Examples with SaslAuth io.streamnative.pulsar.handlers.kop.SaslAuth used on opensource projects

Example 1 with SaslAuth

use of io.streamnative.pulsar.handlers.kop.SaslAuth in project starlight-for-kafka by datastax.

the class PlainSaslServer method evaluateResponse.

@Override
public byte[] evaluateResponse(byte[] response) throws SaslException {
    SaslAuth saslAuth;
    try {
        saslAuth = SaslUtils.parseSaslAuthBytes(response);
    } catch (IOException e) {
        throw new SaslException(e.getMessage());
    }
    username = saslAuth.getUsername();
    AuthenticationProvider authenticationProvider = authenticationService.getAuthenticationProvider(saslAuth.getAuthMethod());
    if (authenticationProvider == null) {
        throw new SaslException("No AuthenticationProvider found for method " + saslAuth.getAuthMethod());
    }
    try {
        final AuthenticationState authState = authenticationProvider.newAuthState(AuthData.of(saslAuth.getAuthData().getBytes(StandardCharsets.UTF_8)), null, null);
        final String role = authState.getAuthRole();
        if (StringUtils.isEmpty(role)) {
            throw new AuthenticationException("Role cannot be empty.");
        }
        if (proxyRoles != null && proxyRoles.contains(authState.getAuthRole())) {
            // the Proxy passes the OriginalPrincipal as "username"
            authorizationId = saslAuth.getUsername();
            // PULSAR TENANT
            username = null;
            if (authorizationId.contains("/")) {
                // the proxy uses username/originalPrincipal as "username"
                int lastSlash = authorizationId.lastIndexOf('/');
                username = authorizationId.substring(lastSlash + 1);
                authorizationId = authorizationId.substring(0, lastSlash);
            }
            log.info("Authenticated Proxy role {} as user role {} tenant (username) {}", authState.getAuthRole(), authorizationId, username);
            if (proxyRoles.contains(authorizationId)) {
                throw new SaslException("The proxy (with role " + authState.getAuthRole() + ") tried to forward another proxy user (with role " + authorizationId + ")");
            }
        } else {
            authorizationId = authState.getAuthRole();
            log.info("Authenticated User {} tenant (username) {}", authorizationId, username);
        }
        complete = true;
        return new byte[0];
    } catch (AuthenticationException e) {
        throw new SaslException(e.getMessage());
    }
}

Example 2 with SaslAuth

use of io.streamnative.pulsar.handlers.kop.SaslAuth in project starlight-for-kafka by datastax.

the class SaslUtilsTest method testDecodingSasl.

@Test(timeOut = 2000)
public void testDecodingSasl() throws Exception {
    byte[] message = this.saslMessage("authorizationID", "user", "token:my-awesome-token");
    SaslAuth result = SaslUtils.parseSaslAuthBytes(message);
    assertEquals(result.getUsername(), "user");
    assertEquals(result.getAuthMethod(), "token");
    assertEquals(result.getAuthData(), "my-awesome-token");
}

Example 3 with SaslAuth

use of io.streamnative.pulsar.handlers.kop.SaslAuth in project kop by streamnative.

the class PlainSaslServer method evaluateResponse.

@Override
public byte[] evaluateResponse(byte[] response) throws SaslException {
    SaslAuth saslAuth;
    try {
        saslAuth = SaslUtils.parseSaslAuthBytes(response);
    } catch (IOException e) {
        throw new SaslException(e.getMessage());
    }
    username = saslAuth.getUsername();
    AuthenticationProvider authenticationProvider = authenticationService.getAuthenticationProvider(saslAuth.getAuthMethod());
    if (authenticationProvider == null) {
        throw new SaslException("No AuthenticationProvider found for method " + saslAuth.getAuthMethod());
    }
    try {
        final AuthenticationState authState = authenticationProvider.newAuthState(AuthData.of(saslAuth.getAuthData().getBytes(StandardCharsets.UTF_8)), null, null);
        final String role = authState.getAuthRole();
        if (StringUtils.isEmpty(role)) {
            throw new AuthenticationException("Role cannot be empty.");
        }
        if (proxyRoles != null && proxyRoles.contains(authState.getAuthRole())) {
            // the Proxy passes the OriginalPrincipal as "username"
            authorizationId = saslAuth.getUsername();
            authDataSource = authState.getAuthDataSource();
            // PULSAR TENANT
            username = null;
            if (authorizationId.contains("/")) {
                // the proxy uses username/originalPrincipal as "username"
                int lastSlash = authorizationId.lastIndexOf('/');
                username = authorizationId.substring(lastSlash + 1);
                authorizationId = authorizationId.substring(0, lastSlash);
            }
            log.info("Authenticated Proxy role {} as user role {} tenant (username) {}", authState.getAuthRole(), authorizationId, username);
            if (proxyRoles.contains(authorizationId)) {
                throw new SaslException("The proxy (with role " + authState.getAuthRole() + ") tried to forward another proxy user (with role " + authorizationId + ")");
            }
        } else {
            authorizationId = authState.getAuthRole();
            authDataSource = authState.getAuthDataSource();
            log.info("Authenticated User {}, AuthDataSource {}", authorizationId, authDataSource);
        }
        complete = true;
        return new byte[0];
    } catch (AuthenticationException e) {
        throw new SaslException(e.getMessage());
    }
}

Example 4 with SaslAuth

use of io.streamnative.pulsar.handlers.kop.SaslAuth in project kop by streamnative.

the class SaslUtilsTest method testDecodingSasl.

@Test(timeOut = 2000)
public void testDecodingSasl() throws Exception {
    byte[] message = this.saslMessage("authorizationID", "user", "token:my-awesome-token");
    SaslAuth result = SaslUtils.parseSaslAuthBytes(message);
    assertEquals(result.getUsername(), "user");
    assertEquals(result.getAuthMethod(), "token");
    assertEquals(result.getAuthData(), "my-awesome-token");
}