Java 类org.apache.zookeeper.Login 实例源码

public SaslQuorumAuthLearner(boolean quorumRequireSasl,
        String quorumServicePrincipal, String loginContext)
                throws SaslException {
    this.quorumRequireSasl = quorumRequireSasl;
    this.quorumServicePrincipal = quorumServicePrincipal;
    try {
        AppConfigurationEntry entries[] = Configuration
            .getConfiguration()
            .getAppConfigurationEntry(loginContext);
        if (entries == null || entries.length == 0) {
            throw new LoginException("SASL-authentication failed because"
                                     + " the specified JAAS configuration "
                                     + "section '" + loginContext
                                     + "' could not be found.");
        }
        this.learnerLogin = new Login(loginContext,
                                new SaslClientCallbackHandler(null, "QuorumLearner"));
        this.learnerLogin.startThreadIfNeeded();
    } catch (LoginException e) {
        throw new SaslException("Failed to initialize authentication mechanism using SASL", e);
    }
}

public SaslQuorumAuthServer(boolean quorumRequireSasl, String loginContext, Set<String> authzHosts)
        throws SaslException {
    this.quorumRequireSasl = quorumRequireSasl;
    try {
        AppConfigurationEntry entries[] = Configuration.getConfiguration()
                .getAppConfigurationEntry(loginContext);
        if (entries == null || entries.length == 0) {
            throw new LoginException("SASL-authentication failed"
                    + " because the specified JAAS configuration "
                    + "section '" + loginContext + "' could not be found.");
        }
        SaslQuorumServerCallbackHandler saslServerCallbackHandler = new SaslQuorumServerCallbackHandler(
                Configuration.getConfiguration(), loginContext, authzHosts);
        serverLogin = new Login(loginContext, saslServerCallbackHandler);
        serverLogin.startThreadIfNeeded();
    } catch (Throwable e) {
        throw new SaslException(
                "Failed to initialize authentication mechanism using SASL",
                e);
    }
}

private SaslServer createSaslServer(final Login login) {
    synchronized (login) {
        Subject subject = login.getSubject();
        return SecurityUtils.createSaslServer(subject, "zookeeper",
                "zk-sasl-md5", login.callbackHandler, LOG);
    }
}

ZooKeeperSaslServer(final Login login) {
    saslServer = createSaslServer(login);
}

ZooKeeperSaslServer(final Login login) {
    saslServer = createSaslServer(login);
}

ZooKeeperSaslServer(final Login login) {
    saslServer = createSaslServer(login);
}

ZooKeeperSaslServer(final Login login) {
    saslServer = createSaslServer(login);
}

ZooKeeperSaslServer(final Login login) {
    saslServer = createSaslServer(login);
}

ZooKeeperSaslServer(final Login login) {
    saslServer = createSaslServer(login);
}

ZooKeeperSaslServer(final Login login) {
    saslServer = createSaslServer(login);
}

ZooKeeperSaslServer(final Login login) {
    saslServer = createSaslServer(login);
}

ZooKeeperSaslServer(final Login login) {
    saslServer = createSaslServer(login);
}

ZooKeeperSaslServer(final Login login) {
    saslServer = createSaslServer(login);
}

ZooKeeperSaslServer(final Login login) {
    saslServer = createSaslServer(login);
}

public TTransportFactory getServerTransportFactory() throws IOException {
    // create an authentication callback handler
    CallbackHandler server_callback_handler = new ServerCallbackHandler(login_conf, storm_conf);

    // login our principal
    Subject subject = null;
    try {
        // specify a configuration object to be used
        Configuration.setConfiguration(login_conf);
        // now login
        Login login = new Login(AuthUtils.LOGIN_CONTEXT_SERVER, server_callback_handler);
        subject = login.getSubject();
    } catch (LoginException ex) {
        LOG.error("Server failed to login in principal:" + ex, ex);
        throw new RuntimeException(ex);
    }

    // check the credential of our principal
    if (subject.getPrivateCredentials(KerberosTicket.class).isEmpty()) {
        throw new RuntimeException("Fail to verify user principal with section \"" + AuthUtils.LOGIN_CONTEXT_SERVER + "\" in login configuration file "
                + login_conf);
    }

    String principal = AuthUtils.get(login_conf, AuthUtils.LOGIN_CONTEXT_SERVER, "principal");
    LOG.debug("principal:" + principal);
    KerberosName serviceKerberosName = new KerberosName(principal);
    String serviceName = serviceKerberosName.getServiceName();
    String hostName = serviceKerberosName.getHostName();
    Map<String, String> props = new TreeMap<String, String>();
    props.put(Sasl.QOP, "auth");
    props.put(Sasl.SERVER_AUTH, "false");

    // create a transport factory that will invoke our auth callback for digest
    TSaslServerTransport.Factory factory = new TSaslServerTransport.Factory();
    factory.addServerDefinition(KERBEROS, serviceName, hostName, props, server_callback_handler);

    // create a wrap transport factory so that we could apply user credential during connections
    TUGIAssumingTransportFactory wrapFactory = new TUGIAssumingTransportFactory(factory, subject);

    LOG.info("SASL GSSAPI transport factory will be used");
    return wrapFactory;
}

ZooKeeperSaslServer(final Login login) {
    saslServer = createSaslServer(login);
}

ZooKeeperSaslServer(final Login login) {
    saslServer = createSaslServer(login);
}

ZooKeeperSaslServer(final Login login) {
    saslServer = createSaslServer(login);
}

public TTransportFactory getServerTransportFactory() throws IOException {
    // create an authentication callback handler
    CallbackHandler server_callback_handler = new ServerCallbackHandler(login_conf, storm_conf);

    // login our principal
    Subject subject = null;
    try {
        // specify a configuration object to be used
        Configuration.setConfiguration(login_conf);
        // now login
        Login login = new Login(AuthUtils.LOGIN_CONTEXT_SERVER, server_callback_handler);
        subject = login.getSubject();
    } catch (LoginException ex) {
        LOG.error("Server failed to login in principal:" + ex, ex);
        throw new RuntimeException(ex);
    }

    // check the credential of our principal
    if (subject.getPrivateCredentials(KerberosTicket.class).isEmpty()) {
        throw new RuntimeException("Fail to verify user principal with section \"" + AuthUtils.LOGIN_CONTEXT_SERVER + "\" in login configuration file "
                + login_conf);
    }

    String principal = AuthUtils.get(login_conf, AuthUtils.LOGIN_CONTEXT_SERVER, "principal");
    LOG.debug("principal:" + principal);
    KerberosName serviceKerberosName = new KerberosName(principal);
    String serviceName = serviceKerberosName.getServiceName();
    String hostName = serviceKerberosName.getHostName();
    Map<String, String> props = new TreeMap<String, String>();
    props.put(Sasl.QOP, "auth");
    props.put(Sasl.SERVER_AUTH, "false");

    // create a transport factory that will invoke our auth callback for digest
    TSaslServerTransport.Factory factory = new TSaslServerTransport.Factory();
    factory.addServerDefinition(KERBEROS, serviceName, hostName, props, server_callback_handler);

    // create a wrap transport factory so that we could apply user credential during connections
    TUGIAssumingTransportFactory wrapFactory = new TUGIAssumingTransportFactory(factory, subject);

    LOG.info("SASL GSSAPI transport factory will be used");
    return wrapFactory;
}

private byte[] createSaslToken(final byte[] saslToken,
        final SaslClient saslClient, final Login login)
                throws SaslException {
    if (saslToken == null) {
        throw new SaslException(
                "Error in authenticating with a Zookeeper Quorum member: the quorum member's saslToken is null.");
    }
    if (login.getSubject() != null) {
        synchronized (login) {
            try {
                final byte[] retval = Subject.doAs(login.getSubject(),
                        new PrivilegedExceptionAction<byte[]>() {
                            public byte[] run() throws SaslException {
                                LOG.debug("saslClient.evaluateChallenge(len="
                                                + saslToken.length + ")");
                                return saslClient.evaluateChallenge(saslToken);
                            }
                        });
                return retval;
            } catch (PrivilegedActionException e) {
                String error = "An error: (" + e
                        + ") occurred when evaluating Zookeeper Quorum Member's "
                        + " received SASL token.";
                // Try to provide hints to use about what went wrong so they
                // can fix their configuration.
                // TODO: introspect about e: look for GSS information.
                final String UNKNOWN_SERVER_ERROR_TEXT = "(Mechanism level: Server not found in Kerberos database (7) - UNKNOWN_SERVER)";
                if (e.toString().indexOf(UNKNOWN_SERVER_ERROR_TEXT) > -1) {
                    error += " This may be caused by Java's being unable to resolve the Zookeeper Quorum Member's"
                            + " hostname correctly. You may want to try to adding"
                            + " '-Dsun.net.spi.nameservice.provider.1=dns,sun' to your server's JVMFLAGS environment.";
                }
                LOG.error(error);
                throw new SaslException(error);
            }
        }
    } else {
        throw new SaslException(
                "Cannot make SASL token without subject defined. "
                        + "For diagnosis, please look for WARNs and ERRORs in your log related to the Login class.");
    }
}