use of javax.security.auth.callback.CallbackHandler in project storm by nathanmarz.
the class DigestSaslTransportPlugin method getServerTransportFactory.
protected TTransportFactory getServerTransportFactory() throws IOException {
//create an authentication callback handler
CallbackHandler serer_callback_handler = new ServerCallbackHandler(login_conf);
//create a transport factory that will invoke our auth callback for digest
TSaslServerTransport.Factory factory = new TSaslServerTransport.Factory();
factory.addServerDefinition(DIGEST, AuthUtils.SERVICE, "localhost", null, serer_callback_handler);
LOG.info("SASL DIGEST-MD5 transport factory will be used");
return factory;
}
use of javax.security.auth.callback.CallbackHandler in project AsmackService by rtreffer.
the class LoginContext method init.
// Does all the machinery needed for the initialization.
private void init(String name, Subject subject, final CallbackHandler cbHandler, Configuration config) throws LoginException {
userProvidedSubject = (this.subject = subject) != null;
//
if (name == null) {
//$NON-NLS-1$
throw new LoginException("auth.00");
}
if (config == null) {
config = Configuration.getAccessibleConfiguration();
} else {
userProvidedConfig = true;
}
SecurityManager sm = System.getSecurityManager();
if (sm != null && !userProvidedConfig) {
//$NON-NLS-1$
sm.checkPermission(new AuthPermission("createLoginContext." + name));
}
AppConfigurationEntry[] entries = config.getAppConfigurationEntry(name);
if (entries == null) {
if (sm != null && !userProvidedConfig) {
//$NON-NLS-1$
sm.checkPermission(new AuthPermission("createLoginContext.other"));
}
//$NON-NLS-1$
entries = config.getAppConfigurationEntry("other");
if (entries == null) {
//$NON-NLS-1$
throw new LoginException("auth.35 " + name);
}
}
modules = new Module[entries.length];
for (int i = 0; i < modules.length; i++) {
modules[i] = new Module(entries[i]);
}
/*
* as some of the operations to be executed (i.e. get*ClassLoader,
* getProperty, class loading) are security-checked, then combine all of
* them into a single doPrivileged() call.
*/
try {
AccessController.doPrivileged(new PrivilegedExceptionAction<Void>() {
public Void run() throws Exception {
// First, set the 'contextClassLoader'
contextClassLoader = Thread.currentThread().getContextClassLoader();
if (contextClassLoader == null) {
contextClassLoader = ClassLoader.getSystemClassLoader();
}
// then, checks whether the cbHandler is set
if (cbHandler == null) {
// well, let's try to find it
String klassName = Security.getProperty(DEFAULT_CALLBACK_HANDLER_PROPERTY);
if (klassName == null || klassName.length() == 0) {
return null;
}
Class<?> klass = Class.forName(klassName, true, contextClassLoader);
callbackHandler = (CallbackHandler) klass.newInstance();
} else {
callbackHandler = cbHandler;
}
return null;
}
});
} catch (PrivilegedActionException ex) {
Throwable cause = ex.getCause();
//$NON-NLS-1$
throw (LoginException) new LoginException("auth.36").initCause(cause);
}
if (userProvidedConfig) {
userContext = AccessController.getContext();
} else if (callbackHandler != null) {
userContext = AccessController.getContext();
callbackHandler = new ContextedCallbackHandler(callbackHandler);
}
}
use of javax.security.auth.callback.CallbackHandler in project jstorm by alibaba.
the class KerberosSaslTransportPlugin method getServerTransportFactory.
public TTransportFactory getServerTransportFactory() throws IOException {
// create an authentication callback handler
CallbackHandler server_callback_handler = new ServerCallbackHandler(login_conf, storm_conf);
// login our principal
Subject subject = null;
try {
// specify a configuration object to be used
Configuration.setConfiguration(login_conf);
// now login
Login login = new Login(AuthUtils.LOGIN_CONTEXT_SERVER, server_callback_handler);
subject = login.getSubject();
} catch (LoginException ex) {
LOG.error("Server failed to login in principal:" + ex, ex);
throw new RuntimeException(ex);
}
// check the credential of our principal
if (subject.getPrivateCredentials(KerberosTicket.class).isEmpty()) {
throw new RuntimeException("Fail to verify user principal with section \"" + AuthUtils.LOGIN_CONTEXT_SERVER + "\" in login configuration file " + login_conf);
}
String principal = AuthUtils.get(login_conf, AuthUtils.LOGIN_CONTEXT_SERVER, "principal");
LOG.debug("principal:" + principal);
KerberosName serviceKerberosName = new KerberosName(principal);
String serviceName = serviceKerberosName.getServiceName();
String hostName = serviceKerberosName.getHostName();
Map<String, String> props = new TreeMap<String, String>();
props.put(Sasl.QOP, "auth");
props.put(Sasl.SERVER_AUTH, "false");
// create a transport factory that will invoke our auth callback for digest
TSaslServerTransport.Factory factory = new TSaslServerTransport.Factory();
factory.addServerDefinition(KERBEROS, serviceName, hostName, props, server_callback_handler);
// create a wrap transport factory so that we could apply user credential during connections
TUGIAssumingTransportFactory wrapFactory = new TUGIAssumingTransportFactory(factory, subject);
LOG.info("SASL GSSAPI transport factory will be used");
return wrapFactory;
}
use of javax.security.auth.callback.CallbackHandler in project jstorm by alibaba.
the class DigestSaslTransportPlugin method getServerTransportFactory.
protected TTransportFactory getServerTransportFactory() throws IOException {
// create an authentication callback handler
CallbackHandler serer_callback_handler = new ServerCallbackHandler(login_conf);
// create a transport factory that will invoke our auth callback for digest
TSaslServerTransport.Factory factory = new TSaslServerTransport.Factory();
factory.addServerDefinition(DIGEST, AuthUtils.SERVICE, "localhost", null, serer_callback_handler);
LOG.info("SASL DIGEST-MD5 transport factory will be used");
return factory;
}
use of javax.security.auth.callback.CallbackHandler in project spring-security by spring-projects.
the class JaasApiIntegrationFilterTests method onBeforeTests.
// ~ Methods
// ========================================================================================================
@Before
public void onBeforeTests() throws Exception {
this.filter = new JaasApiIntegrationFilter();
this.request = new MockHttpServletRequest();
this.response = new MockHttpServletResponse();
authenticatedSubject = new Subject();
authenticatedSubject.getPrincipals().add(new Principal() {
public String getName() {
return "principal";
}
});
authenticatedSubject.getPrivateCredentials().add("password");
authenticatedSubject.getPublicCredentials().add("username");
callbackHandler = new CallbackHandler() {
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (Callback callback : callbacks) {
if (callback instanceof NameCallback) {
((NameCallback) callback).setName("user");
} else if (callback instanceof PasswordCallback) {
((PasswordCallback) callback).setPassword("password".toCharArray());
} else if (callback instanceof TextInputCallback) {
// ignore
} else {
throw new UnsupportedCallbackException(callback, "Unrecognized Callback " + callback);
}
}
}
};
testConfiguration = new Configuration() {
public void refresh() {
}
public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
return new AppConfigurationEntry[] { new AppConfigurationEntry(TestLoginModule.class.getName(), LoginModuleControlFlag.REQUIRED, new HashMap<String, String>()) };
}
};
LoginContext ctx = new LoginContext("SubjectDoAsFilterTest", authenticatedSubject, callbackHandler, testConfiguration);
ctx.login();
token = new JaasAuthenticationToken("username", "password", AuthorityUtils.createAuthorityList("ROLE_ADMIN"), ctx);
// just in case someone forgot to clear the context
SecurityContextHolder.clearContext();
}
Aggregations