/** {@inheritDoc} */ @Override public void stop(StopContext context) { // Trigger a reload of configuration if anything else uses it. synchronized(Configuration.class) { Configuration.setConfiguration(null); } }
private void installJaasConfig() { System.setProperty(JaasUtils.JAVA_LOGIN_CONFIG_PARAM, jassConfigFile); System.setProperty(JaasUtils.ZK_SASL_CLIENT, "false"); Configuration.setConfiguration(null); }
private void resetJaasConfig() { if (previousJassConfig != null) { System.setProperty(JaasUtils.JAVA_LOGIN_CONFIG_PARAM, previousJassConfig); } else { System.clearProperty(JaasUtils.JAVA_LOGIN_CONFIG_PARAM); } Configuration.setConfiguration(null); }
/** {@inheritDoc} */ @Override public void start(StartContext context) throws StartException { SecurityLogger.ROOT_LOGGER.debug("Starting JaasConfigurationService"); // set new configuration synchronized(Configuration.class) { Configuration.setConfiguration(configuration); } }
private void writeConfiguration(List<String> lines) throws IOException { Files.write(jaasConfigFile.toPath(), lines, StandardCharsets.UTF_8); Configuration.setConfiguration(null); }
private String setJaasConfiguration(Configuration config) throws Exception { String keytabFile = config.get(ZK_DTSM_ZK_KERBEROS_KEYTAB, "").trim(); if (keytabFile == null || keytabFile.length() == 0) { throw new IllegalArgumentException(ZK_DTSM_ZK_KERBEROS_KEYTAB + " must be specified"); } String principal = config.get(ZK_DTSM_ZK_KERBEROS_PRINCIPAL, "").trim(); if (principal == null || principal.length() == 0) { throw new IllegalArgumentException(ZK_DTSM_ZK_KERBEROS_PRINCIPAL + " must be specified"); } JaasConfiguration jConf = new JaasConfiguration(JAAS_LOGIN_ENTRY_NAME, principal, keytabFile); javax.security.auth.login.Configuration.setConfiguration(jConf); return principal.split("[/@]")[0]; }
private Login mkLogin() throws IOException { try { //create an authentication callback handler ClientCallbackHandler client_callback_handler = new ClientCallbackHandler(loginConf); //specify a configuration object to be used Configuration.setConfiguration(loginConf); //now login Login login = new Login(ClientAuthUtils.LOGIN_CONTEXT_CLIENT, client_callback_handler); login.startThreadIfNeeded(); return login; } catch (LoginException ex) { LOG.error("Server failed to login in principal:" + ex, ex); throw new RuntimeException(ex); } }
/** * Dynamically sets up the JAAS configuration that uses kerberos * @param principal * @param keyTabFile * @throws IOException */ public static void setZookeeperClientKerberosJaasConfig(String principal, String keyTabFile) throws IOException { // ZooKeeper property name to pick the correct JAAS conf section final String SASL_LOGIN_CONTEXT_NAME = "HiveZooKeeperClient"; System.setProperty(ZooKeeperSaslClient.LOGIN_CONTEXT_NAME_KEY, SASL_LOGIN_CONTEXT_NAME); principal = SecurityUtil.getServerPrincipal(principal, "0.0.0.0"); JaasConfiguration jaasConf = new JaasConfiguration(SASL_LOGIN_CONTEXT_NAME, principal, keyTabFile); // Install the Configuration in the runtime. javax.security.auth.login.Configuration.setConfiguration(jaasConf); }
@Before public void setUp() throws IOException { jaasConfigFile = File.createTempFile("jaas", ".conf"); jaasConfigFile.deleteOnExit(); System.setProperty(JaasUtils.JAVA_LOGIN_CONFIG_PARAM, jaasConfigFile.toString()); Configuration.setConfiguration(null); }
/** * Dynamically sets up the JAAS configuration that uses kerberos * @param principal * @param keyTabFile * @throws IOException */ public static void setZookeeperClientKerberosJaasConfig(String principal, String keyTabFile) throws IOException { // ZooKeeper property name to pick the correct JAAS conf section final String SASL_LOGIN_CONTEXT_NAME = "HiveZooKeeperClient"; System.setProperty(ZooKeeperSaslClient.LOGIN_CONTEXT_NAME_KEY, SASL_LOGIN_CONTEXT_NAME); principal = SecurityUtil.getServerPrincipal(principal, "0.0.0.0"); JaasConfiguration jaasConf = new JaasConfiguration(SASL_LOGIN_CONTEXT_NAME, principal, keyTabFile); // Install the Configuration in the runtime. javax.security.auth.login.Configuration.setConfiguration(jaasConf); }
/** * Dynamically sets up the JAAS configuration that uses kerberos * * @param principal * @param keyTabFile * @throws IOException */ private static String setZookeeperClientKerberosJaasConfig( String saslLoginContextName, String zkPrincipal, String zkKeytab) throws IOException { // ZooKeeper property name to pick the correct JAAS conf section System.setProperty(ZooKeeperSaslClient.LOGIN_CONTEXT_NAME_KEY, saslLoginContextName); String principal = SecurityUtil.getServerPrincipal(zkPrincipal, "0.0.0.0"); JaasConfiguration jaasConf = new JaasConfiguration( saslLoginContextName, principal, zkKeytab); // Install the Configuration in the runtime. javax.security.auth.login.Configuration.setConfiguration(jaasConf); return principal; }
Configuration.setConfiguration(login_conf); LoginContext lc = new LoginContext(ClientAuthUtils.LOGIN_CONTEXT_CLIENT, client_callback_handler); try {
Configuration.setConfiguration(login_conf); LoginContext lc = new LoginContext(AuthUtils.LOGIN_CONTEXT_CLIENT, client_callback_handler); try {
try { Configuration.setConfiguration(loginConf);
/** */ private void resetSaslStaticFields() { Configuration.setConfiguration(null); GridTestUtils.setFieldValue(ZooKeeperSaslClient.class, "initializedLogin", false); GridTestUtils.setFieldValue(ZooKeeperSaslClient.class, "login", null); }
/** * Tests dynamic JAAS configuration property for SASL server. Invalid server credentials * are set in the static JVM-wide configuration instance to ensure that the dynamic * property override is used during authentication. */ @Test public void testServerDynamicJaasConfiguration() throws Exception { SecurityProtocol securityProtocol = SecurityProtocol.SASL_SSL; saslClientConfigs.put(SaslConfigs.SASL_MECHANISM, "PLAIN"); saslServerConfigs.put(BrokerSecurityConfigs.SASL_ENABLED_MECHANISMS_CONFIG, Arrays.asList("PLAIN")); Map<String, Object> serverOptions = new HashMap<>(); serverOptions.put("user_user1", "user1-secret"); serverOptions.put("user_user2", "user2-secret"); saslServerConfigs.put("listener.name.sasl_ssl.plain." + SaslConfigs.SASL_JAAS_CONFIG, TestJaasConfig.jaasConfigProperty("PLAIN", serverOptions)); TestJaasConfig staticJaasConfig = new TestJaasConfig(); staticJaasConfig.createOrUpdateEntry(TestJaasConfig.LOGIN_CONTEXT_SERVER, PlainLoginModule.class.getName(), Collections.emptyMap()); staticJaasConfig.setClientOptions("PLAIN", "user1", "user1-secret"); Configuration.setConfiguration(staticJaasConfig); server = createEchoServer(securityProtocol); // Check that 'user1' can connect with static Jaas config createAndCheckClientConnection(securityProtocol, "1"); // Check that user 'user2' can also connect with a Jaas config override saslClientConfigs.put(SaslConfigs.SASL_JAAS_CONFIG, TestJaasConfig.jaasConfigProperty("PLAIN", "user2", "user2-secret")); createAndCheckClientConnection(securityProtocol, "2"); }
String clientJaasEntryName = "client." + TestJaasConfig.LOGIN_CONTEXT_SERVER; staticJaasConfig.createOrUpdateEntry(clientJaasEntryName, PlainLoginModule.class.getName(), clientListenerServerOptions); Configuration.setConfiguration(staticJaasConfig);
/** * Check if Programmatic way of setting zookeeper security settings is valid. */ @Test public void testIsZooKeeperSecureWithProgrammaticConfig() throws Exception { javax.security.auth.login.Configuration.setConfiguration(new DummySecurityConfiguration()); Configuration config = new Configuration(HBaseConfiguration.create()); boolean testJaasConfig = ZKUtil.isSecureZooKeeper(config); assertFalse(testJaasConfig); // Now set authentication scheme to Kerberos still it should return false // because no configuration set config.set("hbase.security.authentication", "kerberos"); testJaasConfig = ZKUtil.isSecureZooKeeper(config); assertFalse(testJaasConfig); // Now set programmatic options related to security config.set(HConstants.ZK_CLIENT_KEYTAB_FILE, "/dummy/file"); config.set(HConstants.ZK_CLIENT_KERBEROS_PRINCIPAL, "dummy"); config.set(HConstants.ZK_SERVER_KEYTAB_FILE, "/dummy/file"); config.set(HConstants.ZK_SERVER_KERBEROS_PRINCIPAL, "dummy"); testJaasConfig = ZKUtil.isSecureZooKeeper(config); assertTrue(testJaasConfig); }
serverOptions); staticJaasConfig.setClientOptions("PLAIN", "user1", "invalidpassword"); Configuration.setConfiguration(staticJaasConfig); server = createEchoServer(securityProtocol);
public static TestJaasConfig createConfiguration(String clientMechanism, List<String> serverMechanisms) { TestJaasConfig config = new TestJaasConfig(); config.createOrUpdateEntry(LOGIN_CONTEXT_CLIENT, loginModule(clientMechanism), defaultClientOptions(clientMechanism)); for (String mechanism : serverMechanisms) { config.addEntry(LOGIN_CONTEXT_SERVER, loginModule(mechanism), defaultServerOptions(mechanism)); } Configuration.setConfiguration(config); return config; }