org.eclipse.jetty.security.authentication.SpnegoAuthenticator Java Examples

The following examples show how to use org.eclipse.jetty.security.authentication.SpnegoAuthenticator. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: HttpReceiverServerPush.java    From datacollector with Apache License 2.0 4 votes vote down vote up 
public static SecurityHandler getSpnegoAuthHandler(HttpSourceConfigs httpCourceConf, Stage.Context context) throws StageException {
  String domainRealm = httpCourceConf.getSpnegoConfigBean().getKerberosRealm();
  String principal = httpCourceConf.getSpnegoConfigBean().getSpnegoPrincipal();
  String keytab = httpCourceConf.getSpnegoConfigBean().getSpnegoKeytabFilePath();

  File f = new File(context.getResourcesDirectory()+"/spnego.conf");
  try {
    PrintWriter pw = new PrintWriter(f);
    pw.println(String.format(JGSS_INITITATE ,principal,keytab) +"\n"+ String.format(JGSS_ACCEPT,principal,keytab));
    pw.close();
  } catch (IOException e) {
    throw new StageException(Errors.HTTP_36, e);
  }

  System.setProperty(JAVAX_SECURITY_AUTH_USE_SUBJECT_CREDS_ONLY, "false");
  System.setProperty(JAVA_SECURITY_AUTH_LOGIN_CONFIG, context.getResourcesDirectory()+"/spnego.conf");

  Constraint constraint = new Constraint();
  constraint.setName(Constraint.__SPNEGO_AUTH);
  constraint.setRoles(new String[]{domainRealm});
  constraint.setAuthenticate(true);

  ConstraintMapping cm = new ConstraintMapping();
  cm.setConstraint(constraint);
  cm.setPathSpec("/*");

  SpnegoLoginService loginService = new SpnegoLoginService(){
    @Override
    protected void doStart() throws Exception {
      // Override the parent implementation to set the targetName without having
      // an extra .properties file.
      final Field targetNameField = SpnegoLoginService.class.getDeclaredField(TARGET_NAME_FIELD_NAME);
      targetNameField.setAccessible(true);
      targetNameField.set(this, principal);
    }
  };
  loginService.setName(domainRealm);

  ConstraintSecurityHandler csh = new ConstraintSecurityHandler();
  csh.setAuthenticator(new SpnegoAuthenticator());
  csh.setLoginService(loginService);
  csh.setConstraintMappings(new ConstraintMapping[]{cm});
  csh.setRealmName(domainRealm);

  return csh;
}