public static void main(String[] args) throws Exception { for(String arg: args) { KerberosName name = new KerberosName(arg); System.out.println("Name: " + name + " to " + name.getShortName()); } } }
public static void main(String[] args) throws Exception { for(String arg: args) { KerberosName name = new KerberosName(arg); System.out.println("Name: " + name + " to " + name.getShortName()); } } }
private void handleAuthorizeCallback(AuthorizeCallback ac) { String authenticationID = ac.getAuthenticationID(); String authorizationID = ac.getAuthorizationID(); LOG.info("Successfully authenticated client: authenticationID=" + authenticationID + "; authorizationID=" + authorizationID + "."); ac.setAuthorized(true); // canonicalize authorization id according to system properties: // zookeeper.kerberos.removeRealmFromPrincipal(={true,false}) // zookeeper.kerberos.removeHostFromPrincipal(={true,false}) KerberosName kerberosName = new KerberosName(authenticationID); try { StringBuilder userNameBuilder = new StringBuilder(kerberosName.getShortName()); if (shouldAppendHost(kerberosName)) { userNameBuilder.append("/").append(kerberosName.getHostName()); } if (shouldAppendRealm(kerberosName)) { userNameBuilder.append("@").append(kerberosName.getRealm()); } LOG.info("Setting authorizedID: " + userNameBuilder); ac.setAuthorizedID(userNameBuilder.toString()); } catch (IOException e) { LOG.error("Failed to set name based on Kerberos authentication rules.", e); } }
private void handleAuthorizeCallback(AuthorizeCallback ac) { String authenticationID = ac.getAuthenticationID(); String authorizationID = ac.getAuthorizationID(); LOG.info("Successfully authenticated client: authenticationID=" + authenticationID + "; authorizationID=" + authorizationID + "."); ac.setAuthorized(true); // canonicalize authorization id according to system properties: // zookeeper.kerberos.removeRealmFromPrincipal(={true,false}) // zookeeper.kerberos.removeHostFromPrincipal(={true,false}) KerberosName kerberosName = new KerberosName(authenticationID); try { StringBuilder userNameBuilder = new StringBuilder(kerberosName.getShortName()); if (shouldAppendHost(kerberosName)) { userNameBuilder.append("/").append(kerberosName.getHostName()); } if (shouldAppendRealm(kerberosName)) { userNameBuilder.append("@").append(kerberosName.getRealm()); } LOG.info("Setting authorizedID: " + userNameBuilder); ac.setAuthorizedID(userNameBuilder.toString()); } catch (IOException e) { LOG.error("Failed to set name based on Kerberos authentication rules.", e); } }
private String getPrincipalName(Configuration conf, String hostname) throws Exception { // essentially running as an HBase RegionServer String principalProp = conf.get("hbase.regionserver.kerberos.principal"); if (principalProp != null) { String princ = SecurityUtil.getServerPrincipal(principalProp, hostname); KerberosName kerbName = new KerberosName(princ); return kerbName.getShortName(); } return "hbase"; }
private void handleAuthorizeCallback(AuthorizeCallback ac) { String authenticationID = ac.getAuthenticationID(); String authorizationID = ac.getAuthorizationID(); LOG.info("Successfully authenticated client: authenticationID=" + authenticationID + "; authorizationID=" + authorizationID + "."); ac.setAuthorized(true); KerberosName kerberosName = new KerberosName(authenticationID); try { StringBuilder userNameBuilder = new StringBuilder(kerberosName.getShortName()); userNameBuilder.append("/").append(kerberosName.getHostName()); userNameBuilder.append("@").append(kerberosName.getRealm()); LOG.info("Setting authorizedID: " + userNameBuilder); ac.setAuthorizedID(userNameBuilder.toString()); } catch (IOException e) { LOG.severe("Failed to set name based on Kerberos authentication rules."); } }
private Subject getSubject(SecurityContext securityContext) throws SentryUserException { String princ = securityContext.getUserPrincipal() != null ? securityContext.getUserPrincipal().getName() : null; KerberosName kerbName = new KerberosName(princ); try { return new Subject(kerbName.getShortName()); } catch (IOException e) { throw new SentryUserException("Unable to get subject", e); } }
StringBuilder userNameBuilder = new StringBuilder(kerberosName.getShortName()); userNameBuilder.append("/").append(kerberosName.getHostName()); userNameBuilder.append("@").append(kerberosName.getRealm());