@Override public AppConfigurationEntry[] getAppConfigurationEntry(String name) { return new AppConfigurationEntry[] { new AppConfigurationEntry( KERBEROS_LOGIN_MODULE, AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options)}; } };
@Override public AppConfigurationEntry[] getAppConfigurationEntry(String name) { return new AppConfigurationEntry[] { new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, customLoginConfig)}; } };
private AppConfigurationEntry parseAppConfigurationEntry(StreamTokenizer tokenizer) throws IOException { String loginModule = tokenizer.sval; if (tokenizer.nextToken() == StreamTokenizer.TT_EOF) throw new IllegalArgumentException("Login module control flag not specified in JAAS config"); LoginModuleControlFlag controlFlag = loginModuleControlFlag(tokenizer.sval); Map<String, String> options = new HashMap<>(); while (tokenizer.nextToken() != StreamTokenizer.TT_EOF && tokenizer.ttype != ';') { String key = tokenizer.sval; if (tokenizer.nextToken() != '=' || tokenizer.nextToken() == StreamTokenizer.TT_EOF || tokenizer.sval == null) throw new IllegalArgumentException("Value not specified for key '" + key + "' in JAAS config"); String value = tokenizer.sval; options.put(key, value); } if (tokenizer.ttype != ';') throw new IllegalArgumentException("JAAS config entry not terminated by semi-colon"); return new AppConfigurationEntry(loginModule, controlFlag, options); } }
@Override public AppConfigurationEntry[] getAppConfigurationEntry(String name) { HashMap<String, String> options = new HashMap<String, String>(); options.put("storeKey", "true"); options.put("refreshKrb5Config", "true"); final String krbLoginModuleName = ConfigurationUtil.IS_IBM ? ConfigurationUtil.IBM_KRB5_LOGIN_MODULE : ConfigurationUtil.SUN_KRB5_LOGIN_MODULE; return new AppConfigurationEntry[] { new AppConfigurationEntry( krbLoginModuleName, AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options ) }; }
@Override public AppConfigurationEntry[] getAppConfigurationEntry(String name) { ImmutableMap.Builder<String, String> options = ImmutableMap.builder(); options.put("refreshKrb5Config", "true"); options.put("doNotPrompt", "true"); options.put("useKeyTab", "true"); if (getBoolean("presto.client.debugKerberos")) { options.put("debug", "true"); } keytab.ifPresent(file -> options.put("keyTab", file.getAbsolutePath())); credentialCache.ifPresent(file -> { options.put("ticketCache", file.getAbsolutePath()); options.put("useTicketCache", "true"); options.put("renewTGT", "true"); }); principal.ifPresent(value -> options.put("principal", value)); return new AppConfigurationEntry[] { new AppConfigurationEntry(Krb5LoginModule.class.getName(), REQUIRED, options.build()) }; } });
public void createOrUpdateEntry(String name, String loginModule, Map<String, Object> options) { AppConfigurationEntry entry = new AppConfigurationEntry(loginModule, LoginModuleControlFlag.REQUIRED, options); entryMap.put(name, new AppConfigurationEntry[] {entry}); }
public AppConfigurationEntry[] getAppConfigurationEntry( String name ) { Map<String, Object> options = new HashMap<>(); if ( !Strings.isNullOrEmpty( this.keyTabLocation ) && !Strings.isNullOrEmpty( this.userPrincipal ) ) { options.put( USE_KEY_TAB_OPT, Boolean.TRUE.toString() ); options.put( KEY_TAB_OPT, this.keyTabLocation ); options.put( PRINCIPAL_OPT, this.userPrincipal ); options.put( STORE_KEY_OPT, Boolean.TRUE.toString() ); } else { options.put( USE_TICKET_CACHE_OPT, Boolean.TRUE.toString() ); } options.put( DO_NOT_PROMPT_OPT, Boolean.TRUE.toString() ); options.put( IS_INITIATOR_OPT, Boolean.TRUE.toString() ); return new AppConfigurationEntry[] { new AppConfigurationEntry( LOGIN_MODULE_NAME, AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options ) }; } }
public LoginContext getLoginContextFromUsernamePassword( final String principal, final String password ) throws LoginException { Map<String, String> opts = new HashMap<String, String>( LOGIN_CONFIG_OPTS_KERBEROS_USER ); opts.put( "principal", principal ); AppConfigurationEntry[] appConfigurationEntries = new AppConfigurationEntry[] { new AppConfigurationEntry( Krb5LoginModule.class.getName(), LoginModuleControlFlag.REQUIRED, opts ) }; return new LoginContext( KERBEROS_APP_NAME, new Subject(), new CallbackHandler() { @Override public void handle( Callback[] callbacks ) throws IOException, UnsupportedCallbackException { for ( Callback callback : callbacks ) { if ( callback instanceof NameCallback ) { ( (NameCallback) callback ).setName( principal ); } else if ( callback instanceof PasswordCallback ) { ( (PasswordCallback) callback ).setPassword( password.toCharArray() ); } else { throw new UnsupportedCallbackException( callback ); } } } }, new PentahoLoginConfiguration( appConfigurationEntries ) ); }
@Override public AppConfigurationEntry[] getAppConfigurationEntry(String name) { Map<String, String> options = new HashMap<>(); options.put("refreshKrb5Config", "true"); options.put("doNotPrompt", "true"); if (LOG.isDebugEnabled()) { options.put("debug", "true"); } if (config.getKeytab() != null) { options.put("keyTab", config.getKeytab().getAbsolutePath()); } options.put("isInitiator", "false"); options.put("useKeyTab", "true"); options.put("principal", servicePrincipal); options.put("storeKey", "true"); return new AppConfigurationEntry[] {new AppConfigurationEntry(Krb5LoginModule.class.getName(), REQUIRED, options)}; } });
/** * Add a section to the jaas.conf * @param name Section name * @param loginModuleName Login module name * @param conf login key/value args */ public void addSection(String name, String loginModuleName, final Map<String,String> conf) { AppConfigurationEntry[] entries = new AppConfigurationEntry[1]; entries[0] = new AppConfigurationEntry(loginModuleName, LoginModuleControlFlag.REQUIRED, conf); this.sections.put(name, entries); }
public LoginContext getLoginContextFromKerberosCache( String principal ) throws LoginException { Map<String, String> opts = new HashMap<String, String>( LOGIN_CONFIG_OPTS_KERBEROS_USER_NOPASS ); opts.put( "principal", principal ); AppConfigurationEntry[] appConfigurationEntries = new AppConfigurationEntry[] { new AppConfigurationEntry( Krb5LoginModule.class.getName(), LoginModuleControlFlag.REQUIRED, opts ) }; return new LoginContext( KERBEROS_APP_NAME, new Subject(), null, new PentahoLoginConfiguration( appConfigurationEntries ) ); } }
public LoginContext getLoginContextFromKeytab( String principal, String keytab ) throws LoginException { Map<String, String> keytabConfig = new HashMap<String, String>( LOGIN_CONFIG_OPTS_KERBEROS_KEYTAB ); keytabConfig.put( "keyTab", keytab ); keytabConfig.put( "principal", principal ); // Create the configuration and from them, a new login context AppConfigurationEntry config = new AppConfigurationEntry( Krb5LoginModule.class.getName(), LoginModuleControlFlag.REQUIRED, keytabConfig ); AppConfigurationEntry[] configEntries = new AppConfigurationEntry[] { config }; Subject subject = new Subject(); return new LoginContext( KERBEROS_APP_NAME, subject, null, new PentahoLoginConfiguration( configEntries ) ); }
@Override public AppConfigurationEntry[] getAppConfigurationEntry(String name) { Map<String, String> options = new HashMap<>(); options.put("useKeyTab", "false"); options.put("storeKey", "false"); options.put("doNotPrompt", "true"); options.put("useTicketCache", "true"); options.put("renewTGT", "true"); options.put("refreshKrb5Config", "true"); options.put("isInitiator", "true"); String ticketCache = System.getenv("KRB5CCNAME"); if (ticketCache != null) { options.put("ticketCache", ticketCache); } options.put("debug", "true"); return new AppConfigurationEntry[]{ new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options)}; } });
@Override public AppConfigurationEntry[] getAppConfigurationEntry(String name) { Map<String, String> options = new HashMap<>(); options.put("useKeyTab", "false"); options.put("storeKey", "false"); options.put("doNotPrompt", "true"); options.put("useTicketCache", "true"); options.put("renewTGT", "true"); options.put("refreshKrb5Config", "true"); options.put("isInitiator", "true"); String ticketCache = System.getenv("KRB5CCNAME"); if (ticketCache != null) { options.put("ticketCache", ticketCache); } options.put("debug", "true"); return new AppConfigurationEntry[] { new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options) }; } });
public void addEntry(String name, String loginModule, Map<String, Object> options) { AppConfigurationEntry entry = new AppConfigurationEntry(loginModule, LoginModuleControlFlag.REQUIRED, options); AppConfigurationEntry[] existing = entryMap.get(name); AppConfigurationEntry[] newEntries = existing == null ? new AppConfigurationEntry[1] : Arrays.copyOf(existing, existing.length + 1); newEntries[newEntries.length - 1] = entry; entryMap.put(name, newEntries); }
@Before public void setUp() { this.defaultEntries = new AppConfigurationEntry[] { new AppConfigurationEntry( TestLoginModule.class.getName(), LoginModuleControlFlag.REQUIRED, Collections.<String, Object>emptyMap()) }; this.mappedEntries = Collections.<String, AppConfigurationEntry[]>singletonMap( "name", new AppConfigurationEntry[] { new AppConfigurationEntry( TestLoginModule.class.getName(), LoginModuleControlFlag.OPTIONAL, Collections.<String, Object>emptyMap()) }); }
@Override public AppConfigurationEntry[] getAppConfigurationEntry(String name) { ImmutableMap.Builder<String, String> options = ImmutableMap.builder(); options.put("refreshKrb5Config", "true"); options.put("doNotPrompt", "true"); options.put("useKeyTab", "true"); if (getBoolean("presto.client.debugKerberos")) { options.put("debug", "true"); } keytab.ifPresent(file -> options.put("keyTab", file.getAbsolutePath())); credentialCache.ifPresent(file -> { options.put("ticketCache", file.getAbsolutePath()); options.put("useTicketCache", "true"); options.put("renewTGT", "true"); }); principal.ifPresent(value -> options.put("principal", value)); return new AppConfigurationEntry[] { new AppConfigurationEntry(Krb5LoginModule.class.getName(), REQUIRED, options.build()) }; } });
@Override public AppConfigurationEntry[] getAppConfigurationEntry(String name) { Map<String, String> options = new HashMap<String, String>(); options.put("principal", principal); options.put("refreshKrb5Config", "true"); if (IBM_JAVA) { options.put("useKeytab", keytab); options.put("credsType", "both"); } else { options.put("keyTab", keytab); options.put("useKeyTab", "true"); options.put("storeKey", "true"); options.put("doNotPrompt", "true"); options.put("useTicketCache", "true"); options.put("renewTGT", "true"); options.put("isInitiator", Boolean.toString(isInitiator)); } String ticketCache = System.getenv("KRB5CCNAME"); if (ticketCache != null) { options.put("ticketCache", ticketCache); } options.put("debug", "true"); return new AppConfigurationEntry[] { new AppConfigurationEntry(getKrb5LoginModuleName(), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options) }; } }
private void processLoginModules(OperationContext context, ModelNode node, BaseAuthenticationInfo authInfo, LoginModuleContainer container) throws OperationFailedException { for (Property moduleProperty : node.asPropertyList()) { ModelNode module = moduleProperty.getValue(); String codeName = extractCode(context, module, ModulesMap.AUTHENTICATION_MAP); String flag = LoginModuleResourceDefinition.FLAG.resolveModelAttribute(context, module).asString(); LoginModuleControlFlag controlFlag = getControlFlag(flag); Map<String, Object> options = extractOptions(context, module); AppConfigurationEntry entry = new AppConfigurationEntry(codeName, controlFlag, options); container.addAppConfigurationEntry(entry); ModelNode moduleName = LoginModuleResourceDefinition.MODULE.resolveModelAttribute(context, module); if (moduleName.isDefined() && !moduleName.asString().isEmpty()) { authInfo.addJBossModuleName(moduleName.asString()); } else { authInfo.addJBossModuleName(DEFAULT_MODULE); } } }
@Before public void setUp() throws Exception { Configuration configuration = mock(Configuration.class); publisher = mock(ApplicationEventPublisher.class); log = mock(Log.class); provider = new DefaultJaasAuthenticationProvider(); provider.setConfiguration(configuration); provider.setApplicationEventPublisher(publisher); provider.setAuthorityGranters(new AuthorityGranter[] { new TestAuthorityGranter() }); provider.afterPropertiesSet(); AppConfigurationEntry[] aces = new AppConfigurationEntry[] { new AppConfigurationEntry( TestLoginModule.class.getName(), LoginModuleControlFlag.REQUIRED, Collections.<String, Object> emptyMap()) }; when(configuration.getAppConfigurationEntry(provider.getLoginContextName())) .thenReturn(aces); token = new UsernamePasswordAuthenticationToken("user", "password"); ReflectionTestUtils.setField(provider, "log", log); }