http client w/ kerberos

michele · michele · commit c31413035dee · 2019-09-06T13:53:46.000+02:00
diff --git a/src/test/java/com/arangodb/BaseTest.java b/src/test/java/com/arangodb/BaseTest.java
@@ -38,9 +38,10 @@ public abstract class BaseTest {
     @Parameters
     public static Collection<ArangoDB.Builder> builders() {
         return Arrays.asList(//
-                new ArangoDB.Builder().useProtocol(Protocol.VST), //
-                new ArangoDB.Builder().useProtocol(Protocol.HTTP_JSON), //
-                new ArangoDB.Builder().useProtocol(Protocol.HTTP_VPACK) //
+//                new ArangoDB.Builder().useProtocol(Protocol.VST), //
+                new ArangoDB.Builder().useProtocol(Protocol.HTTP_JSON)
+//                , //
+//                new ArangoDB.Builder().useProtocol(Protocol.HTTP_VPACK) //
         );
     }
 
diff --git a/src/test/java/com/arangodb/KerberosTest.java b/src/test/java/com/arangodb/KerberosTest.java
@@ -0,0 +1,102 @@
+package com.arangodb;/*
+ * DISCLAIMER
+ *
+ * Copyright 2016 ArangoDB GmbH, Cologne, Germany
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Copyright holder is ArangoDB GmbH, Cologne, Germany
+ */
+
+
+import org.apache.http.HttpEntity;
+import org.apache.http.HttpResponse;
+import org.apache.http.auth.AuthScope;
+import org.apache.http.auth.Credentials;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.client.methods.HttpUriRequest;
+import org.apache.http.client.params.AuthPolicy;
+import org.apache.http.impl.auth.SPNegoSchemeFactory;
+import org.apache.http.impl.client.DefaultHttpClient;
+import org.apache.http.util.EntityUtils;
+
+import javax.security.auth.login.LoginException;
+import java.io.IOException;
+import java.security.Principal;
+
+/**
+ * @author Michele Rastelli
+ */
+public class KerberosTest {
+    static private String URL = "http://bruecklinux.arangodb.biz:8899/_db/_system/_api/database/";
+
+    public static void main(String[] args) throws IOException, LoginException {
+        kerberos();
+    }
+
+    private static void kerberos() throws IOException, LoginException {
+
+        System.setProperty("java.security.auth.login.config", "/home/michele/arango/arangodb-java-driver/src/test/resources/login.conf");
+        System.setProperty("java.security.krb5.conf", "/etc/krb5.conf");
+        System.setProperty("sun.security.krb5.debug", "true");
+        System.setProperty("sun.security.jgss.debug", "true");
+        System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
+        System.setProperty("java.security.krb5.realm", "BRUECKLINUX.ARANGODB.BIZ");
+        System.setProperty("java.security.krb5.kdc", "kerberos.BRUECKLINUX.ARANGODB.BIZ");
+
+// OK
+//        LoginContext lc = new LoginContext("SampleClient", new TextCallbackHandler());
+//        lc.login();
+//        System.out.println("done");
+//        lc.getSubject();
+
+        final boolean stripPort = true;
+        final boolean useCanonicalHostname = false;
+
+        DefaultHttpClient httpclient = new DefaultHttpClient();
+        try {
+            httpclient.getAuthSchemes().register(AuthPolicy.SPNEGO, new SPNegoSchemeFactory(stripPort, useCanonicalHostname));
+            Credentials use_jaas_creds = new Credentials() {
+                public String getPassword() {
+                    return null;
+                }
+
+                public Principal getUserPrincipal() {
+                    return null;
+                }
+            };
+            httpclient.getCredentialsProvider().setCredentials(
+                    new AuthScope(null, -1, null),
+                    use_jaas_creds);
+
+            HttpUriRequest request = new HttpGet("http://bruecklinux.arangodb.biz:8899/_db/_system/_api/database/");
+            HttpResponse response = httpclient.execute(request);
+            HttpEntity entity = response.getEntity();
+            System.out.println("----------------------------------------");
+            System.out.println(response.getStatusLine());
+            System.out.println("----------------------------------------");
+            if (entity != null) {
+                System.out.println(EntityUtils.toString(entity));
+            }
+            System.out.println("----------------------------------------");
+//             This ensures the connection gets released back to the manager
+            EntityUtils.consume(entity);
+
+        } finally {
+            // When HttpClient instance is no longer needed,
+            // shut down the connection manager to ensure
+            // immediate deallocation of all system resources
+            httpclient.getConnectionManager().shutdown();
+        }
+    }
+}
diff --git a/src/test/resources/arangodb.properties b/src/test/resources/arangodb.properties
@@ -1,4 +1,4 @@
-arangodb.hosts=localhost:8529
+arangodb.hosts=bruecklinux.arangodb.biz:8899
 arangodb.connections.max=1
 arangodb.acquireHostList=false
 arangodb.password=test
diff --git a/src/test/resources/logback-test.xml b/src/test/resources/logback-test.xml
@@ -8,7 +8,7 @@
     </encoder>
   </appender>
 
-  <root level="info">
+  <root level="trace">
     <appender-ref ref="STDOUT" />
   </root>
 </configuration>
diff --git a/src/test/resources/login.conf b/src/test/resources/login.conf
@@ -0,0 +1,16 @@
+SampleClient {
+    com.sun.security.auth.module.Krb5LoginModule required client=true useTicketCache=true debug=true doNotPrompt=true useKeyTab=true keyTab="file:////home/michele/michele.keytab" renewTGT=false principal=michele;
+};
+
+com.sun.security.jgss.login {
+    com.sun.security.auth.module.Krb5LoginModule required client=true useTicketCache=true debug=true doNotPrompt=true useKeyTab=true keyTab="file:////home/michele/michele.keytab" renewTGT=false principal=michele;
+};
+
+com.sun.security.jgss.initiate {
+    com.sun.security.auth.module.Krb5LoginModule required client=true useTicketCache=true debug=true doNotPrompt=true useKeyTab=true keyTab="file:////home/michele/michele.keytab" renewTGT=false principal=michele;
+};
+
+com.sun.security.jgss.accept {
+    com.sun.security.auth.module.Krb5LoginModule required client=true useTicketCache=true debug=true doNotPrompt=true useKeyTab=true keyTab="file:////home/michele/michele.keytab" renewTGT=false principal=michele;
+};
+
