Package org.apache.zookeeper.util
Class SecurityUtils
java.lang.Object
org.apache.zookeeper.util.SecurityUtils
-
Field Summary
Fields -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionstatic SaslClientcreateSaslClient(Subject subject, String servicePrincipal, String protocol, String serverName, org.slf4j.Logger LOG, String entity) Create an instance of a SaslClient.static SaslServercreateSaslServer(Subject subject, String protocol, String serverName, CallbackHandler callbackHandler, org.slf4j.Logger LOG) Create an instance of a SaslServer.static StringgetServerPrincipal(String principalConfig, String hostname) Convert Kerberos principal name pattern to valid Kerberos principal name.
-
Field Details
-
QUORUM_HOSTNAME_PATTERN
- See Also:
-
-
Constructor Details
-
SecurityUtils
public SecurityUtils()
-
-
Method Details
-
createSaslClient
public static SaslClient createSaslClient(Subject subject, String servicePrincipal, String protocol, String serverName, org.slf4j.Logger LOG, String entity) throws SaslException Create an instance of a SaslClient. It will return null if there is an exception.- Parameters:
subject- subjectservicePrincipal- principalprotocol- name of the protocol for which the authentication is being performedserverName- name of the server to authenticate toLOG- loggerentity- can be either zookeeper client or quorum learner- Returns:
- saslclient object
- Throws:
SaslException
-
createSaslServer
public static SaslServer createSaslServer(Subject subject, String protocol, String serverName, CallbackHandler callbackHandler, org.slf4j.Logger LOG) Create an instance of a SaslServer. It will return null if there is an exception.- Parameters:
subject- subjectprotocol- protocolserverName- server namecallbackHandler- login callback handlerLOG- logger- Returns:
- sasl server object
-
getServerPrincipal
Convert Kerberos principal name pattern to valid Kerberos principal name. If the principal name contains hostname pattern "_HOST" then it replaces with the given hostname, which should be fully-qualified domain name.- Parameters:
principalConfig- the Kerberos principal name conf value to converthostname- the fully-qualified domain name used for substitution- Returns:
- converted Kerberos principal name
-