Example 6 with Callback
use of javax.security.auth.callback.Callback in project OpenAM by OpenRock.
the class LoginViewBean method processLoginDisplay.
protected void processLoginDisplay() throws Exception {
loginDebug.message("In processLoginDisplay()");
String tmp = "";
try {
if (!onePageLogin) {
if (AuthUtils.isNewRequest(ac)) {
loginDebug.message("In processLoginDisplay() : Session New ");
getLoginDisplay();
return;
}
}
String page_state = request.getParameter("page_state");
if (loginDebug.messageEnabled()) {
loginDebug.message("Submit with Page State : " + page_state);
}
if ((page_state != null) && (page_state.length() != 0)) {
callbacks = AuthUtils.getCallbacksPerState(ac, page_state);
if (callbacks == null) {
errorCode = AMAuthErrorCode.AUTH_TIMEOUT;
ErrorMessage = AuthUtils.getErrorVal(AMAuthErrorCode.AUTH_TIMEOUT, AuthUtils.ERROR_MESSAGE);
errorTemplate = AuthUtils.getErrorVal(AMAuthErrorCode.AUTH_TIMEOUT, AuthUtils.ERROR_TEMPLATE);
return;
}
//Get Callbacks in order to set the page state
Callback[] callbacksForPageState = AuthUtils.getRecdCallback(ac);
for (int i = 0; i < callbacksForPageState.length; i++) {
if (loginDebug.messageEnabled()) {
loginDebug.message("In processLoginDisplay() callbacksForPageState : " + callbacksForPageState[i]);
}
if (callbacksForPageState[i] instanceof PagePropertiesCallback) {
PagePropertiesCallback ppc = (PagePropertiesCallback) callbacksForPageState[i];
if (loginDebug.messageEnabled()) {
loginDebug.message("setPageState in PPC to : " + page_state);
}
ppc.setPageState(page_state);
break;
}
}
} else {
callbacks = AuthUtils.getRecdCallback(ac);
}
indexType = AuthUtils.getIndexType(ac);
// Assign user specified values
for (int i = 0; i < callbacks.length; i++) {
if (loginDebug.messageEnabled()) {
loginDebug.message("In processLoginDisplay() callback : " + callbacks[i]);
}
if (callbacks[i] instanceof NameCallback) {
NameCallback nc = (NameCallback) callbacks[i];
tmp = (String) reqDataHash.get(TOKEN + Integer.toString(i));
if (tmp == null) {
tmp = (String) reqDataHash.get(TOKEN_OLD + Integer.toString(i));
}
if ((bAuthLevel) || (tmp == null)) {
tmp = "";
}
nc.setName(tmp.trim());
} else if (callbacks[i] instanceof PasswordCallback) {
PasswordCallback pc = (PasswordCallback) callbacks[i];
tmp = (String) reqDataHash.get(TOKEN + Integer.toString(i));
if (tmp == null) {
tmp = (String) reqDataHash.get(TOKEN_OLD + Integer.toString(i));
}
if (tmp == null) {
tmp = "";
}
pc.setPassword(tmp.toCharArray());
} else if (callbacks[i] instanceof ChoiceCallback) {
ChoiceCallback cc = (ChoiceCallback) callbacks[i];
choice = (String) reqDataHash.get(TOKEN + Integer.toString(i));
if (choice == null) {
choice = (String) reqDataHash.get(TOKEN_OLD + Integer.toString(i));
}
if (loginDebug.messageEnabled()) {
loginDebug.message("choice : " + choice);
}
String[] choices = cc.getChoices();
if (choice == null) {
if (loginDebug.messageEnabled()) {
loginDebug.message("No selected choice.");
}
} else if (choice.indexOf("|") != -1) {
StringTokenizer st = new StringTokenizer(choice, "|");
int cnt = st.countTokens();
int[] selectIndexs = new int[cnt];
int j = 0;
if (loginDebug.messageEnabled()) {
loginDebug.message("No of tokens : " + Integer.toString(cnt));
}
while (st.hasMoreTokens()) {
choice = st.nextToken();
if (choice != null && choice.length() != 0) {
int selected = Integer.parseInt(choice);
choice = choices[selected];
selectIndexs[j++] = selected;
if (loginDebug.messageEnabled()) {
loginDebug.message("selected choice : " + choice + " & selected index : " + selected);
}
}
}
cc.setSelectedIndexes(selectIndexs);
if (loginDebug.messageEnabled()) {
loginDebug.message("Selected indexes : " + selectIndexs);
}
} else {
int selected = Integer.parseInt(choice);
cc.setSelectedIndex(selected);
choice = choices[selected];
if (loginDebug.messageEnabled()) {
loginDebug.message("selected ONE choice : " + choice + " & selected ONE index : " + selected);
}
}
} else if (callbacks[i] instanceof ConfirmationCallback) {
ConfirmationCallback conc = (ConfirmationCallback) callbacks[i];
buttonOptions = conc.getOptions();
tmp = (String) reqDataHash.get(BUTTON);
if (tmp == null) {
tmp = (String) reqDataHash.get(BUTTON_OLD);
}
if (tmp == null) {
tmp = "";
}
int selectedIndex = 0;
for (int j = 0; j < buttonOptions.length; j++) {
if ((buttonOptions[j].trim()).equals(tmp.trim())) {
selectedIndex = j;
}
}
conc.setSelectedIndex(selectedIndex);
if (loginDebug.messageEnabled()) {
loginDebug.message("selected button : " + buttonOptions[selectedIndex] + " & selected button index : " + selectedIndex);
}
} else if (callbacks[i] instanceof RedirectCallback) {
RedirectCallback rc = (RedirectCallback) callbacks[i];
String status = request.getParameter(rc.getStatusParameter());
clearCookie(rc.getRedirectBackUrlCookieName());
loginDebug.message("Redirect callback : set status");
rc.setStatus(status);
}
}
// testing
if (loginDebug.messageEnabled()) {
loginDebug.message(" length 0f callbacks : " + callbacks.length);
loginDebug.message(" Index type : " + indexType + " Index name : " + indexName);
}
if ((indexType == AuthContext.IndexType.LEVEL) || (indexType == AuthContext.IndexType.COMPOSITE_ADVICE)) {
if (loginDebug.messageEnabled()) {
loginDebug.message("In processLoginDisplay(), Index type" + " is Auth Level or Composite Advice and selected Module " + "or Service is : " + choice);
}
indexName = AMAuthUtils.getDataFromRealmQualifiedData(choice);
String qualifiedRealm = AMAuthUtils.getRealmFromRealmQualifiedData(choice);
String orgDN = null;
if ((qualifiedRealm != null) && (qualifiedRealm.length() != 0)) {
orgDN = DNMapper.orgNameToDN(qualifiedRealm);
ac.setOrgDN(orgDN);
}
int type = AuthUtils.getCompositeAdviceType(ac);
if (type == AuthUtils.MODULE) {
indexType = AuthContext.IndexType.MODULE_INSTANCE;
} else if (type == AuthUtils.SERVICE) {
indexType = AuthContext.IndexType.SERVICE;
} else if (type == AuthUtils.REALM) {
indexType = AuthContext.IndexType.SERVICE;
orgDN = DNMapper.orgNameToDN(choice);
indexName = AuthUtils.getOrgConfiguredAuthenticationChain(orgDN);
ac.setOrgDN(orgDN);
} else {
indexType = AuthContext.IndexType.MODULE_INSTANCE;
}
bAuthLevel = true;
if ((indexName != null) && (indexType == AuthContext.IndexType.MODULE_INSTANCE)) {
if (indexName.equalsIgnoreCase("Application")) {
onePageLogin = true;
}
}
if (loginDebug.messageEnabled()) {
loginDebug.message("Index type : " + indexType);
loginDebug.message("Index name : " + indexName);
loginDebug.message("qualified orgDN : " + orgDN);
}
getLoginDisplay();
} else {
// Submit the information to auth module
ac.submitRequirements(callbacks);
// Check if more information is required
if (loginDebug.messageEnabled()) {
loginDebug.message("before hasMoreRequirements: Status is: " + ac.getStatus());
}
if (ac.hasMoreRequirements()) {
loginDebug.message("Has more requirements after Submit ");
callbacks = ac.getRequirements();
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof HttpCallback) {
processHttpCallback((HttpCallback) callbacks[i]);
return;
} else if (callbacks[i] instanceof RedirectCallback) {
processRedirectCallback((RedirectCallback) callbacks[i]);
return;
}
}
addLoginCallbackMessage(callbacks);
if (!LoginFail) {
//if the login already failed, then LoginState is already
//nullified, hence any attempt of calling this method
//the errormessage/code/template should be already set
//so a proper error page is shown.
AuthUtils.setCallbacksPerState(ac, pageState, callbacks);
}
} else {
if (loginDebug.messageEnabled()) {
loginDebug.message("No more Requirements : Status is : " + ac.getStatus());
}
if (ac.getStatus() == AuthContext.Status.SUCCESS) {
LoginSuccess = true;
ResultVal = rb.getString("authentication.successful");
/*
* redirect to 'goto' parameter or SPI hook or default
* redirect URL.
*/
redirect_url = AuthUtils.getLoginSuccessURL(ac);
if ((redirect_url != null) && (redirect_url.length() != 0)) {
if (loginDebug.messageEnabled()) {
loginDebug.message("LoginSuccessURL (in case of " + " successful auth) : " + redirect_url);
}
}
} else if (ac.getStatus() == AuthContext.Status.FAILED) {
handleAuthLoginException(null);
/*
* redirect to 'goto' parameter or SPI hook or default
* redirect URL.
*/
redirect_url = AuthUtils.getLoginFailedURL(ac);
if ((redirect_url != null) && (redirect_url.length() != 0)) {
if (loginDebug.messageEnabled()) {
loginDebug.message("LoginFailedURL : " + redirect_url);
}
}
} else {
/*
* redirect to 'goto' parameter or SPI hook or default
* redirect URL.
*/
redirect_url = AuthUtils.getLoginFailedURL(ac);
if (loginDebug.warningEnabled()) {
loginDebug.warning("Login Status is " + ac.getStatus() + " - redirect to loginFailedURL : " + redirect_url);
}
setErrorMessage(null);
}
}
}
} catch (Exception e) {
if (loginDebug.messageEnabled()) {
loginDebug.message("Error in processing LoginDisplay : ", e);
}
setErrorMessage(e);
throw new L10NMessageImpl(bundleName, "loginDisplay.process", new Object[] { e.getMessage() });
}
}
Also used :
RedirectCallback(com.sun.identity.authentication.spi.RedirectCallback)
ConfirmationCallback(javax.security.auth.callback.ConfirmationCallback)
PagePropertiesCallback(com.sun.identity.authentication.spi.PagePropertiesCallback)
L10NMessageImpl(com.sun.identity.shared.locale.L10NMessageImpl)
HttpCallback(com.sun.identity.authentication.spi.HttpCallback)
ModelControlException(com.iplanet.jato.model.ModelControlException)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
SSOException(com.iplanet.sso.SSOException)
IOException(java.io.IOException)
ChoiceCallback(javax.security.auth.callback.ChoiceCallback)
StringTokenizer(java.util.StringTokenizer)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
Callback(javax.security.auth.callback.Callback)
PagePropertiesCallback(com.sun.identity.authentication.spi.PagePropertiesCallback)
HttpCallback(com.sun.identity.authentication.spi.HttpCallback)
RedirectCallback(com.sun.identity.authentication.spi.RedirectCallback)
ChoiceCallback(javax.security.auth.callback.ChoiceCallback)
NameCallback(javax.security.auth.callback.NameCallback)
ConfirmationCallback(javax.security.auth.callback.ConfirmationCallback)
NameCallback(javax.security.auth.callback.NameCallback)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
Example 7 with Callback
use of javax.security.auth.callback.Callback in project OpenAM by OpenRock.
the class Federation method process.
/**
* Process the authentication request.
* @return ISAuthConstants.LOGIN_SUCCEED as succeeded;
* ISAuthConstants.LOGIN_IGNORE as failed.
* @exception AuthLoginException upon any failure. login state should be
* kept on exceptions for status check in auth chaining.
*/
public int process(Callback[] callbacks, int state) throws AuthLoginException {
String randomSecret = null;
String principalName = null;
String authLevel = null;
try {
Callback[] cbs = new Callback[3];
cbs[0] = new NameCallback(FMSessionProvider.RANDOM_SECRET);
cbs[1] = new NameCallback(SessionProvider.PRINCIPAL_NAME);
cbs[2] = new NameCallback(SessionProvider.AUTH_LEVEL);
callbackHandler.handle(cbs);
randomSecret = ((NameCallback) cbs[0]).getName();
principalName = ((NameCallback) cbs[1]).getName();
authLevel = ((NameCallback) cbs[2]).getName();
} catch (IllegalArgumentException ill) {
throw new AuthLoginException(fmAuthFederation, "IllegalArgs", null);
} catch (IOException ioe) {
throw new AuthLoginException(ioe);
} catch (UnsupportedCallbackException uce) {
throw new AuthLoginException(fmAuthFederation, "UnsupportedCallback", null);
}
if (!FMSessionProvider.matchSecret(randomSecret)) {
throw new AuthLoginException(fmAuthFederation, "NoMatchingSecret", null);
}
HttpServletRequest request = getHttpServletRequest();
if (request != null) {
Map<String, Set<String>> attrs = (Map<String, Set<String>>) request.getAttribute(SessionProvider.ATTR_MAP);
if (attrs != null) {
setUserAttributes(attrs);
request.removeAttribute(SessionProvider.ATTR_MAP);
}
}
// TBD: This piece may or may not be needed
/*
DN dnObject = new DN(userName);
String [] array = dnObject.explodeDN(true);
userName = array[0];
*/
debug.message("Module is successful");
storeUsernamePasswd(principalName, null);
userName = principalName;
if (authLevel != null && authLevel.length() != 0) {
try {
int authLevelInt = Integer.parseInt(authLevel);
setAuthLevel(authLevelInt);
} catch (Exception e) {
debug.error("Unable to set auth level " + authLevel, e);
}
}
return ISAuthConstants.LOGIN_SUCCEED;
}
Also used :
Set(java.util.Set)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
IOException(java.io.IOException)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
IOException(java.io.IOException)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
NameCallback(javax.security.auth.callback.NameCallback)
Callback(javax.security.auth.callback.Callback)
NameCallback(javax.security.auth.callback.NameCallback)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
Map(java.util.Map)
Example 8 with Callback
use of javax.security.auth.callback.Callback in project OpenAM by OpenRock.
the class CommandLineSSO method getAuthcontext.
// Creates AuthContext and submits requirements
private static AuthContext getAuthcontext(String orgName) throws AuthLoginException, IOException {
AuthContext lc = new AuthContext(orgName);
AuthContext.IndexType indexType = AuthContext.IndexType.MODULE_INSTANCE;
String indexName = "DataStore";
System.out.println("DataStore: Obtained login context");
lc.login(indexType, indexName);
Callback[] callback = lc.getRequirements();
for (int i = 0; i < callback.length; i++) {
if (callback[i] instanceof NameCallback) {
NameCallback name = (NameCallback) callback[i];
System.out.print(name.getPrompt());
name.setName((new BufferedReader(new InputStreamReader(System.in))).readLine());
} else if (callback[i] instanceof PasswordCallback) {
PasswordCallback pass = (PasswordCallback) callback[i];
System.out.print(pass.getPrompt());
String password = (new BufferedReader(new InputStreamReader(System.in))).readLine();
pass.setPassword(password.toCharArray());
}
}
lc.submitRequirements(callback);
return lc;
}
Also used :
PasswordCallback(javax.security.auth.callback.PasswordCallback)
NameCallback(javax.security.auth.callback.NameCallback)
Callback(javax.security.auth.callback.Callback)
NameCallback(javax.security.auth.callback.NameCallback)
InputStreamReader(java.io.InputStreamReader)
BufferedReader(java.io.BufferedReader)
AuthContext(com.sun.identity.authentication.AuthContext)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
Example 9 with Callback
use of javax.security.auth.callback.Callback in project OpenAM by OpenRock.
the class DJLDAPv3Repo method authenticate.
/**
* Tries to bind as the user with the credentials passed in via callbacks. This authentication mechanism does not
* handle password policies, nor password expiration.
*
* @param credentials The username/password combination.
* @return <code>true</code> if the bind operation was successful.
* @throws IdRepoException If the passed in username/password was null, or if the specified user cannot be found.
* @throws AuthLoginException If an LDAP error occurs during authentication.
* @throws InvalidPasswordException If the provided password is not valid, so Account Lockout can be triggered.
*/
@Override
public boolean authenticate(Callback[] credentials) throws IdRepoException, AuthLoginException {
if (DEBUG.messageEnabled()) {
DEBUG.message("authenticate invoked");
}
String userName = null;
char[] password = null;
for (Callback callback : credentials) {
if (callback instanceof NameCallback) {
userName = ((NameCallback) callback).getName();
} else if (callback instanceof PasswordCallback) {
password = ((PasswordCallback) callback).getPassword();
}
}
if (userName == null || password == null) {
throw newIdRepoException(IdRepoErrorCode.UNABLE_TO_AUTHENTICATE, CLASS_NAME);
}
String dn = findDNForAuth(IdType.USER, userName);
Connection conn = null;
try {
BindRequest bindRequest = LDAPRequests.newSimpleBindRequest(dn, password);
conn = bindConnectionFactory.getConnection();
BindResult bindResult = conn.bind(bindRequest);
return bindResult.isSuccess();
} catch (LdapException ere) {
ResultCode resultCode = ere.getResult().getResultCode();
if (DEBUG.messageEnabled()) {
DEBUG.message("An error occurred while trying to authenticate a user: " + ere.toString());
}
if (resultCode.equals(ResultCode.INVALID_CREDENTIALS)) {
throw new InvalidPasswordException(AM_AUTH, "InvalidUP", null, userName, null);
} else if (resultCode.equals(ResultCode.UNWILLING_TO_PERFORM) || resultCode.equals(ResultCode.CONSTRAINT_VIOLATION)) {
throw new AuthLoginException(AM_AUTH, "FAuth", null);
} else if (resultCode.equals(ResultCode.INAPPROPRIATE_AUTHENTICATION)) {
throw new AuthLoginException(AM_AUTH, "InappAuth", null);
} else {
throw new AuthLoginException(AM_AUTH, "LDAPex", null);
}
} finally {
IOUtils.closeIfNotNull(conn);
}
}
Also used :
PasswordCallback(javax.security.auth.callback.PasswordCallback)
Callback(javax.security.auth.callback.Callback)
NameCallback(javax.security.auth.callback.NameCallback)
NameCallback(javax.security.auth.callback.NameCallback)
Connection(org.forgerock.opendj.ldap.Connection)
BindRequest(org.forgerock.opendj.ldap.requests.BindRequest)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
BindResult(org.forgerock.opendj.ldap.responses.BindResult)
InvalidPasswordException(com.sun.identity.authentication.spi.InvalidPasswordException)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
ByteString(org.forgerock.opendj.ldap.ByteString)
LdapException(org.forgerock.opendj.ldap.LdapException)
ResultCode(org.forgerock.opendj.ldap.ResultCode)
Example 10 with Callback
use of javax.security.auth.callback.Callback in project OpenAM by OpenRock.
the class RestAuthCallbackHandlerManagerTest method shouldFailToHandleJsonCallbacksWithMissingJSONCallback.
@Test(expectedExceptions = RestAuthException.class)
public void shouldFailToHandleJsonCallbacksWithMissingJSONCallback() throws RestAuthException {
//Given
Callback callback1 = mock(Callback.class);
Callback callback2 = mock(Callback.class);
Callback callback3 = mock(Callback.class);
Callback[] callbacks = new Callback[] { callback1, callback2, callback3 };
RestAuthCallbackHandler restAuthCallbackHandler1 = mock(RestAuthCallbackHandler.class);
RestAuthCallbackHandler restAuthCallbackHandler2 = mock(RestAuthCallbackHandler.class);
RestAuthCallbackHandler restAuthCallbackHandler3 = mock(RestAuthCallbackHandler.class);
JsonValue jsonCallback1 = mock(JsonValue.class);
JsonValue jsonCallback2 = mock(JsonValue.class);
JsonValue jsonCallbacks = mock(JsonValue.class);
JsonValue jsonCallback1Type = mock(JsonValue.class);
JsonValue jsonCallback2Type = mock(JsonValue.class);
given(restAuthCallbackHandlerFactory.getRestAuthCallbackHandler(Matchers.<Class<? extends Callback>>anyObject())).willReturn(restAuthCallbackHandler1).willReturn(restAuthCallbackHandler2).willReturn(restAuthCallbackHandler3);
given(restAuthCallbackHandler1.getCallbackClassName()).willReturn("CALLBACK1");
given(restAuthCallbackHandler2.getCallbackClassName()).willReturn("CALLBACK2");
given(restAuthCallbackHandler2.getCallbackClassName()).willReturn("CALLBACK3");
given(jsonCallback1.get("type")).willReturn(jsonCallback1Type);
given(jsonCallback2.get("type")).willReturn(jsonCallback2Type);
given(jsonCallback1Type.asString()).willReturn("CALLBACK1");
given(jsonCallback2Type.asString()).willReturn("CALLBACK2");
given(restAuthCallbackHandler1.convertFromJson(callback1, jsonCallback1)).willReturn(callback1);
given(restAuthCallbackHandler2.convertFromJson(callback2, jsonCallback2)).willReturn(callback2);
//When
restAuthCallbackHandlerManager.handleJsonCallbacks(callbacks, jsonCallbacks);
//Then
fail();
}
Also used :
Callback(javax.security.auth.callback.Callback)
JsonValue(org.forgerock.json.JsonValue)
RestAuthCallbackHandler(org.forgerock.openam.core.rest.authn.callbackhandlers.RestAuthCallbackHandler)
Test(org.testng.annotations.Test)
Aggregations
Callback (javax.security.auth.callback.Callback)390
NameCallback (javax.security.auth.callback.NameCallback)250
PasswordCallback (javax.security.auth.callback.PasswordCallback)245
UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)210
IOException (java.io.IOException)141
LoginException (javax.security.auth.login.LoginException)89
CallbackHandler (javax.security.auth.callback.CallbackHandler)76
Subject (javax.security.auth.Subject)52
ChoiceCallback (javax.security.auth.callback.ChoiceCallback)52
Test (org.testng.annotations.Test)42
FailedLoginException (javax.security.auth.login.FailedLoginException)41
ConfirmationCallback (javax.security.auth.callback.ConfirmationCallback)38
Principal (java.security.Principal)37
HashMap (java.util.HashMap)37
LoginContext (javax.security.auth.login.LoginContext)37
AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)31
Test (org.junit.Test)31
RealmCallback (javax.security.sasl.RealmCallback)30
AuthorizeCallback (javax.security.sasl.AuthorizeCallback)29
HttpServletRequest (javax.servlet.http.HttpServletRequest)28
