use of javax.security.auth.callback.CallbackHandler in project karaf by apache.
the class DigestPasswordLoginModule method login.
public boolean login() throws LoginException {
if (usersFile == null) {
throw new LoginException("The property users may not be null");
}
File f = new File(usersFile);
if (!f.exists()) {
throw new LoginException("Users file not found at " + f);
}
Properties users;
try {
users = new Properties(f);
} catch (IOException ioe) {
throw new LoginException("Unable to load user properties file " + f);
}
Callback[] callbacks = new Callback[2];
callbacks[0] = new NameCallback("Username: ");
callbacks[1] = new PasswordCallback("Password: ", false);
if (callbackHandler != null) {
try {
callbackHandler.handle(callbacks);
} catch (IOException ioe) {
throw new LoginException(ioe.getMessage());
} catch (UnsupportedCallbackException uce) {
throw new LoginException(uce.getMessage() + " not available to obtain information from user");
}
}
// user callback get value
if (((NameCallback) callbacks[0]).getName() == null) {
throw new LoginException("Username can not be null");
}
user = ((NameCallback) callbacks[0]).getName();
if (user.startsWith(PropertiesBackingEngine.GROUP_PREFIX)) {
// you can't log in under a group name
throw new FailedLoginException("login failed");
}
// password callback get value
if (((PasswordCallback) callbacks[1]).getPassword() == null) {
throw new LoginException("Password can not be null");
}
String password = new String(((PasswordCallback) callbacks[1]).getPassword());
// user infos container read from the users properties file
String userInfos = null;
try {
userInfos = users.get(user);
} catch (NullPointerException e) {
// error handled in the next statement
}
if (userInfos == null) {
if (!this.detailedLoginExcepion) {
throw new FailedLoginException("login failed");
} else {
throw new FailedLoginException("User " + user + " does not exist");
}
}
// the password is in the first position
String[] infos = userInfos.split(",");
String storedPassword = infos[0];
CallbackHandler myCallbackHandler = null;
try {
Field field = callbackHandler.getClass().getDeclaredField("ch");
field.setAccessible(true);
myCallbackHandler = (CallbackHandler) field.get(callbackHandler);
} catch (Exception e) {
throw new LoginException("Unable to load underlying callback handler");
}
if (myCallbackHandler instanceof NameDigestPasswordCallbackHandler) {
NameDigestPasswordCallbackHandler digestCallbackHandler = (NameDigestPasswordCallbackHandler) myCallbackHandler;
storedPassword = doPasswordDigest(digestCallbackHandler.getNonce(), digestCallbackHandler.getCreatedTime(), storedPassword);
}
// check the provided password
if (!checkPassword(password, storedPassword)) {
if (!this.detailedLoginExcepion) {
throw new FailedLoginException("login failed");
} else {
throw new FailedLoginException("Password for " + user + " does not match");
}
}
principals = new HashSet<>();
principals.add(new UserPrincipal(user));
for (int i = 1; i < infos.length; i++) {
if (infos[i].trim().startsWith(PropertiesBackingEngine.GROUP_PREFIX)) {
// it's a group reference
principals.add(new GroupPrincipal(infos[i].trim().substring(PropertiesBackingEngine.GROUP_PREFIX.length())));
String groupInfo = users.get(infos[i].trim());
if (groupInfo != null) {
String[] roles = groupInfo.split(",");
for (int j = 1; j < roles.length; j++) {
principals.add(new RolePrincipal(roles[j].trim()));
}
}
} else {
// it's an user reference
principals.add(new RolePrincipal(infos[i].trim()));
}
}
users.clear();
if (debug) {
LOGGER.debug("Successfully logged in {}", user);
}
return true;
}
use of javax.security.auth.callback.CallbackHandler in project karaf by apache.
the class PropertiesLoginModuleTest method testNullPassword.
@Test
public void testNullPassword() throws Exception {
PropertiesLoginModule module = new PropertiesLoginModule();
Subject subject = new Subject();
CallbackHandler handler = new NullHandler();
Map<String, String> options = new HashMap<>();
options.put(PropertiesLoginModule.USER_FILE, getTestUsersFile());
module.initialize(subject, handler, null, options);
try {
module.login();
Assert.fail("LoginException expected");
} catch (LoginException e) {
Assert.assertEquals("Password can not be null", e.getMessage());
}
}
use of javax.security.auth.callback.CallbackHandler in project fabric8 by jboss-fuse.
the class JolokiaSecureHttpContext method doAuthenticate.
private Subject doAuthenticate(final String username, final String password) {
try {
Subject subject = new Subject();
LoginContext loginContext = new LoginContext(realm, subject, new CallbackHandler() {
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof NameCallback) {
((NameCallback) callbacks[i]).setName(username);
} else if (callbacks[i] instanceof PasswordCallback) {
((PasswordCallback) callbacks[i]).setPassword(password.toCharArray());
} else {
throw new UnsupportedCallbackException(callbacks[i]);
}
}
}
});
loginContext.login();
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("Login successful: {}", subject);
}
boolean found = false;
for (String role : roles) {
if (role != null && role.length() > 0 && !found) {
String roleName = role.trim();
int idx = roleName.indexOf(':');
if (idx > 0) {
roleName = roleName.substring(idx + 1);
}
for (Principal p : subject.getPrincipals()) {
if (p.getName().equals(roleName)) {
found = true;
break;
}
}
}
}
if (!found) {
throw new FailedLoginException("User does not have the required role " + Arrays.asList(roles));
}
return subject;
} catch (AccountException e) {
LOGGER.warn("Account failure", e);
return null;
} catch (LoginException e) {
LOGGER.debug("Login failed", e);
return null;
}
}
use of javax.security.auth.callback.CallbackHandler in project fabric8 by jboss-fuse.
the class GitSecureHttpContext method doAuthenticate.
private Subject doAuthenticate(final String username, final String password) {
try {
Subject subject = new Subject();
LoginContext loginContext = new LoginContext(realm, subject, new CallbackHandler() {
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof NameCallback) {
((NameCallback) callbacks[i]).setName(username);
} else if (callbacks[i] instanceof PasswordCallback) {
((PasswordCallback) callbacks[i]).setPassword(password.toCharArray());
} else {
throw new UnsupportedCallbackException(callbacks[i]);
}
}
}
});
loginContext.login();
boolean found = false;
main: for (String role : roles) {
if (role != null && role.length() > 0) {
for (Principal p : subject.getPrincipals()) {
if (role.equals(p.getName()) || p instanceof Group && isGroupMember((Group) p, role)) {
found = true;
break main;
}
}
}
}
if (!found) {
throw new FailedLoginException("User does not have any of the required roles: " + Arrays.asList(roles));
}
return subject;
} catch (AccountException e) {
LOGGER.debug("Account failure", e);
return null;
} catch (LoginException e) {
LOGGER.debug("Login failed", e);
return null;
}
}
use of javax.security.auth.callback.CallbackHandler in project xades4j by luisgoncalves.
the class KeyStoreKeyingDataProvider method ensureInitialized.
private void ensureInitialized() throws UnexpectedJCAException {
synchronized (this.lockObj) {
if (!this.initialized) {
try {
KeyStore.CallbackHandlerProtection storeLoadProtec = null;
if (storePasswordProvider != null)
// Create the load protection with callback.
storeLoadProtec = new KeyStore.CallbackHandlerProtection(new CallbackHandler() {
@Override
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
PasswordCallback c = (PasswordCallback) callbacks[0];
c.setPassword(storePasswordProvider.getPassword());
}
});
else
// If no load password provider is supplied is because it shouldn't
// be needed. Create a dummy protection because the keystore
// builder needs it to be non-null.
storeLoadProtec = new KeyStore.CallbackHandlerProtection(new CallbackHandler() {
@Override
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
throw new UnsupportedOperationException("No KeyStorePasswordProvider");
}
});
this.keyStore = builderCreator.getBuilder(storeLoadProtec).getKeyStore();
} catch (KeyStoreException ex) {
throw new UnexpectedJCAException("The keystore couldn't be initialized", ex);
}
this.initialized = true;
}
}
}
Aggregations