[knox] branch master updated: KNOX-2001 - KnoxSession should log a warning message when useSubjectCredsOnly is false

Thu, 29 Aug 2019 14:12:42 -0700 

This is an automated email from the ASF dual-hosted git repository.

pzampino pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/knox.git


The following commit(s) were added to refs/heads/master by this push:
     new 880217d  KNOX-2001 - KnoxSession should log a warning message when 
useSubjectCredsOnly is false
880217d is described below

commit 880217d79543e7e029db391e2acdfc868a06ab61
Author: pzampino <[email protected]>
AuthorDate: Thu Aug 29 16:43:02 2019 -0400

    KNOX-2001 - KnoxSession should log a warning message when 
useSubjectCredsOnly is false
---
 .../src/main/java/org/apache/knox/gateway/shell/KnoxSession.java  | 8 ++++++++
 .../java/org/apache/knox/gateway/shell/KnoxShellMessages.java     | 4 ++++
 2 files changed, 12 insertions(+)

diff --git 
a/gateway-shell/src/main/java/org/apache/knox/gateway/shell/KnoxSession.java 
b/gateway-shell/src/main/java/org/apache/knox/gateway/shell/KnoxSession.java
index 7c817f4..3952a1c 100644
--- a/gateway-shell/src/main/java/org/apache/knox/gateway/shell/KnoxSession.java
+++ b/gateway-shell/src/main/java/org/apache/knox/gateway/shell/KnoxSession.java
@@ -326,6 +326,14 @@ public class KnoxSession implements Closeable {
         System.setProperty("sun.security.jgss.debug", "true");
       }
 
+      // (KNOX-2001) Log a warning if the useSubjectCredsOnly restriction is 
"relaxed"
+      String useSubjectCredsOnly = 
System.getProperty("javax.security.auth.useSubjectCredsOnly");
+      if (useSubjectCredsOnly != null) {
+        if (!Boolean.valueOf(useSubjectCredsOnly)) {
+          LOG.useSubjectCredsOnlyIsFalse();
+        }
+      }
+
       final Registry<AuthSchemeProvider> authSchemeRegistry =
           
RegistryBuilder.<AuthSchemeProvider>create().register(AuthSchemes.SPNEGO, new 
SPNegoSchemeFactory(true)).build();
 
diff --git 
a/gateway-shell/src/main/java/org/apache/knox/gateway/shell/KnoxShellMessages.java
 
b/gateway-shell/src/main/java/org/apache/knox/gateway/shell/KnoxShellMessages.java
index 16c05bc..4c188db 100644
--- 
a/gateway-shell/src/main/java/org/apache/knox/gateway/shell/KnoxShellMessages.java
+++ 
b/gateway-shell/src/main/java/org/apache/knox/gateway/shell/KnoxShellMessages.java
@@ -59,4 +59,8 @@ public interface KnoxShellMessages {
   @Message( level = MessageLevel.DEBUG, text = "JAAS configuration: {0}" )
   void jaasConfigurationLocation(String location);
 
+  @Message( level = MessageLevel.WARN,
+            text = "The javax.security.auth.useSubjectCredsOnly system 
property is set to 'false'; This may yield unexpected results with respect to 
Kerberos authentication." )
+  void useSubjectCredsOnlyIsFalse();
+
 }

Reply via email to