Wednesday, February 26, 2014

Kerberos Java Client: Code

This is the second post of the Kerberos Java Client series.
First post can be found here [1].

This post is on the java code that is used to connect to the Kerberized server using ssh, execute a command ('ls') there and get results ( read the output stream).

You need to provide the locations of the Kerberos configuration file and the Jaas configuration file as System properties. I've done it inside the class itself.

The code is pretty much self explanatory.

import com.jcraft.jsch.*;


import java.io.IOException;
import java.io.InputStream;
import java.util.Properties;

public class JSCHKerberosConnector {
    public static void main() {

        String host = "test.xsede.org";
        String user = "sachith";
        String  command = "ls -ltr";

        JSch jsch = new JSch();
        jsch.setLogger(new MyLogger());

        System.setProperty("java.security.krb5.conf", );
        System.setProperty("java.security.auth.login.config", );
        System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
       
        //to enable kerberos debugging mode
        System.setProperty("sun.security.krb5.debug", "true");

        try {

            Session session = jsch.getSession(user, host, 22);
            Properties config = new java.util.Properties();
            config.put("StrictHostKeyChecking", "no");
            config.put("PreferredAuthentications",
                    "gssapi-with-mic");

            session.setConfig(config);
            session.connect(20000);

            Channel channel = session.openChannel("exec");
            ((ChannelExec) channel).setCommand( command);
            channel.setInputStream(null);
            ((ChannelExec) channel).setErrStream(System.err);

            InputStream in = channel.getInputStream();
            channel.connect();
            byte[] tmp = new byte[1024];
               while (true) {
                while (in.available() > 0) {
                    int i = in.read(tmp, 0, 1024);
                    if (i < 0) break;
                    System.out.print(new String(tmp, 0, i));
                }
                if (channel.isClosed()) {
                    System.out.println("exit-status: " + channel.getExitStatus());
                    break;
                }
                try {
                    Thread.sleep(1000);
                } catch (Exception ee) {
                }
            }
            channel.disconnect();
            session.disconnect();
            System.out.println("DONE");

        } catch (JSchException e) {
            e.printStackTrace();
        } catch (IOException e) {
            e.printStackTrace();
        }
    }
    //to log the jsch activity
    public static class MyLogger implements com.jcraft.jsch.Logger {
        static java.util.Hashtable name=new java.util.Hashtable();
        static{
            name.put(new Integer(DEBUG), "DEBUG: ");
            name.put(new Integer(INFO), "INFO: ");
            name.put(new Integer(WARN), "WARN: ");
            name.put(new Integer(ERROR), "ERROR: ");
            name.put(new Integer(FATAL), "FATAL: ");
        }
        public boolean isEnabled(int level){
            return true;
        }
        public void log(int level, String message){
            System.err.print(name.get(new Integer(level)));
            System.err.println(message);
        }
    }
}




[1] http://sachithdhanushka.blogspot.com/2014/02/kerberos-java-client-configuration.html

1 comment: