Examples with RoleToken com.yahoo.athenz.auth.token.RoleToken used on opensource projects

Search in sources :

Example 1 with RoleToken

use of com.yahoo.athenz.auth.token.RoleToken in project pulsar by yahoo.

the class AuthenticationProviderAthenz method authenticate.

@Override
public String authenticate(AuthenticationDataSource authData) throws AuthenticationException {
    SocketAddress clientAddress;
    String roleToken;
    if (authData.hasDataFromPeer()) {
        clientAddress = authData.getPeerAddress();
    } else {
        throw new AuthenticationException("Authentication data source does not have a client address");
    }
    if (authData.hasDataFromCommand()) {
        roleToken = authData.getCommandData();
    } else if (authData.hasDataFromHttp()) {
        roleToken = authData.getHttpHeader(AuthZpeClient.ZPE_TOKEN_HDR);
    } else {
        throw new AuthenticationException("Authentication data source does not have a role token");
    }
    if (roleToken == null) {
        throw new AuthenticationException("Athenz token is null, can't authenticate");
    }
    if (roleToken.isEmpty()) {
        throw new AuthenticationException("Athenz RoleToken is empty, Server is Using Athenz Authentication");
    }
    if (log.isDebugEnabled()) {
        log.debug("Athenz RoleToken : [{}] received from Client: {}", roleToken, clientAddress);
    }
    RoleToken token = new RoleToken(roleToken);
    if (!domainNameList.contains(token.getDomain())) {
        throw new AuthenticationException(String.format("Athenz RoleToken Domain mismatch, Expected: %s, Found: %s", domainNameList.toString(), token.getDomain()));
    }
    // Synchronize for non-thread safe static calls inside athenz library
    synchronized (this) {
        PublicKey ztsPublicKey = AuthZpeClient.getZtsPublicKey(token.getKeyId());
        int allowedOffset = 0;
        if (ztsPublicKey == null) {
            throw new AuthenticationException("Unable to retrieve ZTS Public Key");
        }
        if (token.validate(ztsPublicKey, allowedOffset, null)) {
            log.info("Athenz Role Token : {}, Authorized for Client: {}", roleToken, clientAddress);
            return token.getPrincipal();
        } else {
            throw new AuthenticationException(String.format("Athenz Role Token Not Authorized from Client: %s", clientAddress));
        }
    }
}
Also used : AuthenticationException(javax.naming.AuthenticationException) PublicKey(java.security.PublicKey) SocketAddress(java.net.SocketAddress) RoleToken(com.yahoo.athenz.auth.token.RoleToken)

Aggregations

RoleToken (com.yahoo.athenz.auth.token.RoleToken)1 SocketAddress (java.net.SocketAddress)1 PublicKey (java.security.PublicKey)1 AuthenticationException (javax.naming.AuthenticationException)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial