Example 76 with NameCallback
use of javax.security.auth.callback.NameCallback in project apex-core by apache.
the class DefaultCallbackHandler method processCallback.
protected void processCallback(Callback callback) throws IOException, UnsupportedCallbackException {
if (callback instanceof NameCallback) {
NameCallback namecb = (NameCallback) callback;
namecb.setName(context.getValue(SecurityContext.USER_NAME));
} else if (callback instanceof PasswordCallback) {
PasswordCallback passcb = (PasswordCallback) callback;
passcb.setPassword(context.getValue(SecurityContext.PASSWORD));
} else if (callback instanceof RealmCallback) {
RealmCallback realmcb = (RealmCallback) callback;
realmcb.setText(context.getValue(SecurityContext.REALM));
} else if (callback instanceof TextOutputCallback) {
TextOutputCallback textcb = (TextOutputCallback) callback;
if (textcb.getMessageType() == TextOutputCallback.INFORMATION) {
logger.info(textcb.getMessage());
} else if (textcb.getMessageType() == TextOutputCallback.WARNING) {
logger.warn(textcb.getMessage());
} else if (textcb.getMessageType() == TextOutputCallback.ERROR) {
logger.error(textcb.getMessage());
} else {
logger.debug("Auth message type {}, message {}", textcb.getMessageType(), textcb.getMessage());
}
} else {
throw new UnsupportedCallbackException(callback);
}
}
Also used :
NameCallback(javax.security.auth.callback.NameCallback)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
TextOutputCallback(javax.security.auth.callback.TextOutputCallback)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
RealmCallback(javax.security.sasl.RealmCallback)
Example 77 with NameCallback
use of javax.security.auth.callback.NameCallback in project apex-core by apache.
the class DefaultCallbackHandlerTest method testHandler.
@Test
public void testHandler() {
DefaultCallbackHandler handler = new DefaultCallbackHandler();
SecurityContext context = new SecurityContext();
handler.setup(context);
Callback[] callbacks = new Callback[3];
callbacks[0] = new NameCallback("UserName:");
callbacks[1] = new PasswordCallback("Password:", false);
callbacks[2] = new RealmCallback("Realm:");
try {
handler.handle(callbacks);
Assert.assertEquals("Username", "user1", ((NameCallback) callbacks[0]).getName());
Assert.assertEquals("Password", "pass", new String(((PasswordCallback) callbacks[1]).getPassword()));
Assert.assertEquals("Realm", "default", ((RealmCallback) callbacks[2]).getText());
} catch (IOException e) {
Assert.fail(e.getMessage());
} catch (UnsupportedCallbackException e) {
Assert.fail(e.getMessage());
}
}
Also used :
RealmCallback(javax.security.sasl.RealmCallback)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
NameCallback(javax.security.auth.callback.NameCallback)
Callback(javax.security.auth.callback.Callback)
NameCallback(javax.security.auth.callback.NameCallback)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
IOException(java.io.IOException)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
RealmCallback(javax.security.sasl.RealmCallback)
Test(org.junit.Test)
Example 78 with NameCallback
use of javax.security.auth.callback.NameCallback in project simba-os by cegeka.
the class ChainContextCallbackHandler method getFormCredentials.
private void getFormCredentials(Callback[] callbacks) throws UnsupportedCallbackException {
for (Callback callback : callbacks) {
if (callback instanceof NameCallback) {
NameCallback nameCallback = (NameCallback) callback;
String login = chainContext.getUserName();
nameCallback.setName(login);
} else if (callback instanceof PasswordCallback) {
PasswordCallback passwordCallback = (PasswordCallback) callback;
String password = chainContext.getRequestParameter(AuthenticationConstants.PASSWORD);
passwordCallback.setPassword(null);
if (password != null) {
passwordCallback.setPassword(password.toCharArray());
}
} else {
throw new UnsupportedCallbackException(callback);
}
}
}
Also used :
PasswordCallback(javax.security.auth.callback.PasswordCallback)
NameCallback(javax.security.auth.callback.NameCallback)
Callback(javax.security.auth.callback.Callback)
NameCallback(javax.security.auth.callback.NameCallback)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
Example 79 with NameCallback
use of javax.security.auth.callback.NameCallback in project simba-os by cegeka.
the class WsPlainTextCallbackHandler method handle.
@Override
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (Callback callback : callbacks) {
if (callback instanceof NameCallback) {
NameCallback nameCallback = (NameCallback) callback;
nameCallback.setName(userName);
} else if (callback instanceof PasswordCallback) {
PasswordCallback passwordCallback = (PasswordCallback) callback;
passwordCallback.setPassword(password.toCharArray());
} else {
throw new UnsupportedCallbackException(callback);
}
}
}
Also used :
PasswordCallback(javax.security.auth.callback.PasswordCallback)
NameCallback(javax.security.auth.callback.NameCallback)
Callback(javax.security.auth.callback.Callback)
NameCallback(javax.security.auth.callback.NameCallback)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
Example 80 with NameCallback
use of javax.security.auth.callback.NameCallback in project ddf by codice.
the class SslLdapLoginModule method doLogin.
protected boolean doLogin() throws LoginException {
//--------- EXTRACT USERNAME AND PASSWORD FOR LDAP LOOKUP -------------
Callback[] callbacks = new Callback[2];
callbacks[0] = new NameCallback("Username: ");
callbacks[1] = new PasswordCallback("Password: ", false);
try {
callbackHandler.handle(callbacks);
} catch (IOException ioException) {
throw new LoginException(ioException.getMessage());
} catch (UnsupportedCallbackException unsupportedCallbackException) {
boolean result;
throw new LoginException(unsupportedCallbackException.getMessage() + " not available to obtain information from user.");
}
user = ((NameCallback) callbacks[0]).getName();
if (user == null) {
return false;
}
user = user.trim();
validateUsername(user);
char[] tmpPassword = ((PasswordCallback) callbacks[1]).getPassword();
// this method.
if ("none".equalsIgnoreCase(getBindMethod()) && (tmpPassword != null)) {
LOGGER.debug("Changing from authentication = none to simple since user or password was specified.");
// default to simple so that the provided user/password will get checked
setBindMethod(DEFAULT_AUTHENTICATION);
}
if (tmpPassword == null) {
tmpPassword = new char[0];
}
//---------------------------------------------------------------------
// RESET OBJECT STATE AND DECLARE LOCAL VARS
principals = new HashSet<>();
Connection connection;
String userDn;
//------------- CREATE CONNECTION #1 ----------------------------------
try {
connection = ldapConnectionFactory.getConnection();
} catch (LdapException e) {
LOGGER.info("Unable to get LDAP Connection from factory.", e);
return false;
}
if (connection != null) {
try {
//------------- BIND #1 (CONNECTION USERNAME & PASSWORD) --------------
try {
BindRequest request;
switch(getBindMethod()) {
case "Simple":
request = Requests.newSimpleBindRequest(connectionUsername, connectionPassword);
break;
case "SASL":
request = Requests.newPlainSASLBindRequest(connectionUsername, connectionPassword);
break;
case "GSSAPI SASL":
request = Requests.newGSSAPISASLBindRequest(connectionUsername, connectionPassword);
((GSSAPISASLBindRequest) request).setRealm(realm);
((GSSAPISASLBindRequest) request).setKDCAddress(kdcAddress);
break;
case "Digest MD5 SASL":
request = Requests.newDigestMD5SASLBindRequest(connectionUsername, connectionPassword);
((DigestMD5SASLBindRequest) request).setCipher(DigestMD5SASLBindRequest.CIPHER_HIGH);
((DigestMD5SASLBindRequest) request).getQOPs().clear();
((DigestMD5SASLBindRequest) request).getQOPs().add(DigestMD5SASLBindRequest.QOP_AUTH_CONF);
((DigestMD5SASLBindRequest) request).getQOPs().add(DigestMD5SASLBindRequest.QOP_AUTH_INT);
((DigestMD5SASLBindRequest) request).getQOPs().add(DigestMD5SASLBindRequest.QOP_AUTH);
if (StringUtils.isNotEmpty(realm)) {
((DigestMD5SASLBindRequest) request).setRealm(realm);
}
break;
default:
request = Requests.newSimpleBindRequest(connectionUsername, connectionPassword);
break;
}
BindResult bindResult = connection.bind(request);
if (!bindResult.isSuccess()) {
LOGGER.debug("Bind failed");
return false;
}
} catch (LdapException e) {
LOGGER.debug("Unable to bind to LDAP server.", e);
return false;
}
//--------- SEARCH #1, FIND USER DISTINGUISHED NAME -----------
SearchScope scope;
if (userSearchSubtree) {
scope = SearchScope.WHOLE_SUBTREE;
} else {
scope = SearchScope.SINGLE_LEVEL;
}
userFilter = userFilter.replaceAll(Pattern.quote("%u"), Matcher.quoteReplacement(user));
userFilter = userFilter.replace("\\", "\\\\");
ConnectionEntryReader entryReader = connection.search(userBaseDN, scope, userFilter);
try {
if (!entryReader.hasNext()) {
LOGGER.info("User {} not found in LDAP.", user);
return false;
}
SearchResultEntry searchResultEntry = entryReader.readEntry();
userDn = searchResultEntry.getName().toString();
} catch (LdapException | SearchResultReferenceIOException e) {
LOGGER.info("Unable to read contents of LDAP user search.", e);
return false;
}
} finally {
//------------ CLOSE CONNECTION -------------------------------
connection.close();
}
} else {
return false;
}
//------------- CREATE CONNECTION #2 ----------------------------------
try {
connection = ldapConnectionFactory.getConnection();
} catch (LdapException e) {
LOGGER.info("Unable to get LDAP Connection from factory.", e);
return false;
}
if (connection != null) {
// Validate user's credentials.
try {
BindResult bindResult = connection.bind(userDn, tmpPassword);
if (!bindResult.isSuccess()) {
LOGGER.info("Bind failed");
return false;
}
} catch (Exception e) {
LOGGER.info("Unable to bind user to LDAP server.", e);
return false;
} finally {
//------------ CLOSE CONNECTION -------------------------------
connection.close();
}
//---------- ADD USER AS PRINCIPAL --------------------------------
principals.add(new UserPrincipal(user));
} else {
return false;
}
//-------------- CREATE CONNECTION #3 ---------------------------------
try {
connection = ldapConnectionFactory.getConnection();
} catch (LdapException e) {
LOGGER.info("Unable to get LDAP Connection from factory.", e);
return false;
}
if (connection != null) {
try {
//----- BIND #3 (CONNECTION USERNAME & PASSWORD) --------------
try {
BindResult bindResult = connection.bind(connectionUsername, connectionPassword);
if (!bindResult.isSuccess()) {
LOGGER.info("Bind failed");
return false;
}
} catch (LdapException e) {
LOGGER.info("Unable to bind to LDAP server.", e);
return false;
}
//--------- SEARCH #3, GET ROLES ------------------------------
SearchScope scope;
if (roleSearchSubtree) {
scope = SearchScope.WHOLE_SUBTREE;
} else {
scope = SearchScope.SINGLE_LEVEL;
}
roleFilter = roleFilter.replaceAll(Pattern.quote("%u"), Matcher.quoteReplacement(user));
roleFilter = roleFilter.replaceAll(Pattern.quote("%dn"), Matcher.quoteReplacement(userBaseDN));
roleFilter = roleFilter.replaceAll(Pattern.quote("%fqdn"), Matcher.quoteReplacement(userDn));
roleFilter = roleFilter.replace("\\", "\\\\");
ConnectionEntryReader entryReader = connection.search(roleBaseDN, scope, roleFilter, roleNameAttribute);
SearchResultEntry entry;
//------------- ADD ROLES AS NEW PRINCIPALS -------------------
try {
while (entryReader.hasNext()) {
entry = entryReader.readEntry();
Attribute attr = entry.getAttribute(roleNameAttribute);
for (ByteString role : attr) {
principals.add(new RolePrincipal(role.toString()));
}
}
} catch (Exception e) {
boolean result;
throw new LoginException("Can't get user " + user + " roles: " + e.getMessage());
}
} finally {
//------------ CLOSE CONNECTION -------------------------------
connection.close();
}
} else {
return false;
}
return true;
}
Also used :
Attribute(org.forgerock.opendj.ldap.Attribute)
ByteString(org.forgerock.opendj.ldap.ByteString)
DigestMD5SASLBindRequest(org.forgerock.opendj.ldap.requests.DigestMD5SASLBindRequest)
GSSAPISASLBindRequest(org.forgerock.opendj.ldap.requests.GSSAPISASLBindRequest)
BindRequest(org.forgerock.opendj.ldap.requests.BindRequest)
ByteString(org.forgerock.opendj.ldap.ByteString)
GSSAPISASLBindRequest(org.forgerock.opendj.ldap.requests.GSSAPISASLBindRequest)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal)
LdapException(org.forgerock.opendj.ldap.LdapException)
Connection(org.forgerock.opendj.ldap.Connection)
IOException(java.io.IOException)
SearchResultReferenceIOException(org.forgerock.opendj.ldap.SearchResultReferenceIOException)
SearchResultReferenceIOException(org.forgerock.opendj.ldap.SearchResultReferenceIOException)
LoginException(javax.security.auth.login.LoginException)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
LdapException(org.forgerock.opendj.ldap.LdapException)
GeneralSecurityException(java.security.GeneralSecurityException)
IOException(java.io.IOException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
SearchResultReferenceIOException(org.forgerock.opendj.ldap.SearchResultReferenceIOException)
UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal)
ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
NameCallback(javax.security.auth.callback.NameCallback)
Callback(javax.security.auth.callback.Callback)
NameCallback(javax.security.auth.callback.NameCallback)
DigestMD5SASLBindRequest(org.forgerock.opendj.ldap.requests.DigestMD5SASLBindRequest)
SearchScope(org.forgerock.opendj.ldap.SearchScope)
LoginException(javax.security.auth.login.LoginException)
BindResult(org.forgerock.opendj.ldap.responses.BindResult)
SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)
Aggregations
NameCallback (javax.security.auth.callback.NameCallback)203
PasswordCallback (javax.security.auth.callback.PasswordCallback)161
Callback (javax.security.auth.callback.Callback)140
UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)101
IOException (java.io.IOException)60
LoginException (javax.security.auth.login.LoginException)51
CallbackHandler (javax.security.auth.callback.CallbackHandler)27
ChoiceCallback (javax.security.auth.callback.ChoiceCallback)22
ConfirmationCallback (javax.security.auth.callback.ConfirmationCallback)22
RealmCallback (javax.security.sasl.RealmCallback)22
Subject (javax.security.auth.Subject)19
FailedLoginException (javax.security.auth.login.FailedLoginException)19
LoginContext (javax.security.auth.login.LoginContext)18
AuthorizeCallback (javax.security.sasl.AuthorizeCallback)18
AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)17
Test (org.testng.annotations.Test)15
HashMap (java.util.HashMap)14
Test (org.junit.Test)14
IdRepoException (com.sun.identity.idm.IdRepoException)13
TextOutputCallback (javax.security.auth.callback.TextOutputCallback)11
