
krb5.initialize(out.s, null, null, map);
krb5.login();
krb5.commit();
return out;
}
Example 2
| Source File: Context.java From openjdk-jdk9 with GNU General Public License v2.0 | 6 votes |
|
/**
* Logins with username/keytab as a new subject,
*/
public static Context fromUserKtab(Subject s,
String user, String ktab, boolean storeKey) throws Exception {
Context out = new Context();
out.name = user;
out.s = s;
Krb5LoginModule krb5 = new Krb5LoginModule();
Map<String, String> map = new HashMap<>();
map.put("isInitiator", "false");
map.put("doNotPrompt", "true");
map.put("useTicketCache", "false");
map.put("useKeyTab", "true");
map.put("keyTab", ktab);
map.put("principal", user);
if (storeKey) {
map.put("storeKey", "true");
}
krb5.initialize(out.s, null, null, map);
krb5.login();
krb5.commit();
return out;
}
Example 3
| Source File: Context.java From jdk8u60 with GNU General Public License v2.0 | 6 votes |
|
/**
* Logins with username/keytab as a new subject,
*/
public static Context fromUserKtab(Subject s,
String user, String ktab, boolean storeKey) throws Exception {
Context out = new Context();
out.name = user;
out.s = s;
Krb5LoginModule krb5 = new Krb5LoginModule();
Map<String, String> map = new HashMap<>();
map.put("isInitiator", "false");
map.put("doNotPrompt", "true");
map.put("useTicketCache", "false");
map.put("useKeyTab", "true");
map.put("keyTab", ktab);
map.put("principal", user);
if (storeKey) {
map.put("storeKey", "true");
}
krb5.initialize(out.s, null, null, map);
krb5.login();
krb5.commit();
return out;
}
Example 4
| Source File: Context.java From jdk8u_jdk with GNU General Public License v2.0 | 6 votes |
|
/**
* Logins with username/keytab as a new subject,
*/
public static Context fromUserKtab(Subject s,
String user, String ktab, boolean storeKey) throws Exception {
Context out = new Context();
out.name = user;
out.s = s;
Krb5LoginModule krb5 = new Krb5LoginModule();
Map<String, String> map = new HashMap<>();
map.put("isInitiator", "false");
map.put("doNotPrompt", "true");
map.put("useTicketCache", "false");
map.put("useKeyTab", "true");
map.put("keyTab", ktab);
map.put("principal", user);
if (storeKey) {
map.put("storeKey", "true");
}
krb5.initialize(out.s, null, null, map);
krb5.login();
krb5.commit();
return out;
}
Example 5
| Source File: LoginModuleOptions.java From jdk8u-jdk with GNU General Public License v2.0 | 6 votes |
|
static void login(CallbackHandler callback, Object... options)
throws Exception {
Krb5LoginModule krb5 = new Krb5LoginModule();
Subject subject = new Subject();
Map<String, String> map = new HashMap<>();
Map<String, Object> shared = new HashMap<>();
int count = options.length / 2;
for (int i = 0; i < count; i++) {
String key = (String) options[2 * i];
Object value = options[2 * i + 1];
if (key.startsWith("javax")) {
shared.put(key, value);
} else {
map.put(key, (String) value);
}
}
krb5.initialize(subject, callback, shared, map);
krb5.login();
krb5.commit();
if (!subject.getPrincipals().iterator().next()
.getName().startsWith(OneKDC.USER)) {
throw new Exception("The authenticated is not " + OneKDC.USER);
}
}
Example 6
| Source File: Context.java From openjdk-8 with GNU General Public License v2.0 | 6 votes |
|
/**
* Logins with username/keytab as a new subject,
*/
public static Context fromUserKtab(Subject s,
String user, String ktab, boolean storeKey) throws Exception {
Context out = new Context();
out.name = user;
out.s = s;
Krb5LoginModule krb5 = new Krb5LoginModule();
Map<String, String> map = new HashMap<>();
map.put("isInitiator", "false");
map.put("doNotPrompt", "true");
map.put("useTicketCache", "false");
map.put("useKeyTab", "true");
map.put("keyTab", ktab);
map.put("principal", user);
if (storeKey) {
map.put("storeKey", "true");
}
krb5.initialize(out.s, null, null, map);
krb5.login();
krb5.commit();
return out;
}
Example 7
| Source File: LoginModuleOptions.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 6 votes |
|
static void login(CallbackHandler callback, Object... options)
throws Exception {
Krb5LoginModule krb5 = new Krb5LoginModule();
Subject subject = new Subject();
Map<String, String> map = new HashMap<>();
Map<String, Object> shared = new HashMap<>();
int count = options.length / 2;
for (int i = 0; i < count; i++) {
String key = (String) options[2 * i];
Object value = options[2 * i + 1];
if (key.startsWith("javax")) {
shared.put(key, value);
} else {
map.put(key, (String) value);
}
}
krb5.initialize(subject, callback, shared, map);
krb5.login();
krb5.commit();
if (!subject.getPrincipals().iterator().next()
.getName().startsWith(OneKDC.USER)) {
throw new Exception("The authenticated is not " + OneKDC.USER);
}
}
Example 8
| Source File: LoginModuleOptions.java From openjdk-8 with GNU General Public License v2.0 | 6 votes |
|
static void login(CallbackHandler callback, Object... options)
throws Exception {
Krb5LoginModule krb5 = new Krb5LoginModule();
Subject subject = new Subject();
Map<String, String> map = new HashMap<>();
Map<String, Object> shared = new HashMap<>();
int count = options.length / 2;
for (int i = 0; i < count; i++) {
String key = (String) options[2 * i];
Object value = options[2 * i + 1];
if (key.startsWith("javax")) {
shared.put(key, value);
} else {
map.put(key, (String) value);
}
}
krb5.initialize(subject, callback, shared, map);
krb5.login();
krb5.commit();
if (!subject.getPrincipals().iterator().next()
.getName().startsWith(OneKDC.USER)) {
throw new Exception("The authenticated is not " + OneKDC.USER);
}
}
Example 9
| Source File: Context.java From hottub with GNU General Public License v2.0 | 6 votes |
|
/**
* Logins with username/keytab as a new subject,
*/
public static Context fromUserKtab(Subject s,
String user, String ktab, boolean storeKey) throws Exception {
Context out = new Context();
out.name = user;
out.s = s;
Krb5LoginModule krb5 = new Krb5LoginModule();
Map<String, String> map = new HashMap<>();
map.put("isInitiator", "false");
map.put("doNotPrompt", "true");
map.put("useTicketCache", "false");
map.put("useKeyTab", "true");
map.put("keyTab", ktab);
map.put("principal", user);
if (storeKey) {
map.put("storeKey", "true");
}
krb5.initialize(out.s, null, null, map);
krb5.login();
krb5.commit();
return out;
}
Example 10
| Source File: FakeKDC.java From gcp-token-broker with Apache License 2.0 | 6 votes |
|
/**
* Log in the given principal and return the subject.
*/
public Subject login(String principal) {
Path keytab = getKeytabPath(principal);
// Set login options
final Map<String, String> options = new HashMap<>();
options.put("keyTab", keytab.toString());
options.put("principal", principal);
options.put("doNotPrompt", "true");
options.put("isInitiator", "true");
options.put("refreshKrb5Config", "true");
options.put("storeKey", "true");
options.put("useKeyTab", "true");
// Execute the login
Subject subject = new Subject();
Krb5LoginModule krb5LoginModule = new Krb5LoginModule();
krb5LoginModule.initialize(subject, null, new HashMap<String, String>(), options);
try {
krb5LoginModule.login();
krb5LoginModule.commit();
} catch (LoginException e) {
throw new RuntimeException(e);
}
return subject;
}
Example 11
| Source File: TestSecureLogins.java From hadoop with Apache License 2.0 | 5 votes |
|
@Test
public void testKerberosAuth() throws Throwable {
File krb5conf = getKdc().getKrb5conf();
String krbConfig = FileUtils.readFileToString(krb5conf);
LOG.info("krb5.conf at {}:\n{}", krb5conf, krbConfig);
Subject subject = new Subject();
final Krb5LoginModule krb5LoginModule = new Krb5LoginModule();
final Map<String, String> options = new HashMap<String, String>();
options.put("keyTab", keytab_alice.getAbsolutePath());
options.put("principal", ALICE_LOCALHOST);
options.put("debug", "true");
options.put("doNotPrompt", "true");
options.put("isInitiator", "true");
options.put("refreshKrb5Config", "true");
options.put("renewTGT", "true");
options.put("storeKey", "true");
options.put("useKeyTab", "true");
options.put("useTicketCache", "true");
krb5LoginModule.initialize(subject, null,
new HashMap<String, String>(),
options);
boolean loginOk = krb5LoginModule.login();
assertTrue("Failed to login", loginOk);
boolean commitOk = krb5LoginModule.commit();
assertTrue("Failed to Commit", commitOk);
}
Example 12
| Source File: CleanState.java From jdk8u-jdk with GNU General Public License v2.0 | 5 votes |
|
void go() throws Exception {
Krb5LoginModule krb5 = new Krb5LoginModule();
final String name = OneKDC.USER;
final char[] password = OneKDC.PASS;
char[] badpassword = "hellokitty".toCharArray();
Map<String,String> map = new HashMap<>();
map.put("useTicketCache", "false");
map.put("doNotPrompt", "false");
map.put("tryFirstPass", "true");
Map<String,Object> shared = new HashMap<>();
shared.put("javax.security.auth.login.name", name);
shared.put("javax.security.auth.login.password", badpassword);
krb5.initialize(new Subject(), new CallbackHandler() {
@Override
public void handle(Callback[] callbacks) {
for(Callback callback: callbacks) {
if (callback instanceof NameCallback) {
((NameCallback)callback).setName(name);
}
if (callback instanceof PasswordCallback) {
((PasswordCallback)callback).setPassword(password);
}
}
}
}, shared, map);
krb5.login();
}
Example 13
| Source File: CleanState.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 5 votes |
|
void go() throws Exception {
Krb5LoginModule krb5 = new Krb5LoginModule();
final String name = OneKDC.USER;
final char[] password = OneKDC.PASS;
char[] badpassword = "hellokitty".toCharArray();
Map<String,String> map = new HashMap<>();
map.put("useTicketCache", "false");
map.put("doNotPrompt", "false");
map.put("tryFirstPass", "true");
Map<String,Object> shared = new HashMap<>();
shared.put("javax.security.auth.login.name", name);
shared.put("javax.security.auth.login.password", badpassword);
krb5.initialize(new Subject(), new CallbackHandler() {
@Override
public void handle(Callback[] callbacks) {
for(Callback callback: callbacks) {
if (callback instanceof NameCallback) {
((NameCallback)callback).setName(name);
}
if (callback instanceof PasswordCallback) {
((PasswordCallback)callback).setPassword(password);
}
}
}
}, shared, map);
krb5.login();
}
Example 14
| Source File: HttpNegotiateServer.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 5 votes |
|
public MyServerAuthenticator(boolean proxy, String scheme,
String principal, String ktab) throws Exception {
this.scheme = scheme;
if (proxy) {
reqHdr = "Proxy-Authenticate";
respHdr = "Proxy-Authorization";
err = HttpURLConnection.HTTP_PROXY_AUTH;
}
Krb5LoginModule krb5 = new Krb5LoginModule();
Map<String, String> map = new HashMap<>();
Map<String, Object> shared = new HashMap<>();
map.put("storeKey", "true");
map.put("isInitiator", "false");
map.put("useKeyTab", "true");
map.put("keyTab", ktab);
map.put("principal", principal);
krb5.initialize(s, null, shared, map);
krb5.login();
krb5.commit();
m = GSSManager.getInstance();
cred = Subject.doAs(s, new PrivilegedExceptionAction<GSSCredential>() {
@Override
public GSSCredential run() throws Exception {
System.err.println("Creating GSSCredential");
return m.createCredential(
null,
GSSCredential.INDEFINITE_LIFETIME,
MyServerAuthenticator.this.scheme.equalsIgnoreCase("Negotiate")?
GSSUtil.GSS_SPNEGO_MECH_OID:
GSSUtil.GSS_KRB5_MECH_OID,
GSSCredential.ACCEPT_ONLY);
}
});
}
Example 15
| Source File: HttpNegotiateServer.java From dragonwell8_jdk with GNU General Public License v2.0 | 5 votes |
|
public MyServerAuthenticator(boolean proxy, String scheme,
String principal, String ktab) throws Exception {
this.scheme = scheme;
if (proxy) {
reqHdr = "Proxy-Authenticate";
respHdr = "Proxy-Authorization";
err = HttpURLConnection.HTTP_PROXY_AUTH;
}
Krb5LoginModule krb5 = new Krb5LoginModule();
Map<String, String> map = new HashMap<>();
Map<String, Object> shared = new HashMap<>();
map.put("storeKey", "true");
map.put("isInitiator", "false");
map.put("useKeyTab", "true");
map.put("keyTab", ktab);
map.put("principal", principal);
krb5.initialize(s, null, shared, map);
krb5.login();
krb5.commit();
m = GSSManager.getInstance();
cred = Subject.doAs(s, new PrivilegedExceptionAction<GSSCredential>() {
@Override
public GSSCredential run() throws Exception {
System.err.println("Creating GSSCredential");
return m.createCredential(
null,
GSSCredential.INDEFINITE_LIFETIME,
MyServerAuthenticator.this.scheme.equalsIgnoreCase("Negotiate")?
GSSUtil.GSS_SPNEGO_MECH_OID:
GSSUtil.GSS_KRB5_MECH_OID,
GSSCredential.ACCEPT_ONLY);
}
});
}
Example 16
| Source File: CleanState.java From openjdk-8 with GNU General Public License v2.0 | 5 votes |
|
void go() throws Exception {
Krb5LoginModule krb5 = new Krb5LoginModule();
final String name = OneKDC.USER;
final char[] password = OneKDC.PASS;
char[] badpassword = "hellokitty".toCharArray();
Map<String,String> map = new HashMap<>();
map.put("useTicketCache", "false");
map.put("doNotPrompt", "false");
map.put("tryFirstPass", "true");
Map<String,Object> shared = new HashMap<>();
shared.put("javax.security.auth.login.name", name);
shared.put("javax.security.auth.login.password", badpassword);
krb5.initialize(new Subject(), new CallbackHandler() {
@Override
public void handle(Callback[] callbacks) {
for(Callback callback: callbacks) {
if (callback instanceof NameCallback) {
((NameCallback)callback).setName(name);
}
if (callback instanceof PasswordCallback) {
((PasswordCallback)callback).setPassword(password);
}
}
}
}, shared, map);
krb5.login();
}
Example 17
| Source File: CleanState.java From openjdk-jdk9 with GNU General Public License v2.0 | 5 votes |
|
void go() throws Exception {
Krb5LoginModule krb5 = new Krb5LoginModule();
final String name = OneKDC.USER;
final char[] password = OneKDC.PASS;
char[] badpassword = "hellokitty".toCharArray();
Map<String,String> map = new HashMap<>();
map.put("useTicketCache", "false");
map.put("doNotPrompt", "false");
map.put("tryFirstPass", "true");
Map<String,Object> shared = new HashMap<>();
shared.put("javax.security.auth.login.name", name);
shared.put("javax.security.auth.login.password", badpassword);
krb5.initialize(new Subject(), new CallbackHandler() {
@Override
public void handle(Callback[] callbacks) {
for(Callback callback: callbacks) {
if (callback instanceof NameCallback) {
((NameCallback)callback).setName(name);
}
if (callback instanceof PasswordCallback) {
((PasswordCallback)callback).setPassword(password);
}
}
}
}, shared, map);
krb5.login();
}
Example 18
| Source File: IPv6.java From TencentKona-8 with GNU General Public License v2.0 | 4 votes |
|
public static void main(String[] args) throws Exception {
String[][] kdcs = {
{"simple.host", null}, // These are legal settings
{"simple.host", ""},
{"simple.host", "8080"},
{"0.0.0.1", null},
{"0.0.0.1", ""},
{"0.0.0.1", "8080"},
{"1::1", null},
{"[1::1]", null},
{"[1::1]", ""},
{"[1::1]", "8080"},
{"[1::1", null}, // Two illegal settings
{"[1::1]abc", null},
};
// Prepares a krb5.conf with every kind of KDC settings
PrintStream out = new PrintStream(new FileOutputStream("ipv6.conf"));
out.println("[libdefaults]");
out.println("default_realm = V6");
out.println("kdc_timeout = 1");
out.println("[realms]");
out.println("V6 = {");
for (String[] hp: kdcs) {
if (hp[1] != null) out.println(" kdc = "+hp[0]+":"+hp[1]);
else out.println(" kdc = " + hp[0]);
}
out.println("}");
out.close();
System.setProperty("sun.security.krb5.debug", "true");
System.setProperty("java.security.krb5.conf", "ipv6.conf");
ByteArrayOutputStream bo = new ByteArrayOutputStream();
PrintStream po = new PrintStream(bo);
PrintStream oldout = System.out;
System.setOut(po);
try {
Subject subject = new Subject();
Krb5LoginModule krb5 = new Krb5LoginModule();
Map<String, String> map = new HashMap<>();
Map<String, Object> shared = new HashMap<>();
map.put("debug", "true");
map.put("doNotPrompt", "true");
map.put("useTicketCache", "false");
map.put("useFirstPass", "true");
shared.put("javax.security.auth.login.name", "any");
shared.put("javax.security.auth.login.password", "any".toCharArray());
krb5.initialize(subject, null, shared, map);
krb5.login();
} catch (Exception e) {
// Ignore
}
po.flush();
System.setOut(oldout);
BufferedReader br = new BufferedReader(new StringReader(
new String(bo.toByteArray())));
int cc = 0;
Pattern r = Pattern.compile(".*KrbKdcReq send: kdc=(.*) UDP:(\\d+),.*");
String line;
while ((line = br.readLine()) != null) {
Matcher m = r.matcher(line.subSequence(0, line.length()));
if (m.matches()) {
System.out.println("------------------");
System.out.println(line);
String h = m.group(1), p = m.group(2);
String eh = kdcs[cc][0], ep = kdcs[cc][1];
if (eh.charAt(0) == '[') {
eh = eh.substring(1, eh.length()-1);
}
System.out.println("Expected: " + eh + " : " + ep);
System.out.println("Actual: " + h + " : " + p);
if (!eh.equals(h) ||
(ep == null || ep.length() == 0) && !p.equals("88") ||
(ep != null && ep.length() > 0) && !p.equals(ep)) {
throw new Exception("Mismatch");
}
cc++;
}
}
if (cc != kdcs.length - 2) { // 2 illegal settings at the end
throw new Exception("Not traversed");
}
}
Example 19
| Source File: IPv6.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 4 votes |
|
public static void main(String[] args) throws Exception {
String[][] kdcs = {
{"simple.host", null}, // These are legal settings
{"simple.host", ""},
{"simple.host", "8080"},
{"0.0.0.1", null},
{"0.0.0.1", ""},
{"0.0.0.1", "8080"},
{"1::1", null},
{"[1::1]", null},
{"[1::1]", ""},
{"[1::1]", "8080"},
{"[1::1", null}, // Two illegal settings
{"[1::1]abc", null},
};
// Prepares a krb5.conf with every kind of KDC settings
PrintStream out = new PrintStream(new FileOutputStream("ipv6.conf"));
out.println("[libdefaults]");
out.println("default_realm = V6");
out.println("kdc_timeout = 1");
out.println("[realms]");
out.println("V6 = {");
for (String[] hp: kdcs) {
if (hp[1] != null) out.println(" kdc = "+hp[0]+":"+hp[1]);
else out.println(" kdc = " + hp[0]);
}
out.println("}");
out.close();
System.setProperty("sun.security.krb5.debug", "true");
System.setProperty("java.security.krb5.conf", "ipv6.conf");
ByteArrayOutputStream bo = new ByteArrayOutputStream();
PrintStream po = new PrintStream(bo);
PrintStream oldout = System.out;
System.setOut(po);
try {
Subject subject = new Subject();
Krb5LoginModule krb5 = new Krb5LoginModule();
Map<String, String> map = new HashMap<>();
Map<String, Object> shared = new HashMap<>();
map.put("debug", "true");
map.put("doNotPrompt", "true");
map.put("useTicketCache", "false");
map.put("useFirstPass", "true");
shared.put("javax.security.auth.login.name", "any");
shared.put("javax.security.auth.login.password", "any".toCharArray());
krb5.initialize(subject, null, shared, map);
krb5.login();
} catch (Exception e) {
// Ignore
}
po.flush();
System.setOut(oldout);
BufferedReader br = new BufferedReader(new StringReader(
new String(bo.toByteArray())));
int cc = 0;
Pattern r = Pattern.compile(".*KrbKdcReq send: kdc=(.*) UDP:(\\d+),.*");
String line;
while ((line = br.readLine()) != null) {
Matcher m = r.matcher(line.subSequence(0, line.length()));
if (m.matches()) {
System.out.println("------------------");
System.out.println(line);
String h = m.group(1), p = m.group(2);
String eh = kdcs[cc][0], ep = kdcs[cc][1];
if (eh.charAt(0) == '[') {
eh = eh.substring(1, eh.length()-1);
}
System.out.println("Expected: " + eh + " : " + ep);
System.out.println("Actual: " + h + " : " + p);
if (!eh.equals(h) ||
(ep == null || ep.length() == 0) && !p.equals("88") ||
(ep != null && ep.length() > 0) && !p.equals(ep)) {
throw new Exception("Mismatch");
}
cc++;
}
}
if (cc != kdcs.length - 2) { // 2 illegal settings at the end
throw new Exception("Not traversed");
}
}
Example 20
| Source File: Context.java From dragonwell8_jdk with GNU General Public License v2.0 | 4 votes |
|
/**
* Logins with username/password as an existing Subject. The
* same subject can be used multiple times to simulate multiple logins.
* @param s existing subject
*/
public static Context fromUserPass(Subject s,
String user, char[] pass, boolean storeKey) throws Exception {
Context out = new Context();
out.name = user;
out.s = s;
Krb5LoginModule krb5 = new Krb5LoginModule();
Map<String, String> map = new HashMap<>();
Map<String, Object> shared = new HashMap<>();
if (storeKey) {
map.put("storeKey", "true");
}
if (pass != null) {
krb5.initialize(out.s, new CallbackHandler() {
@Override
public void handle(Callback[] callbacks)
throws IOException, UnsupportedCallbackException {
for (Callback cb: callbacks) {
if (cb instanceof NameCallback) {
((NameCallback)cb).setName(user);
} else if (cb instanceof PasswordCallback) {
((PasswordCallback)cb).setPassword(pass);
}
}
}
}, shared, map);
} else {
map.put("doNotPrompt", "true");
map.put("useTicketCache", "true");
if (user != null) {
map.put("principal", user);
}
krb5.initialize(out.s, null, shared, map);
}
krb5.login();
krb5.commit();
return out;
}
