Search in sources :

Example 76 with CallbackHandler

use of javax.security.auth.callback.CallbackHandler in project karaf by apache.

the class DigestPasswordLoginModule method login.

public boolean login() throws LoginException {
    if (usersFile == null) {
        throw new LoginException("The property users may not be null");
    }
    File f = new File(usersFile);
    if (!f.exists()) {
        throw new LoginException("Users file not found at " + f);
    }
    Properties users;
    try {
        users = new Properties(f);
    } catch (IOException ioe) {
        throw new LoginException("Unable to load user properties file " + f);
    }
    Callback[] callbacks = new Callback[2];
    callbacks[0] = new NameCallback("Username: ");
    callbacks[1] = new PasswordCallback("Password: ", false);
    if (callbackHandler != null) {
        try {
            callbackHandler.handle(callbacks);
        } catch (IOException ioe) {
            throw new LoginException(ioe.getMessage());
        } catch (UnsupportedCallbackException uce) {
            throw new LoginException(uce.getMessage() + " not available to obtain information from user");
        }
    }
    // user callback get value
    if (((NameCallback) callbacks[0]).getName() == null) {
        throw new LoginException("Username can not be null");
    }
    user = ((NameCallback) callbacks[0]).getName();
    if (user.startsWith(PropertiesBackingEngine.GROUP_PREFIX)) {
        // you can't log in under a group name
        throw new FailedLoginException("login failed");
    }
    // password callback get value
    if (((PasswordCallback) callbacks[1]).getPassword() == null) {
        throw new LoginException("Password can not be null");
    }
    String password = new String(((PasswordCallback) callbacks[1]).getPassword());
    // user infos container read from the users properties file
    String userInfos = null;
    try {
        userInfos = users.get(user);
    } catch (NullPointerException e) {
    // error handled in the next statement
    }
    if (userInfos == null) {
        if (!this.detailedLoginExcepion) {
            throw new FailedLoginException("login failed");
        } else {
            throw new FailedLoginException("User " + user + " does not exist");
        }
    }
    // the password is in the first position
    String[] infos = userInfos.split(",");
    String storedPassword = infos[0];
    CallbackHandler myCallbackHandler = null;
    try {
        Field field = callbackHandler.getClass().getDeclaredField("ch");
        field.setAccessible(true);
        myCallbackHandler = (CallbackHandler) field.get(callbackHandler);
    } catch (Exception e) {
        throw new LoginException("Unable to load underlying callback handler");
    }
    if (myCallbackHandler instanceof NameDigestPasswordCallbackHandler) {
        NameDigestPasswordCallbackHandler digestCallbackHandler = (NameDigestPasswordCallbackHandler) myCallbackHandler;
        storedPassword = doPasswordDigest(digestCallbackHandler.getNonce(), digestCallbackHandler.getCreatedTime(), storedPassword);
    }
    // check the provided password
    if (!checkPassword(password, storedPassword)) {
        if (!this.detailedLoginExcepion) {
            throw new FailedLoginException("login failed");
        } else {
            throw new FailedLoginException("Password for " + user + " does not match");
        }
    }
    principals = new HashSet<>();
    principals.add(new UserPrincipal(user));
    for (int i = 1; i < infos.length; i++) {
        if (infos[i].trim().startsWith(PropertiesBackingEngine.GROUP_PREFIX)) {
            // it's a group reference
            principals.add(new GroupPrincipal(infos[i].trim().substring(PropertiesBackingEngine.GROUP_PREFIX.length())));
            String groupInfo = users.get(infos[i].trim());
            if (groupInfo != null) {
                String[] roles = groupInfo.split(",");
                for (int j = 1; j < roles.length; j++) {
                    principals.add(new RolePrincipal(roles[j].trim()));
                }
            }
        } else {
            // it's an user reference
            principals.add(new RolePrincipal(infos[i].trim()));
        }
    }
    users.clear();
    if (debug) {
        LOGGER.debug("Successfully logged in {}", user);
    }
    return true;
}
Also used : CallbackHandler(javax.security.auth.callback.CallbackHandler) IOException(java.io.IOException) Properties(org.apache.felix.utils.properties.Properties) LoginException(javax.security.auth.login.LoginException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) IOException(java.io.IOException) FailedLoginException(javax.security.auth.login.FailedLoginException) UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal) Field(java.lang.reflect.Field) PasswordCallback(javax.security.auth.callback.PasswordCallback) NameCallback(javax.security.auth.callback.NameCallback) Callback(javax.security.auth.callback.Callback) NameCallback(javax.security.auth.callback.NameCallback) FailedLoginException(javax.security.auth.login.FailedLoginException) GroupPrincipal(org.apache.karaf.jaas.boot.principal.GroupPrincipal) LoginException(javax.security.auth.login.LoginException) FailedLoginException(javax.security.auth.login.FailedLoginException) PasswordCallback(javax.security.auth.callback.PasswordCallback) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal) File(java.io.File)

Example 77 with CallbackHandler

use of javax.security.auth.callback.CallbackHandler in project karaf by apache.

the class PropertiesLoginModuleTest method testNullPassword.

@Test
public void testNullPassword() throws Exception {
    PropertiesLoginModule module = new PropertiesLoginModule();
    Subject subject = new Subject();
    CallbackHandler handler = new NullHandler();
    Map<String, String> options = new HashMap<>();
    options.put(PropertiesLoginModule.USER_FILE, getTestUsersFile());
    module.initialize(subject, handler, null, options);
    try {
        module.login();
        Assert.fail("LoginException expected");
    } catch (LoginException e) {
        Assert.assertEquals("Password can not be null", e.getMessage());
    }
}
Also used : NamePasswordCallbackHandler(org.apache.karaf.jaas.modules.NamePasswordCallbackHandler) CallbackHandler(javax.security.auth.callback.CallbackHandler) HashMap(java.util.HashMap) LoginException(javax.security.auth.login.LoginException) FailedLoginException(javax.security.auth.login.FailedLoginException) Subject(javax.security.auth.Subject) Test(org.junit.Test)

Example 78 with CallbackHandler

use of javax.security.auth.callback.CallbackHandler in project fabric8 by jboss-fuse.

the class JolokiaSecureHttpContext method doAuthenticate.

private Subject doAuthenticate(final String username, final String password) {
    try {
        Subject subject = new Subject();
        LoginContext loginContext = new LoginContext(realm, subject, new CallbackHandler() {

            public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
                for (int i = 0; i < callbacks.length; i++) {
                    if (callbacks[i] instanceof NameCallback) {
                        ((NameCallback) callbacks[i]).setName(username);
                    } else if (callbacks[i] instanceof PasswordCallback) {
                        ((PasswordCallback) callbacks[i]).setPassword(password.toCharArray());
                    } else {
                        throw new UnsupportedCallbackException(callbacks[i]);
                    }
                }
            }
        });
        loginContext.login();
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Login successful: {}", subject);
        }
        boolean found = false;
        for (String role : roles) {
            if (role != null && role.length() > 0 && !found) {
                String roleName = role.trim();
                int idx = roleName.indexOf(':');
                if (idx > 0) {
                    roleName = roleName.substring(idx + 1);
                }
                for (Principal p : subject.getPrincipals()) {
                    if (p.getName().equals(roleName)) {
                        found = true;
                        break;
                    }
                }
            }
        }
        if (!found) {
            throw new FailedLoginException("User does not have the required role " + Arrays.asList(roles));
        }
        return subject;
    } catch (AccountException e) {
        LOGGER.warn("Account failure", e);
        return null;
    } catch (LoginException e) {
        LOGGER.debug("Login failed", e);
        return null;
    }
}
Also used : CallbackHandler(javax.security.auth.callback.CallbackHandler) IOException(java.io.IOException) Subject(javax.security.auth.Subject) LoginContext(javax.security.auth.login.LoginContext) PasswordCallback(javax.security.auth.callback.PasswordCallback) NameCallback(javax.security.auth.callback.NameCallback) Callback(javax.security.auth.callback.Callback) NameCallback(javax.security.auth.callback.NameCallback) FailedLoginException(javax.security.auth.login.FailedLoginException) AccountException(javax.security.auth.login.AccountException) PasswordCallback(javax.security.auth.callback.PasswordCallback) LoginException(javax.security.auth.login.LoginException) FailedLoginException(javax.security.auth.login.FailedLoginException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) Principal(java.security.Principal)

Example 79 with CallbackHandler

use of javax.security.auth.callback.CallbackHandler in project fabric8 by jboss-fuse.

the class GitSecureHttpContext method doAuthenticate.

private Subject doAuthenticate(final String username, final String password) {
    try {
        Subject subject = new Subject();
        LoginContext loginContext = new LoginContext(realm, subject, new CallbackHandler() {

            public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
                for (int i = 0; i < callbacks.length; i++) {
                    if (callbacks[i] instanceof NameCallback) {
                        ((NameCallback) callbacks[i]).setName(username);
                    } else if (callbacks[i] instanceof PasswordCallback) {
                        ((PasswordCallback) callbacks[i]).setPassword(password.toCharArray());
                    } else {
                        throw new UnsupportedCallbackException(callbacks[i]);
                    }
                }
            }
        });
        loginContext.login();
        boolean found = false;
        main: for (String role : roles) {
            if (role != null && role.length() > 0) {
                for (Principal p : subject.getPrincipals()) {
                    if (role.equals(p.getName()) || p instanceof Group && isGroupMember((Group) p, role)) {
                        found = true;
                        break main;
                    }
                }
            }
        }
        if (!found) {
            throw new FailedLoginException("User does not have any of the required roles: " + Arrays.asList(roles));
        }
        return subject;
    } catch (AccountException e) {
        LOGGER.debug("Account failure", e);
        return null;
    } catch (LoginException e) {
        LOGGER.debug("Login failed", e);
        return null;
    }
}
Also used : Group(java.security.acl.Group) CallbackHandler(javax.security.auth.callback.CallbackHandler) IOException(java.io.IOException) Subject(javax.security.auth.Subject) LoginContext(javax.security.auth.login.LoginContext) PasswordCallback(javax.security.auth.callback.PasswordCallback) NameCallback(javax.security.auth.callback.NameCallback) Callback(javax.security.auth.callback.Callback) NameCallback(javax.security.auth.callback.NameCallback) FailedLoginException(javax.security.auth.login.FailedLoginException) AccountException(javax.security.auth.login.AccountException) PasswordCallback(javax.security.auth.callback.PasswordCallback) LoginException(javax.security.auth.login.LoginException) FailedLoginException(javax.security.auth.login.FailedLoginException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) Principal(java.security.Principal)

Example 80 with CallbackHandler

use of javax.security.auth.callback.CallbackHandler in project xades4j by luisgoncalves.

the class KeyStoreKeyingDataProvider method ensureInitialized.

private void ensureInitialized() throws UnexpectedJCAException {
    synchronized (this.lockObj) {
        if (!this.initialized) {
            try {
                KeyStore.CallbackHandlerProtection storeLoadProtec = null;
                if (storePasswordProvider != null)
                    // Create the load protection with callback.
                    storeLoadProtec = new KeyStore.CallbackHandlerProtection(new CallbackHandler() {

                        @Override
                        public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
                            PasswordCallback c = (PasswordCallback) callbacks[0];
                            c.setPassword(storePasswordProvider.getPassword());
                        }
                    });
                else
                    // If no load password provider is supplied is because it shouldn't
                    // be needed. Create a dummy protection because the keystore
                    // builder needs it to be non-null.
                    storeLoadProtec = new KeyStore.CallbackHandlerProtection(new CallbackHandler() {

                        @Override
                        public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
                            throw new UnsupportedOperationException("No KeyStorePasswordProvider");
                        }
                    });
                this.keyStore = builderCreator.getBuilder(storeLoadProtec).getKeyStore();
            } catch (KeyStoreException ex) {
                throw new UnexpectedJCAException("The keystore couldn't be initialized", ex);
            }
            this.initialized = true;
        }
    }
}
Also used : CallbackHandler(javax.security.auth.callback.CallbackHandler) IOException(java.io.IOException) KeyStoreException(java.security.KeyStoreException) KeyStore(java.security.KeyStore) PasswordCallback(javax.security.auth.callback.PasswordCallback) Callback(javax.security.auth.callback.Callback) UnexpectedJCAException(xades4j.verification.UnexpectedJCAException) PasswordCallback(javax.security.auth.callback.PasswordCallback) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)

Aggregations

CallbackHandler (javax.security.auth.callback.CallbackHandler)274 Crypto (org.apache.wss4j.common.crypto.Crypto)82 IOException (java.io.IOException)75 Callback (javax.security.auth.callback.Callback)73 Element (org.w3c.dom.Element)70 Subject (javax.security.auth.Subject)68 PasswordCallback (javax.security.auth.callback.PasswordCallback)63 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)61 PasswordCallbackHandler (org.apache.cxf.sts.common.PasswordCallbackHandler)60 Document (org.w3c.dom.Document)60 LoginContext (javax.security.auth.login.LoginContext)55 NameCallback (javax.security.auth.callback.NameCallback)51 LoginException (javax.security.auth.login.LoginException)44 Principal (java.security.Principal)42 ReceivedToken (org.apache.cxf.sts.request.ReceivedToken)42 TokenValidator (org.apache.cxf.sts.token.validator.TokenValidator)38 SAMLTokenValidator (org.apache.cxf.sts.token.validator.SAMLTokenValidator)36 STSPropertiesMBean (org.apache.cxf.sts.STSPropertiesMBean)34 Test (org.junit.Test)34 ArrayList (java.util.ArrayList)32