Examples with CallbackHandler javax.security.auth.callback.CallbackHandler used on opensource projects

Example 1 with CallbackHandler

use of javax.security.auth.callback.CallbackHandler in project storm by apache.

the class DigestSaslTransportPlugin method getServerTransportFactory.

protected TTransportFactory getServerTransportFactory() throws IOException {
    //create an authentication callback handler
    CallbackHandler serer_callback_handler = new ServerCallbackHandler(login_conf);
    //create a transport factory that will invoke our auth callback for digest
    TSaslServerTransport.Factory factory = new TSaslServerTransport.Factory();
    factory.addServerDefinition(DIGEST, AuthUtils.SERVICE, "localhost", null, serer_callback_handler);
    LOG.info("SASL DIGEST-MD5 transport factory will be used");
    return factory;
}

Example 2 with CallbackHandler

use of javax.security.auth.callback.CallbackHandler in project storm by apache.

the class KerberosSaslTransportPlugin method getServerTransportFactory.

public TTransportFactory getServerTransportFactory() throws IOException {
    //create an authentication callback handler
    CallbackHandler server_callback_handler = new ServerCallbackHandler(login_conf, storm_conf);
    //login our principal
    Subject subject = null;
    try {
        //specify a configuration object to be used
        Configuration.setConfiguration(login_conf);
        //now login
        Login login = new Login(AuthUtils.LOGIN_CONTEXT_SERVER, server_callback_handler);
        subject = login.getSubject();
        login.startThreadIfNeeded();
    } catch (LoginException ex) {
        LOG.error("Server failed to login in principal:" + ex, ex);
        throw new RuntimeException(ex);
    }
    //check the credential of our principal
    if (subject.getPrivateCredentials(KerberosTicket.class).isEmpty()) {
        throw new RuntimeException("Fail to verify user principal with section \"" + AuthUtils.LOGIN_CONTEXT_SERVER + "\" in login configuration file " + login_conf);
    }
    String principal = AuthUtils.get(login_conf, AuthUtils.LOGIN_CONTEXT_SERVER, "principal");
    LOG.debug("principal:" + principal);
    KerberosName serviceKerberosName = new KerberosName(principal);
    String serviceName = serviceKerberosName.getServiceName();
    String hostName = serviceKerberosName.getHostName();
    Map<String, String> props = new TreeMap<String, String>();
    props.put(Sasl.QOP, "auth");
    props.put(Sasl.SERVER_AUTH, "false");
    //create a transport factory that will invoke our auth callback for digest
    TSaslServerTransport.Factory factory = new TSaslServerTransport.Factory();
    factory.addServerDefinition(KERBEROS, serviceName, hostName, props, server_callback_handler);
    //create a wrap transport factory so that we could apply user credential during connections
    TUGIAssumingTransportFactory wrapFactory = new TUGIAssumingTransportFactory(factory, subject);
    LOG.info("SASL GSSAPI transport factory will be used");
    return wrapFactory;
}

Example 3 with CallbackHandler

use of javax.security.auth.callback.CallbackHandler in project hadoop by apache.

the class SaslDataTransferClient method getSaslStreams.

/**
   * Sends client SASL negotiation for general-purpose handshake.
   *
   * @param addr connection address
   * @param underlyingOut connection output stream
   * @param underlyingIn connection input stream
   * @param accessToken connection block access token
   * @return new pair of streams, wrapped after SASL negotiation
   * @throws IOException for any error
   */
private IOStreamPair getSaslStreams(InetAddress addr, OutputStream underlyingOut, InputStream underlyingIn, Token<BlockTokenIdentifier> accessToken) throws IOException {
    Map<String, String> saslProps = saslPropsResolver.getClientProperties(addr);
    String userName = buildUserName(accessToken);
    char[] password = buildClientPassword(accessToken);
    CallbackHandler callbackHandler = new SaslClientCallbackHandler(userName, password);
    return doSaslHandshake(addr, underlyingOut, underlyingIn, userName, saslProps, callbackHandler);
}

Example 4 with CallbackHandler

use of javax.security.auth.callback.CallbackHandler in project hadoop by apache.

the class SaslDataTransferServer method getEncryptedStreams.

/**
   * Receives SASL negotiation for specialized encrypted handshake.
   *
   * @param peer connection peer
   * @param underlyingOut connection output stream
   * @param underlyingIn connection input stream
   * @return new pair of streams, wrapped after SASL negotiation
   * @throws IOException for any error
   */
private IOStreamPair getEncryptedStreams(Peer peer, OutputStream underlyingOut, InputStream underlyingIn) throws IOException {
    if (peer.hasSecureChannel() || dnConf.getTrustedChannelResolver().isTrusted(getPeerAddress(peer))) {
        return new IOStreamPair(underlyingIn, underlyingOut);
    }
    Map<String, String> saslProps = createSaslPropertiesForEncryption(dnConf.getEncryptionAlgorithm());
    if (LOG.isDebugEnabled()) {
        LOG.debug("Server using encryption algorithm " + dnConf.getEncryptionAlgorithm());
    }
    CallbackHandler callbackHandler = new SaslServerCallbackHandler(new PasswordFunction() {

        @Override
        public char[] apply(String userName) throws IOException {
            return encryptionKeyToPassword(getEncryptionKeyFromUserName(userName));
        }
    });
    return doSaslHandshake(peer, underlyingOut, underlyingIn, saslProps, callbackHandler);
}

Example 5 with CallbackHandler

use of javax.security.auth.callback.CallbackHandler in project alluxio by Alluxio.

the class LoginUser method login.

/**
   * Logs in based on the LoginModules.
   *
   * @return the login user
   * @throws IOException if login fails
   */
private static User login() throws IOException {
    AuthType authType = Configuration.getEnum(PropertyKey.SECURITY_AUTHENTICATION_TYPE, AuthType.class);
    checkSecurityEnabled(authType);
    Subject subject = new Subject();
    try {
        CallbackHandler callbackHandler = null;
        if (authType.equals(AuthType.SIMPLE) || authType.equals(AuthType.CUSTOM)) {
            callbackHandler = new AppLoginModule.AppCallbackHandler();
        }
        // Create LoginContext based on authType, corresponding LoginModule should be registered
        // under the authType name in LoginModuleConfiguration.
        LoginContext loginContext = new LoginContext(authType.getAuthName(), subject, callbackHandler, new LoginModuleConfiguration());
        loginContext.login();
    } catch (LoginException e) {
        throw new IOException("Failed to login: " + e.getMessage(), e);
    }
    Set<User> userSet = subject.getPrincipals(User.class);
    if (userSet.isEmpty()) {
        throw new IOException("Failed to login: No Alluxio User is found.");
    }
    if (userSet.size() > 1) {
        StringBuilder msg = new StringBuilder("Failed to login: More than one Alluxio Users are found:");
        for (User user : userSet) {
            msg.append(" ").append(user.toString());
        }
        throw new IOException(msg.toString());
    }
    return userSet.iterator().next();
}