Java Code Examples for com.sun.security.auth.module.Krb5LoginModule#commit()

The following examples show how to use com.sun.security.auth.module.Krb5LoginModule#commit() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: LoginModuleOptions.java    From dragonwell8_jdk with GNU General Public License v2.0 6 votes vote down vote up
static void login(CallbackHandler callback, Object... options)
        throws Exception {
    Krb5LoginModule krb5 = new Krb5LoginModule();
    Subject subject = new Subject();
    Map<String, String> map = new HashMap<>();
    Map<String, Object> shared = new HashMap<>();

    int count = options.length / 2;
    for (int i = 0; i < count; i++) {
        String key = (String) options[2 * i];
        Object value = options[2 * i + 1];
        if (key.startsWith("javax")) {
            shared.put(key, value);
        } else {
            map.put(key, (String) value);
        }
    }
    krb5.initialize(subject, callback, shared, map);
    krb5.login();
    krb5.commit();
    if (!subject.getPrincipals().iterator().next()
            .getName().startsWith(OneKDC.USER)) {
        throw new Exception("The authenticated is not " + OneKDC.USER);
    }
}
 
Example 2
Source File: Context.java    From hottub with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Logins with username/keytab as a new subject,
 */
public static Context fromUserKtab(Subject s,
        String user, String ktab, boolean storeKey) throws Exception {
    Context out = new Context();
    out.name = user;
    out.s = s;
    Krb5LoginModule krb5 = new Krb5LoginModule();
    Map<String, String> map = new HashMap<>();

    map.put("isInitiator", "false");
    map.put("doNotPrompt", "true");
    map.put("useTicketCache", "false");
    map.put("useKeyTab", "true");
    map.put("keyTab", ktab);
    map.put("principal", user);
    if (storeKey) {
        map.put("storeKey", "true");
    }

    krb5.initialize(out.s, null, null, map);
    krb5.login();
    krb5.commit();
    return out;
}
 
Example 3
Source File: Context.java    From dragonwell8_jdk with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Logins with username/keytab as a new subject,
 */
public static Context fromUserKtab(Subject s,
        String user, String ktab, boolean storeKey) throws Exception {
    Context out = new Context();
    out.name = user;
    out.s = s;
    Krb5LoginModule krb5 = new Krb5LoginModule();
    Map<String, String> map = new HashMap<>();

    map.put("isInitiator", "false");
    map.put("doNotPrompt", "true");
    map.put("useTicketCache", "false");
    map.put("useKeyTab", "true");
    map.put("keyTab", ktab);
    map.put("principal", user);
    if (storeKey) {
        map.put("storeKey", "true");
    }

    krb5.initialize(out.s, null, null, map);
    krb5.login();
    krb5.commit();
    return out;
}
 
Example 4
Source File: LoginModuleOptions.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 6 votes vote down vote up
static void login(CallbackHandler callback, Object... options)
        throws Exception {
    Krb5LoginModule krb5 = new Krb5LoginModule();
    Subject subject = new Subject();
    Map<String, String> map = new HashMap<>();
    Map<String, Object> shared = new HashMap<>();

    int count = options.length / 2;
    for (int i = 0; i < count; i++) {
        String key = (String) options[2 * i];
        Object value = options[2 * i + 1];
        if (key.startsWith("javax")) {
            shared.put(key, value);
        } else {
            map.put(key, (String) value);
        }
    }
    krb5.initialize(subject, callback, shared, map);
    krb5.login();
    krb5.commit();
    if (!subject.getPrincipals().iterator().next()
            .getName().startsWith(OneKDC.USER)) {
        throw new Exception("The authenticated is not " + OneKDC.USER);
    }
}
 
Example 5
Source File: LoginModuleOptions.java    From openjdk-jdk9 with GNU General Public License v2.0 6 votes vote down vote up
static void login(CallbackHandler callback, Object... options)
        throws Exception {
    Krb5LoginModule krb5 = new Krb5LoginModule();
    Subject subject = new Subject();
    Map<String, String> map = new HashMap<>();
    Map<String, Object> shared = new HashMap<>();

    int count = options.length / 2;
    for (int i = 0; i < count; i++) {
        String key = (String) options[2 * i];
        Object value = options[2 * i + 1];
        if (key.startsWith("javax")) {
            shared.put(key, value);
        } else {
            map.put(key, (String) value);
        }
    }
    krb5.initialize(subject, callback, shared, map);
    krb5.login();
    krb5.commit();
    if (!subject.getPrincipals().iterator().next()
            .getName().startsWith(OneKDC.USER)) {
        throw new Exception("The authenticated is not " + OneKDC.USER);
    }
}
 
Example 6
Source File: LoginModuleOptions.java    From jdk8u-dev-jdk with GNU General Public License v2.0 6 votes vote down vote up
static void login(CallbackHandler callback, Object... options)
        throws Exception {
    Krb5LoginModule krb5 = new Krb5LoginModule();
    Subject subject = new Subject();
    Map<String, String> map = new HashMap<>();
    Map<String, Object> shared = new HashMap<>();

    int count = options.length / 2;
    for (int i = 0; i < count; i++) {
        String key = (String) options[2 * i];
        Object value = options[2 * i + 1];
        if (key.startsWith("javax")) {
            shared.put(key, value);
        } else {
            map.put(key, (String) value);
        }
    }
    krb5.initialize(subject, callback, shared, map);
    krb5.login();
    krb5.commit();
    if (!subject.getPrincipals().iterator().next()
            .getName().startsWith(OneKDC.USER)) {
        throw new Exception("The authenticated is not " + OneKDC.USER);
    }
}
 
Example 7
Source File: Context.java    From jdk8u-jdk with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Logins with username/keytab as a new subject,
 */
public static Context fromUserKtab(Subject s,
        String user, String ktab, boolean storeKey) throws Exception {
    Context out = new Context();
    out.name = user;
    out.s = s;
    Krb5LoginModule krb5 = new Krb5LoginModule();
    Map<String, String> map = new HashMap<>();

    map.put("isInitiator", "false");
    map.put("doNotPrompt", "true");
    map.put("useTicketCache", "false");
    map.put("useKeyTab", "true");
    map.put("keyTab", ktab);
    map.put("principal", user);
    if (storeKey) {
        map.put("storeKey", "true");
    }

    krb5.initialize(out.s, null, null, map);
    krb5.login();
    krb5.commit();
    return out;
}
 
Example 8
Source File: Context.java    From openjdk-jdk9 with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Logins with username/keytab as a new subject,
 */
public static Context fromUserKtab(Subject s,
        String user, String ktab, boolean storeKey) throws Exception {
    Context out = new Context();
    out.name = user;
    out.s = s;
    Krb5LoginModule krb5 = new Krb5LoginModule();
    Map<String, String> map = new HashMap<>();

    map.put("isInitiator", "false");
    map.put("doNotPrompt", "true");
    map.put("useTicketCache", "false");
    map.put("useKeyTab", "true");
    map.put("keyTab", ktab);
    map.put("principal", user);
    if (storeKey) {
        map.put("storeKey", "true");
    }

    krb5.initialize(out.s, null, null, map);
    krb5.login();
    krb5.commit();
    return out;
}
 
Example 9
Source File: Context.java    From jdk8u-dev-jdk with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Logins with username/keytab as a new subject,
 */
public static Context fromUserKtab(Subject s,
        String user, String ktab, boolean storeKey) throws Exception {
    Context out = new Context();
    out.name = user;
    out.s = s;
    Krb5LoginModule krb5 = new Krb5LoginModule();
    Map<String, String> map = new HashMap<>();

    map.put("isInitiator", "false");
    map.put("doNotPrompt", "true");
    map.put("useTicketCache", "false");
    map.put("useKeyTab", "true");
    map.put("keyTab", ktab);
    map.put("principal", user);
    if (storeKey) {
        map.put("storeKey", "true");
    }

    krb5.initialize(out.s, null, null, map);
    krb5.login();
    krb5.commit();
    return out;
}
 
Example 10
Source File: LoginModuleOptions.java    From jdk8u_jdk with GNU General Public License v2.0 6 votes vote down vote up
static void login(CallbackHandler callback, Object... options)
        throws Exception {
    Krb5LoginModule krb5 = new Krb5LoginModule();
    Subject subject = new Subject();
    Map<String, String> map = new HashMap<>();
    Map<String, Object> shared = new HashMap<>();

    int count = options.length / 2;
    for (int i = 0; i < count; i++) {
        String key = (String) options[2 * i];
        Object value = options[2 * i + 1];
        if (key.startsWith("javax")) {
            shared.put(key, value);
        } else {
            map.put(key, (String) value);
        }
    }
    krb5.initialize(subject, callback, shared, map);
    krb5.login();
    krb5.commit();
    if (!subject.getPrincipals().iterator().next()
            .getName().startsWith(OneKDC.USER)) {
        throw new Exception("The authenticated is not " + OneKDC.USER);
    }
}
 
Example 11
Source File: Context.java    From openjdk-8 with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Logins with username/keytab as a new subject,
 */
public static Context fromUserKtab(Subject s,
        String user, String ktab, boolean storeKey) throws Exception {
    Context out = new Context();
    out.name = user;
    out.s = s;
    Krb5LoginModule krb5 = new Krb5LoginModule();
    Map<String, String> map = new HashMap<>();

    map.put("isInitiator", "false");
    map.put("doNotPrompt", "true");
    map.put("useTicketCache", "false");
    map.put("useKeyTab", "true");
    map.put("keyTab", ktab);
    map.put("principal", user);
    if (storeKey) {
        map.put("storeKey", "true");
    }

    krb5.initialize(out.s, null, null, map);
    krb5.login();
    krb5.commit();
    return out;
}
 
Example 12
Source File: Context.java    From openjdk-8-source with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Logins with username/password as an existing Subject. The
 * same subject can be used multiple times to simulate multiple logins.
 * @param s existing subject
 */
public static Context fromUserPass(Subject s,
        String user, char[] pass, boolean storeKey) throws Exception {
    Context out = new Context();
    out.name = user;
    out.s = s;
    Krb5LoginModule krb5 = new Krb5LoginModule();
    Map<String, String> map = new HashMap<>();
    Map<String, Object> shared = new HashMap<>();

    if (pass != null) {
        map.put("useFirstPass", "true");
        shared.put("javax.security.auth.login.name", user);
        shared.put("javax.security.auth.login.password", pass);
    } else {
        map.put("doNotPrompt", "true");
        map.put("useTicketCache", "true");
        if (user != null) {
            map.put("principal", user);
        }
    }
    if (storeKey) {
        map.put("storeKey", "true");
    }

    krb5.initialize(out.s, null, shared, map);
    krb5.login();
    krb5.commit();
    return out;
}
 
Example 13
Source File: Context.java    From jdk8u-jdk with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Logins with username/password as an existing Subject. The
 * same subject can be used multiple times to simulate multiple logins.
 * @param s existing subject
 */
public static Context fromUserPass(Subject s,
        String user, char[] pass, boolean storeKey) throws Exception {
    Context out = new Context();
    out.name = user;
    out.s = s;
    Krb5LoginModule krb5 = new Krb5LoginModule();
    Map<String, String> map = new HashMap<>();
    Map<String, Object> shared = new HashMap<>();

    if (pass != null) {
        map.put("useFirstPass", "true");
        shared.put("javax.security.auth.login.name", user);
        shared.put("javax.security.auth.login.password", pass);
    } else {
        map.put("doNotPrompt", "true");
        map.put("useTicketCache", "true");
        if (user != null) {
            map.put("principal", user);
        }
    }
    if (storeKey) {
        map.put("storeKey", "true");
    }

    krb5.initialize(out.s, null, shared, map);
    krb5.login();
    krb5.commit();
    return out;
}
 
Example 14
Source File: HttpNegotiateServer.java    From jdk8u_jdk with GNU General Public License v2.0 5 votes vote down vote up
public MyServerAuthenticator(boolean proxy, String scheme,
        String principal, String ktab) throws Exception {

    this.scheme = scheme;
    if (proxy) {
        reqHdr = "Proxy-Authenticate";
        respHdr = "Proxy-Authorization";
        err = HttpURLConnection.HTTP_PROXY_AUTH;
    }

    Krb5LoginModule krb5 = new Krb5LoginModule();
    Map<String, String> map = new HashMap<>();
    Map<String, Object> shared = new HashMap<>();

    map.put("storeKey", "true");
    map.put("isInitiator", "false");
    map.put("useKeyTab", "true");
    map.put("keyTab", ktab);
    map.put("principal", principal);
    krb5.initialize(s, null, shared, map);
    krb5.login();
    krb5.commit();
    m = GSSManager.getInstance();
    cred = Subject.doAs(s, new PrivilegedExceptionAction<GSSCredential>() {
        @Override
        public GSSCredential run() throws Exception {
            System.err.println("Creating GSSCredential");
            return m.createCredential(
                    null,
                    GSSCredential.INDEFINITE_LIFETIME,
                    MyServerAuthenticator.this.scheme.equalsIgnoreCase("Negotiate")?
                            GSSUtil.GSS_SPNEGO_MECH_OID:
                            GSSUtil.GSS_KRB5_MECH_OID,
                    GSSCredential.ACCEPT_ONLY);
        }
    });
}
 
Example 15
Source File: HttpNegotiateServer.java    From openjdk-8 with GNU General Public License v2.0 5 votes vote down vote up
public MyServerAuthenticator(boolean proxy, String scheme,
        String principal, String ktab) throws Exception {

    this.scheme = scheme;
    if (proxy) {
        reqHdr = "Proxy-Authenticate";
        respHdr = "Proxy-Authorization";
        err = HttpURLConnection.HTTP_PROXY_AUTH;
    }

    Krb5LoginModule krb5 = new Krb5LoginModule();
    Map<String, String> map = new HashMap<>();
    Map<String, Object> shared = new HashMap<>();

    map.put("storeKey", "true");
    map.put("isInitiator", "false");
    map.put("useKeyTab", "true");
    map.put("keyTab", ktab);
    map.put("principal", principal);
    krb5.initialize(s, null, shared, map);
    krb5.login();
    krb5.commit();
    m = GSSManager.getInstance();
    cred = Subject.doAs(s, new PrivilegedExceptionAction<GSSCredential>() {
        @Override
        public GSSCredential run() throws Exception {
            System.err.println("Creating GSSCredential");
            return m.createCredential(
                    null,
                    GSSCredential.INDEFINITE_LIFETIME,
                    MyServerAuthenticator.this.scheme.equalsIgnoreCase("Negotiate")?
                            GSSUtil.GSS_SPNEGO_MECH_OID:
                            GSSUtil.GSS_KRB5_MECH_OID,
                    GSSCredential.ACCEPT_ONLY);
        }
    });
}
 
Example 16
Source File: HttpNegotiateServer.java    From openjdk-jdk8u with GNU General Public License v2.0 5 votes vote down vote up
public MyServerAuthenticator(boolean proxy, String scheme,
        String principal, String ktab) throws Exception {

    this.scheme = scheme;
    if (proxy) {
        reqHdr = "Proxy-Authenticate";
        respHdr = "Proxy-Authorization";
        err = HttpURLConnection.HTTP_PROXY_AUTH;
    }

    Krb5LoginModule krb5 = new Krb5LoginModule();
    Map<String, String> map = new HashMap<>();
    Map<String, Object> shared = new HashMap<>();

    map.put("storeKey", "true");
    map.put("isInitiator", "false");
    map.put("useKeyTab", "true");
    map.put("keyTab", ktab);
    map.put("principal", principal);
    krb5.initialize(s, null, shared, map);
    krb5.login();
    krb5.commit();
    m = GSSManager.getInstance();
    cred = Subject.doAs(s, new PrivilegedExceptionAction<GSSCredential>() {
        @Override
        public GSSCredential run() throws Exception {
            System.err.println("Creating GSSCredential");
            return m.createCredential(
                    null,
                    GSSCredential.INDEFINITE_LIFETIME,
                    MyServerAuthenticator.this.scheme.equalsIgnoreCase("Negotiate")?
                            GSSUtil.GSS_SPNEGO_MECH_OID:
                            GSSUtil.GSS_KRB5_MECH_OID,
                    GSSCredential.ACCEPT_ONLY);
        }
    });
}
 
Example 17
Source File: HttpNegotiateServer.java    From jdk8u-jdk with GNU General Public License v2.0 5 votes vote down vote up
public MyServerAuthenticator(boolean proxy, String scheme,
        String principal, String ktab) throws Exception {

    this.scheme = scheme;
    if (proxy) {
        reqHdr = "Proxy-Authenticate";
        respHdr = "Proxy-Authorization";
        err = HttpURLConnection.HTTP_PROXY_AUTH;
    }

    Krb5LoginModule krb5 = new Krb5LoginModule();
    Map<String, String> map = new HashMap<>();
    Map<String, Object> shared = new HashMap<>();

    map.put("storeKey", "true");
    map.put("isInitiator", "false");
    map.put("useKeyTab", "true");
    map.put("keyTab", ktab);
    map.put("principal", principal);
    krb5.initialize(s, null, shared, map);
    krb5.login();
    krb5.commit();
    m = GSSManager.getInstance();
    cred = Subject.doAs(s, new PrivilegedExceptionAction<GSSCredential>() {
        @Override
        public GSSCredential run() throws Exception {
            System.err.println("Creating GSSCredential");
            return m.createCredential(
                    null,
                    GSSCredential.INDEFINITE_LIFETIME,
                    MyServerAuthenticator.this.scheme.equalsIgnoreCase("Negotiate")?
                            GSSUtil.GSS_SPNEGO_MECH_OID:
                            GSSUtil.GSS_KRB5_MECH_OID,
                    GSSCredential.ACCEPT_ONLY);
        }
    });
}
 
Example 18
Source File: HttpNegotiateServer.java    From hottub with GNU General Public License v2.0 5 votes vote down vote up
public MyServerAuthenticator(boolean proxy, String scheme,
        String principal, String ktab) throws Exception {

    this.scheme = scheme;
    if (proxy) {
        reqHdr = "Proxy-Authenticate";
        respHdr = "Proxy-Authorization";
        err = HttpURLConnection.HTTP_PROXY_AUTH;
    }

    Krb5LoginModule krb5 = new Krb5LoginModule();
    Map<String, String> map = new HashMap<>();
    Map<String, Object> shared = new HashMap<>();

    map.put("storeKey", "true");
    map.put("isInitiator", "false");
    map.put("useKeyTab", "true");
    map.put("keyTab", ktab);
    map.put("principal", principal);
    krb5.initialize(s, null, shared, map);
    krb5.login();
    krb5.commit();
    m = GSSManager.getInstance();
    cred = Subject.doAs(s, new PrivilegedExceptionAction<GSSCredential>() {
        @Override
        public GSSCredential run() throws Exception {
            System.err.println("Creating GSSCredential");
            return m.createCredential(
                    null,
                    GSSCredential.INDEFINITE_LIFETIME,
                    MyServerAuthenticator.this.scheme.equalsIgnoreCase("Negotiate")?
                            GSSUtil.GSS_SPNEGO_MECH_OID:
                            GSSUtil.GSS_KRB5_MECH_OID,
                    GSSCredential.ACCEPT_ONLY);
        }
    });
}
 
Example 19
Source File: Context.java    From jdk8u-dev-jdk with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Logins with username/password as an existing Subject. The
 * same subject can be used multiple times to simulate multiple logins.
 * @param s existing subject
 */
public static Context fromUserPass(Subject s,
        String user, char[] pass, boolean storeKey) throws Exception {
    Context out = new Context();
    out.name = user;
    out.s = s;
    Krb5LoginModule krb5 = new Krb5LoginModule();
    Map<String, String> map = new HashMap<>();
    Map<String, Object> shared = new HashMap<>();

    if (pass != null) {
        map.put("useFirstPass", "true");
        shared.put("javax.security.auth.login.name", user);
        shared.put("javax.security.auth.login.password", pass);
    } else {
        map.put("doNotPrompt", "true");
        map.put("useTicketCache", "true");
        if (user != null) {
            map.put("principal", user);
        }
    }
    if (storeKey) {
        map.put("storeKey", "true");
    }

    krb5.initialize(out.s, null, shared, map);
    krb5.login();
    krb5.commit();
    return out;
}
 
Example 20
Source File: HttpNegotiateServer.java    From dragonwell8_jdk with GNU General Public License v2.0 5 votes vote down vote up
public MyServerAuthenticator(boolean proxy, String scheme,
        String principal, String ktab) throws Exception {

    this.scheme = scheme;
    if (proxy) {
        reqHdr = "Proxy-Authenticate";
        respHdr = "Proxy-Authorization";
        err = HttpURLConnection.HTTP_PROXY_AUTH;
    }

    Krb5LoginModule krb5 = new Krb5LoginModule();
    Map<String, String> map = new HashMap<>();
    Map<String, Object> shared = new HashMap<>();

    map.put("storeKey", "true");
    map.put("isInitiator", "false");
    map.put("useKeyTab", "true");
    map.put("keyTab", ktab);
    map.put("principal", principal);
    krb5.initialize(s, null, shared, map);
    krb5.login();
    krb5.commit();
    m = GSSManager.getInstance();
    cred = Subject.doAs(s, new PrivilegedExceptionAction<GSSCredential>() {
        @Override
        public GSSCredential run() throws Exception {
            System.err.println("Creating GSSCredential");
            return m.createCredential(
                    null,
                    GSSCredential.INDEFINITE_LIFETIME,
                    MyServerAuthenticator.this.scheme.equalsIgnoreCase("Negotiate")?
                            GSSUtil.GSS_SPNEGO_MECH_OID:
                            GSSUtil.GSS_KRB5_MECH_OID,
                    GSSCredential.ACCEPT_ONLY);
        }
    });
}