public boolean isValid(String id) { // Since the SASL authenticator will usually be used with Kerberos authentication, // it should enforce that these names are valid according to Kerberos's // syntax for principals. // // Use the KerberosName(id) constructor to define validity: // if KerberosName(id) throws IllegalArgumentException, then id is invalid. // otherwise, it is valid. // try { new KerberosName(id); return true; } catch (IllegalArgumentException e) { return false; } }
public boolean isValid(String id) { // Since the SASL authenticator will usually be used with Kerberos authentication, // it should enforce that these names are valid according to Kerberos's // syntax for principals. // // Use the KerberosName(id) constructor to define validity: // if KerberosName(id) throws IllegalArgumentException, then id is invalid. // otherwise, it is valid. // try { new KerberosName(id); return true; } catch (IllegalArgumentException e) { return false; } }
public static void main(String[] args) throws Exception { for(String arg: args) { KerberosName name = new KerberosName(arg); System.out.println("Name: " + name + " to " + name.getShortName()); } } }
public static void main(String[] args) throws Exception { for(String arg: args) { KerberosName name = new KerberosName(arg); System.out.println("Name: " + name + " to " + name.getShortName()); } } }
private void handleAuthorizeCallback(AuthorizeCallback ac) { String authenticationID = ac.getAuthenticationID(); String authorizationID = ac.getAuthorizationID(); LOG.info("Successfully authenticated client: authenticationID=" + authenticationID + "; authorizationID=" + authorizationID + "."); ac.setAuthorized(true); // canonicalize authorization id according to system properties: // zookeeper.kerberos.removeRealmFromPrincipal(={true,false}) // zookeeper.kerberos.removeHostFromPrincipal(={true,false}) KerberosName kerberosName = new KerberosName(authenticationID); try { StringBuilder userNameBuilder = new StringBuilder(kerberosName.getShortName()); if (shouldAppendHost(kerberosName)) { userNameBuilder.append("/").append(kerberosName.getHostName()); } if (shouldAppendRealm(kerberosName)) { userNameBuilder.append("@").append(kerberosName.getRealm()); } LOG.info("Setting authorizedID: " + userNameBuilder); ac.setAuthorizedID(userNameBuilder.toString()); } catch (IOException e) { LOG.error("Failed to set name based on Kerberos authentication rules.", e); } }
final KerberosName clientKerberosName = new KerberosName( clientPrincipal.getName()); KerberosName serviceKerberosName = new KerberosName( servicePrincipal + "@" + serverRealm); final String serviceName = serviceKerberosName.getServiceName();
KerberosName serviceKerberosName = new KerberosName(principal); String serviceName = serviceKerberosName.getServiceName(); String hostName = serviceKerberosName.getHostName();
private void handleAuthorizeCallback(AuthorizeCallback ac) { String authenticationID = ac.getAuthenticationID(); String authorizationID = ac.getAuthorizationID(); LOG.info("Successfully authenticated client: authenticationID=" + authenticationID + "; authorizationID=" + authorizationID + "."); ac.setAuthorized(true); // canonicalize authorization id according to system properties: // zookeeper.kerberos.removeRealmFromPrincipal(={true,false}) // zookeeper.kerberos.removeHostFromPrincipal(={true,false}) KerberosName kerberosName = new KerberosName(authenticationID); try { StringBuilder userNameBuilder = new StringBuilder(kerberosName.getShortName()); if (shouldAppendHost(kerberosName)) { userNameBuilder.append("/").append(kerberosName.getHostName()); } if (shouldAppendRealm(kerberosName)) { userNameBuilder.append("@").append(kerberosName.getRealm()); } LOG.info("Setting authorizedID: " + userNameBuilder); ac.setAuthorizedID(userNameBuilder.toString()); } catch (IOException e) { LOG.error("Failed to set name based on Kerberos authentication rules.", e); } }
final KerberosName clientKerberosName = new KerberosName( clientPrincipal.getName()); KerberosName serviceKerberosName = new KerberosName( servicePrincipal + "@" + serverRealm); final String serviceName = serviceKerberosName.getServiceName();
private String getPrincipalName(Configuration conf, String hostname) throws Exception { // essentially running as an HBase RegionServer String principalProp = conf.get("hbase.regionserver.kerberos.principal"); if (principalProp != null) { String princ = SecurityUtil.getServerPrincipal(principalProp, hostname); KerberosName kerbName = new KerberosName(princ); return kerbName.getShortName(); } return "hbase"; }
/** * Return the principal name if set * @param login The login object to pull the name from * @return The name if found, null if not */ private String getClientPrincipalName(final Login login) { if (login.getSubject() == null) { return null; } final Set<Principal> principals = login.getSubject().getPrincipals(); if (principals == null || principals.isEmpty()) { return null; } final Principal principal = principals.iterator().next(); final KerberosName name = new KerberosName(principal.getName()); return name.toString(); }
private void handleAuthorizeCallback(AuthorizeCallback ac) { String authenticationID = ac.getAuthenticationID(); String authorizationID = ac.getAuthorizationID(); LOG.info("Successfully authenticated client: authenticationID=" + authenticationID + "; authorizationID=" + authorizationID + "."); ac.setAuthorized(true); KerberosName kerberosName = new KerberosName(authenticationID); try { StringBuilder userNameBuilder = new StringBuilder(kerberosName.getShortName()); userNameBuilder.append("/").append(kerberosName.getHostName()); userNameBuilder.append("@").append(kerberosName.getRealm()); LOG.info("Setting authorizedID: " + userNameBuilder); ac.setAuthorizedID(userNameBuilder.toString()); } catch (IOException e) { LOG.severe("Failed to set name based on Kerberos authentication rules."); } }
KerberosName kerberosName = new KerberosName(authenticationID); try { StringBuilder userNameBuilder = new StringBuilder(kerberosName.getShortName());
private Subject getSubject(SecurityContext securityContext) throws SentryUserException { String princ = securityContext.getUserPrincipal() != null ? securityContext.getUserPrincipal().getName() : null; KerberosName kerbName = new KerberosName(princ); try { return new Subject(kerbName.getShortName()); } catch (IOException e) { throw new SentryUserException("Unable to get subject", e); } }
final KerberosName clientKerberosName = new KerberosName(clientPrincipal.getName()); KerberosName serviceKerberosName = new KerberosName(serverPrincipal + "@" + clientKerberosName.getRealm()); final String serviceName = serviceKerberosName.getServiceName(); final String serviceHostname = serviceKerberosName.getHostName();
final Object[] principals = clientSubject.getPrincipals().toArray(); final Principal clientPrincipal = (Principal) principals[0]; final KerberosName clientKerberosName = new KerberosName(clientPrincipal.getName()); KerberosName serviceKerberosName = new KerberosName(serverPrincipal + "@" + clientKerberosName.getRealm()); final String serviceName = serviceKerberosName.getServiceName(); final String serviceHostname = serviceKerberosName.getHostName();
final KerberosName service_kerberos_name = new KerberosName(server_principal); final String service_name = service_kerberos_name.getServiceName(); final String service_hostname = service_kerberos_name.getHostName();
final KerberosName clientKerberosName = new KerberosName(clientPrincipal.getName()); KerberosName serviceKerberosName = new KerberosName(servicePrincipal+"@"+serverRealm); final String serviceName = serviceKerberosName.getServiceName(); final String serviceHostname = serviceKerberosName.getHostName();