public static javax.security.auth.login.Configuration createServerConfig(String principal, File keytab) { return new KerberosConfiguration(principal, keytab, false); }
public SentryKerberosContext(String principal, String keyTab, boolean autoRenewTicket) throws LoginException { subject = new Subject(false, Sets.newHashSet(new KerberosPrincipal(principal)), new HashSet<Object>(), new HashSet<Object>()); kerberosConfig = KerberosConfiguration.createClientConfig(principal, new File(keyTab)); loginWithNewContext(); if (autoRenewTicket) { startRenewerThread(); } }
public SentryKerberosContext(String principal, String keyTab, boolean server) throws LoginException { subject = new Subject(false, Sets.newHashSet(new KerberosPrincipal(principal)), new HashSet<Object>(), new HashSet<Object>()); if(server) { kerberosConfig = KerberosConfiguration.createServerConfig(principal, new File(keyTab)); } else { kerberosConfig = KerberosConfiguration.createClientConfig(principal, new File(keyTab)); } loginWithNewContext(); if (!server) { startRenewerThread(); } }
new AppConfigurationEntry(getKrb5LoginModuleName(), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options)};
@Test public void testPingWithUnauthorizedUser() throws Exception { // create an unauthorized User with Kerberos String userPrinciple = "user/" + SentryServiceIntegrationBase.SERVER_HOST; String userKerberosName = userPrinciple + "@" + SentryServiceIntegrationBase.REALM; Subject userSubject = new Subject(false, Sets.newHashSet( new KerberosPrincipal(userKerberosName)), new HashSet<Object>(),new HashSet<Object>()); File userKeytab = new File(SentryServiceIntegrationBase.kdcWorkDir, "user.keytab"); SentryServiceIntegrationBase.kdc.createPrincipal(userKeytab, userPrinciple); LoginContext userLoginContext = new LoginContext("", userSubject, null, KerberosConfiguration.createClientConfig(userKerberosName, userKeytab)); userLoginContext.login(); Subject.doAs(userLoginContext.getSubject(), new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception { final URL url = new URL("http://"+ SentryServiceIntegrationBase.SERVER_HOST + ":" + SentryServiceIntegrationBase.webServerPort + "/ping"); try { new AuthenticatedURL(new KerberosAuthenticator()).openConnection(url, new AuthenticatedURL.Token()); fail("Here should fail."); } catch (AuthenticationException e) { String expectedError = "status code: 403"; if (!exceptionContainsMessage(e, expectedError)) { LOG.error("UnexpectedError: " + e.getMessage(), e); fail("UnexpectedError: " + e.getMessage()); } } return null; } }); }
new AppConfigurationEntry(getKrb5LoginModuleName(), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options)};
@Test public void testPingWithCaseSensitiveUser() throws Exception { // USER1 is present in the list of users who are allowed to connect to sentry web ui. String userPrinciple = "user1/" + SentryServiceIntegrationBase.SERVER_HOST; String userKerberosName = userPrinciple + "@" + SentryServiceIntegrationBase.REALM; Subject userSubject = new Subject(false, Sets.newHashSet( new KerberosPrincipal(userKerberosName)), new HashSet<Object>(),new HashSet<Object>()); File userKeytab = new File(SentryServiceIntegrationBase.kdcWorkDir, "user1.keytab"); SentryServiceIntegrationBase.kdc.createPrincipal(userKeytab, userPrinciple); LoginContext userLoginContext = new LoginContext("", userSubject, null, KerberosConfiguration.createClientConfig(userKerberosName, userKeytab)); userLoginContext.login(); Subject.doAs(userLoginContext.getSubject(), new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception { final URL url = new URL("http://"+ SentryServiceIntegrationBase.SERVER_HOST + ":" + SentryServiceIntegrationBase.webServerPort + "/ping"); try { new AuthenticatedURL(new KerberosAuthenticator()).openConnection(url, new AuthenticatedURL.Token()); fail("Login with user1 should fail"); } catch (AuthenticationException e) { String expectedError = "status code: 403"; if (!exceptionContainsMessage(e, expectedError)) { LOG.error("UnexpectedError: " + e.getMessage(), e); fail("UnexpectedError: " + e.getMessage()); } } return null; } }); }
public static javax.security.auth.login.Configuration createClientConfig(String principal, File keytab) { return new KerberosConfiguration(principal, keytab, true); }
kdc.createPrincipal(userKeytab, userPrinciple); LoginContext userLoginContext = new LoginContext("", userSubject, null, KerberosConfiguration.createClientConfig(userKerberosName, userKeytab)); userLoginContext.login(); Subject.doAs(userLoginContext.getSubject(), new PrivilegedExceptionAction<Void>() {
public static javax.security.auth.login.Configuration createClientConfig(String principal, File keytab) { return new KerberosConfiguration(principal, keytab, true); }
new HashSet<Object>()); clientLoginContext = new LoginContext("", clientSubject, null, KerberosConfiguration.createClientConfig(CLIENT_KERBEROS_NAME, clientKeytab)); clientLoginContext.login(); clientSubject = clientLoginContext.getSubject();
public static javax.security.auth.login.Configuration createServerConfig(String principal, File keytab) { return new KerberosConfiguration(principal, keytab, false); }