public SaslServer getServer() throws SaslException { return Sasl.createSaslServer(mechanism, protocol, serverName, props, cbh); } });
public SaslServer run() { try { SaslServer saslServer; saslServer = Sasl.createSaslServer( mech, servicePrincipalName, serviceHostname, null, callbackHandler); return saslServer; } catch (SaslException e) { LOG.error("Zookeeper Server failed to create a SaslServer to interact with a client during session initiation: ", e); return null; } } });
public SaslServer run() { try { Map<String, String> props = new TreeMap<String, String>(); props.put(Sasl.QOP, "auth"); props.put(Sasl.SERVER_AUTH, "false"); return Sasl.createSaslServer(SaslUtils.KERBEROS, fServiceName, fHost, props, fch); } catch (Exception e) { LOG.error("Subject failed to create sasl server.", e); return null; } } });
public SaslServer run() { try { SaslServer saslServer; saslServer = Sasl.createSaslServer( mech, servicePrincipalName, serviceHostname, null, callbackHandler); return saslServer; } catch (SaslException e) { LOG.error("Zookeeper Server failed to create a SaslServer to interact with a client during session initiation: ", e); return null; } } });
private void createSaslServer(String mechanism) throws IOException { this.saslMechanism = mechanism; Subject subject = subjects.get(mechanism); final AuthenticateCallbackHandler callbackHandler = callbackHandlers.get(mechanism); if (mechanism.equals(SaslConfigs.GSSAPI_MECHANISM)) { saslServer = createSaslKerberosServer(callbackHandler, configs, subject); } else { try { saslServer = Subject.doAs(subject, (PrivilegedExceptionAction<SaslServer>) () -> Sasl.createSaslServer(saslMechanism, "kafka", serverAddress().getHostName(), configs, callbackHandler)); } catch (PrivilegedActionException e) { throw new SaslException("Kafka Server failed to create a SaslServer to interact with a client during session authentication", e.getCause()); } } }
SaslNettyServer(String topologyName, byte[] token) throws IOException { LOG.debug("SaslNettyServer: Topology token is: {} with authmethod {}", topologyName, SaslUtils.AUTH_DIGEST_MD5); try { SaslDigestCallbackHandler ch = new SaslNettyServer.SaslDigestCallbackHandler( topologyName, token); saslServer = Sasl.createSaslServer(SaslUtils.AUTH_DIGEST_MD5, null, SaslUtils.DEFAULT_REALM, SaslUtils.getSaslProps(), ch); } catch (SaslException e) { LOG.error("SaslNettyServer: Could not create SaslServer: ", e); } }
@Override public SaslServer run() throws SaslException { return Sasl.createSaslServer(AuthMethod.KERBEROS.getMechanismName(), names[0], names[1], saslProps, new SaslGssCallbackHandler()); } });
@Override public SaslServer createSaslServer(Runnable runnable, String serverName, AlluxioConfiguration conf) throws SaslException { AuthType authType = conf.getEnum(PropertyKey.SECURITY_AUTHENTICATION_TYPE, AuthType.class); AuthenticationProvider provider = AuthenticationProvider.Factory.create(authType, conf); return Sasl.createSaslServer(PlainSaslServerProvider.MECHANISM, null, serverName, new HashMap<String, String>(), new PlainSaslServerCallbackHandler(provider, runnable, conf)); } }
SaslServerHandler(RpcConfiguration config) throws IOException { super(config); this.server = Sasl.createSaslServer(config.getSaslMechanism(), Rpc.SASL_PROTOCOL, Rpc.SASL_REALM, config.getSaslOptions(), this); }
SaslServer saslServer = Sasl.createSaslServer("DIGEST-MD5", protocol, serverName, null, callbackHandler); return saslServer;
throw new AccessDeniedException("Server is not configured to do DIGEST authentication."); saslServer = Sasl.createSaslServer(AuthMethod.DIGEST.getMechanismName(), null, SaslUtil.SASL_DEFAULT_REALM, saslProps, new SaslDigestCallbackHandler(secretManager)); break;
Sasl.createSaslServer(saslMechanism, servicePrincipalName, serviceHostname, configs, saslServerCallbackHandler)); } catch (PrivilegedActionException e) { throw new SaslException("Kafka Server failed to create a SaslServer to interact with a client during session authentication", e.getCause());
/** * Tests the {@link Sasl#createSaslServer(String, String, String, Map, CallbackHandler)} method to * be null when the provider is not plain. */ @Test public void createNoSupportSaslServer() throws Exception { // create a SaslServer which SecurityProvider has not supported SaslServer server = Sasl.createSaslServer("NO_PLAIN", "", "", new HashMap<String, String>(), null); Assert.assertNull(server); } }
SaslServer saslServer = Sasl.createSaslServer("DIGEST-MD5", protocol, serverName, null, callbackHandler); return saslServer;
/** * Tests the {@link Sasl#createSaslServer(String, String, String, Map, CallbackHandler)} method to * work with the {@link PlainSaslServerProvider#MECHANISM} successfully. */ @Test public void createPlainSaslServer() throws Exception { // create plainSaslServer SaslServer server = Sasl.createSaslServer(PlainSaslServerProvider.MECHANISM, "", "", new HashMap<String, String>(), null); Assert.assertNotNull(server); Assert.assertEquals(PlainSaslServerProvider.MECHANISM, server.getMechanismName()); }
props.put( "com.sun.security.sasl.digest.realm", serverInfo.getXMPPDomain() ); SaslServer saslServer = Sasl.createSaslServer( mechanismName, "xmpp", serverName, props, new XMPPCallbackHandler() ); if ( saslServer == null )
Krb5SaslAuthenticator() { try { // For sasl properties regarding GSSAPI, see: // https://docs.oracle.com/javase/8/docs/technotes/guides/security/sasl/sasl-refguide.html#SERVER // Rely on GSSAPI defaults for Sasl.MAX_BUFFER and Sasl.QOP. Note, however, that gremlin-driver has // Sasl.SERVER_AUTH fixed to true (mutual authentication) and one can configure SSL for enhanced confidentiality, // Sasl policy properties for negotiating the authenticatin mechanism are not relevant here, because // GSSAPI is the only available mechanism for this authenticator final Map props = new HashMap<String, Object>(); final String[] principalParts = principalName.split("/|@"); if (principalParts.length < 3) throw new IllegalArgumentException("Use principal name of format 'service/fqdn@kdcrealm'"); saslServer = Sasl.createSaslServer(mechanism, principalParts[0], principalParts[1], props, Krb5SaslAuthenticator.this); } catch(Exception e) { logger.error("Creating sasl server failed: ", e); } logger.debug("SaslServer created with: " + saslServer.getMechanismName()); }
/** * Performs the server side of the initial portion of the Thrift SASL protocol. * Receives the initial response from the client, creates a SASL server using * the mechanism requested by the client (if this server supports it), and * sends the first challenge back to the client. */ @Override protected void handleSaslStartMessage() throws TTransportException, SaslException { SaslResponse message = receiveSaslMessage(); LOGGER.debug("Received start message with status {}", message.status); if (message.status != NegotiationStatus.START) { throw sendAndThrowMessage(NegotiationStatus.ERROR, "Expecting START status, received " + message.status); } // Get the mechanism name. String mechanismName; try { mechanismName = new String(message.payload, "UTF-8"); } catch (UnsupportedEncodingException e) { throw new TTransportException("JVM DOES NOT SUPPORT UTF-8"); } TSaslServerDefinition serverDefinition = serverDefinitionMap.get(mechanismName); LOGGER.debug("Received mechanism name '{}'", mechanismName); if (serverDefinition == null) { throw sendAndThrowMessage(NegotiationStatus.BAD, "Unsupported mechanism type " + mechanismName); } SaslServer saslServer = Sasl.createSaslServer(serverDefinition.mechanism, serverDefinition.protocol, serverDefinition.serverName, serverDefinition.props, serverDefinition.cbh); setSaslServer(saslServer); }
public SaslServer run() throws Exception { return Sasl.createSaslServer( SupportedSaslMechanisms.GSSAPI, SaslConstants.LDAP_PROTOCOL, saslHost, saslProps, callbackHandler ); } } );
public SaslServer getServer() throws SaslException { return Sasl.createSaslServer(mechanism, protocol, serverName, props, cbh); } });