use of javax.security.auth.callback.NameCallback in project wildfly by wildfly.
the class DefaultApplicationClientCallbackHandler method handle.
@Override
public void handle(final Callback[] callbacks) throws IOException, UnsupportedCallbackException {
final SecurityContext context = doPrivileged(SECURITY_CONTEXT);
for (final Callback current : callbacks) {
if (current instanceof NameCallback) {
final NameCallback ncb = (NameCallback) current;
if (context != null) {
final Set<Identity> identities = getSubjectInfo(context).getIdentities();
if (identities.isEmpty()) {
ncb.setName(DOLLAR_LOCAL);
} else {
final Identity identity = identities.iterator().next();
ncb.setName(identity.getName());
}
} else {
ncb.setName(DOLLAR_LOCAL);
}
} else if (current instanceof PasswordCallback) {
if (context != null) {
final PasswordCallback pcb = (PasswordCallback) current;
final Set<Identity> identities = getSubjectInfo(context).getIdentities();
if (identities.isEmpty()) {
throw new UnsupportedCallbackException(current);
} else {
final Identity identity = identities.iterator().next();
if (identity instanceof CredentialIdentity) {
pcb.setPassword((char[]) ((CredentialIdentity) identity).getCredential());
} else {
throw new UnsupportedCallbackException(current);
}
}
}
} else if (current instanceof RealmCallback) {
final RealmCallback realmCallback = (RealmCallback) current;
if (realmCallback.getText() == null) {
realmCallback.setText(realmCallback.getDefaultText());
}
}
}
}
use of javax.security.auth.callback.NameCallback in project wildfly by wildfly.
the class ElytronSubjectFactory method createSubject.
/**
* Create a {@link Subject} with the principal and password credential obtained from the authentication configuration
* that matches the target {@link URI}.
*
* @param authenticationContext the {@link AuthenticationContext} used to select a configuration that matches the
* target {@link URI}.
* @return the constructed {@link Subject}. It contains a single principal and a {@link PasswordCredential}.
*/
private Subject createSubject(final AuthenticationContext authenticationContext) {
final AuthenticationConfiguration configuration = AUTH_CONFIG_CLIENT.getAuthenticationConfiguration(this.targetURI, authenticationContext);
final CallbackHandler handler = AUTH_CONFIG_CLIENT.getCallbackHandler(configuration);
final NameCallback nameCallback = new NameCallback("Username: ");
final PasswordCallback passwordCallback = new PasswordCallback("Password: ", false);
try {
handler.handle(new Callback[] { nameCallback, passwordCallback });
Subject subject = new Subject();
if (nameCallback.getName() != null) {
subject.getPrincipals().add(new NamePrincipal(nameCallback.getName()));
}
// add the password as a private credential in the Subject.
if (passwordCallback.getPassword() != null) {
this.addPrivateCredential(subject, new PasswordCredential(nameCallback.getName(), passwordCallback.getPassword()));
}
return subject;
} catch (IOException | UnsupportedCallbackException e) {
throw new SecurityException(e);
}
}
use of javax.security.auth.callback.NameCallback in project wildfly by wildfly.
the class ElytronSASClientInterceptor method createInitialContextToken.
/**
* Create an encoded {@link InitialContextToken} with an username/password pair obtained from an Elytron client configuration
* matched by the specified {@link URI} and purpose.
*
* @param uri the target {@link URI}.
* @param purpose a {@link String} representing the purpose of the configuration that will be used.
* @param secMech a reference to the {@link CompoundSecMech} that was found in the {@link ClientRequestInfo}.
* @return the encoded {@link InitialContextToken}, if a valid username is obtained from the matched configuration;
* an empty {@code byte[]} otherwise;
* @throws Exception if an error occurs while building the encoded {@link InitialContextToken}.
*/
private byte[] createInitialContextToken(final URI uri, final String purpose, final CompoundSecMech secMech) throws Exception {
AuthenticationContext authContext = this.authContext == null ? AuthenticationContext.captureCurrent() : this.authContext;
// obtain the configuration that matches the URI and purpose.
final AuthenticationConfiguration configuration = AUTH_CONFIG_CLIENT.getAuthenticationConfiguration(uri, authContext, -1, null, null, purpose);
// get the callback handler from the configuration and use it to obtain a username/password pair.
final CallbackHandler handler = AUTH_CONFIG_CLIENT.getCallbackHandler(configuration);
final NameCallback nameCallback = new NameCallback("Username: ");
final PasswordCallback passwordCallback = new PasswordCallback("Password: ", false);
try {
handler.handle(new Callback[] { nameCallback, passwordCallback });
} catch (UnsupportedCallbackException e) {
return NO_AUTHENTICATION_TOKEN;
}
// if the name callback contains a valid username we create the initial context token.
if (nameCallback.getName() != null && !nameCallback.getName().equals(AnonymousPrincipal.getInstance().getName())) {
byte[] encodedTargetName = secMech.as_context_mech.target_name;
String name = nameCallback.getName();
if (name.indexOf('@') < 0) {
byte[] decodedTargetName = CSIv2Util.decodeGssExportedName(encodedTargetName);
String targetName = new String(decodedTargetName, StandardCharsets.UTF_8);
// "@default"
name += "@" + targetName;
}
byte[] username = name.getBytes(StandardCharsets.UTF_8);
byte[] password = {};
if (passwordCallback.getPassword() != null)
password = new String(passwordCallback.getPassword()).getBytes(StandardCharsets.UTF_8);
// create the initial context token and ASN.1-encode it, as defined in RFC 2743.
InitialContextToken authenticationToken = new InitialContextToken(username, password, encodedTargetName);
return CSIv2Util.encodeInitialContextToken(authenticationToken, codec);
}
return NO_AUTHENTICATION_TOKEN;
}
use of javax.security.auth.callback.NameCallback in project adempiere by adempiere.
the class EMailOAuth2SaslClient method evaluateChallenge.
@Override
public byte[] evaluateChallenge(byte[] challenge) throws SaslException {
if (isComplete) {
return new byte[] {};
}
NameCallback nameCallback = new NameCallback("Enter name");
Callback[] callbacks = new Callback[] { nameCallback };
try {
callback.handle(callbacks);
} catch (UnsupportedCallbackException e) {
throw new SaslException("Unsupported callback: " + e);
} catch (IOException e) {
throw new SaslException("Failed to execute callback: " + e);
}
String email = nameCallback.getName();
byte[] response = String.format("user=%s\1auth=Bearer %s\1\1", email, token).getBytes();
isComplete = true;
return response;
}
use of javax.security.auth.callback.NameCallback in project zm-mailbox by Zimbra.
the class OAuth2SaslClient method evaluateChallenge.
public byte[] evaluateChallenge(byte[] challenge) throws SaslException {
if (isComplete) {
// Empty final response from server, just ignore it.
return new byte[] {};
}
NameCallback nameCallback = new NameCallback("Enter name");
Callback[] callbacks = new Callback[] { nameCallback };
try {
callbackHandler.handle(callbacks);
} catch (UnsupportedCallbackException e) {
throw new SaslException("Unsupported callback: " + e);
} catch (IOException e) {
throw new SaslException("Failed to execute callback: " + e);
}
String username = nameCallback.getName();
byte[] response = String.format("user=%s\1auth=Bearer %s\1\1", username, oauthToken).getBytes();
isComplete = true;
return response;
}
Aggregations