Java Code Examples for javax.security.auth.kerberos.KerberosTicket#isForwardable()
The following examples show how to use
javax.security.auth.kerberos.KerberosTicket#isForwardable() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: KrbTicket.java From jdk8u-jdk with GNU General Public License v2.0 | 6 votes |
|
public static void main(String[] args) throws Exception {
// define principals
Map<String, String> principals = new HashMap<>();
principals.put(USER_PRINCIPAL, PASSWORD);
principals.put(KRBTGT_PRINCIPAL, null);
System.setProperty("java.security.krb5.conf", KRB5_CONF_FILENAME);
// start a local KDC instance
KDC kdc = KDC.startKDC(HOST, null, REALM, principals, null, null);
KDC.saveConfig(KRB5_CONF_FILENAME, kdc,
"forwardable = true", "proxiable = true");
// create JAAS config
Files.write(Paths.get(JAAS_CONF), Arrays.asList(
"Client {",
" com.sun.security.auth.module.Krb5LoginModule required;",
"};"
));
System.setProperty("java.security.auth.login.config", JAAS_CONF);
System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
long startTime = Instant.now().getEpochSecond() * 1000;
LoginContext lc = new LoginContext("Client",
new Helper.UserPasswordHandler(USER, PASSWORD));
lc.login();
Subject subject = lc.getSubject();
System.out.println("subject: " + subject);
Set creds = subject.getPrivateCredentials(
KerberosTicket.class);
if (creds.size() > 1) {
throw new RuntimeException("Multiple credintials found");
}
Object o = creds.iterator().next();
if (!(o instanceof KerberosTicket)) {
throw new RuntimeException("Instance of KerberosTicket expected");
}
KerberosTicket krbTkt = (KerberosTicket) o;
System.out.println("forwardable = " + krbTkt.isForwardable());
System.out.println("proxiable = " + krbTkt.isProxiable());
System.out.println("renewable = " + krbTkt.isRenewable());
System.out.println("current = " + krbTkt.isCurrent());
if (!krbTkt.isForwardable()) {
throw new RuntimeException("Forwardable ticket expected");
}
if (!krbTkt.isProxiable()) {
throw new RuntimeException("Proxiable ticket expected");
}
if (!krbTkt.isCurrent()) {
throw new RuntimeException("Ticket is not current");
}
if (krbTkt.isRenewable()) {
throw new RuntimeException("Not renewable ticket expected");
}
try {
krbTkt.refresh();
throw new RuntimeException(
"Expected RefreshFailedException not thrown");
} catch(RefreshFailedException e) {
System.out.println("Expected exception: " + e);
}
if (!checkTime(krbTkt, startTime)) {
throw new RuntimeException("Wrong ticket life time");
}
krbTkt.destroy();
if (!krbTkt.isDestroyed()) {
throw new RuntimeException("Ticket not destroyed");
}
System.out.println("Test passed");
}
Example 2
| Source File: KrbTicket.java From jdk8u_jdk with GNU General Public License v2.0 | 6 votes |
|
public static void main(String[] args) throws Exception {
// define principals
Map<String, String> principals = new HashMap<>();
principals.put(USER_PRINCIPAL, PASSWORD);
principals.put(KRBTGT_PRINCIPAL, null);
System.setProperty("java.security.krb5.conf", KRB5_CONF_FILENAME);
// start a local KDC instance
KDC kdc = KDC.startKDC(HOST, null, REALM, principals, null, null);
KDC.saveConfig(KRB5_CONF_FILENAME, kdc,
"forwardable = true", "proxiable = true");
// create JAAS config
Files.write(Paths.get(JAAS_CONF), Arrays.asList(
"Client {",
" com.sun.security.auth.module.Krb5LoginModule required;",
"};"
));
System.setProperty("java.security.auth.login.config", JAAS_CONF);
System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
long startTime = Instant.now().getEpochSecond() * 1000;
LoginContext lc = new LoginContext("Client",
new Helper.UserPasswordHandler(USER, PASSWORD));
lc.login();
Subject subject = lc.getSubject();
System.out.println("subject: " + subject);
Set creds = subject.getPrivateCredentials(
KerberosTicket.class);
if (creds.size() > 1) {
throw new RuntimeException("Multiple credintials found");
}
Object o = creds.iterator().next();
if (!(o instanceof KerberosTicket)) {
throw new RuntimeException("Instance of KerberosTicket expected");
}
KerberosTicket krbTkt = (KerberosTicket) o;
System.out.println("forwardable = " + krbTkt.isForwardable());
System.out.println("proxiable = " + krbTkt.isProxiable());
System.out.println("renewable = " + krbTkt.isRenewable());
System.out.println("current = " + krbTkt.isCurrent());
if (!krbTkt.isForwardable()) {
throw new RuntimeException("Forwardable ticket expected");
}
if (!krbTkt.isProxiable()) {
throw new RuntimeException("Proxiable ticket expected");
}
if (!krbTkt.isCurrent()) {
throw new RuntimeException("Ticket is not current");
}
if (krbTkt.isRenewable()) {
throw new RuntimeException("Not renewable ticket expected");
}
try {
krbTkt.refresh();
throw new RuntimeException(
"Expected RefreshFailedException not thrown");
} catch(RefreshFailedException e) {
System.out.println("Expected exception: " + e);
}
if (!checkTime(krbTkt, startTime)) {
throw new RuntimeException("Wrong ticket life time");
}
krbTkt.destroy();
if (!krbTkt.isDestroyed()) {
throw new RuntimeException("Ticket not destroyed");
}
System.out.println("Test passed");
}
Example 3
| Source File: AutoTGT.java From jstorm with Apache License 2.0 | 5 votes |
|
@Override
public void populateCredentials(Map<String, String> credentials) {
// Log the user in and get the TGT
try {
Configuration login_conf = AuthUtils.GetConfiguration(conf);
ClientCallbackHandler client_callback_handler = new ClientCallbackHandler(login_conf);
// login our user
Configuration.setConfiguration(login_conf);
LoginContext lc = new LoginContext(AuthUtils.LOGIN_CONTEXT_CLIENT, client_callback_handler);
try {
lc.login();
final Subject subject = lc.getSubject();
KerberosTicket tgt = getTGT(subject);
if (tgt == null) { // error
throw new RuntimeException("Fail to verify user principal with section \"" + AuthUtils.LOGIN_CONTEXT_CLIENT
+ "\" in login configuration file " + login_conf);
}
if (!tgt.isForwardable()) {
throw new RuntimeException("The TGT found is not forwardable");
}
if (!tgt.isRenewable()) {
throw new RuntimeException("The TGT found is not renewable");
}
LOG.info("Pushing TGT for " + tgt.getClient() + " to topology.");
saveTGT(tgt, credentials);
} finally {
lc.logout();
}
} catch (Exception e) {
throw new RuntimeException(e);
}
}
Example 4
| Source File: KrbTicket.java From dragonwell8_jdk with GNU General Public License v2.0 | 4 votes |
|
public static void main(String[] args) throws Exception {
// define principals
Map<String, String> principals = new HashMap<>();
principals.put(USER_PRINCIPAL, PASSWORD);
principals.put(KRBTGT_PRINCIPAL, null);
System.setProperty("java.security.krb5.conf", KRB5_CONF_FILENAME);
// start a local KDC instance
KDC kdc = KDC.startKDC(HOST, null, REALM, principals, null, null);
KDC.saveConfig(KRB5_CONF_FILENAME, kdc,
"forwardable = true", "proxiable = true");
// create JAAS config
Files.write(Paths.get(JAAS_CONF), Arrays.asList(
"Client {",
" com.sun.security.auth.module.Krb5LoginModule required;",
"};"
));
System.setProperty("java.security.auth.login.config", JAAS_CONF);
System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
long startTime = Instant.now().getEpochSecond() * 1000;
LoginContext lc = new LoginContext("Client",
new Helper.UserPasswordHandler(USER, PASSWORD));
lc.login();
Subject subject = lc.getSubject();
System.out.println("subject: " + subject);
Set creds = subject.getPrivateCredentials(
KerberosTicket.class);
if (creds.size() > 1) {
throw new RuntimeException("Multiple credintials found");
}
Object o = creds.iterator().next();
if (!(o instanceof KerberosTicket)) {
throw new RuntimeException("Instance of KerberosTicket expected");
}
KerberosTicket krbTkt = (KerberosTicket) o;
System.out.println("forwardable = " + krbTkt.isForwardable());
System.out.println("proxiable = " + krbTkt.isProxiable());
System.out.println("renewable = " + krbTkt.isRenewable());
System.out.println("current = " + krbTkt.isCurrent());
if (!krbTkt.isForwardable()) {
throw new RuntimeException("Forwardable ticket expected");
}
if (!krbTkt.isProxiable()) {
throw new RuntimeException("Proxiable ticket expected");
}
if (!krbTkt.isCurrent()) {
throw new RuntimeException("Ticket is not current");
}
if (krbTkt.isRenewable()) {
throw new RuntimeException("Not renewable ticket expected");
}
try {
krbTkt.refresh();
throw new RuntimeException(
"Expected RefreshFailedException not thrown");
} catch(RefreshFailedException e) {
System.out.println("Expected exception: " + e);
}
if (!checkTime(krbTkt, startTime)) {
throw new RuntimeException("Wrong ticket life time");
}
krbTkt.destroy();
if (!krbTkt.isDestroyed()) {
throw new RuntimeException("Ticket not destroyed");
}
System.out.println("Test passed");
}
Example 5
| Source File: KrbTicket.java From TencentKona-8 with GNU General Public License v2.0 | 4 votes |
|
public static void main(String[] args) throws Exception {
// define principals
Map<String, String> principals = new HashMap<>();
principals.put(USER_PRINCIPAL, PASSWORD);
principals.put(KRBTGT_PRINCIPAL, null);
System.setProperty("java.security.krb5.conf", KRB5_CONF_FILENAME);
// start a local KDC instance
KDC kdc = KDC.startKDC(HOST, null, REALM, principals, null, null);
KDC.saveConfig(KRB5_CONF_FILENAME, kdc,
"forwardable = true", "proxiable = true");
// create JAAS config
Files.write(Paths.get(JAAS_CONF), Arrays.asList(
"Client {",
" com.sun.security.auth.module.Krb5LoginModule required;",
"};"
));
System.setProperty("java.security.auth.login.config", JAAS_CONF);
System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
long startTime = Instant.now().getEpochSecond() * 1000;
LoginContext lc = new LoginContext("Client",
new Helper.UserPasswordHandler(USER, PASSWORD));
lc.login();
Subject subject = lc.getSubject();
System.out.println("subject: " + subject);
Set creds = subject.getPrivateCredentials(
KerberosTicket.class);
if (creds.size() > 1) {
throw new RuntimeException("Multiple credintials found");
}
Object o = creds.iterator().next();
if (!(o instanceof KerberosTicket)) {
throw new RuntimeException("Instance of KerberosTicket expected");
}
KerberosTicket krbTkt = (KerberosTicket) o;
System.out.println("forwardable = " + krbTkt.isForwardable());
System.out.println("proxiable = " + krbTkt.isProxiable());
System.out.println("renewable = " + krbTkt.isRenewable());
System.out.println("current = " + krbTkt.isCurrent());
if (!krbTkt.isForwardable()) {
throw new RuntimeException("Forwardable ticket expected");
}
if (!krbTkt.isProxiable()) {
throw new RuntimeException("Proxiable ticket expected");
}
if (!krbTkt.isCurrent()) {
throw new RuntimeException("Ticket is not current");
}
if (krbTkt.isRenewable()) {
throw new RuntimeException("Not renewable ticket expected");
}
try {
krbTkt.refresh();
throw new RuntimeException(
"Expected RefreshFailedException not thrown");
} catch(RefreshFailedException e) {
System.out.println("Expected exception: " + e);
}
if (!checkTime(krbTkt, startTime)) {
throw new RuntimeException("Wrong ticket life time");
}
krbTkt.destroy();
if (!krbTkt.isDestroyed()) {
throw new RuntimeException("Ticket not destroyed");
}
System.out.println("Test passed");
}
Example 6
| Source File: KrbTicket.java From openjdk-jdk8u with GNU General Public License v2.0 | 4 votes |
|
public static void main(String[] args) throws Exception {
// define principals
Map<String, String> principals = new HashMap<>();
principals.put(USER_PRINCIPAL, PASSWORD);
principals.put(KRBTGT_PRINCIPAL, null);
System.setProperty("java.security.krb5.conf", KRB5_CONF_FILENAME);
// start a local KDC instance
KDC kdc = KDC.startKDC(HOST, null, REALM, principals, null, null);
KDC.saveConfig(KRB5_CONF_FILENAME, kdc,
"forwardable = true", "proxiable = true");
// create JAAS config
Files.write(Paths.get(JAAS_CONF), Arrays.asList(
"Client {",
" com.sun.security.auth.module.Krb5LoginModule required;",
"};"
));
System.setProperty("java.security.auth.login.config", JAAS_CONF);
System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
long startTime = Instant.now().getEpochSecond() * 1000;
LoginContext lc = new LoginContext("Client",
new Helper.UserPasswordHandler(USER, PASSWORD));
lc.login();
Subject subject = lc.getSubject();
System.out.println("subject: " + subject);
Set creds = subject.getPrivateCredentials(
KerberosTicket.class);
if (creds.size() > 1) {
throw new RuntimeException("Multiple credintials found");
}
Object o = creds.iterator().next();
if (!(o instanceof KerberosTicket)) {
throw new RuntimeException("Instance of KerberosTicket expected");
}
KerberosTicket krbTkt = (KerberosTicket) o;
System.out.println("forwardable = " + krbTkt.isForwardable());
System.out.println("proxiable = " + krbTkt.isProxiable());
System.out.println("renewable = " + krbTkt.isRenewable());
System.out.println("current = " + krbTkt.isCurrent());
if (!krbTkt.isForwardable()) {
throw new RuntimeException("Forwardable ticket expected");
}
if (!krbTkt.isProxiable()) {
throw new RuntimeException("Proxiable ticket expected");
}
if (!krbTkt.isCurrent()) {
throw new RuntimeException("Ticket is not current");
}
if (krbTkt.isRenewable()) {
throw new RuntimeException("Not renewable ticket expected");
}
try {
krbTkt.refresh();
throw new RuntimeException(
"Expected RefreshFailedException not thrown");
} catch(RefreshFailedException e) {
System.out.println("Expected exception: " + e);
}
if (!checkTime(krbTkt, startTime)) {
throw new RuntimeException("Wrong ticket life time");
}
krbTkt.destroy();
if (!krbTkt.isDestroyed()) {
throw new RuntimeException("Ticket not destroyed");
}
System.out.println("Test passed");
}
Example 7
| Source File: KrbTicket.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 4 votes |
|
public static void main(String[] args) throws Exception {
// define principals
Map<String, String> principals = new HashMap<>();
principals.put(USER_PRINCIPAL, PASSWORD);
principals.put(KRBTGT_PRINCIPAL, null);
System.setProperty("java.security.krb5.conf", KRB5_CONF_FILENAME);
// start a local KDC instance
KDC kdc = KDC.startKDC(HOST, null, REALM, principals, null, null);
KDC.saveConfig(KRB5_CONF_FILENAME, kdc,
"forwardable = true", "proxiable = true");
// create JAAS config
Files.write(Paths.get(JAAS_CONF), Arrays.asList(
"Client {",
" com.sun.security.auth.module.Krb5LoginModule required;",
"};"
));
System.setProperty("java.security.auth.login.config", JAAS_CONF);
System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
long startTime = Instant.now().getEpochSecond() * 1000;
LoginContext lc = new LoginContext("Client",
new Helper.UserPasswordHandler(USER, PASSWORD));
lc.login();
Subject subject = lc.getSubject();
System.out.println("subject: " + subject);
Set creds = subject.getPrivateCredentials(
KerberosTicket.class);
if (creds.size() > 1) {
throw new RuntimeException("Multiple credintials found");
}
Object o = creds.iterator().next();
if (!(o instanceof KerberosTicket)) {
throw new RuntimeException("Instance of KerberosTicket expected");
}
KerberosTicket krbTkt = (KerberosTicket) o;
System.out.println("forwardable = " + krbTkt.isForwardable());
System.out.println("proxiable = " + krbTkt.isProxiable());
System.out.println("renewable = " + krbTkt.isRenewable());
System.out.println("current = " + krbTkt.isCurrent());
if (!krbTkt.isForwardable()) {
throw new RuntimeException("Forwardable ticket expected");
}
if (!krbTkt.isProxiable()) {
throw new RuntimeException("Proxiable ticket expected");
}
if (!krbTkt.isCurrent()) {
throw new RuntimeException("Ticket is not current");
}
if (krbTkt.isRenewable()) {
throw new RuntimeException("Not renewable ticket expected");
}
try {
krbTkt.refresh();
throw new RuntimeException(
"Expected RefreshFailedException not thrown");
} catch(RefreshFailedException e) {
System.out.println("Expected exception: " + e);
}
if (!checkTime(krbTkt, startTime)) {
throw new RuntimeException("Wrong ticket life time");
}
krbTkt.destroy();
if (!krbTkt.isDestroyed()) {
throw new RuntimeException("Ticket not destroyed");
}
System.out.println("Test passed");
}
Example 8
| Source File: KrbTicket.java From openjdk-jdk9 with GNU General Public License v2.0 | 4 votes |
|
public static void main(String[] args) throws Exception {
// define principals
Map<String, String> principals = new HashMap<>();
principals.put(USER_PRINCIPAL, PASSWORD);
principals.put(KRBTGT_PRINCIPAL, null);
System.setProperty("java.security.krb5.conf", KRB5_CONF_FILENAME);
// start a local KDC instance
KDC kdc = KDC.startKDC(HOST, null, REALM, principals, null, null);
KDC.saveConfig(KRB5_CONF_FILENAME, kdc,
"forwardable = true", "proxiable = true");
// create JAAS config
Files.write(Paths.get(JAAS_CONF), Arrays.asList(
"Client {",
" com.sun.security.auth.module.Krb5LoginModule required;",
"};"
));
System.setProperty("java.security.auth.login.config", JAAS_CONF);
System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
long startTime = Instant.now().getEpochSecond() * 1000;
LoginContext lc = new LoginContext("Client",
new Helper.UserPasswordHandler(USER, PASSWORD));
lc.login();
Subject subject = lc.getSubject();
System.out.println("subject: " + subject);
Set creds = subject.getPrivateCredentials(
KerberosTicket.class);
if (creds.size() > 1) {
throw new RuntimeException("Multiple credintials found");
}
Object o = creds.iterator().next();
if (!(o instanceof KerberosTicket)) {
throw new RuntimeException("Instance of KerberosTicket expected");
}
KerberosTicket krbTkt = (KerberosTicket) o;
System.out.println("forwardable = " + krbTkt.isForwardable());
System.out.println("proxiable = " + krbTkt.isProxiable());
System.out.println("renewable = " + krbTkt.isRenewable());
System.out.println("current = " + krbTkt.isCurrent());
if (!krbTkt.isForwardable()) {
throw new RuntimeException("Forwardable ticket expected");
}
if (!krbTkt.isProxiable()) {
throw new RuntimeException("Proxiable ticket expected");
}
if (!krbTkt.isCurrent()) {
throw new RuntimeException("Ticket is not current");
}
if (krbTkt.isRenewable()) {
throw new RuntimeException("Not renewable ticket expected");
}
try {
krbTkt.refresh();
throw new RuntimeException(
"Expected RefreshFailedException not thrown");
} catch(RefreshFailedException e) {
System.out.println("Expected exception: " + e);
}
if (!checkTime(krbTkt, startTime)) {
throw new RuntimeException("Wrong ticket life time");
}
krbTkt.destroy();
if (!krbTkt.isDestroyed()) {
throw new RuntimeException("Ticket not destroyed");
}
System.out.println("Test passed");
}
