public void handle(Callback[] callbacks) throws UnsupportedCallbackException { for (Callback callback : callbacks) { if (callback instanceof NameCallback) { handleNameCallback((NameCallback) callback); } else if (callback instanceof PasswordCallback) { handlePasswordCallback((PasswordCallback) callback); } else if (callback instanceof RealmCallback) { handleRealmCallback((RealmCallback) callback); } else if (callback instanceof AuthorizeCallback) { handleAuthorizeCallback((AuthorizeCallback) callback); } } }
private boolean shouldAppendHost(KerberosName kerberosName) { return !isSystemPropertyTrue(SYSPROP_REMOVE_HOST) && kerberosName.getHostName() != null; }
saslServerCallbackHandler = new SaslServerCallbackHandler(Configuration.getConfiguration()); login = new Login(serverSection, saslServerCallbackHandler, new ZKConfig() ); login.startThreadIfNeeded();
private void handleAuthorizeCallback(AuthorizeCallback ac) { String authenticationID = ac.getAuthenticationID(); String authorizationID = ac.getAuthorizationID(); LOG.info("Successfully authenticated client: authenticationID=" + authenticationID + "; authorizationID=" + authorizationID + "."); ac.setAuthorized(true); // canonicalize authorization id according to system properties: // zookeeper.kerberos.removeRealmFromPrincipal(={true,false}) // zookeeper.kerberos.removeHostFromPrincipal(={true,false}) KerberosName kerberosName = new KerberosName(authenticationID); try { StringBuilder userNameBuilder = new StringBuilder(kerberosName.getShortName()); if (shouldAppendHost(kerberosName)) { userNameBuilder.append("/").append(kerberosName.getHostName()); } if (shouldAppendRealm(kerberosName)) { userNameBuilder.append("@").append(kerberosName.getRealm()); } LOG.info("Setting authorizedID: " + userNameBuilder); ac.setAuthorizedID(userNameBuilder.toString()); } catch (IOException e) { LOG.error("Failed to set name based on Kerberos authentication rules.", e); } }
saslServerCallbackHandler = new SaslServerCallbackHandler(Configuration.getConfiguration()); login = new Login(serverSection, saslServerCallbackHandler); login.startThreadIfNeeded();
private void handleAuthorizeCallback(AuthorizeCallback ac) { String authenticationID = ac.getAuthenticationID(); String authorizationID = ac.getAuthorizationID(); LOG.info("Successfully authenticated client: authenticationID=" + authenticationID + "; authorizationID=" + authorizationID + "."); ac.setAuthorized(true); // canonicalize authorization id according to system properties: // zookeeper.kerberos.removeRealmFromPrincipal(={true,false}) // zookeeper.kerberos.removeHostFromPrincipal(={true,false}) KerberosName kerberosName = new KerberosName(authenticationID); try { StringBuilder userNameBuilder = new StringBuilder(kerberosName.getShortName()); if (shouldAppendHost(kerberosName)) { userNameBuilder.append("/").append(kerberosName.getHostName()); } if (shouldAppendRealm(kerberosName)) { userNameBuilder.append("@").append(kerberosName.getRealm()); } LOG.info("Setting authorizedID: " + userNameBuilder); ac.setAuthorizedID(userNameBuilder.toString()); } catch (IOException e) { LOG.error("Failed to set name based on Kerberos authentication rules.", e); } }
public void handle(Callback[] callbacks) throws UnsupportedCallbackException { for (Callback callback : callbacks) { if (callback instanceof NameCallback) { handleNameCallback((NameCallback) callback); } else if (callback instanceof PasswordCallback) { handlePasswordCallback((PasswordCallback) callback); } else if (callback instanceof RealmCallback) { handleRealmCallback((RealmCallback) callback); } else if (callback instanceof AuthorizeCallback) { handleAuthorizeCallback((AuthorizeCallback) callback); } } }
/** * this is a cut and paste of some of the ZK internal code that was * failing on windows and swallowing its exceptions */ @Test public void testLowlevelZKSaslLogin() throws Throwable { RegistrySecurity.bindZKToServerJAASContext(ZOOKEEPER_SERVER_CONTEXT); String serverSection = System.getProperty(ZooKeeperSaslServer.LOGIN_CONTEXT_NAME_KEY, ZooKeeperSaslServer.DEFAULT_LOGIN_CONTEXT_NAME); assertEquals(ZOOKEEPER_SERVER_CONTEXT, serverSection); AppConfigurationEntry entries[]; entries = javax.security.auth.login.Configuration.getConfiguration() .getAppConfigurationEntry( serverSection); assertNotNull("null entries", entries); SaslServerCallbackHandler saslServerCallbackHandler = new SaslServerCallbackHandler( javax.security.auth.login.Configuration.getConfiguration()); Login login = new Login(serverSection, saslServerCallbackHandler); try { login.startThreadIfNeeded(); } finally { login.shutdown(); } }
private boolean shouldAppendRealm(KerberosName kerberosName) { return !isSystemPropertyTrue(SYSPROP_REMOVE_REALM) && kerberosName.getRealm() != null; }
/** * this is a cut and paste of some of the ZK internal code that was * failing on windows and swallowing its exceptions */ @Test public void testLowlevelZKSaslLogin() throws Throwable { RegistrySecurity.bindZKToServerJAASContext(ZOOKEEPER_SERVER_CONTEXT); String serverSection = System.getProperty(ZooKeeperSaslServer.LOGIN_CONTEXT_NAME_KEY, ZooKeeperSaslServer.DEFAULT_LOGIN_CONTEXT_NAME); assertEquals(ZOOKEEPER_SERVER_CONTEXT, serverSection); AppConfigurationEntry entries[]; entries = javax.security.auth.login.Configuration.getConfiguration() .getAppConfigurationEntry( serverSection); assertNotNull("null entries", entries); SaslServerCallbackHandler saslServerCallbackHandler = new SaslServerCallbackHandler( javax.security.auth.login.Configuration.getConfiguration()); Login login = new Login(serverSection, saslServerCallbackHandler); try { login.startThreadIfNeeded(); } finally { login.shutdown(); } }
private boolean shouldAppendHost(KerberosName kerberosName) { return !isSystemPropertyTrue(SYSPROP_REMOVE_HOST) && kerberosName.getHostName() != null; }
private boolean shouldAppendRealm(KerberosName kerberosName) { return !isSystemPropertyTrue(SYSPROP_REMOVE_REALM) && kerberosName.getRealm() != null; }