本文整理汇总了Java中javax.security.sasl.Sasl类的典型用法代码示例。如果您正苦于以下问题:Java Sasl类的具体用法?Java Sasl怎么用?Java Sasl使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
Sasl类属于javax.security.sasl包,在下文中一共展示了Sasl类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: getSASLTransportFactory
import javax.security.sasl.Sasl; //导入依赖的package包/类
private TTransportFactory getSASLTransportFactory() {
String[] names;
try {
names = FlumeAuthenticationUtil.splitKerberosName(principal);
} catch (IOException e) {
throw new FlumeException(
"Error while trying to resolve Principal name - " + principal, e);
}
Map<String, String> saslProperties = new HashMap<String, String>();
saslProperties.put(Sasl.QOP, "auth");
TSaslServerTransport.Factory saslTransportFactory =
new TSaslServerTransport.Factory();
saslTransportFactory.addServerDefinition(
"GSSAPI", names[0], names[1], saslProperties,
FlumeAuthenticationUtil.getSaslGssCallbackHandler());
return saslTransportFactory;
}
示例2: createSaslClient
import javax.security.sasl.Sasl; //导入依赖的package包/类
static SaslClient createSaslClient(final String user, final String password) throws SaslException {
return Sasl.createSaslClient(new String[]{"PLAIN"}, user, null, null, null,
new CallbackHandler() {
@Override
public void handle(final Callback[] callbacks)
throws IOException, UnsupportedCallbackException {
for (final Callback callback : callbacks) {
if (callback instanceof PasswordCallback) {
((PasswordCallback) callback).setPassword(password.toCharArray());
} else if (callback instanceof NameCallback) {
((NameCallback) callback).setName(user);
}
}
}
});
}
示例3: SaslOutputStream
import javax.security.sasl.Sasl; //导入依赖的package包/类
SaslOutputStream(SaslClient sc, OutputStream out) throws SaslException {
super(out);
this.sc = sc;
if (debug) {
System.err.println("SaslOutputStream: " + out);
}
String str = (String) sc.getNegotiatedProperty(Sasl.RAW_SEND_SIZE);
if (str != null) {
try {
rawSendSize = Integer.parseInt(str);
} catch (NumberFormatException e) {
throw new SaslException(Sasl.RAW_SEND_SIZE +
" property must be numeric string: " + str);
}
}
}
示例4: SaslInputStream
import javax.security.sasl.Sasl; //导入依赖的package包/类
SaslInputStream(SaslClient sc, InputStream in) throws SaslException {
super();
this.in = in;
this.sc = sc;
String str = (String) sc.getNegotiatedProperty(Sasl.MAX_BUFFER);
if (str != null) {
try {
recvMaxBufSize = Integer.parseInt(str);
} catch (NumberFormatException e) {
throw new SaslException(Sasl.MAX_BUFFER +
" property must be numeric string: " + str);
}
}
saslBuffer = new byte[recvMaxBufSize];
}
示例5: checkSaslComplete
import javax.security.sasl.Sasl; //导入依赖的package包/类
/**
* Checks that SASL negotiation has completed for the given participant, and
* the negotiated quality of protection is included in the given SASL
* properties and therefore acceptable.
*
* @param sasl participant to check
* @param saslProps properties of SASL negotiation
* @throws IOException for any error
*/
public static void checkSaslComplete(SaslParticipant sasl,
Map<String, String> saslProps) throws IOException {
if (!sasl.isComplete()) {
throw new IOException("Failed to complete SASL handshake");
}
Set<String> requestedQop = ImmutableSet.copyOf(Arrays.asList(
saslProps.get(Sasl.QOP).split(",")));
String negotiatedQop = sasl.getNegotiatedQop();
LOG.debug("Verifying QOP, requested QOP = {}, negotiated QOP = {}",
requestedQop, negotiatedQop);
if (!requestedQop.contains(negotiatedQop)) {
throw new IOException(String.format("SASL handshake completed, but " +
"channel does not have acceptable quality of protection, " +
"requested = %s, negotiated = %s", requestedQop, negotiatedQop));
}
}
示例6: runNegotiation
import javax.security.sasl.Sasl; //导入依赖的package包/类
private void runNegotiation(CallbackHandler clientCbh,
CallbackHandler serverCbh)
throws SaslException {
String mechanism = AuthMethod.PLAIN.getMechanismName();
SaslClient saslClient = Sasl.createSaslClient(
new String[]{ mechanism }, null, null, null, null, clientCbh);
assertNotNull(saslClient);
SaslServer saslServer = Sasl.createSaslServer(
mechanism, null, "localhost", null, serverCbh);
assertNotNull("failed to find PLAIN server", saslServer);
byte[] response = saslClient.evaluateChallenge(new byte[0]);
assertNotNull(response);
assertTrue(saslClient.isComplete());
response = saslServer.evaluateResponse(response);
assertNull(response);
assertTrue(saslServer.isComplete());
assertNotNull(saslServer.getAuthorizationID());
}
示例7: createSaslServer
import javax.security.sasl.Sasl; //导入依赖的package包/类
private void createSaslServer(String mechanism) throws IOException {
this.saslMechanism = mechanism;
if (!ScramMechanism.isScram(mechanism))
callbackHandler = new SaslServerCallbackHandler(jaasContext, kerberosNamer);
else
callbackHandler = new ScramServerCallbackHandler(credentialCache.cache(mechanism, ScramCredential.class));
callbackHandler.configure(configs, Mode.SERVER, subject, saslMechanism);
if (mechanism.equals(SaslConfigs.GSSAPI_MECHANISM)) {
saslServer = createSaslKerberosServer(callbackHandler, configs, subject);
} else {
try {
saslServer = Subject.doAs(subject, new PrivilegedExceptionAction<SaslServer>() {
public SaslServer run() throws SaslException {
// 调用createSaslServer
return Sasl.createSaslServer(saslMechanism, "kafka", host, configs, callbackHandler);
}
});
} catch (PrivilegedActionException e) {
throw new SaslException("Kafka Server failed to create a SaslServer to interact with a client during session authentication", e.getCause());
}
}
}
示例8: checkSaslComplete
import javax.security.sasl.Sasl; //导入依赖的package包/类
/**
* Checks that SASL negotiation has completed for the given participant, and
* the negotiated quality of protection is included in the given SASL
* properties and therefore acceptable.
*
* @param sasl participant to check
* @param saslProps properties of SASL negotiation
* @throws IOException for any error
*/
public static void checkSaslComplete(SaslParticipant sasl,
Map<String, String> saslProps) throws IOException {
if (!sasl.isComplete()) {
throw new IOException("Failed to complete SASL handshake");
}
Set<String> requestedQop = ImmutableSet.copyOf(Arrays.asList(
saslProps.get(Sasl.QOP).split(",")));
String negotiatedQop = sasl.getNegotiatedQop();
LOG.debug("Verifying QOP, requested QOP = {}, negotiated QOP = {}",
requestedQop, negotiatedQop);
if (!requestedQop.contains(negotiatedQop)) {
throw new IOException(String.format("SASL handshake completed, but " +
"channel does not have acceptable quality of protection, " +
"requested = %s, negotiated = %s", requestedQop, negotiatedQop));
}
}
示例9: createSaslServer
import javax.security.sasl.Sasl; //导入依赖的package包/类
private void createSaslServer(String mechanism) throws IOException {
this.saslMechanism = mechanism;
callbackHandler = new SaslServerCallbackHandler(Configuration.getConfiguration(), kerberosNamer);
callbackHandler.configure(configs, Mode.SERVER, subject, saslMechanism);
if (mechanism.equals(SaslConfigs.GSSAPI_MECHANISM)) {
if (subject.getPrincipals().isEmpty())
throw new IllegalArgumentException("subject must have at least one principal");
saslServer = createSaslKerberosServer(callbackHandler, configs);
} else {
try {
saslServer = Subject.doAs(subject, new PrivilegedExceptionAction<SaslServer>() {
public SaslServer run() throws SaslException {
return Sasl.createSaslServer(saslMechanism, "kafka", host, configs, callbackHandler);
}
});
} catch (PrivilegedActionException e) {
throw new SaslException("Kafka Server failed to create a SaslServer to interact with a client during session authentication", e.getCause());
}
}
}
示例10: refresh
import javax.security.sasl.Sasl; //导入依赖的package包/类
private void refresh() {
final Enumeration<SaslServerFactory> factories = Sasl.getSaslServerFactories();
final Map<String, List<SaslServerFactory>> map = Maps.newHashMap();
while (factories.hasMoreElements()) {
final SaslServerFactory factory = factories.nextElement();
// Passing null so factory is populated with all possibilities. Properties passed when
// instantiating a server are what really matter. See createSaslServer.
for (final String mechanismName : factory.getMechanismNames(null)) {
if (!map.containsKey(mechanismName)) {
map.put(mechanismName, new ArrayList<SaslServerFactory>());
}
map.get(mechanismName).add(factory);
}
}
serverFactories = ImmutableMap.copyOf(map);
if (logger.isDebugEnabled()) {
logger.debug("Registered sasl server factories: {}", serverFactories.keySet());
}
}
示例11: refresh
import javax.security.sasl.Sasl; //导入依赖的package包/类
private void refresh() {
final Enumeration<SaslClientFactory> factories = Sasl.getSaslClientFactories();
final Map<String, List<SaslClientFactory>> map = Maps.newHashMap();
while (factories.hasMoreElements()) {
final SaslClientFactory factory = factories.nextElement();
// Passing null so factory is populated with all possibilities. Properties passed when
// instantiating a client are what really matter. See createSaslClient.
for (final String mechanismName : factory.getMechanismNames(null)) {
if (!map.containsKey(mechanismName)) {
map.put(mechanismName, new ArrayList<SaslClientFactory>());
}
map.get(mechanismName).add(factory);
}
}
clientFactories = ImmutableMap.copyOf(map);
if (logger.isDebugEnabled()) {
logger.debug("Registered sasl client factories: {}", clientFactories.keySet());
}
}
示例12: init
import javax.security.sasl.Sasl; //导入依赖的package包/类
public static void init(Configuration conf) {
QualityOfProtection saslQOP = QualityOfProtection.AUTHENTICATION;
String rpcProtection = conf.get("hadoop.rpc.protection",
QualityOfProtection.AUTHENTICATION.name().toLowerCase());
if (QualityOfProtection.INTEGRITY.name().toLowerCase()
.equals(rpcProtection)) {
saslQOP = QualityOfProtection.INTEGRITY;
} else if (QualityOfProtection.PRIVACY.name().toLowerCase().equals(
rpcProtection)) {
saslQOP = QualityOfProtection.PRIVACY;
}
SASL_PROPS.put(Sasl.QOP, saslQOP.getSaslQop());
SASL_PROPS.put(Sasl.SERVER_AUTH, "true");
Security.addProvider(new SaslPlainServer.SecurityProvider());
}
示例13: testSaslQOPNotEmpty
import javax.security.sasl.Sasl; //导入依赖的package包/类
@Test
public void testSaslQOPNotEmpty() throws Exception {
Token<? extends TokenIdentifier> token = createTokenMockWithCredentials(DEFAULT_USER_NAME,
DEFAULT_USER_PASSWORD);
// default QOP is authentication
new HBaseSaslRpcClient(AuthMethod.DIGEST, token, "principal/[email protected]", false);
assertTrue(SaslUtil.SASL_PROPS.get(Sasl.QOP).equals(SaslUtil.QualityOfProtection.
AUTHENTICATION.getSaslQop()));
// check with specific QOPs
new HBaseSaslRpcClient(AuthMethod.DIGEST, token, "principal/[email protected]", false,
"authentication");
assertTrue(SaslUtil.SASL_PROPS.get(Sasl.QOP).equals(SaslUtil.QualityOfProtection.
AUTHENTICATION.getSaslQop()));
new HBaseSaslRpcClient(AuthMethod.DIGEST, token, "principal/[email protected]", false,
"privacy");
assertTrue(SaslUtil.SASL_PROPS.get(Sasl.QOP).equals(SaslUtil.QualityOfProtection.
PRIVACY.getSaslQop()));
new HBaseSaslRpcClient(AuthMethod.DIGEST, token, "principal/[email protected]", false,
"integrity");
assertTrue(SaslUtil.SASL_PROPS.get(Sasl.QOP).equals(SaslUtil.QualityOfProtection.
INTEGRITY.getSaslQop()));
}
示例14: handleSaslStartMessage
import javax.security.sasl.Sasl; //导入依赖的package包/类
/**
* Performs the server side of the initial portion of the Thrift SASL protocol.
* Receives the initial response from the client, creates a SASL server using
* the mechanism requested by the client (if this server supports it), and
* sends the first challenge back to the client.
*/
@Override
protected void handleSaslStartMessage() throws TTransportException, SaslException {
SaslResponse message = receiveSaslMessage();
LOGGER.debug("Received start message with status {}", message.status);
if (message.status != NegotiationStatus.START) {
throw sendAndThrowMessage(NegotiationStatus.ERROR, "Expecting START status, received " + message.status);
}
// Get the mechanism name.
String mechanismName = new String(message.payload);
TSaslServerDefinition serverDefinition = serverDefinitionMap.get(mechanismName);
LOGGER.debug("Received mechanism name '{}'", mechanismName);
if (serverDefinition == null) {
throw sendAndThrowMessage(NegotiationStatus.BAD, "Unsupported mechanism type " + mechanismName);
}
SaslServer saslServer = Sasl.createSaslServer(serverDefinition.mechanism,
serverDefinition.protocol, serverDefinition.serverName, serverDefinition.props,
serverDefinition.cbh);
setSaslServer(saslServer);
}
示例15: Krb5SaslAuthenticator
import javax.security.sasl.Sasl; //导入依赖的package包/类
Krb5SaslAuthenticator() {
try {
// For sasl properties regarding GSSAPI, see:
// https://docs.oracle.com/javase/8/docs/technotes/guides/security/sasl/sasl-refguide.html#SERVER
// Rely on GSSAPI defaults for Sasl.MAX_BUFFER and Sasl.QOP. Note, however, that gremlin-driver has
// Sasl.SERVER_AUTH fixed to true (mutual authentication) and one can configure SSL for enhanced confidentiality,
// Sasl policy properties for negotiating the authenticatin mechanism are not relevant here, because
// GSSAPI is the only available mechanism for this authenticator
final Map props = new HashMap<String, Object>();
final String[] principalParts = principalName.split("/|@");
if (principalParts.length < 3) throw new IllegalArgumentException("Use principal name of format 'service/[email protected]'");
saslServer = Sasl.createSaslServer(mechanism, principalParts[0], principalParts[1], props, Krb5SaslAuthenticator.this);
} catch(Exception e) {
logger.error("Creating sasl server failed: ", e);
}
logger.debug("SaslServer created with: " + saslServer.getMechanismName());
}