private JaasConfiguration(String loginContextName, String principal, String keytabFile, boolean useTicketCache) { try { this.baseConfig = javax.security.auth.login.Configuration.getConfiguration(); } catch (SecurityException e) { this.baseConfig = null; } this.loginContextName = loginContextName; this.useTicketCache = useTicketCache; this.keytabFile = keytabFile; this.principal = principal; LOG.info("JaasConfiguration loginContextName=" + loginContextName + " principal=" + principal + " useTicketCache=" + useTicketCache + " keytabFile=" + keytabFile); }
@Override public void afterPropertiesSet() throws Exception { // the superclass is not called because it does additional checks that are // non-passive Assert.hasLength(getLoginContextName(), () -> "loginContextName must be set on " + getClass()); Assert.notNull(this.loginConfig, () -> "loginConfig must be set on " + getClass()); configureJaas(this.loginConfig); Assert.notNull(Configuration.getConfiguration(), "As per http://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/Configuration.html " + "\"If a Configuration object was set via the Configuration.setConfiguration method, then that object is " + "returned. Otherwise, a default Configuration object is returned\". Your JRE returned null to " + "Configuration.getConfiguration()."); }
public static boolean isZkSecurityEnabled() { boolean zkSaslEnabled = Boolean.parseBoolean(System.getProperty(ZK_SASL_CLIENT, "true")); String zkLoginContextName = System.getProperty(ZK_LOGIN_CONTEXT_NAME_KEY, "Client"); boolean isSecurityEnabled; try { Configuration loginConf = Configuration.getConfiguration(); isSecurityEnabled = loginConf.getAppConfigurationEntry(zkLoginContextName) != null; } catch (Exception e) { throw new KafkaException("Exception while loading Zookeeper JAAS login context '" + zkLoginContextName + "'", e); } if (isSecurityEnabled && !zkSaslEnabled) { LOG.error("JAAS configuration is present, but system property " + ZK_SASL_CLIENT + " is set to false, which disables " + "SASL in the ZooKeeper client"); throw new KafkaException("Exception while determining if ZooKeeper is secure"); } return isSecurityEnabled; } }
@Override public void afterPropertiesSet() throws Exception { // the superclass is not called because it does additional checks that are // non-passive Assert.hasLength(getLoginContextName(), () -> "loginContextName must be set on " + getClass()); Assert.notNull(this.loginConfig, () -> "loginConfig must be set on " + getClass()); configureJaas(this.loginConfig); Assert.notNull(Configuration.getConfiguration(), "As per http://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/Configuration.html " + "\"If a Configuration object was set via the Configuration.setConfiguration method, then that object is " + "returned. Otherwise, a default Configuration object is returned\". Your JRE returned null to " + "Configuration.getConfiguration()."); }
Configuration jaasConfig = Configuration.getConfiguration();
/** * Hook method for configuring Jaas. * * @param loginConfig URL to Jaas login configuration * * @throws IOException if there is a problem reading the config resource. */ protected void configureJaas(Resource loginConfig) throws IOException { configureJaasUsingLoop(); if (this.refreshConfigurationOnStartup) { // Overcome issue in SEC-760 Configuration.getConfiguration().refresh(); } }
/** * Hook method for configuring Jaas. * * @param loginConfig URL to Jaas login configuration * * @throws IOException if there is a problem reading the config resource. */ protected void configureJaas(Resource loginConfig) throws IOException { configureJaasUsingLoop(); if (this.refreshConfigurationOnStartup) { // Overcome issue in SEC-760 Configuration.getConfiguration().refresh(); } }
public static void install(SecurityConfiguration config, Map<String, ClientSecurityConfiguration> clientSecurityConfigurationMap) throws Exception { SecurityUtils.install(config); // install dynamic JAAS entries for (SecurityModuleFactory factory : config.getSecurityModuleFactories()) { if (factory instanceof JaasModuleFactory) { DynamicConfiguration jaasConf = (DynamicConfiguration) javax.security.auth.login.Configuration.getConfiguration(); for (Map.Entry<String, ClientSecurityConfiguration> e : clientSecurityConfigurationMap.entrySet()) { AppConfigurationEntry entry = KerberosUtils.keytabEntry( e.getValue().getKeytab(), e.getValue().getPrincipal()); jaasConf.addAppConfigurationEntry(e.getKey(), entry); } break; } } }
/** * Returns whether or not secure authentication is enabled * (whether <code>hbase.security.authentication</code> is set to * <code>kerberos</code>. */ public static boolean isSecureZooKeeper(Configuration conf) { // Detection for embedded HBase client with jaas configuration // defined for third party programs. try { javax.security.auth.login.Configuration testConfig = javax.security.auth.login.Configuration.getConfiguration(); if (testConfig.getAppConfigurationEntry("Client") == null && testConfig.getAppConfigurationEntry( JaasConfiguration.CLIENT_KEYTAB_KERBEROS_CONFIG_NAME) == null && testConfig.getAppConfigurationEntry( JaasConfiguration.SERVER_KEYTAB_KERBEROS_CONFIG_NAME) == null && conf.get(HConstants.ZK_CLIENT_KERBEROS_PRINCIPAL) == null && conf.get(HConstants.ZK_SERVER_KERBEROS_PRINCIPAL) == null) { return false; } } catch(Exception e) { // No Jaas configuration defined. return false; } // Master & RSs uses hbase.zookeeper.client.* return "kerberos".equalsIgnoreCase(conf.get("hbase.security.authentication")); }
SecurityException securityException = null; try { entries = Configuration.getConfiguration().getAppConfigurationEntry(serverSection); } catch (SecurityException e) { saslServerCallbackHandler = new SaslServerCallbackHandler(Configuration.getConfiguration()); login = new Login(serverSection, saslServerCallbackHandler, new ZKConfig() ); login.startThreadIfNeeded();
public SaslQuorumAuthServer(boolean quorumRequireSasl, String loginContext, Set<String> authzHosts) throws SaslException { this.quorumRequireSasl = quorumRequireSasl; try { AppConfigurationEntry entries[] = Configuration.getConfiguration() .getAppConfigurationEntry(loginContext); if (entries == null || entries.length == 0) { throw new LoginException("SASL-authentication failed" + " because the specified JAAS configuration " + "section '" + loginContext + "' could not be found."); } SaslQuorumServerCallbackHandler saslServerCallbackHandler = new SaslQuorumServerCallbackHandler( Configuration.getConfiguration(), loginContext, authzHosts); serverLogin = new Login(loginContext, saslServerCallbackHandler, new ZKConfig()); serverLogin.startThreadIfNeeded(); } catch (Throwable e) { throw new SaslException( "Failed to initialize authentication mechanism using SASL", e); } }
public SaslQuorumAuthServer(boolean quorumRequireSasl, String loginContext, Set<String> authzHosts) throws SaslException { this.quorumRequireSasl = quorumRequireSasl; try { AppConfigurationEntry entries[] = Configuration.getConfiguration() .getAppConfigurationEntry(loginContext); if (entries == null || entries.length == 0) { throw new LoginException("SASL-authentication failed" + " because the specified JAAS configuration " + "section '" + loginContext + "' could not be found."); } SaslQuorumServerCallbackHandler saslServerCallbackHandler = new SaslQuorumServerCallbackHandler( Configuration.getConfiguration(), loginContext, authzHosts); serverLogin = new Login(loginContext, saslServerCallbackHandler); serverLogin.startThreadIfNeeded(); } catch (Throwable e) { throw new SaslException( "Failed to initialize authentication mechanism using SASL", e); } }
((javax.security.auth.login.Configuration.getConfiguration() != null) && (javax.security.auth.login.Configuration.getConfiguration(). getAppConfigurationEntry(System. getProperty(ZooKeeperSaslClient.LOGIN_CONTEXT_NAME_KEY,"Client"))
|| ((Configuration.getConfiguration() != null) && (Configuration.getConfiguration() .getAppConfigurationEntry(clientConfig.getProperty(ZKClientConfig.LOGIN_CONTEXT_NAME_KEY, ZKClientConfig.LOGIN_CONTEXT_NAME_KEY_DEFAULT)) != null))) {
public SaslQuorumAuthLearner(boolean quorumRequireSasl, String quorumServicePrincipal, String loginContext) throws SaslException { this.quorumRequireSasl = quorumRequireSasl; this.quorumServicePrincipal = quorumServicePrincipal; try { AppConfigurationEntry entries[] = Configuration .getConfiguration() .getAppConfigurationEntry(loginContext); if (entries == null || entries.length == 0) { throw new LoginException("SASL-authentication failed because" + " the specified JAAS configuration " + "section '" + loginContext + "' could not be found."); } this.learnerLogin = new Login(loginContext, new SaslClientCallbackHandler(null, "QuorumLearner"), new ZKConfig()); this.learnerLogin.startThreadIfNeeded(); } catch (LoginException e) { throw new SaslException("Failed to initialize authentication mechanism using SASL", e); } }
public SaslQuorumAuthLearner(boolean quorumRequireSasl, String quorumServicePrincipal, String loginContext) throws SaslException { this.quorumRequireSasl = quorumRequireSasl; this.quorumServicePrincipal = quorumServicePrincipal; try { AppConfigurationEntry entries[] = Configuration .getConfiguration() .getAppConfigurationEntry(loginContext); if (entries == null || entries.length == 0) { throw new LoginException("SASL-authentication failed because" + " the specified JAAS configuration " + "section '" + loginContext + "' could not be found."); } this.learnerLogin = new Login(loginContext, new SaslClientCallbackHandler(null, "QuorumLearner")); this.learnerLogin.startThreadIfNeeded(); } catch (LoginException e) { throw new SaslException("Failed to initialize authentication mechanism using SASL", e); } }
AppConfigurationEntry[] staticEntries = Configuration.getConfiguration().getAppConfigurationEntry(serverContextName); for (int i = 0; i < moduleCount; i++) { AppConfigurationEntry staticEntry = staticEntries[i];
RuntimeException runtimeException = null; try { entries = Configuration.getConfiguration() .getAppConfigurationEntry(clientSection); } catch (SecurityException e) {
private void checkConfiguration(String jaasConfigProp, String loginModule, LoginModuleControlFlag controlFlag, Map<String, Object> options) throws Exception { AppConfigurationEntry dynamicEntry = configurationEntry(JaasContext.Type.CLIENT, jaasConfigProp); checkEntry(dynamicEntry, loginModule, controlFlag, options); assertNull("Static configuration updated", Configuration.getConfiguration().getAppConfigurationEntry(JaasContext.Type.CLIENT.name())); writeConfiguration(JaasContext.Type.SERVER.name(), jaasConfigProp); AppConfigurationEntry staticEntry = configurationEntry(JaasContext.Type.SERVER, null); checkEntry(staticEntry, loginModule, controlFlag, options); }
@Test public void testSaslConfig() throws Exception { ZooKeeper zk = createClient(); try { zk.getChildren("/", false); Assert.assertFalse(zk.getSaslClient(). clientTunneledAuthenticationInProgress()); Assert.assertEquals(zk.getSaslClient().getSaslState(), ZooKeeperSaslClient.SaslState.COMPLETE); Assert.assertNotNull( javax.security.auth.login.Configuration.getConfiguration(). getAppConfigurationEntry("MyZookeeperClient")); Assert.assertSame(zk.getSaslClient().getLoginContext(), "MyZookeeperClient"); } catch (KeeperException e) { Assert.fail("test failed :" + e); } finally { zk.close(); } }