001/** 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software 013 * distributed under the License is distributed on an "AS IS" BASIS, 014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 015 * See the License for the specific language governing permissions and 016 * limitations under the License. 017 */ 018package org.apache.oozie.util; 019 020import java.util.HashMap; 021import java.util.Map; 022import javax.security.auth.login.AppConfigurationEntry; 023import javax.security.auth.login.Configuration; 024 025 026/** 027 * Creates a programmatic version of a jaas.conf file. This can be used instead of writing a jaas.conf file and setting 028 * the system property, "java.security.auth.login.config", to point to that file. It is meant to be used for connecting to 029 * ZooKeeper. 030 * <p> 031 * example usage: 032 * JaasConfiguration.addEntry("Client", principal, keytabFile); 033 * javax.security.auth.login.Configuration.setConfiguration(JaasConfiguration.getInstance()); 034 */ 035public class JaasConfiguration extends Configuration { 036 private static Map<String, AppConfigurationEntry> entries = new HashMap<String, AppConfigurationEntry>(); 037 private static JaasConfiguration me = null; 038 private static final String krb5LoginModuleName; 039 040 static { 041 if (System.getProperty("java.vendor").contains("IBM")) { 042 krb5LoginModuleName = "com.ibm.security.auth.module.Krb5LoginModule"; 043 } 044 else { 045 krb5LoginModuleName = "com.sun.security.auth.module.Krb5LoginModule"; 046 } 047 } 048 049 private JaasConfiguration() { 050 // don't need to do anything here but we want to make it private 051 } 052 053 /** 054 * Return the singleton. You'd typically use it only to do this: 055 * <p> 056 * javax.security.auth.login.Configuration.setConfiguration(JaasConfiguration.getInstance()); 057 * 058 * @return 059 */ 060 public static Configuration getInstance() { 061 if (me == null) { 062 me = new JaasConfiguration(); 063 } 064 return me; 065 } 066 067 /** 068 * Add an entry to the jaas configuration with the passed in name, principal, and keytab. The other necessary options will be 069 * set for you. 070 * 071 * @param name The name of the entry (e.g. "Client") 072 * @param principal The principal of the user 073 * @param keytab The location of the keytab 074 */ 075 public static void addEntry(String name, String principal, String keytab) { 076 Map<String, String> options = new HashMap<String, String>(); 077 options.put("keyTab", keytab); 078 options.put("principal", principal); 079 options.put("useKeyTab", "true"); 080 options.put("storeKey", "true"); 081 options.put("useTicketCache", "false"); 082 AppConfigurationEntry entry = new AppConfigurationEntry(krb5LoginModuleName, 083 AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options); 084 entries.put(name, entry); 085 } 086 087 /** 088 * Removes the specified entry. 089 * 090 * @param name The name of the entry to remove 091 */ 092 public static void removeEntry(String name) { 093 entries.remove(name); 094 } 095 096 /** 097 * Clears all entries. 098 */ 099 public static void clearEntries() { 100 entries.clear(); 101 } 102 103 /** 104 * Returns the entries map. 105 * 106 * @return the entries map 107 */ 108 public static Map<String, AppConfigurationEntry> getEntries() { 109 return entries; 110 } 111 112 @Override 113 public AppConfigurationEntry[] getAppConfigurationEntry(String name) { 114 return new AppConfigurationEntry[]{entries.get(name)}; 115 } 116}