API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 26th, 2015
202
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.55 KB | None | 0 0
raw download clone embed print report
  1. import java.io.FileInputStream;
  2. import java.io.IOException;
  3. import java.security.PrivilegedActionException;
  4. import java.security.PrivilegedExceptionAction;
  5. import java.util.HashMap;
  6. import java.util.Hashtable;
  7. import java.util.Map;
  8. import java.util.Properties;
  9.  
  10. import javax.naming.Context;
  11. import javax.naming.NamingEnumeration;
  12. import javax.naming.NamingException;
  13. import javax.naming.directory.Attributes;
  14. import javax.naming.directory.DirContext;
  15. import javax.naming.directory.SearchControls;
  16. import javax.naming.directory.SearchResult;
  17. import javax.naming.ldap.Control;
  18. import javax.naming.ldap.InitialLdapContext;
  19. import javax.security.auth.Subject;
  20. import javax.security.auth.login.LoginContext;
  21. import javax.security.auth.login.LoginException;
  22. import javax.security.auth.spi.LoginModule;
  23.  
  24. public class TestKerberizedLdap implements Runnable {
  25.  
  26. public static void main(String[] args) {
  27. Runnable rn = null;
  28. if (args.length == 1) {
  29. rn = new TestKerberizedLdap(args[0]);
  30. }
  31. else if (args.length == 0) {
  32. rn = new TestKerberizedLdap("C:/dev/projects/TestKerberizedLdap/src/testkerberizedldap.properties");
  33. }
  34. else {
  35. printUsage();
  36. return;
  37. }
  38.  
  39. rn.run();
  40. }
  41.  
  42. private static final String loginModuleClassName = "com.sun.security.auth.module.Krb5LoginModule";
  43. private static final String koid = "1.2.840.113554.1.2.2";
  44. private static final String soid = "1.3.6.1.5.5.2";
  45.  
  46. private Subject subject;
  47. private DirContext ldapContext;
  48. private String username;
  49. private String password;
  50. private String ldapHost;
  51.  
  52. private TestKerberizedLdap(String propFileName) {
  53. Properties prop = new Properties();
  54. try {
  55. FileInputStream iStream = new FileInputStream(propFileName);
  56. prop.load(iStream);
  57. iStream.close();
  58. }
  59. catch (IOException e) {
  60. e.printStackTrace();
  61. }
  62.  
  63. System.out.println("Properties found:");
  64. for (String propName : prop.stringPropertyNames()) {
  65. System.out.println(propName + " = " + prop.getProperty(propName));
  66. }
  67. System.out.println();
  68.  
  69. System.setProperty("java.security.krb5.conf", prop.getProperty("krbConf"));
  70. System.setProperty("java.security.krb5.debug", "true");
  71. System.setProperty("sun.security.krb5.debug", "true");
  72.  
  73. ldapHost = prop.getProperty("ldapHost");
  74. username = prop.getProperty("user");
  75. password = prop.getProperty("password");
  76. subject = null;
  77. ldapContext = null;
  78. }
  79.  
  80. public void run() {
  81. try {
  82. initSubject();
  83. if (subject != null) {
  84. initContextKerberized();
  85. }
  86. }
  87. catch (Exception ex) {
  88. ex.printStackTrace();
  89. }
  90. }
  91.  
  92. private void initContextKerberized() throws Exception {
  93. Subject.doAs(subject, new PrivilegedExceptionAction<Object>() {
  94. public Object run() throws Exception {
  95. Hashtable<String, String> env = new Hashtable<String, String>();
  96. env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
  97. env.put(Context.PROVIDER_URL, ldapHost);
  98. env.put(Context.SECURITY_AUTHENTICATION, "GSSAPI");
  99. ldapContext = new InitialLdapContext(env, new Control[0]);
  100.  
  101. // Do stuff with ldapContext here...
  102. searchLdapDirectory();
  103.  
  104. return null;
  105. }
  106. });
  107. }
  108.  
  109. private void searchLdapDirectory() throws NamingException {
  110. String base = "CN=Users";
  111. String filter = "(objectclass=user)";
  112. SearchControls sc = new SearchControls();
  113. sc.setSearchScope(SearchControls.SUBTREE_SCOPE);
  114. NamingEnumeration<SearchResult> ne = ldapContext.search(base, filter, sc);
  115. int numElements = 0;
  116. System.out.println();
  117. while (ne.hasMoreElements()) {
  118. SearchResult sr = ne.nextElement();
  119. Attributes attr = sr.getAttributes();
  120. System.out.println(attr.get("name").get());
  121. numElements++;
  122. }
  123. System.out.println("The number of elements returned was " + numElements);
  124. }
  125.  
  126. private void initSubject() throws InstantiationException, ClassNotFoundException, IllegalAccessException {
  127. LoginModule module = null;
  128. try {
  129. module = (LoginModule) Class.forName(loginModuleClassName).newInstance();
  130. subject = new Subject();
  131. Map<String, String> options = new HashMap<String, String>();
  132. Map<String, Object> sharedState = new HashMap<String, Object>();
  133.  
  134. if ((username != null) && (password != null)) {
  135. sharedState.put("javax.security.auth.login.password", password.toCharArray());
  136. sharedState.put("javax.security.auth.login.name", username);
  137. options.put("principal", username);
  138. options.put("storeKey", "true");
  139. options.put("useFirstPass", "true");
  140. }
  141. else {
  142. options.put("principal", username);
  143. options.put("useTicketCache", "true");
  144. options.put("doNotPrompt", "true");
  145. options.put("renewTGT", "true");
  146. }
  147. options.put("debug", "true");
  148. options.put("refreshKrb5Config", "true");
  149.  
  150. module.initialize(subject, null, sharedState, options);
  151. module.login();
  152. module.commit();
  153. }
  154. catch (LoginException ex) {
  155. ex.printStackTrace();
  156. subject = null;
  157. if (module != null) {
  158. try {
  159. module.abort();
  160. }
  161. catch (LoginException ex2) {
  162. ex2.printStackTrace();
  163. }
  164. }
  165. }
  166. }
  167.  
  168. private static void printUsage() {
  169. System.out.println();
  170. System.out.println("Usage: TestKerberizedLdap <property file name>");
  171. System.out.println();
  172. }
  173. }
  174.  
  175. Found ticket for user1@2K8.HLP.NET to go to krbtgt/2K8.HLP.NET@2K8.HLP.NET expiring on Thu Jun 04 00:47:07 PDT 2015
  176. Entered Krb5Context.initSecContext with state=STATE_NEW
  177. Found ticket for user1@2K8.HLP.NET to go to krbtgt/2K8.HLP.NET@2K8.HLP.NET expiring on Thu Jun 04 00:47:07 PDT 2015
  178. Service ticket not found in the subject
  179. >>> Credentials acquireServiceCreds: same realm
  180. default etypes for default_tgs_enctypes: 23 16 3 1.
  181. >>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType
  182. >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
  183. >>> KrbKdcReq send: kdc=172.23.5.151 UDP:88, timeout=30000, number of retries =3, #bytes=1289
  184. >>> KDCCommunication: kdc=172.23.5.151 UDP:88, timeout=30000,Attempt =1, #bytes=1289
  185. >>> KrbKdcReq send: #bytes read=92
  186. >>> KrbKdcReq send: #bytes read=92
  187. >>> KdcAccessibility: remove 172.23.5.151:88
  188. >>> KDCRep: init() encoding tag is 126 req type is 13
  189. >>>KRBError:
  190. sTime is Wed Jun 03 14:47:07 PDT 2015 1433368027000
  191. suSec is 109093
  192. error code is 7
  193. error Message is Server not found in Kerberos database
  194. realm is 2K8.HLP.NET
  195. sname is ldap/2k8.hlp.net
  196. msgType is 30
  197. java.security.PrivilegedActionException: javax.naming.AuthenticationException: GSSAPI [Root exception is javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7))]]
  198. at java.security.AccessController.doPrivileged(Native Method)
  199. at javax.security.auth.Subject.doAs(Subject.java:396)
  200. at TestKerberizedLdap.initContextKerberized(TestKerberizedLdap.java:95)
  201. at TestKerberizedLdap.run(TestKerberizedLdap.java:85)
  202. at TestKerberizedLdap.main(TestKerberizedLdap.java:39)
  203. Caused by: javax.naming.AuthenticationException: GSSAPI [Root exception is javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7))]]
  204. at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(LdapSasl.java:150)
  205. at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214)
  206. at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2694)
  207. at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293)
  208. at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
  209. at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
  210. at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
  211. at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
  212. at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
  213. at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
  214. at javax.naming.InitialContext.init(InitialContext.java:223)
  215. at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
  216. at TestKerberizedLdap$1.run(TestKerberizedLdap.java:101)
  217. ... 5 more
  218. Caused by: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7))]
  219. at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:194)
  220. at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(LdapSasl.java:105)
  221. ... 17 more
  222. Caused by: GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7))
  223. at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:663)
  224. at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:230)
  225. at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:162)
  226. at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:175)
  227. ... 18 more
  228. Caused by: KrbException: Server not found in Kerberos database (7)
  229. at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:61)
  230. at sun.security.krb5.KrbTgsReq.getReply(KrbTgsReq.java:185)
  231. at sun.security.krb5.internal.CredentialsUtil.serviceCreds(CredentialsUtil.java:294)
  232. at sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(CredentialsUtil.java:106)
  233. at sun.security.krb5.Credentials.acquireServiceCreds(Credentials.java:557)
  234. at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:594)
  235. ... 21 more
  236. Caused by: KrbException: Identifier doesn't match expected value (906)
  237. at sun.security.krb5.internal.KDCRep.init(KDCRep.java:133)
  238. at sun.security.krb5.internal.TGSRep.init(TGSRep.java:58)
  239. at sun.security.krb5.internal.TGSRep.<init>(TGSRep.java:53)
  240. at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:46)
  241. ... 26 more
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!