001/** 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software 013 * distributed under the License is distributed on an "AS IS" BASIS, 014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 015 * See the License for the specific language governing permissions and 016 * limitations under the License. 017 */ 018 019package org.apache.oozie.util; 020 021import java.util.HashMap; 022import java.util.Map; 023import javax.security.auth.login.AppConfigurationEntry; 024import javax.security.auth.login.Configuration; 025 026 027/** 028 * Creates a programmatic version of a jaas.conf file. This can be used instead of writing a jaas.conf file and setting 029 * the system property, "java.security.auth.login.config", to point to that file. It is meant to be used for connecting to 030 * ZooKeeper. 031 * <p> 032 * example usage: 033 * JaasConfiguration.addEntry("Client", principal, keytabFile); 034 * javax.security.auth.login.Configuration.setConfiguration(JaasConfiguration.getInstance()); 035 */ 036public class JaasConfiguration extends Configuration { 037 private static Map<String, AppConfigurationEntry> entries = new HashMap<String, AppConfigurationEntry>(); 038 private static JaasConfiguration me = null; 039 private static final String krb5LoginModuleName; 040 041 static { 042 if (System.getProperty("java.vendor").contains("IBM")) { 043 krb5LoginModuleName = "com.ibm.security.auth.module.Krb5LoginModule"; 044 } 045 else { 046 krb5LoginModuleName = "com.sun.security.auth.module.Krb5LoginModule"; 047 } 048 } 049 050 private JaasConfiguration() { 051 // don't need to do anything here but we want to make it private 052 } 053 054 /** 055 * Return the singleton. You'd typically use it only to do this: 056 * <p> 057 * javax.security.auth.login.Configuration.setConfiguration(JaasConfiguration.getInstance()); 058 * 059 * @return 060 */ 061 public static Configuration getInstance() { 062 if (me == null) { 063 me = new JaasConfiguration(); 064 } 065 return me; 066 } 067 068 /** 069 * Add an entry to the jaas configuration with the passed in name, principal, and keytab. The other necessary options will be 070 * set for you. 071 * 072 * @param name The name of the entry (e.g. "Client") 073 * @param principal The principal of the user 074 * @param keytab The location of the keytab 075 */ 076 public static void addEntry(String name, String principal, String keytab) { 077 Map<String, String> options = new HashMap<String, String>(); 078 options.put("keyTab", keytab); 079 options.put("principal", principal); 080 options.put("useKeyTab", "true"); 081 options.put("storeKey", "true"); 082 options.put("useTicketCache", "false"); 083 AppConfigurationEntry entry = new AppConfigurationEntry(krb5LoginModuleName, 084 AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options); 085 entries.put(name, entry); 086 } 087 088 /** 089 * Removes the specified entry. 090 * 091 * @param name The name of the entry to remove 092 */ 093 public static void removeEntry(String name) { 094 entries.remove(name); 095 } 096 097 /** 098 * Clears all entries. 099 */ 100 public static void clearEntries() { 101 entries.clear(); 102 } 103 104 /** 105 * Returns the entries map. 106 * 107 * @return the entries map 108 */ 109 public static Map<String, AppConfigurationEntry> getEntries() { 110 return entries; 111 } 112 113 @Override 114 public AppConfigurationEntry[] getAppConfigurationEntry(String name) { 115 return new AppConfigurationEntry[]{entries.get(name)}; 116 } 117}