Java Code Examples for com.sun.security.auth.module.Krb5LoginModule#initialize()
The following examples show how to use
com.sun.security.auth.module.Krb5LoginModule#initialize() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: Context.java From jdk8u-jdk with GNU General Public License v2.0 | 6 votes |
/** * Logins with username/keytab as a new subject, */ public static Context fromUserKtab(Subject s, String user, String ktab, boolean storeKey) throws Exception { Context out = new Context(); out.name = user; out.s = s; Krb5LoginModule krb5 = new Krb5LoginModule(); Map<String, String> map = new HashMap<>(); map.put("isInitiator", "false"); map.put("doNotPrompt", "true"); map.put("useTicketCache", "false"); map.put("useKeyTab", "true"); map.put("keyTab", ktab); map.put("principal", user); if (storeKey) { map.put("storeKey", "true"); } krb5.initialize(out.s, null, null, map); krb5.login(); krb5.commit(); return out; }
Example 2
Source File: LoginModuleOptions.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 6 votes |
static void login(CallbackHandler callback, Object... options) throws Exception { Krb5LoginModule krb5 = new Krb5LoginModule(); Subject subject = new Subject(); Map<String, String> map = new HashMap<>(); Map<String, Object> shared = new HashMap<>(); int count = options.length / 2; for (int i = 0; i < count; i++) { String key = (String) options[2 * i]; Object value = options[2 * i + 1]; if (key.startsWith("javax")) { shared.put(key, value); } else { map.put(key, (String) value); } } krb5.initialize(subject, callback, shared, map); krb5.login(); krb5.commit(); if (!subject.getPrincipals().iterator().next() .getName().startsWith(OneKDC.USER)) { throw new Exception("The authenticated is not " + OneKDC.USER); } }
Example 3
Source File: LoginModuleOptions.java From openjdk-8-source with GNU General Public License v2.0 | 6 votes |
static void login(CallbackHandler callback, Object... options) throws Exception { Krb5LoginModule krb5 = new Krb5LoginModule(); Subject subject = new Subject(); Map<String, String> map = new HashMap<>(); Map<String, Object> shared = new HashMap<>(); int count = options.length / 2; for (int i = 0; i < count; i++) { String key = (String) options[2 * i]; Object value = options[2 * i + 1]; if (key.startsWith("javax")) { shared.put(key, value); } else { map.put(key, (String) value); } } krb5.initialize(subject, callback, shared, map); krb5.login(); krb5.commit(); if (!subject.getPrincipals().iterator().next() .getName().startsWith(OneKDC.USER)) { throw new Exception("The authenticated is not " + OneKDC.USER); } }
Example 4
Source File: LoginModuleOptions.java From jdk8u-jdk with GNU General Public License v2.0 | 6 votes |
static void login(CallbackHandler callback, Object... options) throws Exception { Krb5LoginModule krb5 = new Krb5LoginModule(); Subject subject = new Subject(); Map<String, String> map = new HashMap<>(); Map<String, Object> shared = new HashMap<>(); int count = options.length / 2; for (int i = 0; i < count; i++) { String key = (String) options[2 * i]; Object value = options[2 * i + 1]; if (key.startsWith("javax")) { shared.put(key, value); } else { map.put(key, (String) value); } } krb5.initialize(subject, callback, shared, map); krb5.login(); krb5.commit(); if (!subject.getPrincipals().iterator().next() .getName().startsWith(OneKDC.USER)) { throw new Exception("The authenticated is not " + OneKDC.USER); } }
Example 5
Source File: Context.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 6 votes |
/** * Logins with username/keytab as a new subject, */ public static Context fromUserKtab(Subject s, String user, String ktab, boolean storeKey) throws Exception { Context out = new Context(); out.name = user; out.s = s; Krb5LoginModule krb5 = new Krb5LoginModule(); Map<String, String> map = new HashMap<>(); map.put("isInitiator", "false"); map.put("doNotPrompt", "true"); map.put("useTicketCache", "false"); map.put("useKeyTab", "true"); map.put("keyTab", ktab); map.put("principal", user); if (storeKey) { map.put("storeKey", "true"); } krb5.initialize(out.s, null, null, map); krb5.login(); krb5.commit(); return out; }
Example 6
Source File: FakeKDC.java From gcp-token-broker with Apache License 2.0 | 6 votes |
/** * Log in the given principal and return the subject. */ public Subject login(String principal) { Path keytab = getKeytabPath(principal); // Set login options final Map<String, String> options = new HashMap<>(); options.put("keyTab", keytab.toString()); options.put("principal", principal); options.put("doNotPrompt", "true"); options.put("isInitiator", "true"); options.put("refreshKrb5Config", "true"); options.put("storeKey", "true"); options.put("useKeyTab", "true"); // Execute the login Subject subject = new Subject(); Krb5LoginModule krb5LoginModule = new Krb5LoginModule(); krb5LoginModule.initialize(subject, null, new HashMap<String, String>(), options); try { krb5LoginModule.login(); krb5LoginModule.commit(); } catch (LoginException e) { throw new RuntimeException(e); } return subject; }
Example 7
Source File: LoginModuleOptions.java From openjdk-jdk9 with GNU General Public License v2.0 | 6 votes |
static void login(CallbackHandler callback, Object... options) throws Exception { Krb5LoginModule krb5 = new Krb5LoginModule(); Subject subject = new Subject(); Map<String, String> map = new HashMap<>(); Map<String, Object> shared = new HashMap<>(); int count = options.length / 2; for (int i = 0; i < count; i++) { String key = (String) options[2 * i]; Object value = options[2 * i + 1]; if (key.startsWith("javax")) { shared.put(key, value); } else { map.put(key, (String) value); } } krb5.initialize(subject, callback, shared, map); krb5.login(); krb5.commit(); if (!subject.getPrincipals().iterator().next() .getName().startsWith(OneKDC.USER)) { throw new Exception("The authenticated is not " + OneKDC.USER); } }
Example 8
Source File: Context.java From jdk8u_jdk with GNU General Public License v2.0 | 6 votes |
/** * Logins with username/keytab as a new subject, */ public static Context fromUserKtab(Subject s, String user, String ktab, boolean storeKey) throws Exception { Context out = new Context(); out.name = user; out.s = s; Krb5LoginModule krb5 = new Krb5LoginModule(); Map<String, String> map = new HashMap<>(); map.put("isInitiator", "false"); map.put("doNotPrompt", "true"); map.put("useTicketCache", "false"); map.put("useKeyTab", "true"); map.put("keyTab", ktab); map.put("principal", user); if (storeKey) { map.put("storeKey", "true"); } krb5.initialize(out.s, null, null, map); krb5.login(); krb5.commit(); return out; }
Example 9
Source File: CleanState.java From dragonwell8_jdk with GNU General Public License v2.0 | 5 votes |
void go() throws Exception { Krb5LoginModule krb5 = new Krb5LoginModule(); final String name = OneKDC.USER; final char[] password = OneKDC.PASS; char[] badpassword = "hellokitty".toCharArray(); Map<String,String> map = new HashMap<>(); map.put("useTicketCache", "false"); map.put("doNotPrompt", "false"); map.put("tryFirstPass", "true"); Map<String,Object> shared = new HashMap<>(); shared.put("javax.security.auth.login.name", name); shared.put("javax.security.auth.login.password", badpassword); krb5.initialize(new Subject(), new CallbackHandler() { @Override public void handle(Callback[] callbacks) { for(Callback callback: callbacks) { if (callback instanceof NameCallback) { ((NameCallback)callback).setName(name); } if (callback instanceof PasswordCallback) { ((PasswordCallback)callback).setPassword(password); } } } }, shared, map); krb5.login(); }
Example 10
Source File: HttpNegotiateServer.java From TencentKona-8 with GNU General Public License v2.0 | 5 votes |
public MyServerAuthenticator(boolean proxy, String scheme, String principal, String ktab) throws Exception { this.scheme = scheme; if (proxy) { reqHdr = "Proxy-Authenticate"; respHdr = "Proxy-Authorization"; err = HttpURLConnection.HTTP_PROXY_AUTH; } Krb5LoginModule krb5 = new Krb5LoginModule(); Map<String, String> map = new HashMap<>(); Map<String, Object> shared = new HashMap<>(); map.put("storeKey", "true"); map.put("isInitiator", "false"); map.put("useKeyTab", "true"); map.put("keyTab", ktab); map.put("principal", principal); krb5.initialize(s, null, shared, map); krb5.login(); krb5.commit(); m = GSSManager.getInstance(); cred = Subject.doAs(s, new PrivilegedExceptionAction<GSSCredential>() { @Override public GSSCredential run() throws Exception { System.err.println("Creating GSSCredential"); return m.createCredential( null, GSSCredential.INDEFINITE_LIFETIME, MyServerAuthenticator.this.scheme.equalsIgnoreCase("Negotiate")? GSSUtil.GSS_SPNEGO_MECH_OID: GSSUtil.GSS_KRB5_MECH_OID, GSSCredential.ACCEPT_ONLY); } }); }
Example 11
Source File: CleanState.java From jdk8u_jdk with GNU General Public License v2.0 | 5 votes |
void go() throws Exception { Krb5LoginModule krb5 = new Krb5LoginModule(); final String name = OneKDC.USER; final char[] password = OneKDC.PASS; char[] badpassword = "hellokitty".toCharArray(); Map<String,String> map = new HashMap<>(); map.put("useTicketCache", "false"); map.put("doNotPrompt", "false"); map.put("tryFirstPass", "true"); Map<String,Object> shared = new HashMap<>(); shared.put("javax.security.auth.login.name", name); shared.put("javax.security.auth.login.password", badpassword); krb5.initialize(new Subject(), new CallbackHandler() { @Override public void handle(Callback[] callbacks) { for(Callback callback: callbacks) { if (callback instanceof NameCallback) { ((NameCallback)callback).setName(name); } if (callback instanceof PasswordCallback) { ((PasswordCallback)callback).setPassword(password); } } } }, shared, map); krb5.login(); }
Example 12
Source File: HttpNegotiateServer.java From openjdk-8 with GNU General Public License v2.0 | 5 votes |
public MyServerAuthenticator(boolean proxy, String scheme, String principal, String ktab) throws Exception { this.scheme = scheme; if (proxy) { reqHdr = "Proxy-Authenticate"; respHdr = "Proxy-Authorization"; err = HttpURLConnection.HTTP_PROXY_AUTH; } Krb5LoginModule krb5 = new Krb5LoginModule(); Map<String, String> map = new HashMap<>(); Map<String, Object> shared = new HashMap<>(); map.put("storeKey", "true"); map.put("isInitiator", "false"); map.put("useKeyTab", "true"); map.put("keyTab", ktab); map.put("principal", principal); krb5.initialize(s, null, shared, map); krb5.login(); krb5.commit(); m = GSSManager.getInstance(); cred = Subject.doAs(s, new PrivilegedExceptionAction<GSSCredential>() { @Override public GSSCredential run() throws Exception { System.err.println("Creating GSSCredential"); return m.createCredential( null, GSSCredential.INDEFINITE_LIFETIME, MyServerAuthenticator.this.scheme.equalsIgnoreCase("Negotiate")? GSSUtil.GSS_SPNEGO_MECH_OID: GSSUtil.GSS_KRB5_MECH_OID, GSSCredential.ACCEPT_ONLY); } }); }
Example 13
Source File: HttpNegotiateServer.java From openjdk-8-source with GNU General Public License v2.0 | 5 votes |
public MyServerAuthenticator(boolean proxy, String scheme, String principal, String ktab) throws Exception { this.scheme = scheme; if (proxy) { reqHdr = "Proxy-Authenticate"; respHdr = "Proxy-Authorization"; err = HttpURLConnection.HTTP_PROXY_AUTH; } Krb5LoginModule krb5 = new Krb5LoginModule(); Map<String, String> map = new HashMap<>(); Map<String, Object> shared = new HashMap<>(); map.put("storeKey", "true"); map.put("isInitiator", "false"); map.put("useKeyTab", "true"); map.put("keyTab", ktab); map.put("principal", principal); krb5.initialize(s, null, shared, map); krb5.login(); krb5.commit(); m = GSSManager.getInstance(); cred = Subject.doAs(s, new PrivilegedExceptionAction<GSSCredential>() { @Override public GSSCredential run() throws Exception { System.err.println("Creating GSSCredential"); return m.createCredential( null, GSSCredential.INDEFINITE_LIFETIME, MyServerAuthenticator.this.scheme.equalsIgnoreCase("Negotiate")? GSSUtil.GSS_SPNEGO_MECH_OID: GSSUtil.GSS_KRB5_MECH_OID, GSSCredential.ACCEPT_ONLY); } }); }
Example 14
Source File: HttpNegotiateServer.java From jdk8u60 with GNU General Public License v2.0 | 5 votes |
public MyServerAuthenticator(boolean proxy, String scheme, String principal, String ktab) throws Exception { this.scheme = scheme; if (proxy) { reqHdr = "Proxy-Authenticate"; respHdr = "Proxy-Authorization"; err = HttpURLConnection.HTTP_PROXY_AUTH; } Krb5LoginModule krb5 = new Krb5LoginModule(); Map<String, String> map = new HashMap<>(); Map<String, Object> shared = new HashMap<>(); map.put("storeKey", "true"); map.put("isInitiator", "false"); map.put("useKeyTab", "true"); map.put("keyTab", ktab); map.put("principal", principal); krb5.initialize(s, null, shared, map); krb5.login(); krb5.commit(); m = GSSManager.getInstance(); cred = Subject.doAs(s, new PrivilegedExceptionAction<GSSCredential>() { @Override public GSSCredential run() throws Exception { System.err.println("Creating GSSCredential"); return m.createCredential( null, GSSCredential.INDEFINITE_LIFETIME, MyServerAuthenticator.this.scheme.equalsIgnoreCase("Negotiate")? GSSUtil.GSS_SPNEGO_MECH_OID: GSSUtil.GSS_KRB5_MECH_OID, GSSCredential.ACCEPT_ONLY); } }); }
Example 15
Source File: TestSecureLogins.java From big-c with Apache License 2.0 | 5 votes |
@Test public void testKerberosAuth() throws Throwable { File krb5conf = getKdc().getKrb5conf(); String krbConfig = FileUtils.readFileToString(krb5conf); LOG.info("krb5.conf at {}:\n{}", krb5conf, krbConfig); Subject subject = new Subject(); final Krb5LoginModule krb5LoginModule = new Krb5LoginModule(); final Map<String, String> options = new HashMap<String, String>(); options.put("keyTab", keytab_alice.getAbsolutePath()); options.put("principal", ALICE_LOCALHOST); options.put("debug", "true"); options.put("doNotPrompt", "true"); options.put("isInitiator", "true"); options.put("refreshKrb5Config", "true"); options.put("renewTGT", "true"); options.put("storeKey", "true"); options.put("useKeyTab", "true"); options.put("useTicketCache", "true"); krb5LoginModule.initialize(subject, null, new HashMap<String, String>(), options); boolean loginOk = krb5LoginModule.login(); assertTrue("Failed to login", loginOk); boolean commitOk = krb5LoginModule.commit(); assertTrue("Failed to Commit", commitOk); }
Example 16
Source File: CleanState.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 5 votes |
void go() throws Exception { Krb5LoginModule krb5 = new Krb5LoginModule(); final String name = OneKDC.USER; final char[] password = OneKDC.PASS; char[] badpassword = "hellokitty".toCharArray(); Map<String,String> map = new HashMap<>(); map.put("useTicketCache", "false"); map.put("doNotPrompt", "false"); map.put("tryFirstPass", "true"); Map<String,Object> shared = new HashMap<>(); shared.put("javax.security.auth.login.name", name); shared.put("javax.security.auth.login.password", badpassword); krb5.initialize(new Subject(), new CallbackHandler() { @Override public void handle(Callback[] callbacks) { for(Callback callback: callbacks) { if (callback instanceof NameCallback) { ((NameCallback)callback).setName(name); } if (callback instanceof PasswordCallback) { ((PasswordCallback)callback).setPassword(password); } } } }, shared, map); krb5.login(); }
Example 17
Source File: Context.java From openjdk-8-source with GNU General Public License v2.0 | 5 votes |
/** * Logins with username/password as an existing Subject. The * same subject can be used multiple times to simulate multiple logins. * @param s existing subject */ public static Context fromUserPass(Subject s, String user, char[] pass, boolean storeKey) throws Exception { Context out = new Context(); out.name = user; out.s = s; Krb5LoginModule krb5 = new Krb5LoginModule(); Map<String, String> map = new HashMap<>(); Map<String, Object> shared = new HashMap<>(); if (pass != null) { map.put("useFirstPass", "true"); shared.put("javax.security.auth.login.name", user); shared.put("javax.security.auth.login.password", pass); } else { map.put("doNotPrompt", "true"); map.put("useTicketCache", "true"); if (user != null) { map.put("principal", user); } } if (storeKey) { map.put("storeKey", "true"); } krb5.initialize(out.s, null, shared, map); krb5.login(); krb5.commit(); return out; }
Example 18
Source File: IPv6.java From jdk8u-jdk with GNU General Public License v2.0 | 4 votes |
public static void main(String[] args) throws Exception { String[][] kdcs = { {"simple.host", null}, // These are legal settings {"simple.host", ""}, {"simple.host", "8080"}, {"0.0.0.1", null}, {"0.0.0.1", ""}, {"0.0.0.1", "8080"}, {"1::1", null}, {"[1::1]", null}, {"[1::1]", ""}, {"[1::1]", "8080"}, {"[1::1", null}, // Two illegal settings {"[1::1]abc", null}, }; // Prepares a krb5.conf with every kind of KDC settings PrintStream out = new PrintStream(new FileOutputStream("ipv6.conf")); out.println("[libdefaults]"); out.println("default_realm = V6"); out.println("kdc_timeout = 1"); out.println("[realms]"); out.println("V6 = {"); for (String[] hp: kdcs) { if (hp[1] != null) out.println(" kdc = "+hp[0]+":"+hp[1]); else out.println(" kdc = " + hp[0]); } out.println("}"); out.close(); System.setProperty("sun.security.krb5.debug", "true"); System.setProperty("java.security.krb5.conf", "ipv6.conf"); ByteArrayOutputStream bo = new ByteArrayOutputStream(); PrintStream po = new PrintStream(bo); PrintStream oldout = System.out; System.setOut(po); try { Subject subject = new Subject(); Krb5LoginModule krb5 = new Krb5LoginModule(); Map<String, String> map = new HashMap<>(); Map<String, Object> shared = new HashMap<>(); map.put("debug", "true"); map.put("doNotPrompt", "true"); map.put("useTicketCache", "false"); map.put("useFirstPass", "true"); shared.put("javax.security.auth.login.name", "any"); shared.put("javax.security.auth.login.password", "any".toCharArray()); krb5.initialize(subject, null, shared, map); krb5.login(); } catch (Exception e) { // Ignore } po.flush(); System.setOut(oldout); BufferedReader br = new BufferedReader(new StringReader( new String(bo.toByteArray()))); int cc = 0; Pattern r = Pattern.compile(".*KrbKdcReq send: kdc=(.*) UDP:(\\d+),.*"); String line; while ((line = br.readLine()) != null) { Matcher m = r.matcher(line.subSequence(0, line.length())); if (m.matches()) { System.out.println("------------------"); System.out.println(line); String h = m.group(1), p = m.group(2); String eh = kdcs[cc][0], ep = kdcs[cc][1]; if (eh.charAt(0) == '[') { eh = eh.substring(1, eh.length()-1); } System.out.println("Expected: " + eh + " : " + ep); System.out.println("Actual: " + h + " : " + p); if (!eh.equals(h) || (ep == null || ep.length() == 0) && !p.equals("88") || (ep != null && ep.length() > 0) && !p.equals(ep)) { throw new Exception("Mismatch"); } cc++; } } if (cc != kdcs.length - 2) { // 2 illegal settings at the end throw new Exception("Not traversed"); } }
Example 19
Source File: Context.java From dragonwell8_jdk with GNU General Public License v2.0 | 4 votes |
/** * Logins with username/password as an existing Subject. The * same subject can be used multiple times to simulate multiple logins. * @param s existing subject */ public static Context fromUserPass(Subject s, String user, char[] pass, boolean storeKey) throws Exception { Context out = new Context(); out.name = user; out.s = s; Krb5LoginModule krb5 = new Krb5LoginModule(); Map<String, String> map = new HashMap<>(); Map<String, Object> shared = new HashMap<>(); if (storeKey) { map.put("storeKey", "true"); } if (pass != null) { krb5.initialize(out.s, new CallbackHandler() { @Override public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { for (Callback cb: callbacks) { if (cb instanceof NameCallback) { ((NameCallback)cb).setName(user); } else if (cb instanceof PasswordCallback) { ((PasswordCallback)cb).setPassword(pass); } } } }, shared, map); } else { map.put("doNotPrompt", "true"); map.put("useTicketCache", "true"); if (user != null) { map.put("principal", user); } krb5.initialize(out.s, null, shared, map); } krb5.login(); krb5.commit(); return out; }
Example 20
Source File: IPv6.java From dragonwell8_jdk with GNU General Public License v2.0 | 4 votes |
public static void main(String[] args) throws Exception { String[][] kdcs = { {"simple.host", null}, // These are legal settings {"simple.host", ""}, {"simple.host", "8080"}, {"0.0.0.1", null}, {"0.0.0.1", ""}, {"0.0.0.1", "8080"}, {"1::1", null}, {"[1::1]", null}, {"[1::1]", ""}, {"[1::1]", "8080"}, {"[1::1", null}, // Two illegal settings {"[1::1]abc", null}, }; // Prepares a krb5.conf with every kind of KDC settings PrintStream out = new PrintStream(new FileOutputStream("ipv6.conf")); out.println("[libdefaults]"); out.println("default_realm = V6"); out.println("kdc_timeout = 1"); out.println("[realms]"); out.println("V6 = {"); for (String[] hp: kdcs) { if (hp[1] != null) out.println(" kdc = "+hp[0]+":"+hp[1]); else out.println(" kdc = " + hp[0]); } out.println("}"); out.close(); System.setProperty("sun.security.krb5.debug", "true"); System.setProperty("java.security.krb5.conf", "ipv6.conf"); ByteArrayOutputStream bo = new ByteArrayOutputStream(); PrintStream po = new PrintStream(bo); PrintStream oldout = System.out; System.setOut(po); try { Subject subject = new Subject(); Krb5LoginModule krb5 = new Krb5LoginModule(); Map<String, String> map = new HashMap<>(); Map<String, Object> shared = new HashMap<>(); map.put("debug", "true"); map.put("doNotPrompt", "true"); map.put("useTicketCache", "false"); map.put("useFirstPass", "true"); shared.put("javax.security.auth.login.name", "any"); shared.put("javax.security.auth.login.password", "any".toCharArray()); krb5.initialize(subject, null, shared, map); krb5.login(); } catch (Exception e) { // Ignore } po.flush(); System.setOut(oldout); BufferedReader br = new BufferedReader(new StringReader( new String(bo.toByteArray()))); int cc = 0; Pattern r = Pattern.compile(".*KrbKdcReq send: kdc=(.*) UDP:(\\d+),.*"); String line; while ((line = br.readLine()) != null) { Matcher m = r.matcher(line.subSequence(0, line.length())); if (m.matches()) { System.out.println("------------------"); System.out.println(line); String h = m.group(1), p = m.group(2); String eh = kdcs[cc][0], ep = kdcs[cc][1]; if (eh.charAt(0) == '[') { eh = eh.substring(1, eh.length()-1); } System.out.println("Expected: " + eh + " : " + ep); System.out.println("Actual: " + h + " : " + p); if (!eh.equals(h) || (ep == null || ep.length() == 0) && !p.equals("88") || (ep != null && ep.length() > 0) && !p.equals(ep)) { throw new Exception("Mismatch"); } cc++; } } if (cc != kdcs.length - 2) { // 2 illegal settings at the end throw new Exception("Not traversed"); } }