Refine search
public Subject getSubject() { Subject subject = new Subject(false, ImmutableSet.of(principal), emptySet(), emptySet()); try { LoginContext loginContext = new LoginContext("", subject, null, configuration); loginContext.login(); return loginContext.getSubject(); } catch (LoginException e) { throw new RuntimeException(e); } }
public static Subject getNimbusSubject() { Subject subject = new Subject(); subject.getPrincipals().add(new NimbusPrincipal()); return subject; }
private Subject getServiceSubject( ClientLoginConfig loginConfig ) throws Exception { Set<Principal> princ = new HashSet<>( 1 ); princ.add( new KerberosPrincipal( this.principal ) ); Subject sub = new Subject( false, princ, new HashSet(), new HashSet() ); loginContext = new LoginContext( "", sub, null, loginConfig ); loginContext.login(); return loginContext.getSubject(); }
Subject nimbusSubject = new Subject(); nimbusSubject.getPrincipals().add(new NimbusPrincipal()); for (String topoId : topoIds) { try {
principals.add(new KerberosPrincipal(principal)); Subject subject = new Subject(false, principals, new HashSet<Object>(), new HashSet<Object>()); loginContext = new LoginContext("", subject, null, KerberosConfiguration.createClientConfig(principal, keytab)); loginContext.login(); subject = loginContext.getSubject(); Assert.assertEquals(1, subject.getPrincipals().size()); Assert.assertEquals(KerberosPrincipal.class, subject.getPrincipals().iterator().next().getClass()); Assert.assertEquals(principal + "@" + kdc.getRealm(), subject.getPrincipals().iterator().next().getName()); loginContext.logout(); subject = new Subject(false, principals, new HashSet<Object>(), new HashSet<Object>()); loginContext = new LoginContext("", subject, null, KerberosConfiguration.createServerConfig(principal, keytab)); loginContext.login(); subject = loginContext.getSubject(); Assert.assertEquals(1, subject.getPrincipals().size());
AuthType authType = conf.getEnum(PropertyKey.SECURITY_AUTHENTICATION_TYPE, AuthType.class); checkSecurityEnabled(authType); Subject subject = new Subject(); loginContext.login(); } catch (LoginException e) { throw new UnauthenticatedException("Failed to login: " + e.getMessage(), e); Set<User> userSet = subject.getPrincipals(User.class); if (userSet.isEmpty()) { throw new UnauthenticatedException("Failed to login: No Alluxio User is found.");
@Override public UserGroupInformation cloneUgi(UserGroupInformation baseUgi) throws IOException { // Based on UserGroupInformation::createProxyUser. // TODO: use a proper method after we can depend on HADOOP-13081. if (getSubjectMethod == null) { throw new IOException("The UGI method was not found: " + ugiCloneError); } try { Subject origSubject = (Subject) getSubjectMethod.invoke(baseUgi); Subject subject = new Subject(false, origSubject.getPrincipals(), cloneCredentials(origSubject.getPublicCredentials()), cloneCredentials(origSubject.getPrivateCredentials())); return ugiCtor.newInstance(subject); } catch (InstantiationException | IllegalAccessException | InvocationTargetException e) { throw new IOException(e); } }
public static Subject principalNameToSubject(String name) { SingleUserPrincipal principal = new SingleUserPrincipal(name); Subject sub = new Subject(); sub.getPrincipals().add(principal); return sub; }
private void initializeKerberosLogin() throws ServletException { String keytab; try { if (serverPrincipal == null || serverPrincipal.trim().length() == 0) { throw new ServletException("Principal not defined in configuration"); } keytab = serverKeytab; if (keytab == null || keytab.trim().length() == 0) { throw new ServletException("Keytab not defined in configuration"); } if (!new File(keytab).exists()) { throw new ServletException("Keytab does not exist: " + keytab); } Set<Principal> principals = new HashSet<Principal>(); principals.add(new KerberosPrincipal(serverPrincipal)); Subject subject = new Subject(false, principals, new HashSet<Object>(), new HashSet<Object>()); DruidKerberosConfiguration kerberosConfiguration = new DruidKerberosConfiguration(keytab, serverPrincipal); log.info("Login using keytab " + keytab + ", for principal " + serverPrincipal); loginContext = new LoginContext("", subject, null, kerberosConfiguration); loginContext.login(); log.info("Initialized, principal %s from keytab %s", serverPrincipal, keytab); } catch (Exception ex) { throw new ServletException(ex); } }
public Subject createSubjectWithGroups(Principal userPrincipal) { Subject authenticationSubject = new Subject(); authenticationSubject.getPrincipals().add(userPrincipal); authenticationSubject.getPrincipals().addAll(getGroupPrincipals(userPrincipal)); authenticationSubject.setReadOnly(); return authenticationSubject; }
public synchronized static Subject loginUserFromKeytab(String user, String path) throws IOException { try { Subject subject = new Subject(); SecureClientLoginConfiguration loginConf = new SecureClientLoginConfiguration(true, user, path); LoginContext login = new LoginContext("hadoop-keytab-kerberos", subject, null, loginConf); subject.getPrincipals().add(new User(user, AuthenticationMethod.KERBEROS, login)); login.login(); return login.getSubject(); } catch (LoginException le) { throw new IOException("Login failure for " + user + " from keytab " + path, le); } }
final Subject subject = new Subject(); lc.login(); log.tracef("Logging in using LoginContext and subject [%s] succeed", subject); Set<KerberosPrincipal> principals = subject.getPrincipals(KerberosPrincipal.class); if (principals.size() < 1) { throw log.noKerberosPrincipalsFound();
@Test public void test_populate_req_context_on_null_user() { try { DefaultHttpCredentialsPlugin handler = new DefaultHttpCredentialsPlugin(); handler.prepare(new HashMap()); Subject subject = new Subject(false, ImmutableSet.<Principal>of(new SingleUserPrincipal("test")), new HashSet<>(), new HashSet<>()); ReqContext context = new ReqContext(subject); Assert.assertEquals(0, handler .populateContext(context, Mockito.mock(HttpServletRequest.class)) .subject() .getPrincipals() .size() ); } finally { ReqContext.reset(); } } }
public Subject getSubject(String name) { Subject subject = new Subject(); SingleUserPrincipal user = new SingleUserPrincipal(name); subject.getPrincipals().add(user); return subject; }
@Override public byte[] generateToken(byte[] input, String authServer, Credentials credentials) { Set<Principal> principals = new HashSet<>(); principals.add(credentials.getUserPrincipal()); Subject subject = new Subject(false, principals, new HashSet<>(), new HashSet<>()); try { LoginContext loginContext = new LoginContext("", subject, null, new KerberosConfiguration(credentials.getUserPrincipal().getName(), ((KerberosKeytabCredentials) credentials).getKeytab())); loginContext.login(); Subject loggedInSubject = loginContext.getSubject(); return Subject.doAs(loggedInSubject, new PrivilegedExceptionAction<byte[]>() { public byte[] run() throws UnknownHostException, ClassNotFoundException, GSSException, IllegalAccessException, NoSuchFieldException { GSSManager gssManager = GSSManager.getInstance(); String servicePrincipal = KerberosUtil.getServicePrincipal("HTTP", authServer); Oid serviceOid = KerberosUtil.getOidInstance("NT_GSS_KRB5_PRINCIPAL"); GSSName serviceName = gssManager.createName(servicePrincipal, serviceOid); Oid mechOid = KerberosUtil.getOidInstance("GSS_KRB5_MECH_OID"); GSSContext gssContext = gssManager.createContext(serviceName, mechOid, null, 0); gssContext.requestCredDeleg(true); gssContext.requestMutualAuth(true); return gssContext.initSecContext(input, 0, input.length); } }); } catch (PrivilegedActionException | LoginException e) { throw new RuntimeException(e); } }
@Override public Session createDelegatedSession(final InternalHippoSession session, DomainRuleExtension... domainExtensions) throws RepositoryException { String workspaceName = repositoryContext.getWorkspaceManager().getDefaultWorkspaceName(); final Set<Principal> principals = new HashSet<Principal>(subject.getPrincipals()); principals.add(new AuthorizationFilterPrincipal(helper.getFacetRules(domainExtensions))); principals.addAll(session.getSubject().getPrincipals()); Subject newSubject = new Subject(subject.isReadOnly(), principals, subject.getPublicCredentials(), subject.getPrivateCredentials()); return repositoryContext.getWorkspaceManager().createSession(newSubject, workspaceName); }
public synchronized static Subject loginUserWithPassword(String user, String password) throws IOException { String tmpPass = password; try { Subject subject = new Subject(); SecureClientLoginConfiguration loginConf = new SecureClientLoginConfiguration(false, user, password); LoginContext login = new LoginContext("hadoop-keytab-kerberos", subject, null, loginConf); subject.getPrincipals().add(new User(user, AuthenticationMethod.KERBEROS, login)); login.login(); return login.getSubject(); } catch (LoginException le) { throw new IOException("Login failure for " + user + " using password " + tmpPass.replaceAll(".","*"), le); } }