public JaasContext(String name, Type type, Configuration configuration, Password dynamicJaasConfig) { this.name = name; this.type = type; this.configuration = configuration; AppConfigurationEntry[] entries = configuration.getAppConfigurationEntry(name); if (entries == null) throw new IllegalArgumentException("Could not find a '" + name + "' entry in this JAAS configuration."); this.configurationEntries = Collections.unmodifiableList(new ArrayList<>(Arrays.asList(entries))); this.dynamicJaasConfig = dynamicJaasConfig; }
public ServerCallbackHandler(Configuration configuration, boolean impersonationAllowed) throws IOException { this.impersonationAllowed = impersonationAllowed; if (configuration == null) { return; } AppConfigurationEntry configurationEntries[] = configuration.getAppConfigurationEntry(ClientAuthUtils.LOGIN_CONTEXT_SERVER); if (configurationEntries == null) { String errorMessage = "Could not find a '" + ClientAuthUtils.LOGIN_CONTEXT_SERVER + "' entry in this configuration: Server cannot start."; LOG.error(errorMessage); throw new IOException(errorMessage); } }
public ServerCallbackHandler(Configuration configuration, Map stormConf) throws IOException { if (configuration == null) return; AppConfigurationEntry configurationEntries[] = configuration.getAppConfigurationEntry(AuthUtils.LOGIN_CONTEXT_SERVER); if (configurationEntries == null) { String errorMessage = "Could not find a '" + AuthUtils.LOGIN_CONTEXT_SERVER + "' entry in this configuration: Server cannot start."; LOG.error(errorMessage); throw new IOException(errorMessage); } }
/** * Get configurations for a section * * @param configuration The config to pull the key/value pairs out of. * @param section The app configuration entry name to get stuff from. * @return Return array of config entries or null if configuration is null */ public static AppConfigurationEntry[] getEntries(Configuration configuration, String section) throws IOException { if (configuration == null) { return null; } AppConfigurationEntry configurationEntries[] = configuration.getAppConfigurationEntry(section); if (configurationEntries == null) { String errorMessage = "Could not find a '" + section + "' entry in this configuration."; throw new IOException(errorMessage); } return configurationEntries; }
@Override public AppConfigurationEntry[] getAppConfigurationEntry(String name) { return (entryName.equals(name)) ? entry : ((baseConfig != null) ? baseConfig.getAppConfigurationEntry(name) : null); }
/** * Constructor based on a JAAS configuration * * For digest, you should have a pair of user name and password defined in this figgure. * * @param configuration * @throws IOException */ public ClientCallbackHandler(Configuration configuration) throws IOException { if (configuration == null) { return; } AppConfigurationEntry configurationEntries[] = configuration.getAppConfigurationEntry(ClientAuthUtils.LOGIN_CONTEXT_CLIENT); if (configurationEntries == null) { String errorMessage = "Could not find a '" + ClientAuthUtils.LOGIN_CONTEXT_CLIENT + "' entry in this configuration: Client cannot start."; LOG.error(errorMessage); throw new IOException(errorMessage); } }
private static String getServiceName(Map<String, ?> configs, String contextName, Configuration configuration) { List<AppConfigurationEntry> configEntries = Arrays.asList(configuration.getAppConfigurationEntry(contextName)); String jaasServiceName = JaasContext.configEntryOption(configEntries, JaasUtils.SERVICE_NAME, null); String configServiceName = (String) configs.get(SaslConfigs.SASL_KERBEROS_SERVICE_NAME); if (jaasServiceName != null && configServiceName != null && !jaasServiceName.equals(configServiceName)) { String message = String.format("Conflicting serviceName values found in JAAS and Kafka configs " + "value in JAAS file %s, value in Kafka config %s", jaasServiceName, configServiceName); throw new IllegalArgumentException(message); } if (jaasServiceName != null) return jaasServiceName; if (configServiceName != null) return configServiceName; throw new IllegalArgumentException("No serviceName defined in either JAAS or Kafka config"); }
/** * Constructor based on a JAAS configuration * * For digest, you should have a pair of user name and password defined in this figgure. * * @param configuration * @throws IOException */ public ClientCallbackHandler(Configuration configuration) throws IOException { if (configuration == null) return; AppConfigurationEntry configurationEntries[] = configuration.getAppConfigurationEntry(AuthUtils.LOGIN_CONTEXT_CLIENT); if (configurationEntries == null) { String errorMessage = "Could not find a '" + AuthUtils.LOGIN_CONTEXT_CLIENT + "' entry in this configuration: Client cannot start."; LOG.error(errorMessage); throw new IOException(errorMessage); } }
public static String get(Configuration configuration, String section, String key) throws IOException { AppConfigurationEntry configurationEntries[] = configuration.getAppConfigurationEntry(section); if (configurationEntries == null) { String errorMessage = "Could not find a '" + section + "' entry in this configuration."; throw new IOException(errorMessage); } for (AppConfigurationEntry entry : configurationEntries) { Object val = entry.getOptions().get(key); if (val != null) return (String) val; } return null; } }
configEntries = jaasConfig.getAppConfigurationEntry(listenerContextName); if (configEntries != null) contextName = listenerContextName; configEntries = jaasConfig.getAppConfigurationEntry(globalContextName);
public static boolean isZkSecurityEnabled() { boolean zkSaslEnabled = Boolean.parseBoolean(System.getProperty(ZK_SASL_CLIENT, "true")); String zkLoginContextName = System.getProperty(ZK_LOGIN_CONTEXT_NAME_KEY, "Client"); boolean isSecurityEnabled; try { Configuration loginConf = Configuration.getConfiguration(); isSecurityEnabled = loginConf.getAppConfigurationEntry(zkLoginContextName) != null; } catch (Exception e) { throw new KafkaException("Exception while loading Zookeeper JAAS login context '" + zkLoginContextName + "'", e); } if (isSecurityEnabled && !zkSaslEnabled) { LOG.error("JAAS configuration is present, but system property " + ZK_SASL_CLIENT + " is set to false, which disables " + "SASL in the ZooKeeper client"); throw new KafkaException("Exception while determining if ZooKeeper is secure"); } return isSecurityEnabled; } }
@Override public void configure(Map<String, ?> configs, String contextName, Configuration configuration, AuthenticateCallbackHandler callbackHandler) { assertEquals(1, configuration.getAppConfigurationEntry(contextName).length); this.contextName = contextName; this.configuration = configuration; }
@Test public void getNonExistentSectionTest() throws IOException { Map<String, String> optionMap = new HashMap<String, String>(); AppConfigurationEntry entry = Mockito.mock(AppConfigurationEntry.class); Mockito.<Map<String, ?>>when(entry.getOptions()).thenReturn(optionMap); String section = "bogus-section"; Configuration mockConfig = Mockito.mock(Configuration.class); Mockito.when(mockConfig.getAppConfigurationEntry(section)) .thenReturn(new AppConfigurationEntry[]{ entry }); Assert.assertNull( ClientAuthUtils.get(mockConfig, section, "nonexistent-key")); }
@Test public void getFirstValueForValidKeyTest() throws IOException { String k = "the-key"; String expected = "good-value"; Map<String, String> optionMap = new HashMap<String, String>(); optionMap.put(k, expected); Map<String, String> badOptionMap = new HashMap<String, String>(); badOptionMap.put(k, "bad-value"); AppConfigurationEntry emptyEntry = Mockito.mock(AppConfigurationEntry.class); AppConfigurationEntry badEntry = Mockito.mock(AppConfigurationEntry.class); AppConfigurationEntry goodEntry = Mockito.mock(AppConfigurationEntry.class); Mockito.<Map<String, ?>>when(emptyEntry.getOptions()).thenReturn(new HashMap<String, String>()); Mockito.<Map<String, ?>>when(badEntry.getOptions()).thenReturn(badOptionMap); Mockito.<Map<String, ?>>when(goodEntry.getOptions()).thenReturn(optionMap); String section = "bogus-section"; Configuration mockConfig = Mockito.mock(Configuration.class); Mockito.when(mockConfig.getAppConfigurationEntry(section)) .thenReturn(new AppConfigurationEntry[]{ emptyEntry, goodEntry, badEntry }); Assert.assertEquals( ClientAuthUtils.get(mockConfig, section, k), expected); }
AppConfigurationEntry[] dynamicEntries = configuration.getAppConfigurationEntry(clientContextName); assertEquals(moduleCount, dynamicEntries.length); AppConfigurationEntry[] staticEntries = Configuration.getConfiguration().getAppConfigurationEntry(serverContextName); for (int i = 0; i < moduleCount; i++) { AppConfigurationEntry staticEntry = staticEntries[i];
public SaslQuorumAuthServer(boolean quorumRequireSasl, String loginContext, Set<String> authzHosts) throws SaslException { this.quorumRequireSasl = quorumRequireSasl; try { AppConfigurationEntry entries[] = Configuration.getConfiguration() .getAppConfigurationEntry(loginContext); if (entries == null || entries.length == 0) { throw new LoginException("SASL-authentication failed" + " because the specified JAAS configuration " + "section '" + loginContext + "' could not be found."); } SaslQuorumServerCallbackHandler saslServerCallbackHandler = new SaslQuorumServerCallbackHandler( Configuration.getConfiguration(), loginContext, authzHosts); serverLogin = new Login(loginContext, saslServerCallbackHandler, new ZKConfig()); serverLogin.startThreadIfNeeded(); } catch (Throwable e) { throw new SaslException( "Failed to initialize authentication mechanism using SASL", e); } }
public SaslQuorumAuthLearner(boolean quorumRequireSasl, String quorumServicePrincipal, String loginContext) throws SaslException { this.quorumRequireSasl = quorumRequireSasl; this.quorumServicePrincipal = quorumServicePrincipal; try { AppConfigurationEntry entries[] = Configuration .getConfiguration() .getAppConfigurationEntry(loginContext); if (entries == null || entries.length == 0) { throw new LoginException("SASL-authentication failed because" + " the specified JAAS configuration " + "section '" + loginContext + "' could not be found."); } this.learnerLogin = new Login(loginContext, new SaslClientCallbackHandler(null, "QuorumLearner"), new ZKConfig()); this.learnerLogin.startThreadIfNeeded(); } catch (LoginException e) { throw new SaslException("Failed to initialize authentication mechanism using SASL", e); } }
@Before public void setUp() throws Exception { Configuration configuration = mock(Configuration.class); publisher = mock(ApplicationEventPublisher.class); log = mock(Log.class); provider = new DefaultJaasAuthenticationProvider(); provider.setConfiguration(configuration); provider.setApplicationEventPublisher(publisher); provider.setAuthorityGranters(new AuthorityGranter[] { new TestAuthorityGranter() }); provider.afterPropertiesSet(); AppConfigurationEntry[] aces = new AppConfigurationEntry[] { new AppConfigurationEntry( TestLoginModule.class.getName(), LoginModuleControlFlag.REQUIRED, Collections.<String, Object> emptyMap()) }; when(configuration.getAppConfigurationEntry(provider.getLoginContextName())) .thenReturn(aces); token = new UsernamePasswordAuthenticationToken("user", "password"); ReflectionTestUtils.setField(provider, "log", log); }
private void checkConfiguration(String jaasConfigProp, String loginModule, LoginModuleControlFlag controlFlag, Map<String, Object> options) throws Exception { AppConfigurationEntry dynamicEntry = configurationEntry(JaasContext.Type.CLIENT, jaasConfigProp); checkEntry(dynamicEntry, loginModule, controlFlag, options); assertNull("Static configuration updated", Configuration.getConfiguration().getAppConfigurationEntry(JaasContext.Type.CLIENT.name())); writeConfiguration(JaasContext.Type.SERVER.name(), jaasConfigProp); AppConfigurationEntry staticEntry = configurationEntry(JaasContext.Type.SERVER, null); checkEntry(staticEntry, loginModule, controlFlag, options); }
@Test public void testSaslConfig() throws Exception { ZooKeeper zk = createClient(); try { zk.getChildren("/", false); Assert.assertFalse(zk.getSaslClient(). clientTunneledAuthenticationInProgress()); Assert.assertEquals(zk.getSaslClient().getSaslState(), ZooKeeperSaslClient.SaslState.COMPLETE); Assert.assertNotNull( javax.security.auth.login.Configuration.getConfiguration(). getAppConfigurationEntry("MyZookeeperClient")); Assert.assertSame(zk.getSaslClient().getLoginContext(), "MyZookeeperClient"); } catch (KeeperException e) { Assert.fail("test failed :" + e); } finally { zk.close(); } }