@Override public LoginContext login() throws LoginException { loginContext = new LoginContext(contextName, null, loginCallbackHandler, configuration); loginContext.login(); log.info("Successfully logged in."); return loginContext; }
public Subject getSubject() { Subject subject = new Subject(false, ImmutableSet.of(principal), emptySet(), emptySet()); try { LoginContext loginContext = new LoginContext("", subject, null, configuration); loginContext.login(); return loginContext.getSubject(); } catch (LoginException e) { throw new RuntimeException(e); } }
private void initializeKerberosLogin() throws ServletException { String keytab; try { if (serverPrincipal == null || serverPrincipal.trim().length() == 0) { throw new ServletException("Principal not defined in configuration"); } keytab = serverKeytab; if (keytab == null || keytab.trim().length() == 0) { throw new ServletException("Keytab not defined in configuration"); } if (!new File(keytab).exists()) { throw new ServletException("Keytab does not exist: " + keytab); } Set<Principal> principals = new HashSet<Principal>(); principals.add(new KerberosPrincipal(serverPrincipal)); Subject subject = new Subject(false, principals, new HashSet<Object>(), new HashSet<Object>()); DruidKerberosConfiguration kerberosConfiguration = new DruidKerberosConfiguration(keytab, serverPrincipal); log.info("Login using keytab " + keytab + ", for principal " + serverPrincipal); loginContext = new LoginContext("", subject, null, kerberosConfiguration); loginContext.login(); log.info("Initialized, principal %s from keytab %s", serverPrincipal, keytab); } catch (Exception ex) { throw new ServletException(ex); } }
private SSLEngine loadOpenSslEngine(ByteBufAllocator alloc, String realKeyStoreProvider, String realKeyStorePath, String realKeyStorePassword, String realTrustStoreProvider, String realTrustStorePath, String realTrustStorePassword) throws Exception { SslContext context = SSLSupport.createNettyClientContext(realKeyStoreProvider, realKeyStorePath, realKeyStorePassword, realTrustStoreProvider, realTrustStorePath, realTrustStorePassword, sslProvider, trustAll); Subject subject = null; if (kerb5Config != null) { LoginContext loginContext = new LoginContext(kerb5Config); loginContext.login(); subject = loginContext.getSubject(); verifyHost = true; } SSLEngine engine = Subject.doAs(subject, new PrivilegedExceptionAction<SSLEngine>() { @Override public SSLEngine run() { if (verifyHost) { return context.newEngine(alloc, sniHost != null ? sniHost : host, port); } else { return context.newEngine(alloc); } } }); return engine; }
for (int numExpectedRefreshes : new int[] {0, 1, 2}) { for (boolean clientReloginAllowedBeforeLogout : new boolean[] {true, false}) { Subject subject = new Subject(); final LoginContext mockLoginContext = mock(LoginContext.class); when(mockLoginContext.getSubject()).thenReturn(subject); inOrder.verify(mockLoginContext).login(); inOrder.verify(mockLoginContext).getSubject(); for (int i = 0; i < numExpectedRefreshes; ++i) { if (clientReloginAllowedBeforeLogout) { inOrder.verify(mockLoginContext).login(); inOrder.verify(mockLoginContext).logout(); } else { inOrder.verify(mockLoginContext).logout(); inOrder.verify(mockLoginContext).login();
/** * Performs a login using the specified principal and keytab. * * @throws LoginException if the login fails */ @Override public synchronized void login() throws LoginException { if (isLoggedIn()) { return; } try { // If it's the first time ever calling login then we need to initialize a new context if (loginContext == null) { LOGGER.debug("Initializing new login context..."); this.subject = new Subject(); this.loginContext = createLoginContext(subject); } loginContext.login(); loggedIn.set(true); LOGGER.debug("Successful login for {}", new Object[]{principal}); } catch (LoginException le) { throw new LoginException("Unable to login with " + principal + " due to: " + le.getMessage()); } }
tmpLoginContext.login(); log.info("Successfully logged in."); loginContext = tmpLoginContext; subject = loginContext.getSubject(); expiringCredential = expiringCredential(); hasExpiringCredential = expiringCredential != null;
private Subject getServiceSubject( ClientLoginConfig loginConfig ) throws Exception { Set<Principal> princ = new HashSet<>( 1 ); princ.add( new KerberosPrincipal( this.principal ) ); Subject sub = new Subject( false, princ, new HashSet(), new HashSet() ); loginContext = new LoginContext( "", sub, null, loginConfig ); loginContext.login(); return loginContext.getSubject(); }
@Override public SecurityContext authenticate(String username, String password, X509Certificate[] certificates) throws SecurityException { SecurityContext result = null; JassCredentialCallbackHandler callback = new JassCredentialCallbackHandler(username, password); try { LoginContext lc = new LoginContext(jassConfiguration, callback); lc.login(); Subject subject = lc.getSubject(); result = new JaasSecurityContext(username, subject); } catch (Exception ex) { throw new SecurityException("User name [" + username + "] or password is invalid.", ex); } return result; } }
final Subject subject = new Subject(); final LoginContext lc; try { lc = new LoginContext("KDC", subject, (c) -> { throw new FastUnsupportedCallbackException(c[0]); }, configuration); lc.login(); log.tracef("Logging in using LoginContext and subject [%s] succeed", subject);
boolean clientReloginAllowedBeforeLogout = true; final LoginContext mockLoginContext = mock(LoginContext.class); Subject subject = new Subject(); when(mockLoginContext.getSubject()).thenReturn(subject); inOrder.verify(mockLoginContext).login(); for (int i = 0; i < numExpectedRefreshes; ++i) { inOrder.verify(mockLoginContext).login(); inOrder.verify(mockLoginContext).logout();
private synchronized LoginContext login(final String loginContextName) throws LoginException { if (loginContextName == null) { throw new LoginException("loginContext name (JAAS file section header) was null. " + "Please check your java.security.login.auth.config (=" + System.getProperty("java.security.login.auth.config") + ") and your " + ZooKeeperSaslClient.LOGIN_CONTEXT_NAME_KEY + "(=" + System.getProperty(ZooKeeperSaslClient.LOGIN_CONTEXT_NAME_KEY, "Client") + ")"); } LoginContext loginContext = new LoginContext(loginContextName, callbackHandler); loginContext.login(); LOG.info("successfully logged in."); return loginContext; }
loginContext.login(); Set<Principal> principals = loginContext.getSubject().getPrincipals();
static Subject getSubject() throws Exception { if (!secure) return new Subject(); LoginContext context = new LoginContext("", new Subject(), null, new Configuration() { @Override context.login(); return context.getSubject();
LoginContext loginContext = new LoginContext(kerb5Config); loginContext.login(); subject = loginContext.getSubject(); verifyHost = true;
/** * This test verifies whether the simple login works in JAAS framework. * Simple mode login get the OS user and convert to Alluxio user. */ @Test public void simpleLogin() throws Exception { String clazzName = LoginModuleConfigurationUtils.OS_PRINCIPAL_CLASS_NAME; @SuppressWarnings("unchecked") Class<? extends Principal> clazz = (Class<? extends Principal>) ClassLoader .getSystemClassLoader().loadClass(clazzName); Subject subject = new Subject(); // login, add OS user into subject, and add corresponding Alluxio user into subject LoginContext loginContext = new LoginContext("simple", subject, null, new LoginModuleConfiguration()); loginContext.login(); // verify whether OS user and Alluxio user is added. assertFalse(subject.getPrincipals(clazz).isEmpty()); assertFalse(subject.getPrincipals(User.class).isEmpty()); // logout and verify the user is removed loginContext.logout(); assertTrue(subject.getPrincipals(User.class).isEmpty()); // logout twice should be no-op. loginContext.logout(); assertTrue(subject.getPrincipals(User.class).isEmpty()); }
int numExpectedRefreshes = 1; boolean clientReloginAllowedBeforeLogout = true; Subject subject = new Subject(); final LoginContext mockLoginContext = mock(LoginContext.class); when(mockLoginContext.getSubject()).thenReturn(subject); inOrder.verify(mockLoginContext).login(); for (int i = 0; i < numExpectedRefreshes; ++i) { inOrder.verify(mockLoginContext).login(); inOrder.verify(mockLoginContext).logout();
private synchronized LoginContext login(final String loginContextName) throws LoginException { if (loginContextName == null) { throw new LoginException("loginContext name (JAAS file section header) was null. " + "Please check your java.security.login.auth.config (=" + System.getProperty("java.security.login.auth.config") + ") and your " + getLoginContextMessage()); } LoginContext loginContext = new LoginContext(loginContextName,callbackHandler); loginContext.login(); LOG.info("{} successfully logged in.", loginContextName); return loginContext; }
@Override public boolean verifyEvidence(final Evidence evidence) throws RealmUnavailableException { Assert.checkNotNullParam("evidence", evidence); if (evidence instanceof PasswordGuessEvidence) { this.subject = null; boolean successfulLogin; final CallbackHandler callbackHandler = createCallbackHandler(principal, (PasswordGuessEvidence) evidence); final Subject subject = new Subject(); final LoginContext context = createLoginContext(loginConfiguration, subject, callbackHandler); log.tracef("Trying to authenticate subject %s using LoginContext %s using JaasSecurityRealm", principal, context); try { context.login(); successfulLogin = true; this.subject = subject; } catch (LoginException le) { ElytronMessages.log.debugJAASAuthenticationFailure(principal, le); successfulLogin = false; } return successfulLogin; } else { return false; } }