Java tutorial
/** * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.apache.hadoop.io.crypto.tool.kerberos; import java.net.URL; import java.security.AccessControlContext; import java.security.AccessController; import java.security.PrivilegedExceptionAction; import java.util.HashMap; import java.util.Map; import javax.security.auth.Subject; import javax.security.auth.login.AppConfigurationEntry; import javax.security.auth.login.Configuration; import javax.security.auth.login.LoginContext; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.hadoop.io.crypto.bee.RestClient; public class SpnegoRestCli { private static final Log LOG = LogFactory.getLog(SpnegoRestCli.class); private static class KerberosConfiguration extends Configuration { private static final String OS_LOGIN_MODULE_NAME; private static final boolean windows = System.getProperty("os.name").startsWith("Windows"); static { if (windows) { OS_LOGIN_MODULE_NAME = "com.sun.security.auth.module.NTLoginModule"; } else { OS_LOGIN_MODULE_NAME = "com.sun.security.auth.module.UnixLoginModule"; } } private static final AppConfigurationEntry OS_SPECIFIC_LOGIN = new AppConfigurationEntry( OS_LOGIN_MODULE_NAME, AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, new HashMap<String, String>()); private static final Map<String, String> USER_KERBEROS_OPTIONS = new HashMap<String, String>(); static { USER_KERBEROS_OPTIONS.put("doNotPrompt", "true"); USER_KERBEROS_OPTIONS.put("useTicketCache", "true"); USER_KERBEROS_OPTIONS.put("renewTGT", "true"); String ticketCache = System.getenv("KRB5CCNAME"); if (ticketCache != null) { USER_KERBEROS_OPTIONS.put("ticketCache", ticketCache); } } private static final AppConfigurationEntry USER_KERBEROS_LOGIN = new AppConfigurationEntry( KerberosUtil.getKrb5LoginModuleName(), AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL, USER_KERBEROS_OPTIONS); private static final AppConfigurationEntry[] USER_KERBEROS_CONF = // new AppConfigurationEntry[] { OS_SPECIFIC_LOGIN, USER_KERBEROS_LOGIN }; new AppConfigurationEntry[] { USER_KERBEROS_LOGIN }; @Override public AppConfigurationEntry[] getAppConfigurationEntry(String appName) { return USER_KERBEROS_CONF; } } private URL url = null; StringBuffer sb = new StringBuffer(); public SpnegoRestCli(URL url) { this.url = url; } public StringBuffer getResult() throws Exception { AccessControlContext context = AccessController.getContext(); Subject subject = Subject.getSubject(context); if (subject == null) { subject = new Subject(); LoginContext login = new LoginContext("", subject, null, new KerberosConfiguration()); login.login(); } Subject.doAs(subject, new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception { sb = new RestClient(url).getResult(); return null; } }); return sb; } /** * @param args */ public static void main(String[] args) { String strUrl = ""; if (args.length >= 1) { strUrl = args[0]; } else { strUrl = "http://web.bdp:8080/test/api/echo/tttt"; } try { StringBuffer sb = new SpnegoRestCli(new URL(strUrl)).getResult(); String result = sb.toString(); System.out.println("Content of result:"); System.out.println("*** BEGIN ***"); System.out.println(result); System.out.println("*** END ***"); } catch (Exception e) { e.printStackTrace(); } } }