public TUGIAssumingTransportFactory(TTransportFactory wrapped, Subject subject) { this.wrapped = wrapped; this.subject = subject; Set<Principal> principals = (Set<Principal>) subject.getPrincipals(); if (principals.size() > 0) { LOG.info("Service principal:" + ((Principal) (principals.toArray()[0])).getName()); } }
/** * Authenticate the <code>Subject</code> (phase two) by adding the Spring Security * <code>Authentication</code> to the <code>Subject</code>'s principals. * * @return true if this method succeeded, or false if this <code>LoginModule</code> * should be ignored. * * @exception LoginException if the commit fails */ public boolean commit() throws LoginException { if (authen == null) { return false; } subject.getPrincipals().add(authen); return true; }
public static Subject getNimbusSubject() { Subject subject = new Subject(); subject.getPrincipals().add(new NimbusPrincipal()); return subject; }
/** * Create a UserGroupInformation for the given subject. * This does not change the subject or acquire new credentials. * * The creator of subject is responsible for renewing credentials. * @param subject the user's subject */ UserGroupInformation(Subject subject) { this.subject = subject; // do not access ANY private credentials since they are mutable // during a relogin. no principal locking necessary since // relogin/logout does not remove User principal. this.user = subject.getPrincipals(User.class).iterator().next(); if (user == null || user.getName() == null) { throw new IllegalStateException("Subject does not contain a valid User"); } }
/** * Returns the first Principal from Subject. * @throws KafkaException if there are no Principals in the Subject. * During Kerberos re-login, principal is reset on Subject. An exception is * thrown so that the connection is retried after any configured backoff. */ static final String firstPrincipal(Subject subject) { Set<Principal> principals = subject.getPrincipals(); synchronized (principals) { Iterator<Principal> iterator = principals.iterator(); if (iterator.hasNext()) return iterator.next().getName(); else throw new KafkaException("Principal could not be determined from Subject, this may be a transient failure due to Kerberos re-login"); } }
private void populateSubjectWithTGT(Subject subject, Map<String, String> credentials) { KerberosTicket tgt = getTGT(credentials); if (tgt != null) { Set<Object> creds = subject.getPrivateCredentials(); synchronized (creds) { Iterator<Object> iterator = creds.iterator(); while (iterator.hasNext()) { Object o = iterator.next(); if (o instanceof KerberosTicket) { KerberosTicket t = (KerberosTicket) o; iterator.remove(); try { t.destroy(); } catch (DestroyFailedException e) { LOG.warn("Failed to destory ticket ", e); } } } creds.add(tgt); } subject.getPrincipals().add(tgt.getClient()); kerbTicket.set(tgt); } else { LOG.info("No TGT found in credentials"); } }
principals.add(new KerberosPrincipal(principal)); Subject subject = new Subject(false, principals, new HashSet<Object>(), new HashSet<Object>()); loginContext = new LoginContext("", subject, null, loginContext.login(); subject = loginContext.getSubject(); Assert.assertEquals(1, subject.getPrincipals().size()); Assert.assertEquals(KerberosPrincipal.class, subject.getPrincipals().iterator().next().getClass()); Assert.assertEquals(principal + "@" + kdc.getRealm(), subject.getPrincipals().iterator().next().getName()); loginContext.logout(); loginContext.login(); subject = loginContext.getSubject(); Assert.assertEquals(1, subject.getPrincipals().size()); Assert.assertEquals(KerberosPrincipal.class, subject.getPrincipals().iterator().next().getClass()); Assert.assertEquals(principal + "@" + kdc.getRealm(), subject.getPrincipals().iterator().next().getName()); loginContext.logout(); && !loginContext.getSubject().getPrincipals().isEmpty()) { loginContext.logout();
public boolean commit() throws LoginException { if (!mSubject.getPrincipals(User.class).isEmpty()) { return true; mUser = new User(user.getName()); mSubject.getPrincipals().add(mUser); return true;
AuthType authType = conf.getEnum(PropertyKey.SECURITY_AUTHENTICATION_TYPE, AuthType.class); checkSecurityEnabled(authType); Subject subject = new Subject(); Set<User> userSet = subject.getPrincipals(User.class); if (userSet.isEmpty()) { throw new UnauthenticatedException("Failed to login: No Alluxio User is found."); return userSet.iterator().next();
/** * Overriding to complete login process. Standard JAAS. */ @Override public boolean commit() throws LoginException { if (debug) { LOG.debug("commit"); } if (!succeeded) { clear(); return false; } principals.add(new UserPrincipal(username)); for (String group : getUserGroups(username)) { principals.add(new GroupPrincipal(group)); } subject.getPrincipals().addAll(principals); username = null; commitSucceeded = true; return true; }
Subject nimbusSubject = new Subject(); nimbusSubject.getPrincipals().add(new NimbusPrincipal()); for (String topoId : topoIds) { try {
public RemotingConnectionCredential(final RemoteConnection connection, final SecurityIdentity securityIdentity) { Assert.checkNotNullParam("connection", connection); Assert.checkNotNullParam("securityIdentity", securityIdentity); this.connection = connection; this.securityIdentity = securityIdentity; Subject subject = new Subject(); Set<Principal> principals = subject.getPrincipals(); principals.add(new RealmUser(securityIdentity.getPrincipal().getName())); for (String role : securityIdentity.getRoles()) { principals.add(new RealmGroup(role)); principals.add(new RealmRole(role)); } this.subject = subject; }
@Override public UserGroupInformation cloneUgi(UserGroupInformation baseUgi) throws IOException { // Based on UserGroupInformation::createProxyUser. // TODO: use a proper method after we can depend on HADOOP-13081. if (getSubjectMethod == null) { throw new IOException("The UGI method was not found: " + ugiCloneError); } try { Subject origSubject = (Subject) getSubjectMethod.invoke(baseUgi); Subject subject = new Subject(false, origSubject.getPrincipals(), cloneCredentials(origSubject.getPublicCredentials()), cloneCredentials(origSubject.getPrivateCredentials())); return ugiCtor.newInstance(subject); } catch (InstantiationException | IllegalAccessException | InvocationTargetException e) { throw new IOException(e); } }
Set<? extends Principal> userSet = mSubject.getPrincipals(clazz); if (!userSet.isEmpty()) { if (userSet.size() == 1) { return userSet.iterator().next();
public static void main(String[] args) throws Exception { if (args.length < 3 || args.length > 4) { System.out.println("Invalid arguments!"); System.out.println("Usage: HttpDoAsClient host port doAsUserName [security=true]"); System.exit(-1); } host = args[0]; port = Integer.parseInt(args[1]); doAsUser = args[2]; if (args.length > 3) { secure = Boolean.parseBoolean(args[3]); principal = getSubject().getPrincipals().iterator().next().getName(); } final HttpDoAsClient client = new HttpDoAsClient(); Subject.doAs(getSubject(), new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception { client.run(); return null; } }); }
public static Subject principalNameToSubject(String name) { SingleUserPrincipal principal = new SingleUserPrincipal(name); Subject sub = new Subject(); sub.getPrincipals().add(principal); return sub; }
private void replaceUserPrincipal(Subject subject, User user) { Iterator<Principal> iterator = subject.getPrincipals().iterator(); while (iterator.hasNext()) { Principal next = iterator.next(); if (next instanceof User) { iterator.remove(); subject.getPrincipals().add(user); break; } } }
/** * Authenticate the <code>Subject</code> (phase two) by adding the Spring Security * <code>Authentication</code> to the <code>Subject</code>'s principals. * * @return true if this method succeeded, or false if this <code>LoginModule</code> * should be ignored. * * @exception LoginException if the commit fails */ public boolean commit() throws LoginException { if (authen == null) { return false; } subject.getPrincipals().add(authen); return true; }
if (subject.getPrincipals().size() > 0) { try { final Object[] principals = subject.getPrincipals() .toArray(); final Principal servicePrincipal = (Principal) principals[0]; .getName(); gssName, GSSContext.DEFAULT_LIFETIME, krb5Mechanism, GSSCredential.ACCEPT_ONLY); subject.getPrivateCredentials().add(cred); LOG.debug("Added private credential to service principal name: '{}'," + " GSSCredential name: {}", servicePrincipalName, cred.getName());
final Subject subject = new Subject(); throw log.tooManyKerberosTicketsFound(); kerberosTicket = kerberosTickets.size() == 1 ? kerberosTickets.iterator().next() : null; } else { kerberosTicket = null; Set<KerberosPrincipal> principals = subject.getPrincipals(KerberosPrincipal.class); if (principals.size() < 1) { throw log.noKerberosPrincipalsFound(); throw log.tooManyKerberosPrincipalsFound(); KerberosPrincipal principal = principals.iterator().next(); log.tracef("Creating GSSName for Principal '%s'", principal); GSSName name = manager.createName(principal.getName(), GSSName.NT_USER_NAME, KERBEROS_V5);