Search in sources :

Example 6 with CallbackHandler

use of javax.security.auth.callback.CallbackHandler in project storm by nathanmarz.

the class DigestSaslTransportPlugin method getServerTransportFactory.

protected TTransportFactory getServerTransportFactory() throws IOException {
    //create an authentication callback handler
    CallbackHandler serer_callback_handler = new ServerCallbackHandler(login_conf);
    //create a transport factory that will invoke our auth callback for digest
    TSaslServerTransport.Factory factory = new TSaslServerTransport.Factory();
    factory.addServerDefinition(DIGEST, AuthUtils.SERVICE, "localhost", null, serer_callback_handler);
    LOG.info("SASL DIGEST-MD5 transport factory will be used");
    return factory;
}
Also used : TSaslServerTransport(org.apache.thrift7.transport.TSaslServerTransport) CallbackHandler(javax.security.auth.callback.CallbackHandler) LoggerFactory(org.slf4j.LoggerFactory) TTransportFactory(org.apache.thrift7.transport.TTransportFactory)

Example 7 with CallbackHandler

use of javax.security.auth.callback.CallbackHandler in project AsmackService by rtreffer.

the class LoginContext method init.

// Does all the machinery needed for the initialization.
private void init(String name, Subject subject, final CallbackHandler cbHandler, Configuration config) throws LoginException {
    userProvidedSubject = (this.subject = subject) != null;
    //
    if (name == null) {
        //$NON-NLS-1$
        throw new LoginException("auth.00");
    }
    if (config == null) {
        config = Configuration.getAccessibleConfiguration();
    } else {
        userProvidedConfig = true;
    }
    SecurityManager sm = System.getSecurityManager();
    if (sm != null && !userProvidedConfig) {
        //$NON-NLS-1$
        sm.checkPermission(new AuthPermission("createLoginContext." + name));
    }
    AppConfigurationEntry[] entries = config.getAppConfigurationEntry(name);
    if (entries == null) {
        if (sm != null && !userProvidedConfig) {
            //$NON-NLS-1$
            sm.checkPermission(new AuthPermission("createLoginContext.other"));
        }
        //$NON-NLS-1$
        entries = config.getAppConfigurationEntry("other");
        if (entries == null) {
            //$NON-NLS-1$
            throw new LoginException("auth.35 " + name);
        }
    }
    modules = new Module[entries.length];
    for (int i = 0; i < modules.length; i++) {
        modules[i] = new Module(entries[i]);
    }
    /*
         * as some of the operations to be executed (i.e. get*ClassLoader,
         * getProperty, class loading) are security-checked, then combine all of
         * them into a single doPrivileged() call.
         */
    try {
        AccessController.doPrivileged(new PrivilegedExceptionAction<Void>() {

            public Void run() throws Exception {
                // First, set the 'contextClassLoader'
                contextClassLoader = Thread.currentThread().getContextClassLoader();
                if (contextClassLoader == null) {
                    contextClassLoader = ClassLoader.getSystemClassLoader();
                }
                // then, checks whether the cbHandler is set
                if (cbHandler == null) {
                    // well, let's try to find it
                    String klassName = Security.getProperty(DEFAULT_CALLBACK_HANDLER_PROPERTY);
                    if (klassName == null || klassName.length() == 0) {
                        return null;
                    }
                    Class<?> klass = Class.forName(klassName, true, contextClassLoader);
                    callbackHandler = (CallbackHandler) klass.newInstance();
                } else {
                    callbackHandler = cbHandler;
                }
                return null;
            }
        });
    } catch (PrivilegedActionException ex) {
        Throwable cause = ex.getCause();
        //$NON-NLS-1$
        throw (LoginException) new LoginException("auth.36").initCause(cause);
    }
    if (userProvidedConfig) {
        userContext = AccessController.getContext();
    } else if (callbackHandler != null) {
        userContext = AccessController.getContext();
        callbackHandler = new ContextedCallbackHandler(callbackHandler);
    }
}
Also used : CallbackHandler(javax.security.auth.callback.CallbackHandler) PrivilegedActionException(java.security.PrivilegedActionException) AuthPermission(org.apache.harmony.javax.security.auth.AuthPermission) PrivilegedActionException(java.security.PrivilegedActionException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) IOException(java.io.IOException) LoginModule(org.apache.harmony.javax.security.auth.spi.LoginModule)

Example 8 with CallbackHandler

use of javax.security.auth.callback.CallbackHandler in project jstorm by alibaba.

the class KerberosSaslTransportPlugin method getServerTransportFactory.

public TTransportFactory getServerTransportFactory() throws IOException {
    // create an authentication callback handler
    CallbackHandler server_callback_handler = new ServerCallbackHandler(login_conf, storm_conf);
    // login our principal
    Subject subject = null;
    try {
        // specify a configuration object to be used
        Configuration.setConfiguration(login_conf);
        // now login
        Login login = new Login(AuthUtils.LOGIN_CONTEXT_SERVER, server_callback_handler);
        subject = login.getSubject();
    } catch (LoginException ex) {
        LOG.error("Server failed to login in principal:" + ex, ex);
        throw new RuntimeException(ex);
    }
    // check the credential of our principal
    if (subject.getPrivateCredentials(KerberosTicket.class).isEmpty()) {
        throw new RuntimeException("Fail to verify user principal with section \"" + AuthUtils.LOGIN_CONTEXT_SERVER + "\" in login configuration file " + login_conf);
    }
    String principal = AuthUtils.get(login_conf, AuthUtils.LOGIN_CONTEXT_SERVER, "principal");
    LOG.debug("principal:" + principal);
    KerberosName serviceKerberosName = new KerberosName(principal);
    String serviceName = serviceKerberosName.getServiceName();
    String hostName = serviceKerberosName.getHostName();
    Map<String, String> props = new TreeMap<String, String>();
    props.put(Sasl.QOP, "auth");
    props.put(Sasl.SERVER_AUTH, "false");
    // create a transport factory that will invoke our auth callback for digest
    TSaslServerTransport.Factory factory = new TSaslServerTransport.Factory();
    factory.addServerDefinition(KERBEROS, serviceName, hostName, props, server_callback_handler);
    // create a wrap transport factory so that we could apply user credential during connections
    TUGIAssumingTransportFactory wrapFactory = new TUGIAssumingTransportFactory(factory, subject);
    LOG.info("SASL GSSAPI transport factory will be used");
    return wrapFactory;
}
Also used : CallbackHandler(javax.security.auth.callback.CallbackHandler) KerberosTicket(javax.security.auth.kerberos.KerberosTicket) LoggerFactory(org.slf4j.LoggerFactory) TTransportFactory(org.apache.thrift.transport.TTransportFactory) Login(org.apache.zookeeper.Login) KerberosName(org.apache.zookeeper.server.auth.KerberosName) TreeMap(java.util.TreeMap) Subject(javax.security.auth.Subject) TSaslServerTransport(org.apache.thrift.transport.TSaslServerTransport) LoginException(javax.security.auth.login.LoginException)

Example 9 with CallbackHandler

use of javax.security.auth.callback.CallbackHandler in project jstorm by alibaba.

the class DigestSaslTransportPlugin method getServerTransportFactory.

protected TTransportFactory getServerTransportFactory() throws IOException {
    // create an authentication callback handler
    CallbackHandler serer_callback_handler = new ServerCallbackHandler(login_conf);
    // create a transport factory that will invoke our auth callback for digest
    TSaslServerTransport.Factory factory = new TSaslServerTransport.Factory();
    factory.addServerDefinition(DIGEST, AuthUtils.SERVICE, "localhost", null, serer_callback_handler);
    LOG.info("SASL DIGEST-MD5 transport factory will be used");
    return factory;
}
Also used : TSaslServerTransport(org.apache.thrift.transport.TSaslServerTransport) CallbackHandler(javax.security.auth.callback.CallbackHandler) LoggerFactory(org.slf4j.LoggerFactory) TTransportFactory(org.apache.thrift.transport.TTransportFactory)

Example 10 with CallbackHandler

use of javax.security.auth.callback.CallbackHandler in project spring-security by spring-projects.

the class JaasApiIntegrationFilterTests method onBeforeTests.

// ~ Methods
// ========================================================================================================
@Before
public void onBeforeTests() throws Exception {
    this.filter = new JaasApiIntegrationFilter();
    this.request = new MockHttpServletRequest();
    this.response = new MockHttpServletResponse();
    authenticatedSubject = new Subject();
    authenticatedSubject.getPrincipals().add(new Principal() {

        public String getName() {
            return "principal";
        }
    });
    authenticatedSubject.getPrivateCredentials().add("password");
    authenticatedSubject.getPublicCredentials().add("username");
    callbackHandler = new CallbackHandler() {

        public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
            for (Callback callback : callbacks) {
                if (callback instanceof NameCallback) {
                    ((NameCallback) callback).setName("user");
                } else if (callback instanceof PasswordCallback) {
                    ((PasswordCallback) callback).setPassword("password".toCharArray());
                } else if (callback instanceof TextInputCallback) {
                // ignore
                } else {
                    throw new UnsupportedCallbackException(callback, "Unrecognized Callback " + callback);
                }
            }
        }
    };
    testConfiguration = new Configuration() {

        public void refresh() {
        }

        public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
            return new AppConfigurationEntry[] { new AppConfigurationEntry(TestLoginModule.class.getName(), LoginModuleControlFlag.REQUIRED, new HashMap<String, String>()) };
        }
    };
    LoginContext ctx = new LoginContext("SubjectDoAsFilterTest", authenticatedSubject, callbackHandler, testConfiguration);
    ctx.login();
    token = new JaasAuthenticationToken("username", "password", AuthorityUtils.createAuthorityList("ROLE_ADMIN"), ctx);
    // just in case someone forgot to clear the context
    SecurityContextHolder.clearContext();
}
Also used : CallbackHandler(javax.security.auth.callback.CallbackHandler) Configuration(javax.security.auth.login.Configuration) HashMap(java.util.HashMap) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) IOException(java.io.IOException) Subject(javax.security.auth.Subject) TextInputCallback(javax.security.auth.callback.TextInputCallback) AppConfigurationEntry(javax.security.auth.login.AppConfigurationEntry) TextInputCallback(javax.security.auth.callback.TextInputCallback) PasswordCallback(javax.security.auth.callback.PasswordCallback) NameCallback(javax.security.auth.callback.NameCallback) Callback(javax.security.auth.callback.Callback) NameCallback(javax.security.auth.callback.NameCallback) LoginContext(javax.security.auth.login.LoginContext) JaasAuthenticationToken(org.springframework.security.authentication.jaas.JaasAuthenticationToken) PasswordCallback(javax.security.auth.callback.PasswordCallback) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Principal(java.security.Principal) Before(org.junit.Before)

Aggregations

CallbackHandler (javax.security.auth.callback.CallbackHandler)89 IOException (java.io.IOException)38 Callback (javax.security.auth.callback.Callback)36 PasswordCallback (javax.security.auth.callback.PasswordCallback)30 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)27 HashMap (java.util.HashMap)25 Subject (javax.security.auth.Subject)24 NameCallback (javax.security.auth.callback.NameCallback)22 LoginContext (javax.security.auth.login.LoginContext)17 LoginException (javax.security.auth.login.LoginException)15 Test (org.junit.Test)15 Map (java.util.Map)10 URL (java.net.URL)8 RealmCallback (javax.security.sasl.RealmCallback)7 QName (javax.xml.namespace.QName)6 Service (javax.xml.ws.Service)6 WSS4JOutInterceptor (org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor)6 STSPropertiesMBean (org.apache.cxf.sts.STSPropertiesMBean)5 ReceivedToken (org.apache.cxf.sts.request.ReceivedToken)5 TokenValidatorResponse (org.apache.cxf.sts.token.validator.TokenValidatorResponse)5