org.apache.zookeeper.server.ZooKeeperSaslServer Java Examples

The following examples show how to use org.apache.zookeeper.server.ZooKeeperSaslServer. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: SentryServiceIntegrationBase.java    From incubator-sentry with Apache License 2.0 5 votes vote down vote up 
protected static TestingServer getZKServer() throws Exception {
  if (!kerberos) {
    LOGGER.info("Creating a non-security ZooKeeper Server.");
    return new TestingServer();
  } else {
    LOGGER.info("Creating a security ZooKeeper Server.");
    // Not entirely sure exactly what "javax.security.auth.useSubjectCredsOnly=false" does, but it has something to do with
    // re-authenticating in cases where it otherwise wouldn't.  One of the sections on this page briefly mentions it:
    // http://docs.oracle.com/javase/7/docs/technotes/guides/security/jgss/tutorials/Troubleshooting.html
    System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");

    // Setup KDC and principal
    kdc = getKdc();
    ZKKeytabFile = new File(kdcWorkDir, "test.keytab");
    kdc.createPrincipal(ZKKeytabFile, ZK_SERVER_PRINCIPAL);

    System.setProperty("zookeeper.authProvider.1", "org.apache.zookeeper.server.auth.SASLAuthenticationProvider");
    System.setProperty("zookeeper.kerberos.removeHostFromPrincipal", "true");
    System.setProperty("zookeeper.kerberos.removeRealmFromPrincipal", "true");

    JaasConfiguration.addEntryForKeytab("Server", ZK_SERVER_PRINCIPAL, ZKKeytabFile.getAbsolutePath());
    // Here's where we add the "Client" to the jaas configuration, even though we'd like not to
    JaasConfiguration.addEntryForKeytab(HAContext.SENTRY_ZK_JAAS_NAME,
        SERVER_KERBEROS_NAME, serverKeytab.getAbsolutePath());
    javax.security.auth.login.Configuration.setConfiguration(JaasConfiguration.getInstance());

    System.setProperty(ZooKeeperSaslServer.LOGIN_CONTEXT_NAME_KEY, "Server");

    return new TestingServer();
  }

}
Example #2
Source File: ZKUtil.java    From hbase with Apache License 2.0 3 votes vote down vote up 
/**
 * Log in the current zookeeper server process using the given configuration
 * keys for the credential file and login principal.
 *
 * <p><strong>This is only applicable when running on secure hbase</strong>
 * On regular HBase (without security features), this will safely be ignored.
 * </p>
 *
 * @param conf The configuration data to use
 * @param keytabFileKey Property key used to configure the path to the credential file
 * @param userNameKey Property key used to configure the login principal
 * @param hostname Current hostname to use in any credentials
 * @throws IOException underlying exception from SecurityUtil.login() call
 */
public static void loginServer(Configuration conf, String keytabFileKey,
    String userNameKey, String hostname) throws IOException {
  login(conf, keytabFileKey, userNameKey, hostname,
        ZooKeeperSaslServer.LOGIN_CONTEXT_NAME_KEY,
        JaasConfiguration.SERVER_KEYTAB_KERBEROS_CONFIG_NAME);
}