Example 66 with NameCallback
use of javax.security.auth.callback.NameCallback in project karaf by apache.
the class KarafJaasAuthenticator method authenticate.
public boolean authenticate(final String username, final String password, final ServerSession session) {
try {
Subject subject = new Subject();
LoginContext loginContext = new LoginContext(realm, subject, callbacks -> {
for (Callback callback : callbacks) {
if (callback instanceof NameCallback) {
((NameCallback) callback).setName(username);
} else if (callback instanceof PasswordCallback) {
((PasswordCallback) callback).setPassword(password.toCharArray());
} else {
throw new UnsupportedCallbackException(callback);
}
}
});
loginContext.login();
int roleCount = 0;
for (Principal principal : subject.getPrincipals()) {
if (principal instanceof RolePrincipal) {
roleCount++;
}
}
if (roleCount == 0) {
throw new FailedLoginException("User doesn't have role defined");
}
session.setAttribute(SUBJECT_ATTRIBUTE_KEY, subject);
return true;
} catch (Exception e) {
LOGGER.debug("User authentication failed with " + e.getMessage(), e);
return false;
}
}
Also used :
LoginContext(javax.security.auth.login.LoginContext)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
NameCallback(javax.security.auth.callback.NameCallback)
PublickeyCallback(org.apache.karaf.jaas.modules.publickey.PublickeyCallback)
Callback(javax.security.auth.callback.Callback)
NameCallback(javax.security.auth.callback.NameCallback)
FailedLoginException(javax.security.auth.login.FailedLoginException)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal)
Subject(javax.security.auth.Subject)
RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal)
Principal(java.security.Principal)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
FailedLoginException(javax.security.auth.login.FailedLoginException)
Example 67 with NameCallback
use of javax.security.auth.callback.NameCallback in project karaf by apache.
the class GSSAPILdapLoginModule method doLogin.
protected boolean doLogin() throws LoginException {
//force GSSAPI for login
Map<String, Object> opts = new HashMap<>(this.options);
opts.put(LDAPOptions.AUTHENTICATION, "GSSAPI");
ClassLoader tccl = Thread.currentThread().getContextClassLoader();
try {
LDAPOptions lOptions = new LDAPOptions(opts);
NameCallback[] callbacks = new NameCallback[1];
callbacks[0] = new NameCallback("Username: ");
try {
callbackHandler.handle(callbacks);
} catch (IOException ioException) {
logger.error("error with callback handler", ioException);
throw new LoginException(ioException.getMessage());
} catch (UnsupportedCallbackException unsupportedCallbackException) {
logger.error("error with callback handler", unsupportedCallbackException);
throw new LoginException(unsupportedCallbackException.getMessage() + " not available to obtain information from user.");
}
user = callbacks[0].getName();
principals = new HashSet<>();
String[] userDnAndNamespace;
try (LDAPCache cache = LDAPCache.getCache(lOptions)) {
try {
logger.debug("Get the user DN.");
userDnAndNamespace = cache.getUserDnAndNamespace(user);
} catch (Exception e) {
logger.warn("Can't connect to the LDAP server: {}", e.getMessage(), e);
throw new LoginException("Can't connect to the LDAP server: " + e.getMessage());
}
if (userDnAndNamespace == null) {
return false;
}
principals.add(new UserPrincipal(user));
try {
String[] roles = cache.getUserRoles(user, userDnAndNamespace[0], userDnAndNamespace[1]);
for (String role : roles) {
principals.add(new RolePrincipal(role));
}
} catch (Exception e) {
throw new LoginException("Can't get user " + user + " roles: " + e.getMessage());
}
return true;
}
} finally {
ManagedSSLSocketFactory.setSocketFactory(null);
Thread.currentThread().setContextClassLoader(tccl);
}
}
Also used :
HashMap(java.util.HashMap)
IOException(java.io.IOException)
LoginException(javax.security.auth.login.LoginException)
PrivilegedActionException(java.security.PrivilegedActionException)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
IOException(java.io.IOException)
UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal)
NameCallback(javax.security.auth.callback.NameCallback)
LoginException(javax.security.auth.login.LoginException)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal)
Example 68 with NameCallback
use of javax.security.auth.callback.NameCallback in project karaf by apache.
the class PropertiesLoginModule method login.
public boolean login() throws LoginException {
if (usersFile == null) {
throw new LoginException("The property users may not be null");
}
File f = new File(usersFile);
if (!f.exists()) {
throw new LoginException("Users file not found at " + f);
}
Properties users;
try {
users = new Properties(f);
} catch (IOException ioe) {
throw new LoginException("Unable to load user properties file " + f);
}
Callback[] callbacks = new Callback[2];
callbacks[0] = new NameCallback("Username: ");
callbacks[1] = new PasswordCallback("Password: ", false);
if (callbackHandler != null) {
try {
callbackHandler.handle(callbacks);
} catch (IOException ioe) {
throw new LoginException(ioe.getMessage());
} catch (UnsupportedCallbackException uce) {
throw new LoginException(uce.getMessage() + " not available to obtain information from user");
}
}
// user callback get value
if (((NameCallback) callbacks[0]).getName() == null) {
throw new LoginException("Username can not be null");
}
user = ((NameCallback) callbacks[0]).getName();
if (user.startsWith(PropertiesBackingEngine.GROUP_PREFIX)) {
// you can't log in under a group name
throw new FailedLoginException("login failed");
}
// password callback get value
if (((PasswordCallback) callbacks[1]).getPassword() == null) {
throw new LoginException("Password can not be null");
}
String password = new String(((PasswordCallback) callbacks[1]).getPassword());
// user infos container read from the users properties file
String userInfos = null;
try {
userInfos = users.get(user);
} catch (NullPointerException e) {
//error handled in the next statement
}
if (userInfos == null) {
if (!this.detailedLoginExcepion) {
throw new FailedLoginException("login failed");
} else {
throw new FailedLoginException("User " + user + " does not exist");
}
}
// the password is in the first position
String[] infos = userInfos.split(",");
String storedPassword = infos[0];
// check the provided password
if (!checkPassword(password, storedPassword)) {
if (!this.detailedLoginExcepion) {
throw new FailedLoginException("login failed");
} else {
throw new FailedLoginException("Password for " + user + " does not match");
}
}
principals = new HashSet<>();
principals.add(new UserPrincipal(user));
for (int i = 1; i < infos.length; i++) {
if (infos[i].trim().startsWith(PropertiesBackingEngine.GROUP_PREFIX)) {
// it's a group reference
principals.add(new GroupPrincipal(infos[i].trim().substring(PropertiesBackingEngine.GROUP_PREFIX.length())));
String groupInfo = users.get(infos[i].trim());
if (groupInfo != null) {
String[] roles = groupInfo.split(",");
for (int j = 1; j < roles.length; j++) {
principals.add(new RolePrincipal(roles[j].trim()));
}
}
} else {
// it's an user reference
principals.add(new RolePrincipal(infos[i].trim()));
}
}
users.clear();
if (debug) {
LOGGER.debug("Successfully logged in {}", user);
}
return true;
}
Also used :
IOException(java.io.IOException)
Properties(org.apache.felix.utils.properties.Properties)
UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
NameCallback(javax.security.auth.callback.NameCallback)
Callback(javax.security.auth.callback.Callback)
NameCallback(javax.security.auth.callback.NameCallback)
FailedLoginException(javax.security.auth.login.FailedLoginException)
GroupPrincipal(org.apache.karaf.jaas.boot.principal.GroupPrincipal)
LoginException(javax.security.auth.login.LoginException)
FailedLoginException(javax.security.auth.login.FailedLoginException)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal)
File(java.io.File)
Example 69 with NameCallback
use of javax.security.auth.callback.NameCallback in project karaf by apache.
the class OsgiConfigLoginModule method login.
public boolean login() throws LoginException {
try {
String pid = (String) options.get(PID);
Configuration config = ConfigAdminHolder.getService().getConfiguration(pid, null);
Dictionary properties = config.getProperties();
Callback[] callbacks = new Callback[2];
callbacks[0] = new NameCallback("Username: ");
callbacks[1] = new PasswordCallback("Password: ", false);
try {
callbackHandler.handle(callbacks);
} catch (IOException ioe) {
throw new LoginException(ioe.getMessage());
} catch (UnsupportedCallbackException uce) {
throw new LoginException(uce.getMessage() + " not available to obtain information from user");
}
String user = ((NameCallback) callbacks[0]).getName();
String password = new String(((PasswordCallback) callbacks[1]).getPassword());
String userInfos = (String) properties.get(USER_PREFIX + user);
if (userInfos == null) {
if (!this.detailedLoginExcepion) {
throw new FailedLoginException("login failed");
} else {
throw new FailedLoginException("User does not exist");
}
}
String[] infos = userInfos.split(",");
String storedPassword = infos[0];
// check the provided password
if (!checkPassword(password, storedPassword)) {
if (!this.detailedLoginExcepion) {
throw new FailedLoginException("login failed");
} else {
throw new FailedLoginException("Password for " + user + " does not match");
}
}
principals = new HashSet<>();
principals.add(new UserPrincipal(user));
for (int i = 1; i < infos.length; i++) {
principals.add(new RolePrincipal(infos[i]));
}
return true;
} catch (LoginException e) {
throw e;
} catch (Exception e) {
throw (LoginException) new LoginException("Unable to authenticate user").initCause(e);
} finally {
callbackHandler = null;
options = null;
}
}
Also used :
Dictionary(java.util.Dictionary)
Configuration(org.osgi.service.cm.Configuration)
IOException(java.io.IOException)
UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal)
LoginException(javax.security.auth.login.LoginException)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
IOException(java.io.IOException)
FailedLoginException(javax.security.auth.login.FailedLoginException)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
NameCallback(javax.security.auth.callback.NameCallback)
Callback(javax.security.auth.callback.Callback)
NameCallback(javax.security.auth.callback.NameCallback)
FailedLoginException(javax.security.auth.login.FailedLoginException)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
LoginException(javax.security.auth.login.LoginException)
FailedLoginException(javax.security.auth.login.FailedLoginException)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal)
Example 70 with NameCallback
use of javax.security.auth.callback.NameCallback in project karaf by apache.
the class DigestPasswordLoginModule method login.
public boolean login() throws LoginException {
if (usersFile == null) {
throw new LoginException("The property users may not be null");
}
File f = new File(usersFile);
if (!f.exists()) {
throw new LoginException("Users file not found at " + f);
}
Properties users;
try {
users = new Properties(f);
} catch (IOException ioe) {
throw new LoginException("Unable to load user properties file " + f);
}
Callback[] callbacks = new Callback[2];
callbacks[0] = new NameCallback("Username: ");
callbacks[1] = new PasswordCallback("Password: ", false);
if (callbackHandler != null) {
try {
callbackHandler.handle(callbacks);
} catch (IOException ioe) {
throw new LoginException(ioe.getMessage());
} catch (UnsupportedCallbackException uce) {
throw new LoginException(uce.getMessage() + " not available to obtain information from user");
}
}
// user callback get value
if (((NameCallback) callbacks[0]).getName() == null) {
throw new LoginException("Username can not be null");
}
user = ((NameCallback) callbacks[0]).getName();
if (user.startsWith(PropertiesBackingEngine.GROUP_PREFIX)) {
// you can't log in under a group name
throw new FailedLoginException("login failed");
}
// password callback get value
if (((PasswordCallback) callbacks[1]).getPassword() == null) {
throw new LoginException("Password can not be null");
}
String password = new String(((PasswordCallback) callbacks[1]).getPassword());
// user infos container read from the users properties file
String userInfos = null;
try {
userInfos = users.get(user);
} catch (NullPointerException e) {
//error handled in the next statement
}
if (userInfos == null) {
if (!this.detailedLoginExcepion) {
throw new FailedLoginException("login failed");
} else {
throw new FailedLoginException("User " + user + " does not exist");
}
}
// the password is in the first position
String[] infos = userInfos.split(",");
String storedPassword = infos[0];
CallbackHandler myCallbackHandler = null;
try {
Field field = callbackHandler.getClass().getDeclaredField("ch");
field.setAccessible(true);
myCallbackHandler = (CallbackHandler) field.get(callbackHandler);
} catch (Exception e) {
throw new LoginException("Unable to load underlying callback handler");
}
if (myCallbackHandler instanceof NameDigestPasswordCallbackHandler) {
NameDigestPasswordCallbackHandler digestCallbackHandler = (NameDigestPasswordCallbackHandler) myCallbackHandler;
storedPassword = doPasswordDigest(digestCallbackHandler.getNonce(), digestCallbackHandler.getCreatedTime(), storedPassword);
}
// check the provided password
if (!checkPassword(password, storedPassword)) {
if (!this.detailedLoginExcepion) {
throw new FailedLoginException("login failed");
} else {
throw new FailedLoginException("Password for " + user + " does not match");
}
}
principals = new HashSet<>();
principals.add(new UserPrincipal(user));
for (int i = 1; i < infos.length; i++) {
if (infos[i].trim().startsWith(PropertiesBackingEngine.GROUP_PREFIX)) {
// it's a group reference
principals.add(new GroupPrincipal(infos[i].trim().substring(PropertiesBackingEngine.GROUP_PREFIX.length())));
String groupInfo = users.get(infos[i].trim());
if (groupInfo != null) {
String[] roles = groupInfo.split(",");
for (int j = 1; j < roles.length; j++) {
principals.add(new RolePrincipal(roles[j].trim()));
}
}
} else {
// it's an user reference
principals.add(new RolePrincipal(infos[i].trim()));
}
}
users.clear();
if (debug) {
LOGGER.debug("Successfully logged in {}", user);
}
return true;
}
Also used :
CallbackHandler(javax.security.auth.callback.CallbackHandler)
IOException(java.io.IOException)
Properties(org.apache.felix.utils.properties.Properties)
LoginException(javax.security.auth.login.LoginException)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
IOException(java.io.IOException)
FailedLoginException(javax.security.auth.login.FailedLoginException)
UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal)
Field(java.lang.reflect.Field)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
NameCallback(javax.security.auth.callback.NameCallback)
Callback(javax.security.auth.callback.Callback)
NameCallback(javax.security.auth.callback.NameCallback)
FailedLoginException(javax.security.auth.login.FailedLoginException)
GroupPrincipal(org.apache.karaf.jaas.boot.principal.GroupPrincipal)
LoginException(javax.security.auth.login.LoginException)
FailedLoginException(javax.security.auth.login.FailedLoginException)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal)
File(java.io.File)
Aggregations
NameCallback (javax.security.auth.callback.NameCallback)203
PasswordCallback (javax.security.auth.callback.PasswordCallback)161
Callback (javax.security.auth.callback.Callback)140
UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)101
IOException (java.io.IOException)60
LoginException (javax.security.auth.login.LoginException)51
CallbackHandler (javax.security.auth.callback.CallbackHandler)27
ChoiceCallback (javax.security.auth.callback.ChoiceCallback)22
ConfirmationCallback (javax.security.auth.callback.ConfirmationCallback)22
RealmCallback (javax.security.sasl.RealmCallback)22
Subject (javax.security.auth.Subject)19
FailedLoginException (javax.security.auth.login.FailedLoginException)19
LoginContext (javax.security.auth.login.LoginContext)18
AuthorizeCallback (javax.security.sasl.AuthorizeCallback)18
AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)17
Test (org.testng.annotations.Test)15
HashMap (java.util.HashMap)14
Test (org.junit.Test)14
IdRepoException (com.sun.identity.idm.IdRepoException)13
TextOutputCallback (javax.security.auth.callback.TextOutputCallback)11
