Package org.apache.zookeeper.util
Class SecurityUtils
java.lang.Object
org.apache.zookeeper.util.SecurityUtils
-
Field Summary
Fields -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionstatic SaslClient
createSaslClient
(Subject subject, String servicePrincipal, String protocol, String serverName, org.slf4j.Logger LOG, String entity) Create an instance of a SaslClient.static SaslServer
createSaslServer
(Subject subject, String protocol, String serverName, CallbackHandler callbackHandler, org.slf4j.Logger LOG) Create an instance of a SaslServer.static String
getServerPrincipal
(String principalConfig, String hostname) Convert Kerberos principal name pattern to valid Kerberos principal name.
-
Field Details
-
QUORUM_HOSTNAME_PATTERN
- See Also:
-
-
Constructor Details
-
SecurityUtils
public SecurityUtils()
-
-
Method Details
-
createSaslClient
public static SaslClient createSaslClient(Subject subject, String servicePrincipal, String protocol, String serverName, org.slf4j.Logger LOG, String entity) throws SaslException Create an instance of a SaslClient. It will return null if there is an exception.- Parameters:
subject
- subjectservicePrincipal
- principalprotocol
- name of the protocol for which the authentication is being performedserverName
- name of the server to authenticate toLOG
- loggerentity
- can be either zookeeper client or quorum learner- Returns:
- saslclient object
- Throws:
SaslException
-
createSaslServer
public static SaslServer createSaslServer(Subject subject, String protocol, String serverName, CallbackHandler callbackHandler, org.slf4j.Logger LOG) Create an instance of a SaslServer. It will return null if there is an exception.- Parameters:
subject
- subjectprotocol
- protocolserverName
- server namecallbackHandler
- login callback handlerLOG
- logger- Returns:
- sasl server object
-
getServerPrincipal
Convert Kerberos principal name pattern to valid Kerberos principal name. If the principal name contains hostname pattern "_HOST" then it replaces with the given hostname, which should be fully-qualified domain name.- Parameters:
principalConfig
- the Kerberos principal name conf value to converthostname
- the fully-qualified domain name used for substitution- Returns:
- converted Kerberos principal name
-