Package org.apache.calcite.avatica.remote

Class KerberosConnection

  • public class KerberosConnection
extends java.lang.Object
    A utility to perform Kerberos logins and renewals.

    • Nested Class Summary

      Nested Classes 
      Modifier and Type Class Description
      (package private) static class  KerberosConnection.RenewalTask
      Runnable for performing Kerberos renewals.

    • Constructor Summary

      Constructors 
      Constructor Description
      KerberosConnection​(java.lang.String principal, java.io.File keytab)
      Constructs an instance.

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      (package private) javax.security.auth.login.LoginContext createLoginContext​(javax.security.auth.login.Configuration conf)  
      (package private) java.util.Map.Entry<KerberosConnection.RenewalTask,​java.lang.Thread> createRenewalThread​(javax.security.auth.login.LoginContext originalContext, javax.security.auth.Subject originalSubject, long renewalPeriod)
      Launches a thread to periodically check the current ticket's lifetime and perform a relogin as necessary.
      static java.lang.String getKrb5LoginModuleName()
      Returns the KRB5 LoginModule implementation.
      javax.security.auth.Subject getSubject()  
      static boolean isIbmJava()
      Returns whether or not the current environment is IBM Java.
      (package private) static boolean isTGSPrincipal​(javax.security.auth.kerberos.KerberosPrincipal principal)
      Computes if the given principal is the ticket-granting system's principal ("krbtgt").
      void login()
      Perform a Kerberos login and launch a daemon thread to periodically perfrom renewals of that Kerberos login.
      (package private) java.util.Map.Entry<javax.security.auth.login.LoginContext,​javax.security.auth.Subject> login​(javax.security.auth.login.LoginContext prevContext, javax.security.auth.login.Configuration conf, javax.security.auth.Subject subject)
      Performs a kerberos login, possibly logging out first.
      (package private) java.util.Map.Entry<javax.security.auth.login.LoginContext,​javax.security.auth.Subject> performKerberosLogin()
      Performs a Kerberos login given the principal and keytab.
      void stopRenewalThread()
      Stops the Kerberos renewal thread if it is still running.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • LOG

        private static final org.slf4j.Logger LOG

      • IBM_KRB5_LOGIN_MODULE

        private static final java.lang.String IBM_KRB5_LOGIN_MODULE
        See Also:
        Constant Field Values

      • SUN_KRB5_LOGIN_MODULE

        private static final java.lang.String SUN_KRB5_LOGIN_MODULE
        See Also:
        Constant Field Values

      • RENEWAL_THREAD_NAME

        private static final java.lang.String RENEWAL_THREAD_NAME
        See Also:
        Constant Field Values

      • JAVA_VENDOR_NAME

        private static final java.lang.String JAVA_VENDOR_NAME

      • IS_IBM_JAVA

        private static final boolean IS_IBM_JAVA

      • PERCENT_OF_LIFETIME_TO_RENEW

        public static final float PERCENT_OF_LIFETIME_TO_RENEW
        The percentage of the Kerberos ticket's lifetime which we should start trying to renew it
        See Also:
        Constant Field Values

      • RENEWAL_PERIOD

        public static final long RENEWAL_PERIOD
        How long should we sleep between checks to renew the Kerberos ticket
        See Also:
        Constant Field Values

      • principal

        private final java.lang.String principal

      • jaasConf

        private final javax.security.auth.login.Configuration jaasConf

      • subject

        private javax.security.auth.Subject subject

      • renewalThread

        private java.lang.Thread renewalThread

    • Constructor Detail

      • KerberosConnection

        public KerberosConnection​(java.lang.String principal,
                          java.io.File keytab)
        Constructs an instance.
        Parameters:
        principal - The Kerberos principal
        keytab - The keytab containing keys for the Kerberos principal

    • Method Detail

      • getSubject

        public javax.security.auth.Subject getSubject()

      • login

        public void login()
        Perform a Kerberos login and launch a daemon thread to periodically perfrom renewals of that Kerberos login. Exceptions are intentionally caught and rethrown as unchecked exceptions as there is nothing Avatica itself can do if the Kerberos login fails.
        Throws:
        java.lang.RuntimeException - If the Kerberos login fails

      • performKerberosLogin

        java.util.Map.Entry<javax.security.auth.login.LoginContext,​javax.security.auth.Subject> performKerberosLogin()
        Performs a Kerberos login given the principal and keytab.
        Returns:
        The Subject and LoginContext from the successful login.
        Throws:
        java.lang.RuntimeException - if the login failed

      • login

        java.util.Map.Entry<javax.security.auth.login.LoginContext,​javax.security.auth.Subject> login​(javax.security.auth.login.LoginContext prevContext,
                                                                                                    javax.security.auth.login.Configuration conf,
                                                                                                    javax.security.auth.Subject subject)
                                                                                             throws javax.security.auth.login.LoginException
        Performs a kerberos login, possibly logging out first.
        Parameters:
        prevContext - The LoginContext from the previous login, or null
        conf - JAAS Configuration object
        subject - The JAAS Subject
        Returns:
        The context and subject from the login
        Throws:
        javax.security.auth.login.LoginException - If the login failed.

      • createLoginContext

        javax.security.auth.login.LoginContext createLoginContext​(javax.security.auth.login.Configuration conf)
                                                   throws javax.security.auth.login.LoginException
        Throws:
        javax.security.auth.login.LoginException

      • createRenewalThread

        java.util.Map.Entry<KerberosConnection.RenewalTask,​java.lang.Thread> createRenewalThread​(javax.security.auth.login.LoginContext originalContext,
                                                                                               javax.security.auth.Subject originalSubject,
                                                                                               long renewalPeriod)
        Launches a thread to periodically check the current ticket's lifetime and perform a relogin as necessary.
        Parameters:
        originalContext - The original login's context.
        originalSubject - The original login's subject.
        renewalPeriod - The amount of time to sleep inbetween checks to renew

      • stopRenewalThread

        public void stopRenewalThread()
        Stops the Kerberos renewal thread if it is still running. If the thread was already started or never started, this method does nothing.

      • isTGSPrincipal

        static boolean isTGSPrincipal​(javax.security.auth.kerberos.KerberosPrincipal principal)
        Computes if the given principal is the ticket-granting system's principal ("krbtgt").
        Parameters:
        principal - A KerberosPrincipal.
        Returns:
        True if principal is the TGS principal, false otherwise.

      • isIbmJava

        public static boolean isIbmJava()
        Returns whether or not the current environment is IBM Java. Otherwise, assumed to be Oracle Java/OpenJDK.
        Returns:
        True if the environment is IBM Java, false otherwise.

      • getKrb5LoginModuleName

        public static java.lang.String getKrb5LoginModuleName()
        Returns the KRB5 LoginModule implementation. This is JVM-vendor dependent.
        Returns:
        The class name of the KRB5 LoginModule