org.apache.zookeeper.server.auth.KerberosName类的使用及代码示例
本文整理了Java中org.apache.zookeeper.server.auth.KerberosName类的一些代码示例,展示了KerberosName类的具体用法。这些代码示例主要来源于Github/Stackoverflow/Maven等平台,是从一些精选项目中提取出来的代码,具有较强的参考意义,能在一定程度帮忙到你。KerberosName类的具体详情如下:
包路径:org.apache.zookeeper.server.auth.KerberosName
类名称:KerberosName
KerberosName介绍
[英]This class implements parsing and handling of Kerberos principal names. In particular, it splits them apart and translates them down into local operating system names.
[中]此类实现Kerberos主体名称的解析和处理。特别是,它将它们分开,并将它们转换为本地操作系统名称。
代码示例
代码示例来源:origin: apache/zookeeper
private void handleAuthorizeCallback(AuthorizeCallback ac) {
String authenticationID = ac.getAuthenticationID();
String authorizationID = ac.getAuthorizationID();
LOG.info("Successfully authenticated client: authenticationID=" + authenticationID
+ "; authorizationID=" + authorizationID + ".");
ac.setAuthorized(true);
// canonicalize authorization id according to system properties:
// zookeeper.kerberos.removeRealmFromPrincipal(={true,false})
// zookeeper.kerberos.removeHostFromPrincipal(={true,false})
KerberosName kerberosName = new KerberosName(authenticationID);
try {
StringBuilder userNameBuilder = new StringBuilder(kerberosName.getShortName());
if (shouldAppendHost(kerberosName)) {
userNameBuilder.append("/").append(kerberosName.getHostName());
}
if (shouldAppendRealm(kerberosName)) {
userNameBuilder.append("@").append(kerberosName.getRealm());
}
LOG.info("Setting authorizedID: " + userNameBuilder);
ac.setAuthorizedID(userNameBuilder.toString());
} catch (IOException e) {
LOG.error("Failed to set name based on Kerberos authentication rules.", e);
}
}代码示例来源:origin: apache/zookeeper
/**
* Set the static configuration to get the rules.
* @param conf the new configuration
* @throws IOException
*/
public static void setConfiguration() throws IOException {
String ruleString = System.getProperty("zookeeper.security.auth_to_local", "DEFAULT");
rules = parseRules(ruleString);
}代码示例来源:origin: apache/zookeeper
public static void main(String[] args) throws Exception {
for(String arg: args) {
KerberosName name = new KerberosName(arg);
System.out.println("Name: " + name + " to " + name.getShortName());
}
}
}代码示例来源:origin: apache/zookeeper
final KerberosName clientKerberosName = new KerberosName(
clientPrincipal.getName());
clientKerberosName.getRealm());
KerberosName serviceKerberosName = new KerberosName(
servicePrincipal + "@" + serverRealm);
final String serviceName = serviceKerberosName.getServiceName();
final String serviceHostname = serviceKerberosName.getHostName();
final String clientPrincipalName = clientKerberosName.toString();
try {
saslClient = Subject.doAs(subject,代码示例来源:origin: alibaba/jstorm
KerberosName serviceKerberosName = new KerberosName(principal);
String serviceName = serviceKerberosName.getServiceName();
String hostName = serviceKerberosName.getHostName();
Map<String, String> props = new TreeMap<String, String>();
props.put(Sasl.QOP, "auth");代码示例来源:origin: org.hbase/asynchbase
/**
* Return the principal name if set
* @param login The login object to pull the name from
* @return The name if found, null if not
*/
private String getClientPrincipalName(final Login login) {
if (login.getSubject() == null) {
return null;
}
final Set<Principal> principals = login.getSubject().getPrincipals();
if (principals == null || principals.isEmpty()) {
return null;
}
final Principal principal = principals.iterator().next();
final KerberosName name = new KerberosName(principal.getName());
return name.toString();
}代码示例来源:origin: apache/zookeeper
public boolean isValid(String id) {
// Since the SASL authenticator will usually be used with Kerberos authentication,
// it should enforce that these names are valid according to Kerberos's
// syntax for principals.
//
// Use the KerberosName(id) constructor to define validity:
// if KerberosName(id) throws IllegalArgumentException, then id is invalid.
// otherwise, it is valid.
//
try {
new KerberosName(id);
return true;
}
catch (IllegalArgumentException e) {
return false;
}
}代码示例来源:origin: apache/zookeeper
private boolean shouldAppendHost(KerberosName kerberosName) {
return !isSystemPropertyTrue(SYSPROP_REMOVE_HOST) && kerberosName.getHostName() != null;
}代码示例来源:origin: apache/zookeeper
/**
* Get the translation of the principal name into an operating system
* user name.
* @return the short name
* @throws IOException
*/
public String getShortName() throws IOException {
String[] params;
if (hostName == null) {
// if it is already simple, just return it
if (realm == null) {
return serviceName;
}
params = new String[]{realm, serviceName};
} else {
params = new String[]{realm, serviceName, hostName};
}
for(Rule r: rules) {
String result = r.apply(params);
if (result != null) {
return result;
}
}
throw new NoMatchingRule("No rules applied to " + toString());
}代码示例来源:origin: apache/zookeeper
private boolean shouldAppendRealm(KerberosName kerberosName) {
return !isSystemPropertyTrue(SYSPROP_REMOVE_REALM) && kerberosName.getRealm() != null;
}代码示例来源:origin: org.apache.zookeeper/zookeeper
final KerberosName clientKerberosName = new KerberosName(
clientPrincipal.getName());
clientKerberosName.getRealm());
KerberosName serviceKerberosName = new KerberosName(
servicePrincipal + "@" + serverRealm);
final String serviceName = serviceKerberosName.getServiceName();
final String serviceHostname = serviceKerberosName.getHostName();
final String clientPrincipalName = clientKerberosName.toString();
try {
saslClient = Subject.doAs(subject,代码示例来源:origin: org.hbase/asynchbase
final KerberosName service_kerberos_name = new KerberosName(server_principal);
final String service_name = service_kerberos_name.getServiceName();
final String service_hostname = service_kerberos_name.getHostName();代码示例来源:origin: org.apache.zookeeper/zookeeper
public static void main(String[] args) throws Exception {
for(String arg: args) {
KerberosName name = new KerberosName(arg);
System.out.println("Name: " + name + " to " + name.getShortName());
}
}
}代码示例来源:origin: org.apache.zookeeper/zookeeper
public boolean isValid(String id) {
// Since the SASL authenticator will usually be used with Kerberos authentication,
// it should enforce that these names are valid according to Kerberos's
// syntax for principals.
//
// Use the KerberosName(id) constructor to define validity:
// if KerberosName(id) throws IllegalArgumentException, then id is invalid.
// otherwise, it is valid.
//
try {
new KerberosName(id);
return true;
}
catch (IllegalArgumentException e) {
return false;
}
}代码示例来源:origin: org.apache.zookeeper/zookeeper
private boolean shouldAppendHost(KerberosName kerberosName) {
return !isSystemPropertyTrue(SYSPROP_REMOVE_HOST) && kerberosName.getHostName() != null;
}代码示例来源:origin: org.apache.zookeeper/zookeeper
/**
* Get the translation of the principal name into an operating system
* user name.
* @return the short name
* @throws IOException
*/
public String getShortName() throws IOException {
String[] params;
if (hostName == null) {
// if it is already simple, just return it
if (realm == null) {
return serviceName;
}
params = new String[]{realm, serviceName};
} else {
params = new String[]{realm, serviceName, hostName};
}
for(Rule r: rules) {
String result = r.apply(params);
if (result != null) {
return result;
}
}
throw new NoMatchingRule("No rules applied to " + toString());
}代码示例来源:origin: org.apache.zookeeper/zookeeper
private boolean shouldAppendRealm(KerberosName kerberosName) {
return !isSystemPropertyTrue(SYSPROP_REMOVE_REALM) && kerberosName.getRealm() != null;
}代码示例来源:origin: diennea/herddb
final KerberosName clientKerberosName = new KerberosName(clientPrincipal.getName());
KerberosName serviceKerberosName = new KerberosName(serverPrincipal + "@" + clientKerberosName.getRealm());
final String serviceName = serviceKerberosName.getServiceName();
final String serviceHostname = serviceKerberosName.getHostName();
final String clientPrincipalName = clientKerberosName.toString();
LOG.log(Level.FINEST, "Using JAAS/SASL/GSSAPI auth to connect to server Principal " + serverPrincipal);
saslClient = Subject.doAs(clientSubject, new PrivilegedExceptionAction<SaslClient>() {代码示例来源:origin: org.apache.zookeeper/zookeeper
private void handleAuthorizeCallback(AuthorizeCallback ac) {
String authenticationID = ac.getAuthenticationID();
String authorizationID = ac.getAuthorizationID();
LOG.info("Successfully authenticated client: authenticationID=" + authenticationID
+ "; authorizationID=" + authorizationID + ".");
ac.setAuthorized(true);
// canonicalize authorization id according to system properties:
// zookeeper.kerberos.removeRealmFromPrincipal(={true,false})
// zookeeper.kerberos.removeHostFromPrincipal(={true,false})
KerberosName kerberosName = new KerberosName(authenticationID);
try {
StringBuilder userNameBuilder = new StringBuilder(kerberosName.getShortName());
if (shouldAppendHost(kerberosName)) {
userNameBuilder.append("/").append(kerberosName.getHostName());
}
if (shouldAppendRealm(kerberosName)) {
userNameBuilder.append("@").append(kerberosName.getRealm());
}
LOG.info("Setting authorizedID: " + userNameBuilder);
ac.setAuthorizedID(userNameBuilder.toString());
} catch (IOException e) {
LOG.error("Failed to set name based on Kerberos authentication rules.", e);
}
}代码示例来源:origin: com.ngdata/hbase-indexer-common
private String getPrincipalName(Configuration conf, String hostname) throws Exception {
// essentially running as an HBase RegionServer
String principalProp = conf.get("hbase.regionserver.kerberos.principal");
if (principalProp != null) {
String princ = SecurityUtil.getServerPrincipal(principalProp, hostname);
KerberosName kerbName = new KerberosName(princ);
return kerbName.getShortName();
}
return "hbase";
}内容来源于网络,如有侵权,请联系作者删除!
