Search in sources :

Example 81 with CallbackHandler

use of javax.security.auth.callback.CallbackHandler in project jackrabbit-oak by apache.

the class AbstractLoginModuleTest method testGetCredentialsFromCallbackHandler.

@Test
public void testGetCredentialsFromCallbackHandler() {
    CallbackHandler cbh = new CallbackHandler() {

        @Override
        public void handle(Callback[] callbacks) {
            for (Callback cb : callbacks) {
                if (cb instanceof CredentialsCallback) {
                    ((CredentialsCallback) cb).setCredentials(new TestCredentials());
                }
            }
        }
    };
    AbstractLoginModule lm = initLoginModule(TestCredentials.class, cbh);
    assertTrue(lm.getCredentials() instanceof TestCredentials);
    lm = initLoginModule(SimpleCredentials.class, cbh);
    assertNull(lm.getCredentials());
}
Also used : SimpleCredentials(javax.jcr.SimpleCredentials) CallbackHandler(javax.security.auth.callback.CallbackHandler) PrincipalProviderCallback(org.apache.jackrabbit.oak.spi.security.authentication.callback.PrincipalProviderCallback) RepositoryCallback(org.apache.jackrabbit.oak.spi.security.authentication.callback.RepositoryCallback) SecurityProviderCallback(org.apache.jackrabbit.oak.spi.security.authentication.callback.SecurityProviderCallback) WhiteboardCallback(org.apache.jackrabbit.oak.spi.security.authentication.callback.WhiteboardCallback) UserManagerCallback(org.apache.jackrabbit.oak.spi.security.authentication.callback.UserManagerCallback) CredentialsCallback(org.apache.jackrabbit.oak.spi.security.authentication.callback.CredentialsCallback) Callback(javax.security.auth.callback.Callback) CredentialsCallback(org.apache.jackrabbit.oak.spi.security.authentication.callback.CredentialsCallback) Test(org.junit.Test)

Example 82 with CallbackHandler

use of javax.security.auth.callback.CallbackHandler in project jackrabbit-oak by apache.

the class GuestLoginModuleTest method testGuestCredentials.

@Test
public void testGuestCredentials() throws LoginException {
    Subject subject = new Subject();
    CallbackHandler cbh = new TestCallbackHandler(new GuestCredentials());
    Map sharedState = new HashMap();
    guestLoginModule.initialize(subject, cbh, sharedState, Collections.<String, Object>emptyMap());
    assertFalse(guestLoginModule.login());
    assertFalse(sharedState.containsKey(AbstractLoginModule.SHARED_KEY_CREDENTIALS));
    assertFalse(guestLoginModule.commit());
    assertTrue(subject.getPrincipals().isEmpty());
    assertTrue(subject.getPublicCredentials().isEmpty());
    assertFalse(guestLoginModule.logout());
}
Also used : CallbackHandler(javax.security.auth.callback.CallbackHandler) HashMap(java.util.HashMap) HashMap(java.util.HashMap) Map(java.util.Map) Subject(javax.security.auth.Subject) GuestCredentials(javax.jcr.GuestCredentials) Test(org.junit.Test)

Example 83 with CallbackHandler

use of javax.security.auth.callback.CallbackHandler in project jackrabbit-oak by apache.

the class GuestLoginModuleTest method testThrowingCallbackhandler.

@Test
public void testThrowingCallbackhandler() throws LoginException {
    Subject subject = new Subject();
    CallbackHandler cbh = new ThrowingCallbackHandler(true);
    Map sharedState = new HashMap();
    guestLoginModule.initialize(subject, cbh, sharedState, Collections.<String, Object>emptyMap());
    assertFalse(guestLoginModule.login());
    assertFalse(sharedState.containsKey(AbstractLoginModule.SHARED_KEY_CREDENTIALS));
    assertFalse(guestLoginModule.commit());
    assertTrue(subject.getPublicCredentials(GuestCredentials.class).isEmpty());
    assertFalse(guestLoginModule.logout());
}
Also used : CallbackHandler(javax.security.auth.callback.CallbackHandler) HashMap(java.util.HashMap) HashMap(java.util.HashMap) Map(java.util.Map) Subject(javax.security.auth.Subject) Test(org.junit.Test)

Example 84 with CallbackHandler

use of javax.security.auth.callback.CallbackHandler in project jackrabbit-oak by apache.

the class GuestLoginModuleTest method testSimpleCredentials.

@Test
public void testSimpleCredentials() throws LoginException {
    Subject subject = new Subject();
    CallbackHandler cbh = new TestCallbackHandler(new SimpleCredentials("test", new char[0]));
    Map sharedState = new HashMap();
    guestLoginModule.initialize(subject, cbh, sharedState, Collections.<String, Object>emptyMap());
    assertFalse(guestLoginModule.login());
    assertFalse(sharedState.containsKey(AbstractLoginModule.SHARED_KEY_CREDENTIALS));
    assertFalse(guestLoginModule.commit());
    assertTrue(subject.getPrincipals().isEmpty());
    assertTrue(subject.getPublicCredentials().isEmpty());
    assertFalse(guestLoginModule.logout());
}
Also used : SimpleCredentials(javax.jcr.SimpleCredentials) CallbackHandler(javax.security.auth.callback.CallbackHandler) HashMap(java.util.HashMap) HashMap(java.util.HashMap) Map(java.util.Map) Subject(javax.security.auth.Subject) Test(org.junit.Test)

Example 85 with CallbackHandler

use of javax.security.auth.callback.CallbackHandler in project jspwiki by apache.

the class AuthenticationManager method login.

/**
 * Attempts to perform a WikiSession login for the given username/password
 * combination using JSPWiki's custom authentication mode. In order to log in,
 * the JAAS LoginModule supplied by the WikiEngine property {@link #PROP_LOGIN_MODULE}
 * will be instantiated, and its
 * {@link javax.security.auth.spi.LoginModule#initialize(Subject, CallbackHandler, Map, Map)}
 * method will be invoked. By default, the {@link org.apache.wiki.auth.login.UserDatabaseLoginModule}
 * class will be used. When the LoginModule's <code>initialize</code> method is invoked,
 * an options Map populated by properties keys prefixed by {@link #PREFIX_LOGIN_MODULE_OPTIONS}
 * will be passed as a parameter.
 * @param session the current wiki session; may not be <code>null</code>.
 * @param request the user's HTTP request. This parameter may be <code>null</code>, but the configured
 * LoginModule will not have access to the HTTP request in this case.
 * @param username The user name. This is a login name, not a WikiName. In
 *            most cases they are the same, but in some cases, they might
 *            not be.
 * @param password the password
 * @return true, if the username/password is valid
 * @throws org.apache.wiki.auth.WikiSecurityException if the Authorizer or UserManager cannot be obtained
 */
public boolean login(WikiSession session, HttpServletRequest request, String username, String password) throws WikiSecurityException {
    if (session == null) {
        log.error("No wiki session provided, cannot log in.");
        return false;
    }
    // Protect against brute-force password guessing if configured to do so
    if (m_throttleLogins) {
        delayLogin(username);
    }
    CallbackHandler handler = new WikiCallbackHandler(m_engine, null, username, password);
    // Execute the user's specified login module
    Set<Principal> principals = doJAASLogin(m_loginModuleClass, handler, m_loginModuleOptions);
    if (principals.size() > 0) {
        fireEvent(WikiSecurityEvent.LOGIN_AUTHENTICATED, getLoginPrincipal(principals), session);
        for (Principal principal : principals) {
            fireEvent(WikiSecurityEvent.PRINCIPAL_ADD, principal, session);
        }
        // Add all appropriate Authorizer roles
        injectAuthorizerRoles(session, m_engine.getAuthorizationManager().getAuthorizer(), null);
        return true;
    }
    return false;
}
Also used : WebContainerCallbackHandler(org.apache.wiki.auth.login.WebContainerCallbackHandler) CallbackHandler(javax.security.auth.callback.CallbackHandler) WikiCallbackHandler(org.apache.wiki.auth.login.WikiCallbackHandler) WikiCallbackHandler(org.apache.wiki.auth.login.WikiCallbackHandler) Principal(java.security.Principal)

Aggregations

CallbackHandler (javax.security.auth.callback.CallbackHandler)274 Crypto (org.apache.wss4j.common.crypto.Crypto)82 IOException (java.io.IOException)75 Callback (javax.security.auth.callback.Callback)73 Element (org.w3c.dom.Element)70 Subject (javax.security.auth.Subject)68 PasswordCallback (javax.security.auth.callback.PasswordCallback)63 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)61 PasswordCallbackHandler (org.apache.cxf.sts.common.PasswordCallbackHandler)60 Document (org.w3c.dom.Document)60 LoginContext (javax.security.auth.login.LoginContext)55 NameCallback (javax.security.auth.callback.NameCallback)51 LoginException (javax.security.auth.login.LoginException)44 Principal (java.security.Principal)42 ReceivedToken (org.apache.cxf.sts.request.ReceivedToken)42 TokenValidator (org.apache.cxf.sts.token.validator.TokenValidator)38 SAMLTokenValidator (org.apache.cxf.sts.token.validator.SAMLTokenValidator)36 STSPropertiesMBean (org.apache.cxf.sts.STSPropertiesMBean)34 Test (org.junit.Test)34 ArrayList (java.util.ArrayList)32