Java Code Examples for javax.security.auth.login.Configuration#setConfiguration()
The following examples show how to use
javax.security.auth.login.Configuration#setConfiguration() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: JaasDualAuthenticationBrokerTest.java From activemq-artemis with Apache License 2.0 | 6 votes |
|
/**
* create a dual login config, for both SSL and non-SSL connections
* using the StubLoginModule
*/
void createLoginConfig() {
HashMap<String, String> sslConfigOptions = new HashMap<>();
HashMap<String, String> configOptions = new HashMap<>();
sslConfigOptions.put(StubLoginModule.ALLOW_LOGIN_PROPERTY, "true");
sslConfigOptions.put(StubLoginModule.USERS_PROPERTY, DN_USERNAME);
sslConfigOptions.put(StubLoginModule.GROUPS_PROPERTY, DN_GROUP);
AppConfigurationEntry sslConfigEntry = new AppConfigurationEntry("org.apache.activemq.security.StubLoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, sslConfigOptions);
configOptions.put(StubLoginModule.ALLOW_LOGIN_PROPERTY, "true");
configOptions.put(StubLoginModule.USERS_PROPERTY, INSECURE_USERNAME);
configOptions.put(StubLoginModule.GROUPS_PROPERTY, INSECURE_GROUP);
AppConfigurationEntry configEntry = new AppConfigurationEntry("org.apache.activemq.security.StubLoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, configOptions);
StubDualJaasConfiguration jaasConfig = new StubDualJaasConfiguration(configEntry, sslConfigEntry);
Configuration.setConfiguration(jaasConfig);
}
Example 2
| Source File: PlainSaslServerTest.java From ballerina-message-broker with Apache License 2.0 | 6 votes |
|
@BeforeMethod
public void setUp() throws Exception {
authenticator = new JaasAuthenticator();
plainSaslServer = new PlainSaslServer(authenticator);
// create test login module and set in in the configuration
AppConfigurationEntry[] entries = {
new AppConfigurationEntry(TestLoginModule.class.getCanonicalName(),
AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL, new HashMap<>())
};
Configuration.setConfiguration(new Configuration() {
@Override
public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
return entries;
}
});
}
Example 3
| Source File: JaasAuthenticator.java From ballerina-message-broker with Apache License 2.0 | 6 votes |
|
@Override
public void initialize(StartupContext startupContext,
UserStore userStore,
Map<String, Object> properties) throws Exception {
String jaasConfigPath = System.getProperty(BrokerAuthConstants.SYSTEM_PARAM_JAAS_CONFIG);
if (jaasConfigPath == null || jaasConfigPath.trim().isEmpty()) {
Object jaasLoginModule = properties.get(BrokerAuthConstants.CONFIG_PROPERTY_JAAS_LOGIN_MODULE);
if (Objects.nonNull(jaasLoginModule)) {
// Add user store for default login module
if (jaasLoginModule.toString().equals(UserStoreLoginModule.class.getCanonicalName())) {
properties.put(BrokerAuthConstants.PROPERTY_USER_STORE_CONNECTOR,
userStore);
}
Configuration jaasConfig = createJaasConfig(jaasLoginModule.toString(), properties);
Configuration.setConfiguration(jaasConfig);
} else {
throw new AuthException("Jass login module have not been set.");
}
}
}
Example 4
| Source File: ClusterStatusSASLTest.java From common-docker with Apache License 2.0 | 5 votes |
|
@BeforeClass
public static void setup() throws IOException {
Configuration.setConfiguration(null);
kafka = new EmbeddedKafkaCluster(3, 3, true);
kafka.start();
}
Example 5
| Source File: ZookeeperDiscoverySpiSaslAuthAbstractTest.java From ignite with Apache License 2.0 | 5 votes |
|
/** */
private void prepareSaslSystemProperties() {
Configuration.setConfiguration(null);
System.setProperty(SASL_CONFIG, Paths.get(tmpDir.getPath().toString(), JAAS_CONF_FILE).toString());
System.setProperty(AUTH_PROVIDER, "org.apache.zookeeper.server.auth.SASLAuthenticationProvider");
}
Example 6
| Source File: SsoLoginSettingsPanel.java From Spark with Apache License 2.0 | 5 votes |
|
/**
* Returns the principal name if one exists.
*
* @return the name (ex. derek) of the principal.
* @throws Exception thrown if a Principal was not found.
*/
private String getPrincipalName() throws Exception
{
if ( localPreferences.getDebug() )
{
System.setProperty( "java.security.krb5.debug", "true" );
}
System.setProperty( "javax.security.auth.useSubjectCredsOnly", "false" );
GSSAPIConfiguration config = new GSSAPIConfiguration( false );
Configuration.setConfiguration( config );
LoginContext lc;
try
{
lc = new LoginContext( "com.sun.security.jgss.krb5.initiate" );
lc.login();
}
catch ( LoginException le )
{
Log.debug( le.getMessage() );
return null;
}
Subject mySubject = lc.getSubject();
for ( Principal p : mySubject.getPrincipals() )
{
String name = p.getName();
int indexOne = name.indexOf( "@" );
if ( indexOne != -1 )
{
return name;
}
}
return null;
}
Example 7
| Source File: RemoteConfigurationRegistryJAASConfigTest.java From knox with Apache License 2.0 | 5 votes |
|
private void shouldRaiseAnErrorWithMeaningfulErrorMessageIfReferencedKeytabFileDoesNotExists() throws Exception {
final String jaasConfigFilePath = writeInvalidJaasConf(true, "jaasConfWithMissingKeytab", "nonExistingKeytabFile");
System.setProperty(GatewayConfig.KRB5_LOGIN_CONFIG, jaasConfigFilePath);
expectedException.expect(ConfigurationException.class);
expectedException.expectMessage(startsWith("The specified keytab file"));
expectedException.expectMessage(endsWith("is either non-existing or cannot be read!"));
try {
RemoteConfigurationRegistryJAASConfig.configure(new ArrayList<>(), null);
} finally {
System.clearProperty(GatewayConfig.KRB5_LOGIN_CONFIG);
Configuration.setConfiguration(null);
}
}
Example 8
| Source File: SecurityFactory.java From lams with GNU General Public License v2.0 | 5 votes |
|
/**
* Will release anything that was done during {@link #prepare()} step
*/
public static void release()
{
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new RuntimePermission(SecurityFactory.class.getName() + ".release"));
}
Configuration config = Configuration.getConfiguration();
if(config == standaloneConfiguration)
{
Configuration.setConfiguration(parentConfiguration); //Set back the previously valid configuration
}
}
Example 9
| Source File: RemoteConfigurationRegistryJAASConfigTest.java From knox with Apache License 2.0 | 5 votes |
|
private void shouldRaiseAnErrorWithMeaningfulErrorMessageIfAuthLoginConfigCannotBeParsed() throws Exception {
final List<RemoteConfigurationRegistryConfig> registryConfigs = new ArrayList<>();
final String jaasConfigFilePath = writeInvalidJaasConf(false, "jaasConfWithInvalidKeytab", createTempKeytabFile("invalidKeytab"));
System.setProperty(GatewayConfig.KRB5_LOGIN_CONFIG, jaasConfigFilePath);
expectedException.expect(ConfigurationException.class);
expectedException.expectMessage(startsWith(RemoteConfigurationRegistryJAASConfig.JAAS_CONFIG_ERRROR_PREFIX));
try {
RemoteConfigurationRegistryJAASConfig.configure(registryConfigs, null);
} finally {
System.clearProperty(GatewayConfig.KRB5_LOGIN_CONFIG);
Configuration.setConfiguration(null);
}
}
Example 10
| Source File: EmbeddedKafkaCluster.java From common-docker with Apache License 2.0 | 5 votes |
|
public void shutdown() {
for (int brokerId : brokersById.keySet()) {
log.debug("Stopping broker with id {} ...", brokerId);
stopBroker(brokerId);
}
zookeeper.shutdown();
if (kdc != null) {
kdc.stop();
}
System.clearProperty("java.security.auth.login.config");
System.clearProperty("zookeeper.authProvider.1");
Configuration.setConfiguration(null);
isRunning = false;
}
Example 11
| Source File: AutoTGT.java From jstorm with Apache License 2.0 | 5 votes |
|
@Override
public void populateCredentials(Map<String, String> credentials) {
// Log the user in and get the TGT
try {
Configuration login_conf = AuthUtils.GetConfiguration(conf);
ClientCallbackHandler client_callback_handler = new ClientCallbackHandler(login_conf);
// login our user
Configuration.setConfiguration(login_conf);
LoginContext lc = new LoginContext(AuthUtils.LOGIN_CONTEXT_CLIENT, client_callback_handler);
try {
lc.login();
final Subject subject = lc.getSubject();
KerberosTicket tgt = getTGT(subject);
if (tgt == null) { // error
throw new RuntimeException("Fail to verify user principal with section \"" + AuthUtils.LOGIN_CONTEXT_CLIENT
+ "\" in login configuration file " + login_conf);
}
if (!tgt.isForwardable()) {
throw new RuntimeException("The TGT found is not forwardable");
}
if (!tgt.isRenewable()) {
throw new RuntimeException("The TGT found is not renewable");
}
LOG.info("Pushing TGT for " + tgt.getClient() + " to topology.");
saveTGT(tgt, credentials);
} finally {
lc.logout();
}
} catch (Exception e) {
throw new RuntimeException(e);
}
}
Example 12
| Source File: InMemoryJAASConfiguration.java From atlas with Apache License 2.0 | 5 votes |
|
public static void init(Properties properties) throws AtlasException {
LOG.debug("==> InMemoryJAASConfiguration.init()");
if (properties != null && MapUtils.isNotEmpty(properties)) {
InMemoryJAASConfiguration conf = new InMemoryJAASConfiguration(properties);
Configuration.setConfiguration(conf);
} else {
throw new AtlasException("Failed to load JAAS application properties: properties NULL or empty!");
}
LOG.debug("<== InMemoryJAASConfiguration.init()");
}
Example 13
| Source File: SaslTest.java From rest-utils with Apache License 2.0 | 5 votes |
|
@Before
public void setUp() throws Exception {
File jaasFile = tmpFolder.newFile("jaas.config");
File loginPropertiesFile = tmpFolder.newFile("login.properties");
String jaas = "c3 {\n"
+ " org.eclipse.jetty.jaas.spi.PropertyFileLoginModule required\n"
+ " debug=\"true\"\n"
+ " file=\"" + loginPropertiesFile.getAbsolutePath() + "\";\n"
+ "};\n";
Files.write(
jaasFile.toPath(),
jaas.getBytes(StandardCharsets.UTF_8),
StandardOpenOption.TRUNCATE_EXISTING
);
String loginProperties = "jay: kafka,Administrators\n"
+ "neha: akfak,Administrators\n"
+ "jun: kafka-\n";
Files.write(
loginPropertiesFile.toPath(),
loginProperties.getBytes(StandardCharsets.UTF_8),
StandardOpenOption.TRUNCATE_EXISTING
);
previousAuthConfig = System.getProperty("java.security.auth.login.config");
Configuration.setConfiguration(null);
System.setProperty("java.security.auth.login.config", jaasFile.getAbsolutePath());
httpclient = HttpClients.createDefault();
TestMetricsReporter.reset();
Properties props = new Properties();
props.put(RestConfig.LISTENERS_CONFIG, HTTP_URI);
props.put(RestConfig.METRICS_REPORTER_CLASSES_CONFIG, "io.confluent.rest.TestMetricsReporter");
configBasic(props);
TestRestConfig config = new TestRestConfig(props);
app = new SaslTestApplication(config);
app.start();
}
Example 14
| Source File: SASLClusterTestHarness.java From kcache with Apache License 2.0 | 5 votes |
|
@Before
@Override
public void setUp() throws Exception {
// Important if tests leak consumers, producers or brokers.
LoginManager.closeAll();
File serverKeytab = File.createTempFile("server-", ".keytab");
File clientKeytab = File.createTempFile("client-", ".keytab");
// create a JAAS file.
Option<File> serverKeytabOption = Option.apply(serverKeytab);
Option<File> clientKeytabOption = Option.apply(clientKeytab);
List<String> serverSaslMechanisms = JavaConversions.asScalaBuffer(Arrays.asList("GSSAPI")).toList();
Option<String> clientSaslMechanism = Option.apply("GSSAPI");
java.util.List<JaasTestUtils.JaasSection> jaasSections = new ArrayList<>();
jaasSections.add(JaasTestUtils.kafkaServerSection(JaasTestUtils.KafkaServerContextName(), serverSaslMechanisms, serverKeytabOption));
jaasSections.add(JaasTestUtils.kafkaClientSection(clientSaslMechanism, clientKeytabOption));
jaasSections.addAll(JavaConversions.asJavaCollection(JaasTestUtils.zkSections()));
String jaasFilePath = JaasTestUtils.writeJaasContextsToFile(JavaConversions.asScalaBuffer(jaasSections).toSeq()).getAbsolutePath();
log.info("Using KDC home: " + kdcHome.getAbsolutePath());
kdc = new MiniKdc(kdcProps, kdcHome);
kdc.start();
createPrincipal(serverKeytab, "kafka/localhost");
createPrincipal(clientKeytab, "client");
createPrincipal(clientKeytab, "client2");
// This will cause a reload of the Configuration singleton when `getConfiguration` is called.
Configuration.setConfiguration(null);
System.setProperty(JAAS_CONF, jaasFilePath);
System.setProperty(ZK_AUTH_PROVIDER, "org.apache.zookeeper.server.auth.SASLAuthenticationProvider");
super.setUp();
}
Example 15
| Source File: TestSaslEnabledKafka.java From datacollector with Apache License 2.0 | 5 votes |
|
@AfterClass
public static void afterClass() {
SecureKafkaBase.afterClass();
System.clearProperty(JAVA_SECURITY_AUTH_LOGIN_CONFIG);
Configuration.setConfiguration(null);
if(jaasConfigFile.exists()) {
jaasConfigFile.delete();
}
if(keytabFile.exists()) {
keytabFile.delete();
}
}
Example 16
| Source File: SaslTest.java From rest-utils with Apache License 2.0 | 5 votes |
|
@After
public void cleanup() throws Exception {
assertMetricsCollected();
Configuration.setConfiguration(null);
if (previousAuthConfig != null) {
System.setProperty("java.security.auth.login.config", previousAuthConfig);
}
httpclient.close();
app.stop();
}
Example 17
| Source File: RemoteConfigurationRegistryJAASConfigTest.java From knox with Apache License 2.0 | 5 votes |
|
private void shouldRaiseAnErrorWithMeaningfulErrorMessageIfAuthLoginConfigCannotBeRead() throws Exception {
final List<RemoteConfigurationRegistryConfig> registryConfigs = new ArrayList<>();
System.setProperty(GatewayConfig.KRB5_LOGIN_CONFIG, "nonExistingFilePath");
expectedException.expect(ConfigurationException.class);
expectedException.expectMessage(startsWith(RemoteConfigurationRegistryJAASConfig.JAAS_CONFIG_ERRROR_PREFIX));
try {
RemoteConfigurationRegistryJAASConfig.configure(registryConfigs, null);
} finally {
System.clearProperty(GatewayConfig.KRB5_LOGIN_CONFIG);
Configuration.setConfiguration(null);
}
}
Example 18
| Source File: FusionKrb5HttpClientConfigurer.java From storm-solr with Apache License 2.0 | 4 votes |
|
public void configure(DefaultHttpClient httpClient, SolrParams config) {
super.configure(httpClient, config);
if (System.getProperty(LOGIN_CONFIG_PROP) != null) {
String configValue = System.getProperty(LOGIN_CONFIG_PROP);
if (configValue != null) {
logger.debug("Setting up kerberos auth with config: " + configValue);
System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
if (fusionPrincipal != null) {
Subject subject = new Subject(false, Sets.newHashSet(new KerberosPrincipal(fusionPrincipal)),
Collections.emptySet(), Collections.emptySet());
LoginContext loginContext;
try {
loginContext = new LoginContext("", subject, null, jaasConfig);
loginContext.login();
logger.debug("Successful Fusion Login with principal: " + fusionPrincipal);
} catch (LoginException e) {
String errorMessage = "Unsuccessful Fusion Login with principal: " + fusionPrincipal;
logger.error(errorMessage, e);
throw new RuntimeException(errorMessage, e);
}
}
Configuration.setConfiguration(jaasConfig);
httpClient.getAuthSchemes().register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory(true, false));
Credentials useJaasCreds = new Credentials() {
public String getPassword() {
return null;
}
public Principal getUserPrincipal() {
return null;
}
};
httpClient.getCredentialsProvider().setCredentials(AuthScope.ANY, useJaasCreds);
httpClient.addRequestInterceptor(this.bufferedEntityInterceptor);
} else {
httpClient.getCredentialsProvider().clear();
}
}
}
Example 19
| Source File: SecurityActions.java From wildfly-core with GNU Lesser General Public License v2.1 | 4 votes |
|
private static void internalSetGlobalJaasConfiguration(final Configuration configuration) throws SecurityException {
Configuration.setConfiguration(configuration);
}
Example 20
| Source File: SpliceDatabase.java From spliceengine with GNU Affero General Public License v3.0 | 4 votes |
|
@Override
public void boot(boolean create,Properties startParams) throws StandardException{
Configuration.setConfiguration(null);
SConfiguration config = SIDriver.driver().getConfiguration();
if (startParams == null) {
startParams = new Properties();
}
// System.setProperty("derby.language.logQueryPlan", Boolean.toString(true));
String logStatementText = System.getProperty("derby.language.logStatementText");
if (logStatementText == null) {
startParams.put("derby.language.logStatementText", Boolean.toString(config.debugLogStatementContext()));
}
if (config.debugDumpClassFile()) {
System.setProperty("com.splicemachine.enableLegacyAsserts",Boolean.TRUE.toString());
SanityManager.DEBUG_SET("DumpClassFile");
}
if (config.debugDumpBindTree()) {
System.setProperty("com.splicemachine.enableLegacyAsserts",Boolean.TRUE.toString());
SanityManager.DEBUG_SET("DumpBindTree");
}
if (config.debugDumpOptimizedTree()) {
System.setProperty("com.splicemachine.enableLegacyAsserts",Boolean.TRUE.toString());
SanityManager.DEBUG_SET("DumpOptimizedTree");
}
configureAuthentication();
// setup authorization
create=Boolean.TRUE.equals(EngineLifecycleService.isCreate.get()); //written like this to avoid autoboxing
if(create){
SpliceLogUtils.info(LOG,"Creating the Splice Machine database");
}else{
SpliceLogUtils.info(LOG,"Booting the Splice Machine database");
}
super.boot(create,startParams);
}
