@PreDestroy public void shutdown() { try { loginContext.logout(); } catch (LoginException e) { throw new RuntimeException(e); } }
@Override public void afterResponse( HandshakeResponse hr ) { try { if ( loginContext != null ) { loginContext.logout(); } } catch ( LoginException e ) { e.printStackTrace(); //work is done just ignore } }
@Override public void logout() throws LoginException { synchronized(getSubjectLock()) { if (isLoggedIn.compareAndSet(true, false)) { super.logout(); } } } }
@Override public void destroy() { keytab = null; serverSubject = null; for (LoginContext loginContext : loginContexts) { try { loginContext.logout(); } catch (LoginException ex) { log.warn(ex, ex.getMessage()); } } loginContexts.clear(); }
@Override public void logout() throws LoginException { /* * Here is where we get the functionality of a mock while simultaneously * performing the removal of an expiring credential */ mockLoginContext.logout(); testExpiringCredentialRefreshingLogin.clearExpiringCredential(); }
/** * Re-login a principal. This method assumes that {@link #login()} has happened already. * @throws javax.security.auth.login.LoginException on a failure */ private void reLogin() throws LoginException { if (!isKrbTicket) { return; } if (loginContext == null) { throw new LoginException("Login must be done first"); } if (!hasSufficientTimeElapsed()) { return; } synchronized (KerberosLogin.class) { log.info("Initiating logout for {}", principal); // register most recent relogin attempt lastLogin = currentElapsedTime(); //clear up the kerberos state. But the tokens are not cleared! As per //the Java kerberos login module code, only the kerberos credentials //are cleared loginContext.logout(); //login and also update the subject field of this instance to //have the new credentials (pass it to the LoginContext constructor) loginContext = new LoginContext(contextName(), subject, null, configuration()); log.info("Initiating re-login for {}", principal); loginContext.login(); } }
/** * Performs a logout of the current user. * * @throws LoginException if the logout fails */ @Override public synchronized void logout() throws LoginException { if (!isLoggedIn()) { return; } try { loginContext.logout(); loggedIn.set(false); LOGGER.debug("Successful logout for {}", new Object[]{principal}); subject = null; loginContext = null; } catch (LoginException e) { throw new LoginException("Logout failed due to: " + e.getMessage()); } }
/** * Re-login a principal. This method assumes that {@link #login(String)} has happened already. * @throws javax.security.auth.login.LoginException on a failure */ // c.f. HADOOP-6559 private synchronized void reLogin() throws LoginException { if (!isKrbTicket) { return; } LoginContext login = getLogin(); if (login == null) { throw new LoginException("login must be done first"); } sleepUntilSufficientTimeElapsed(); LOG.info("Initiating logout for " + principal); synchronized (Login.class) { //clear up the kerberos state. But the tokens are not cleared! As per //the Java kerberos login module code, only the kerberos credentials //are cleared login.logout(); //login and also update the subject field of this instance to //have the new credentials (pass it to the LoginContext constructor) login = new LoginContext(loginContextName, getSubject()); LOG.info("Initiating re-login for " + principal); login.login(); setLogin(login); } } }
login.logout();
saveTGT(tgt, credentials); } finally { lc.logout();
saveTGT(tgt, credentials); } finally { lc.logout();
@Test public void logoutLoginException() throws Exception { SessionDestroyedEvent event = mock(SessionDestroyedEvent.class); SecurityContext securityContext = mock(SecurityContext.class); JaasAuthenticationToken token = mock(JaasAuthenticationToken.class); LoginContext context = mock(LoginContext.class); LoginException loginException = new LoginException("Failed Login"); when(event.getSecurityContexts()).thenReturn(Arrays.asList(securityContext)); when(securityContext.getAuthentication()).thenReturn(token); when(token.getLoginContext()).thenReturn(context); doThrow(loginException).when(context).logout(); provider.onApplicationEvent(event); verify(event).getSecurityContexts(); verify(securityContext).getAuthentication(); verify(token).getLoginContext(); verify(context).logout(); verify(log).warn(anyString(), eq(loginException)); verifyNoMoreInteractions(event, securityContext, token, context); }
@Test public void logout() throws Exception { SessionDestroyedEvent event = mock(SessionDestroyedEvent.class); SecurityContext securityContext = mock(SecurityContext.class); JaasAuthenticationToken token = mock(JaasAuthenticationToken.class); LoginContext context = mock(LoginContext.class); when(event.getSecurityContexts()).thenReturn(Arrays.asList(securityContext)); when(securityContext.getAuthentication()).thenReturn(token); when(token.getLoginContext()).thenReturn(context); provider.onApplicationEvent(event); verify(event).getSecurityContexts(); verify(securityContext).getAuthentication(); verify(token).getLoginContext(); verify(context).logout(); verifyNoMoreInteractions(event, securityContext, token, context); }
/** * This test verifies whether the simple login works in JAAS framework. * Simple mode login get the OS user and convert to Alluxio user. */ @Test public void simpleLogin() throws Exception { String clazzName = LoginModuleConfigurationUtils.OS_PRINCIPAL_CLASS_NAME; @SuppressWarnings("unchecked") Class<? extends Principal> clazz = (Class<? extends Principal>) ClassLoader .getSystemClassLoader().loadClass(clazzName); Subject subject = new Subject(); // login, add OS user into subject, and add corresponding Alluxio user into subject LoginContext loginContext = new LoginContext("simple", subject, null, new LoginModuleConfiguration()); loginContext.login(); // verify whether OS user and Alluxio user is added. assertFalse(subject.getPrincipals(clazz).isEmpty()); assertFalse(subject.getPrincipals(User.class).isEmpty()); // logout and verify the user is removed loginContext.logout(); assertTrue(subject.getPrincipals(User.class).isEmpty()); // logout twice should be no-op. loginContext.logout(); assertTrue(subject.getPrincipals(User.class).isEmpty()); }
/** * This test verifies that logging out a read only subject should fail. */ @Test public void logoutReadOnlySubject() throws Exception { String clazzName = LoginModuleConfigurationUtils.OS_PRINCIPAL_CLASS_NAME; @SuppressWarnings("unchecked") Class<? extends Principal> clazz = (Class<? extends Principal>) ClassLoader .getSystemClassLoader().loadClass(clazzName); Subject subject = new Subject(); // login, add OS user into subject, and add corresponding Alluxio user into subject LoginContext loginContext = new LoginContext("simple", subject, null, new LoginModuleConfiguration()); loginContext.login(); // verify whether OS user and Alluxio user is added. assertFalse(subject.getPrincipals(clazz).isEmpty()); assertFalse(subject.getPrincipals(User.class).isEmpty()); // logout read only subject should fail. subject.setReadOnly(); mThrown.expect(LoginException.class); mThrown.expectMessage("logout Failed: Subject is Readonly"); loginContext.logout(); assertFalse(subject.getPrincipals(clazz).isEmpty()); assertFalse(subject.getPrincipals(User.class).isEmpty()); }
for (int i = 0; i < numExpectedRefreshes; ++i) { inOrder.verify(mockLoginContext).login(); inOrder.verify(mockLoginContext).logout();
for (int i = 0; i < numExpectedRefreshes; ++i) { inOrder.verify(mockLoginContext).login(); inOrder.verify(mockLoginContext).logout();
for (int i = 0; i < numExpectedRefreshes; ++i) { inOrder.verify(mockLoginContext).login(); inOrder.verify(mockLoginContext).logout();