Camel-K: Custom HTTP Client with Kerberos auth

I haven’t been able to do this using the Apache Camel HTTP component yet, so I put together a Processor to do it for me instead. To make this work we need a krb5.conf and login.conf file with settings for our domain.
Example krb5.conf

[libdefaults]
    default_realm = MYDOMAIN.SE

[realms]
    MYDOMAIN.SE = {
        kdc = kdc.mydomain.se
    }

Example Login.conf

com.sun.security.jgss.krb5.initiate {
  com.sun.security.auth.module.Krb5LoginModule required
 doNotPrompt=false useTicketCache=true;
};

Camel flow:

public class MyFlow extends RouteBuilder {

  @Override
  public void configure() throws Exception {
    from("timer:myTimer?repeatCount=1")
          .process(new CustomHTTPClient())
          .log("${body}");                  
  }

  // Create a custom Authenticator
  static class MyAuthenticator extends Authenticator {
    public PasswordAuthentication getPasswordAuthentication() {
      return (new PasswordAuthentication("username", 
                                         "password".toCharArray()));
    }
  }

  // Camel Processor
  public static class CustomHTTPClient implements Processor {

    public void process(Exchange exchange) throws Exception {
      // Setup Kerberos authentication via Java VM options
      System.setProperty("java.security.krb5.conf", "/etc/krb5.conf");
      System.setProperty("java.security.auth.login.config", "/etc/login.conf");
      System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
      System.setProperty("sun.security.krb5.debug", "true"); // Debug logging 

      // Set a custom Authenticator
      Authenticator.setDefault(new MyAuthenticator());

      // Custom "HTTPClient"
      URL url = new URL("https://resource.mydomain.se/data");
      InputStream ins = url.openConnection().getInputStream();
      BufferedReader reader = new BufferedReader(new InputStreamReader(ins));
      String str = "";
      for (String line; (line = reader.readLine()) != null; str += line);

      // Set payload as message back to flow
      exchange.getIn().setBody(str);
    }
  }
}

Kamel run arguments:

kamel run MyFlow.java 
               --resource file:krb5.conf@/etc/krb5.conf 
               --resource file:login.conf@/etc/login.conf

Tested on Apache Camel K Runtime 1.16.0, Apache Camel 3.19.0, Minikube v1.29.0 and WSL2 Ubuntu 20.04.4 LTS

  1. Snyggt Niklas!

Leave a Comment


NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre lang="" line="" escaped="" cssfile="">

This site uses Akismet to reduce spam. Learn how your comment data is processed.