Refine search
@Override public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options) { String username = (String) options.get(USERNAME_CONFIG); if (username != null) subject.getPublicCredentials().add(username); String password = (String) options.get(PASSWORD_CONFIG); if (password != null) subject.getPrivateCredentials().add(password); }
public boolean logout() throws LoginException { if (subject != null && !subject.isReadOnly() && kerbTicket != null) { subject.getPrincipals().remove(kerbTicket.getClient()); subject.getPrivateCredentials().remove(kerbTicket); } kerbTicket = null; return true; }
public boolean commit() throws LoginException { if (isSucceeded() == false) { return false; } if (subject == null || subject.isReadOnly()) { kerbTicket = null; throw new LoginException("Authentication failed because the Subject is invalid."); } // Let us add the kerbClientPrinc and kerbTicket subject.getPrivateCredentials().add(kerbTicket); subject.getPrincipals().add(getKerbTicketClient()); LOG.debug("Commit Succeeded."); return true; }
public void setJAASInfo (Subject subject) { subject.getPrincipals().add(this.principal); subject.getPrivateCredentials().add(this.user.getCredential()); subject.getPrincipals().addAll(roles); }
public boolean commit() throws LoginException { if (!authenticated) { privateState = null; return committed = false; } committed = true; subject.getPrincipals().addAll(privateState.getPrincipals()); subject.getPrivateCredentials().addAll(privateState.getPrivateCredentials()); return true; }
public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, Map<String,?> options) { if (options.containsKey("username")) { // Zookeeper client: get username and password from JAAS conf (only used if using DIGEST-MD5). this.subject = subject; String username = (String)options.get("username"); this.subject.getPublicCredentials().add((Object)username); String password = (String)options.get("password"); this.subject.getPrivateCredentials().add((Object)password); } return; }
public boolean commit() throws LoginException { if (isSucceeded() == false) { return false; } if (subject == null || subject.isReadOnly()) { kerbTicket = null; throw new LoginException("Authentication failed because the Subject is invalid."); } // Let us add the kerbClientPrinc and kerbTicket // We need to clone the ticket because java.security.auth.kerberos assumes TGT is unique for each subject // So, sharing TGT with multiple subjects can cause expired TGT to never refresh. KerberosTicket kerbTicketCopy = ClientAuthUtils.cloneKerberosTicket(kerbTicket); subject.getPrivateCredentials().add(kerbTicketCopy); subject.getPrincipals().add(getKerbTicketClient()); LOG.debug("Commit Succeeded."); return true; }
public void setJAASInfo (Subject subject) { subject.getPrincipals().add(this.principal); subject.getPrivateCredentials().add(this.user.getCredential()); subject.getPrincipals().addAll(roles); }
public boolean commit() { subject.getPrincipals().addAll(principals); subject.getPrivateCredentials().addAll(privateCredentials); subject.getPublicCredentials().addAll(publicCredentials); return true; }
@Override public UserGroupInformation cloneUgi(UserGroupInformation baseUgi) throws IOException { // Based on UserGroupInformation::createProxyUser. // TODO: use a proper method after we can depend on HADOOP-13081. if (getSubjectMethod == null) { throw new IOException("The UGI method was not found: " + ugiCloneError); } try { Subject origSubject = (Subject) getSubjectMethod.invoke(baseUgi); Subject subject = new Subject(false, origSubject.getPrincipals(), cloneCredentials(origSubject.getPublicCredentials()), cloneCredentials(origSubject.getPrivateCredentials())); return ugiCtor.newInstance(subject); } catch (InstantiationException | IllegalAccessException | InvocationTargetException e) { throw new IOException(e); } }
@Override public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options) { String username = (String) options.get(USERNAME_CONFIG); if (username != null) subject.getPublicCredentials().add(username); String password = (String) options.get(PASSWORD_CONFIG); if (password != null) subject.getPrivateCredentials().add(password); Boolean useTokenAuthentication = "true".equalsIgnoreCase((String) options.get(TOKEN_AUTH_CONFIG)); if (useTokenAuthentication) { Map<String, String> scramExtensions = Collections.singletonMap(TOKEN_AUTH_CONFIG, "true"); subject.getPublicCredentials().add(scramExtensions); } }
private void populateSubjectWithTGT(Subject subject, Map<String, String> credentials) { KerberosTicket tgt = getTGT(credentials); if (tgt != null) { Set<Object> creds = subject.getPrivateCredentials(); synchronized (creds) { Iterator<Object> iterator = creds.iterator(); while (iterator.hasNext()) { Object o = iterator.next(); if (o instanceof KerberosTicket) { KerberosTicket t = (KerberosTicket) o; iterator.remove(); try { t.destroy(); } catch (DestroyFailedException e) { LOG.warn("Failed to destory ticket ", e); } } } creds.add(tgt); } subject.getPrincipals().add(tgt.getClient()); kerbTicket.set(tgt); } else { LOG.info("No TGT found in credentials"); } }
@Override public Session createDelegatedSession(final InternalHippoSession session, DomainRuleExtension... domainExtensions) throws RepositoryException { String workspaceName = repositoryContext.getWorkspaceManager().getDefaultWorkspaceName(); final Set<Principal> principals = new HashSet<Principal>(subject.getPrincipals()); principals.add(new AuthorizationFilterPrincipal(helper.getFacetRules(domainExtensions))); principals.addAll(session.getSubject().getPrincipals()); Subject newSubject = new Subject(subject.isReadOnly(), principals, subject.getPublicCredentials(), subject.getPrivateCredentials()); return repositoryContext.getWorkspaceManager().createSession(newSubject, workspaceName); }
public Object run() { to.getPrincipals().addAll(from.getPrincipals()); to.getPublicCredentials().addAll(from.getPublicCredentials()); to.getPrivateCredentials().addAll(from.getPrivateCredentials()); return null; } });
if (subject.getPrivateCredentials(KerberosTicket.class).isEmpty()) { LOG.error("Failed to verify user principal."); throw new RuntimeException("Fail to verify user principal with section \"" + Principal principal = (Principal) subject.getPrincipals().toArray()[0]; final String fPrincipalName = principal.getName(); final String fHost = host;
private synchronized Credentials getCredentialsInternal() { final Credentials credentials; final Set<Credentials> credentialsSet = subject.getPrivateCredentials(Credentials.class); if (!credentialsSet.isEmpty()){ credentials = credentialsSet.iterator().next(); } else { credentials = new Credentials(); subject.getPrivateCredentials().add(credentials); } return credentials; }
if (subject.getPrincipals().size() > 0) { try { final Object[] principals = subject.getPrincipals() .toArray(); final Principal servicePrincipal = (Principal) principals[0]; gssName, GSSContext.DEFAULT_LIFETIME, krb5Mechanism, GSSCredential.ACCEPT_ONLY); subject.getPrivateCredentials().add(cred); LOG.debug("Added private credential to service principal name: '{}'," + " GSSCredential name: {}", servicePrincipalName, cred.getName());
@Override public Session createDelegatedSession(final InternalHippoSession session, DomainRuleExtension... domainExtensions) throws RepositoryException { String workspaceName = repositoryContext.getWorkspaceManager().getDefaultWorkspaceName(); final Set<Principal> principals = new HashSet<Principal>(subject.getPrincipals()); principals.add(new AuthorizationFilterPrincipal(helper.getFacetRules(domainExtensions))); principals.addAll(session.getSubject().getPrincipals()); Subject newSubject = new Subject(subject.isReadOnly(), principals, subject.getPublicCredentials(), subject.getPrivateCredentials()); return repositoryContext.getWorkspaceManager().createSession(newSubject, workspaceName); }
private void updateFromSubject(final Subject subjectToAddTo, final Subject subjectToAddFrom) { subjectToAddTo.getPrincipals().addAll(subjectToAddFrom.getPrincipals()); subjectToAddTo.getPrivateCredentials().addAll(subjectToAddFrom.getPrivateCredentials()); subjectToAddTo.getPublicCredentials().addAll(subjectToAddFrom.getPublicCredentials()); }
if (subject.getPrivateCredentials(KerberosTicket.class).isEmpty()) { LOG.error("Failed to verifyuser principal."); throw new RuntimeException("Fail to verify user principal with section \"" LOG.info("Creating Kerberos Server."); final CallbackHandler fch = ch; Principal p = (Principal) subject.getPrincipals().toArray()[0]; KerberosName kName = new KerberosName(p.getName()); final String fHost = kName.getHostName();