com.teradata.tempto.kerberos.KerberosAuthentication.java Source code

Java tutorial

  1. HOME
  2. Java
  3. com.teradata.tempto.kerberos.KerberosAuthentication.java

Introduction

Here is the source code for com.teradata.tempto.kerberos.KerberosAuthentication.java

Source

/*
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package com.teradata.tempto.kerberos;

import com.google.common.base.Throwables;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;

import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;

import java.security.Principal;
import java.util.Map;
import java.util.Set;

import static java.util.Collections.emptySet;
import static java.util.Objects.requireNonNull;

public class KerberosAuthentication {
    private final Set<Principal> principalsSet;
    private final Configuration kerberosConfiguration;

    public KerberosAuthentication(String principal, String keytab) {
        requireNonNull(principal, "principal is null");
        requireNonNull(keytab, "keytab is null");
        this.principalsSet = ImmutableSet.of(new KerberosPrincipal(principal));
        this.kerberosConfiguration = createKerberosConfiguration(principal, keytab);
    }

    private static Configuration createKerberosConfiguration(String principal, String keytab) {
        Map<String, String> loginOptions = createLoginOptions(principal, keytab);
        return new Configuration() {
            @Override
            public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
                return new AppConfigurationEntry[] {
                        new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule",
                                AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, loginOptions) };
            }
        };
    }

    private static Map<String, String> createLoginOptions(String principal, String keytab) {
        ImmutableMap.Builder<String, String> options = ImmutableMap.builder();
        options.put("useKeyTab", "true");
        options.put("principal", principal);
        options.put("keyTab", keytab);
        options.put("storeKey", "true");
        options.put("doNotPrompt", "true");
        options.put("isInitiator", "true");
        return options.build();
    }

    public Subject authenticate() {
        Subject subject = new Subject(false, principalsSet, emptySet(), emptySet());
        try {
            LoginContext loginContext = new LoginContext("", subject, null, kerberosConfiguration);
            loginContext.login();
            return loginContext.getSubject();
        } catch (LoginException e) {
            throw Throwables.propagate(e);
        }
    }
}