Examples with LoginException - javax.security.auth.login.LoginException

Example 1 with LoginException

use of javax.security.auth.login.LoginException in project jetty.project by eclipse.

the class LdapLoginModule method login.

/**
     * since ldap uses a context bind for valid authentication checking, we override login()
     * <p>
     * if credentials are not available from the users context or if we are forcing the binding check
     * then we try a binding authentication check, otherwise if we have the users encoded password then
     * we can try authentication via that mechanic
     *
     * @return true if authenticated, false otherwise
     * @throws LoginException if unable to login
     */
public boolean login() throws LoginException {
    try {
        if (getCallbackHandler() == null) {
            throw new LoginException("No callback handler");
        }
        Callback[] callbacks = configureCallbacks();
        getCallbackHandler().handle(callbacks);
        String webUserName = ((NameCallback) callbacks[0]).getName();
        Object webCredential = ((ObjectCallback) callbacks[1]).getObject();
        if (webUserName == null || webCredential == null) {
            setAuthenticated(false);
            return isAuthenticated();
        }
        boolean authed = false;
        if (_forceBindingLogin) {
            authed = bindingLogin(webUserName, webCredential);
        } else {
            // This sets read and the credential
            UserInfo userInfo = getUserInfo(webUserName);
            if (userInfo == null) {
                setAuthenticated(false);
                return false;
            }
            setCurrentUser(new JAASUserInfo(userInfo));
            if (webCredential instanceof String)
                authed = credentialLogin(Credential.getCredential((String) webCredential));
            else
                authed = credentialLogin(webCredential);
        }
        //only fetch roles if authenticated
        if (authed)
            getCurrentUser().fetchRoles();
        return authed;
    } catch (UnsupportedCallbackException e) {
        throw new LoginException("Error obtaining callback information.");
    } catch (IOException e) {
        if (_debug) {
            e.printStackTrace();
        }
        throw new LoginException("IO Error performing login.");
    } catch (Exception e) {
        if (_debug) {
            e.printStackTrace();
        }
        throw new LoginException("Error obtaining user info.");
    }
}

Also used : ObjectCallback(org.eclipse.jetty.jaas.callback.ObjectCallback) IOException(java.io.IOException) LoginException(javax.security.auth.login.LoginException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) NamingException(javax.naming.NamingException) IOException(java.io.IOException) ObjectCallback(org.eclipse.jetty.jaas.callback.ObjectCallback) NameCallback(javax.security.auth.callback.NameCallback) Callback(javax.security.auth.callback.Callback) NameCallback(javax.security.auth.callback.NameCallback) LoginException(javax.security.auth.login.LoginException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)

Example 2 with LoginException

use of javax.security.auth.login.LoginException in project storm by apache.

the class KerberosSaslTransportPlugin method getServerTransportFactory.

public TTransportFactory getServerTransportFactory() throws IOException {
    //create an authentication callback handler
    CallbackHandler server_callback_handler = new ServerCallbackHandler(login_conf, storm_conf);
    //login our principal
    Subject subject = null;
    try {
        //specify a configuration object to be used
        Configuration.setConfiguration(login_conf);
        //now login
        Login login = new Login(AuthUtils.LOGIN_CONTEXT_SERVER, server_callback_handler);
        subject = login.getSubject();
        login.startThreadIfNeeded();
    } catch (LoginException ex) {
        LOG.error("Server failed to login in principal:" + ex, ex);
        throw new RuntimeException(ex);
    }
    //check the credential of our principal
    if (subject.getPrivateCredentials(KerberosTicket.class).isEmpty()) {
        throw new RuntimeException("Fail to verify user principal with section \"" + AuthUtils.LOGIN_CONTEXT_SERVER + "\" in login configuration file " + login_conf);
    }
    String principal = AuthUtils.get(login_conf, AuthUtils.LOGIN_CONTEXT_SERVER, "principal");
    LOG.debug("principal:" + principal);
    KerberosName serviceKerberosName = new KerberosName(principal);
    String serviceName = serviceKerberosName.getServiceName();
    String hostName = serviceKerberosName.getHostName();
    Map<String, String> props = new TreeMap<String, String>();
    props.put(Sasl.QOP, "auth");
    props.put(Sasl.SERVER_AUTH, "false");
    //create a transport factory that will invoke our auth callback for digest
    TSaslServerTransport.Factory factory = new TSaslServerTransport.Factory();
    factory.addServerDefinition(KERBEROS, serviceName, hostName, props, server_callback_handler);
    //create a wrap transport factory so that we could apply user credential during connections
    TUGIAssumingTransportFactory wrapFactory = new TUGIAssumingTransportFactory(factory, subject);
    LOG.info("SASL GSSAPI transport factory will be used");
    return wrapFactory;
}

Also used : CallbackHandler(javax.security.auth.callback.CallbackHandler) KerberosTicket(javax.security.auth.kerberos.KerberosTicket) LoggerFactory(org.slf4j.LoggerFactory) TTransportFactory(org.apache.thrift.transport.TTransportFactory) Login(org.apache.storm.messaging.netty.Login) KerberosName(org.apache.zookeeper.server.auth.KerberosName) TreeMap(java.util.TreeMap) Subject(javax.security.auth.Subject) TSaslServerTransport(org.apache.thrift.transport.TSaslServerTransport) LoginException(javax.security.auth.login.LoginException)

Example 3 with LoginException

use of javax.security.auth.login.LoginException in project cas by apereo.

the class DefaultAccountStateHandler method handlePolicyAttributes.

/**
     * Maps boolean attribute values to their corresponding exception.
     * This handles ad-hoc password policies.
     *
     * @param response the authentication response.
     */
protected void handlePolicyAttributes(final AuthenticationResponse response) {
    final Collection<LdapAttribute> attrs = response.getLdapEntry().getAttributes();
    for (final LdapAttribute attr : attrs) {
        if (this.attributesToErrorMap.containsKey(attr.getName()) && Boolean.parseBoolean(attr.getStringValue())) {
            final Class<LoginException> clazz = this.attributesToErrorMap.get(attr.getName());
            final LoginException ex = (LoginException) ClassUtils.newInstance(clazz);
            if (ex != null) {
                throw Throwables.propagate(ex);
            }
        }
    }
}

Also used : LdapAttribute(org.ldaptive.LdapAttribute) LoginException(javax.security.auth.login.LoginException) FailedLoginException(javax.security.auth.login.FailedLoginException)

Example 4 with LoginException

use of javax.security.auth.login.LoginException in project hadoop by apache.

the class TestSecureRMRegistryOperations method startRMRegistryOperations.

/**
   * Create the RM registry operations as the current user
   * @return the service
   * @throws LoginException
   * @throws FileNotFoundException
   */
public RMRegistryOperationsService startRMRegistryOperations() throws LoginException, IOException, InterruptedException {
    // kerberos
    secureConf.set(KEY_REGISTRY_CLIENT_AUTH, REGISTRY_CLIENT_AUTH_KERBEROS);
    secureConf.set(KEY_REGISTRY_CLIENT_JAAS_CONTEXT, ZOOKEEPER_CLIENT_CONTEXT);
    RMRegistryOperationsService registryOperations = zookeeperUGI.doAs(new PrivilegedExceptionAction<RMRegistryOperationsService>() {

        @Override
        public RMRegistryOperationsService run() throws Exception {
            RMRegistryOperationsService operations = new RMRegistryOperationsService("rmregistry", secureZK);
            addToTeardown(operations);
            operations.init(secureConf);
            LOG.info(operations.bindingDiagnosticDetails());
            operations.start();
            return operations;
        }
    });
    return registryOperations;
}

Also used : LoginException(javax.security.auth.login.LoginException) IOException(java.io.IOException) FileNotFoundException(java.io.FileNotFoundException) ServiceStateException(org.apache.hadoop.service.ServiceStateException) PathPermissionException(org.apache.hadoop.fs.PathPermissionException) NoPathPermissionsException(org.apache.hadoop.registry.client.exceptions.NoPathPermissionsException) RMRegistryOperationsService(org.apache.hadoop.registry.server.integration.RMRegistryOperationsService)

Example 5 with LoginException

use of javax.security.auth.login.LoginException in project hadoop by apache.

the class UserGroupInformation method loginUserFromKeytab.

/**
   * Log a user in from a keytab file. Loads a user identity from a keytab
   * file and logs them in. They become the currently logged-in user.
   * @param user the principal name to load from the keytab
   * @param path the path to the keytab file
   * @throws IOException
   * @throws KerberosAuthException if it's a kerberos login exception.
   */
@InterfaceAudience.Public
@InterfaceStability.Evolving
public static synchronized void loginUserFromKeytab(String user, String path) throws IOException {
    if (!isSecurityEnabled())
        return;
    keytabFile = path;
    keytabPrincipal = user;
    Subject subject = new Subject();
    LoginContext login;
    long start = 0;
    try {
        login = newLoginContext(HadoopConfiguration.KEYTAB_KERBEROS_CONFIG_NAME, subject, new HadoopConfiguration());
        start = Time.now();
        login.login();
        metrics.loginSuccess.add(Time.now() - start);
        loginUser = new UserGroupInformation(subject, false);
        loginUser.setLogin(login);
        loginUser.setAuthenticationMethod(AuthenticationMethod.KERBEROS);
    } catch (LoginException le) {
        if (start > 0) {
            metrics.loginFailure.add(Time.now() - start);
        }
        KerberosAuthException kae = new KerberosAuthException(LOGIN_FAILURE, le);
        kae.setUser(user);
        kae.setKeytabFile(path);
        throw kae;
    }
    LOG.info("Login successful for user " + keytabPrincipal + " using keytab file " + keytabFile);
}

Also used : LoginContext(javax.security.auth.login.LoginContext) LoginException(javax.security.auth.login.LoginException) Subject(javax.security.auth.Subject)

Aggregations

LoginException (javax.security.auth.login.LoginException)480 IOException (java.io.IOException)159 LoginContext (javax.security.auth.login.LoginContext)124 Subject (javax.security.auth.Subject)106 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)95 Callback (javax.security.auth.callback.Callback)86 NameCallback (javax.security.auth.callback.NameCallback)78 FailedLoginException (javax.security.auth.login.FailedLoginException)74 PasswordCallback (javax.security.auth.callback.PasswordCallback)69 Test (org.junit.Test)57 Principal (java.security.Principal)54 CallbackHandler (javax.security.auth.callback.CallbackHandler)42 HashMap (java.util.HashMap)30 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)30 PrivilegedActionException (java.security.PrivilegedActionException)29 ContentSession (org.apache.jackrabbit.oak.api.ContentSession)29 SimpleCredentials (javax.jcr.SimpleCredentials)27 GSSException (org.ietf.jgss.GSSException)19 NamingException (javax.naming.NamingException)16 File (java.io.File)15