/// <summary>
/// 登录
/// </summary>
/// <param name="type"></param>
/// <returns></returns>
public bool Login(LoginType type)
{
ILoginStrategy strategy = null;
switch (type)
{
case LoginType.Email:
strategy = new EmailLogin();
break;
case LoginType.Phone:
strategy = new PhoneLogin();
break;
case LoginType.QrCode:
strategy = new QrCodeLogin();
break;
}
_loginContext = new LoginContext(strategy, this);
JObject j = _loginContext.Login();
//解析返回值
AuthInfoHelper auth = new AuthInfoHelper(j);
if (auth.Code == 200)
{
ID = auth.UserID;
return(true);
}
return(false);
}
public virtual void TestServerLogin()
{
LoginContext loginContext = CreateLoginContextZookeeperLocalhost();
loginContext.Login();
loginContext.Logout();
}
/// <summary>
/// Implements the SPNEGO authentication sequence interaction using the current default principal
/// in the Kerberos cache (normally set via kinit).
/// </summary>
/// <param name="token">the authentication token being used for the user.</param>
/// <exception cref="System.IO.IOException">if an IO error occurred.</exception>
/// <exception cref="AuthenticationException">if an authentication error occurred.</exception>
/// <exception cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException
/// "/>
private void DoSpnegoSequence(AuthenticatedURL.Token token)
{
try
{
AccessControlContext context = AccessController.GetContext();
Subject subject = Subject.GetSubject(context);
if (subject == null || (subject.GetPrivateCredentials <KerberosKey>().IsEmpty() &&
subject.GetPrivateCredentials <KerberosTicket>().IsEmpty()))
{
Log.Debug("No subject in context, logging in");
subject = new Subject();
LoginContext login = new LoginContext(string.Empty, subject, null, new KerberosAuthenticator.KerberosConfiguration
());
login.Login();
}
if (Log.IsDebugEnabled())
{
Log.Debug("Using subject: " + subject);
}
Subject.DoAs(subject, new _PrivilegedExceptionAction_287(this));
}
catch (PrivilegedActionException ex)
{
// Loop while the context is still not established
throw new AuthenticationException(ex.GetException());
}
catch (LoginException ex)
{
throw new AuthenticationException(ex);
}
AuthenticatedURL.ExtractToken(conn, token);
}
/// <exception cref="System.Exception"/>
public static T DoAs <T>(string principal, Callable <T> callable)
{
LoginContext loginContext = null;
try
{
ICollection <Principal> principals = new HashSet <Principal>();
principals.AddItem(new KerberosPrincipal(KerberosTestUtils.GetClientPrincipal()));
Subject subject = new Subject(false, principals, new HashSet <object>(), new HashSet
<object>());
loginContext = new LoginContext(string.Empty, subject, null, new KerberosTestUtils.KerberosConfiguration
(principal));
loginContext.Login();
subject = loginContext.GetSubject();
return(Subject.DoAs(subject, new _PrivilegedExceptionAction_99(callable)));
}
catch (PrivilegedActionException ex)
{
throw ex.GetException();
}
finally
{
if (loginContext != null)
{
loginContext.Logout();
}
}
}
public void should_authenticate_a_valid_user()
{
var callback = new NopAuthCallbackHandler();
var context = new LoginContext(new[] { module_ });
Assert.That(context.Login(subject_, callback), Is.True);
}
public void Login()
{
LoginConfiguration config = new LoginConfiguration();
config.Load("login-module-node");
LoginContext context = new LoginContext(config);
Assert.AreEqual(true, context.Login());
}
public void LoginWithNoModule()
{
LoginConfiguration config = new LoginConfiguration();
config.Load("with-namespace");
LoginContext context = new LoginContext(config);
Assert.AreEqual(false, context.Login());
}
/// <exception cref="System.Exception"/>
public virtual void TestLoginModuleCommit()
{
UserGroupInformation loginUgi = UserGroupInformation.GetLoginUser();
User user1 = loginUgi.GetSubject().GetPrincipals <User>().GetEnumerator().Next();
LoginContext login = user1.GetLogin();
login.Logout();
login.Login();
User user2 = loginUgi.GetSubject().GetPrincipals <User>().GetEnumerator().Next();
// user1 and user2 must be same instances.
Assert.True(user1 == user2);
}
public static void StateContextQuestion()
{
LoginContext ctx = new LoginContext();
NewLogin nl = new NewLogin(ctx);
ctx.Init(nl);
ctx.Login("123");
ctx.Login("123");
ctx.Login("123");
ctx.Login("123");
ctx.Login("123");
ctx.Login("123");
ctx.Restart();
ctx.Login("123");
ctx.Login("12345");
}
public virtual void TestKerberosLogin()
{
MiniKdc kdc = GetKdc();
FilePath workDir = GetWorkDir();
LoginContext loginContext = null;
try
{
string principal = "foo";
FilePath keytab = new FilePath(workDir, "foo.keytab");
kdc.CreatePrincipal(keytab, principal);
ICollection <Principal> principals = new HashSet <Principal>();
principals.AddItem(new KerberosPrincipal(principal));
//client login
Subject subject = new Subject(false, principals, new HashSet <object>(), new HashSet
<object>());
loginContext = new LoginContext(string.Empty, subject, null, TestMiniKdc.KerberosConfiguration
.CreateClientConfig(principal, keytab));
loginContext.Login();
subject = loginContext.GetSubject();
Assert.Equal(1, subject.GetPrincipals().Count);
Assert.Equal(typeof(KerberosPrincipal), subject.GetPrincipals(
).GetEnumerator().Next().GetType());
Assert.Equal(principal + "@" + kdc.GetRealm(), subject.GetPrincipals
().GetEnumerator().Next().GetName());
loginContext.Logout();
//server login
subject = new Subject(false, principals, new HashSet <object>(), new HashSet <object
>());
loginContext = new LoginContext(string.Empty, subject, null, TestMiniKdc.KerberosConfiguration
.CreateServerConfig(principal, keytab));
loginContext.Login();
subject = loginContext.GetSubject();
Assert.Equal(1, subject.GetPrincipals().Count);
Assert.Equal(typeof(KerberosPrincipal), subject.GetPrincipals(
).GetEnumerator().Next().GetType());
Assert.Equal(principal + "@" + kdc.GetRealm(), subject.GetPrincipals
().GetEnumerator().Next().GetName());
loginContext.Logout();
}
finally
{
if (loginContext != null)
{
loginContext.Logout();
}
}
}
/// <summary>Log in, defaulting to the client context</summary>
/// <param name="principal">principal</param>
/// <param name="context">context</param>
/// <param name="keytab">keytab</param>
/// <returns>the logged in context</returns>
/// <exception cref="Javax.Security.Auth.Login.LoginException">failure to log in</exception>
/// <exception cref="System.IO.FileNotFoundException">no keytab</exception>
protected internal virtual LoginContext Login(string principal, string context, FilePath
keytab)
{
Log.Info("Logging in as {} in context {} with keytab {}", principal, context, keytab
);
if (!keytab.Exists())
{
throw new FileNotFoundException(keytab.GetAbsolutePath());
}
ICollection <Principal> principals = new HashSet <Principal>();
principals.AddItem(new KerberosPrincipal(principal));
Subject subject = new Subject(false, principals, new HashSet <object>(), new HashSet
<object>());
LoginContext login;
login = new LoginContext(context, subject, null, KerberosConfiguration.CreateClientConfig
(principal, keytab));
login.Login();
return(login);
}
public void should_abort_when_authentication_fail()
{
Mock
.Arrange(() => module_.ControlFlag)
.Returns(LoginModuleControlFlag.Required);
Mock
.Arrange(
() => module_.Login(Arg.IsAny <IAuthCallbackHandler>(), subject_))
.Returns(AuthenticationInfos.Failed());
Mock
.Arrange(() => module_.Commit(Arg.IsAny <IAuthenticationInfo>()))
.OccursNever();
Mock
.Arrange(() => module_.Abort(Arg.IsAny <IAuthenticationInfo>()))
.MustBeCalled();
var callback = new NopAuthCallbackHandler();
var context = new LoginContext(new[] { module_ });
Assert.That(context.Login(subject_, callback), Is.False);
Mock.Assert(module_);
}
/// <summary>Initializes the authentication handler instance.</summary>
/// <remarks>
/// Initializes the authentication handler instance.
/// <p>
/// It creates a Kerberos context using the principal and keytab specified in the configuration.
/// <p>
/// This method is invoked by the
/// <see cref="AuthenticationFilter.Init(Javax.Servlet.FilterConfig)"/>
/// method.
/// </remarks>
/// <param name="config">configuration properties to initialize the handler.</param>
/// <exception cref="Javax.Servlet.ServletException">thrown if the handler could not be initialized.
/// </exception>
public override void Init(Properties config)
{
try
{
string principal = config.GetProperty(Principal);
if (principal == null || principal.Trim().Length == 0)
{
throw new ServletException("Principal not defined in configuration");
}
keytab = config.GetProperty(Keytab, keytab);
if (keytab == null || keytab.Trim().Length == 0)
{
throw new ServletException("Keytab not defined in configuration");
}
if (!new FilePath(keytab).Exists())
{
throw new ServletException("Keytab does not exist: " + keytab);
}
// use all SPNEGO principals in the keytab if a principal isn't
// specifically configured
string[] spnegoPrincipals;
if (principal.Equals("*"))
{
spnegoPrincipals = KerberosUtil.GetPrincipalNames(keytab, Pattern.Compile
("HTTP/.*"));
if (spnegoPrincipals.Length == 0)
{
throw new ServletException("Principals do not exist in the keytab");
}
}
else
{
spnegoPrincipals = new string[] { principal };
}
string nameRules = config.GetProperty(NameRules, null);
if (nameRules != null)
{
KerberosName.SetRules(nameRules);
}
foreach (string spnegoPrincipal in spnegoPrincipals)
{
Log.Info("Login using keytab {}, for principal {}", keytab, spnegoPrincipal);
KerberosAuthenticationHandler.KerberosConfiguration kerberosConfiguration = new KerberosAuthenticationHandler.KerberosConfiguration
(keytab, spnegoPrincipal);
LoginContext loginContext = new LoginContext(string.Empty, serverSubject, null, kerberosConfiguration
);
try
{
loginContext.Login();
}
catch (LoginException le)
{
Log.Warn("Failed to login as [{}]", spnegoPrincipal, le);
throw new AuthenticationException(le);
}
loginContexts.AddItem(loginContext);
}
try
{
gssManager = Subject.DoAs(serverSubject, new _PrivilegedExceptionAction_229());
}
catch (PrivilegedActionException ex)
{
throw ex.GetException();
}
}
catch (Exception ex)
{
throw new ServletException(ex);
}
}
public UsuarioModel isCorrectPassWord(String Login, String Senha)
{
return(db.Login(Login, Senha));
}