Example 66 with PasswordCallback
use of javax.security.auth.callback.PasswordCallback in project karaf by apache.
the class JaasSecurityProvider method doAuthenticate.
public Subject doAuthenticate(final String address, final String username, final String password) {
try {
Subject subject = new Subject();
subject.getPrincipals().add(new ClientPrincipal("webconsole", address));
LoginContext loginContext = new LoginContext(realm, subject, callbacks -> {
for (Callback callback : callbacks) {
if (callback instanceof NameCallback) {
((NameCallback) callback).setName(username);
} else if (callback instanceof PasswordCallback) {
((PasswordCallback) callback).setPassword(password.toCharArray());
} else {
throw new UnsupportedCallbackException(callback);
}
}
});
loginContext.login();
if (role != null && role.length() > 0) {
String clazz = "org.apache.karaf.jaas.boot.principal.RolePrincipal";
String name = role;
int idx = role.indexOf(':');
if (idx > 0) {
clazz = role.substring(0, idx);
name = role.substring(idx + 1);
}
boolean found = false;
for (Principal p : subject.getPrincipals()) {
if (p.getClass().getName().equals(clazz) && p.getName().equals(name)) {
found = true;
break;
}
}
if (!found) {
throw new FailedLoginException("User does not have the required role " + role);
}
}
return subject;
} catch (FailedLoginException e) {
LOG.debug("Login failed", e);
return null;
} catch (AccountException e) {
LOG.warn("Account failure", e);
return null;
} catch (GeneralSecurityException e) {
LOG.error("General Security Exception", e);
return null;
}
}
Also used :
GeneralSecurityException(java.security.GeneralSecurityException)
ClientPrincipal(org.apache.karaf.jaas.boot.principal.ClientPrincipal)
Subject(javax.security.auth.Subject)
LoginContext(javax.security.auth.login.LoginContext)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
NameCallback(javax.security.auth.callback.NameCallback)
Callback(javax.security.auth.callback.Callback)
NameCallback(javax.security.auth.callback.NameCallback)
FailedLoginException(javax.security.auth.login.FailedLoginException)
AccountException(javax.security.auth.login.AccountException)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
ClientPrincipal(org.apache.karaf.jaas.boot.principal.ClientPrincipal)
Principal(java.security.Principal)
Example 67 with PasswordCallback
use of javax.security.auth.callback.PasswordCallback in project fabric8 by jboss-fuse.
the class ZookeeperLoginModule method login.
@Override
public boolean login() throws LoginException {
boolean result;
String user = null;
try {
Callback[] callbacks = new Callback[2];
callbacks[0] = new NameCallback("Username: ");
callbacks[1] = new PasswordCallback("Password: ", false);
try {
callbackHandler.handle(callbacks);
} catch (IOException ioe) {
throw new LoginException(ioe.getMessage());
} catch (UnsupportedCallbackException uce) {
throw new LoginException(uce.getMessage() + " not available to obtain information from user");
}
user = ((NameCallback) callbacks[0]).getName();
if (user == null)
throw new FailedLoginException("user name is null");
if (user.startsWith(BackingEngine.GROUP_PREFIX)) {
throw new IllegalArgumentException("Prefix not permitted in user names: " + BackingEngine.GROUP_PREFIX);
}
char[] tmpPassword = ((PasswordCallback) callbacks[1]).getPassword();
if (tmpPassword == null) {
tmpPassword = new char[0];
}
if (debug)
LOG.debug("Login [" + this + "] - user=" + user + ",users=" + users);
if (isContainerLogin(user)) {
String token = containers.getProperty(user);
if (token == null) {
// force reload cache of container tokens
CuratorFramework curator = CuratorFrameworkLocator.getCuratorFramework();
if (curator != null) {
try {
getCachedContainerTokens(curator, true);
token = containers.getProperty(user);
} catch (Exception e) {
LOG.warn(e.getMessage());
}
}
// didn't help
if (token == null) {
throw new FailedLoginException("Container doesn't exist");
}
}
// the password is in the first position
if (!new String(tmpPassword).equals(token)) {
// force reload cache of container tokens
CuratorFramework curator = CuratorFrameworkLocator.getCuratorFramework();
if (curator != null) {
try {
getCachedContainerTokens(curator, true);
token = containers.getProperty(user);
} catch (Exception e) {
LOG.warn(e.getMessage());
}
}
// didn't help
if (!new String(tmpPassword).equals(token)) {
throw new FailedLoginException("Tokens do not match");
}
}
principals = new HashSet<Principal>();
principals.add(new UserPrincipal(user));
principals.add(new RolePrincipal("container"));
principals.add(new RolePrincipal("admin"));
subject.getPrivateCredentials().add(new String(tmpPassword));
result = true;
} else {
String userInfos = users.getProperty(user);
if (userInfos == null) {
// force reload cache of user tokens
CuratorFramework curator = CuratorFrameworkLocator.getCuratorFramework();
if (curator != null) {
try {
getCachedUsers(curator, path, true);
userInfos = users.getProperty(user);
} catch (Exception e) {
LOG.warn(e.getMessage());
}
}
// didn't help
if (userInfos == null) {
throw new FailedLoginException("User doesn't exist");
}
}
// the password is in the first position
String[] infos = userInfos.split(",");
String password = infos[0];
if (!checkPassword(new String(tmpPassword), password)) {
// force reload cache of user tokens
CuratorFramework curator = CuratorFrameworkLocator.getCuratorFramework();
if (curator != null) {
try {
getCachedUsers(curator, path, true);
userInfos = users.getProperty(user);
} catch (Exception e) {
LOG.warn(e.getMessage());
}
}
// didn't help
if (userInfos == null) {
throw new FailedLoginException("User doesn't exist");
}
infos = userInfos.split(",");
password = infos[0];
if (!checkPassword(new String(tmpPassword), password)) {
throw new FailedLoginException("Password does not match");
}
}
principals = new HashSet<Principal>();
principals.add(new UserPrincipal(user));
for (int i = 1; i < infos.length; i++) {
if (infos[i].trim().startsWith(BackingEngine.GROUP_PREFIX)) {
// it's a group reference
principals.add(new GroupPrincipal(infos[i].trim().substring(BackingEngine.GROUP_PREFIX.length())));
String groupInfo = (String) users.get(infos[i].trim());
if (groupInfo != null) {
String[] roles = groupInfo.split(",");
for (int j = 1; j < roles.length; j++) {
principals.add(new RolePrincipal(roles[j].trim()));
}
}
} else {
// it's an user reference
principals.add(new RolePrincipal(infos[i].trim()));
}
}
subject.getPrivateCredentials().add(new String(tmpPassword));
result = true;
}
} catch (LoginException ex) {
if (debug) {
LOG.debug("Login failed {}", user, ex);
}
throw ex;
}
if (debug) {
LOG.debug("Successfully logged in {}", user);
}
return result;
}
Also used :
IOException(java.io.IOException)
LoginException(javax.security.auth.login.LoginException)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
FailedLoginException(javax.security.auth.login.FailedLoginException)
IOException(java.io.IOException)
UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal)
CuratorFramework(org.apache.curator.framework.CuratorFramework)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
NameCallback(javax.security.auth.callback.NameCallback)
Callback(javax.security.auth.callback.Callback)
NameCallback(javax.security.auth.callback.NameCallback)
FailedLoginException(javax.security.auth.login.FailedLoginException)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
LoginException(javax.security.auth.login.LoginException)
FailedLoginException(javax.security.auth.login.FailedLoginException)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal)
UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal)
RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal)
Principal(java.security.Principal)
Example 68 with PasswordCallback
use of javax.security.auth.callback.PasswordCallback in project fabric8 by jboss-fuse.
the class JolokiaSecureHttpContext method doAuthenticate.
private Subject doAuthenticate(final String username, final String password) {
try {
Subject subject = new Subject();
LoginContext loginContext = new LoginContext(realm, subject, new CallbackHandler() {
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof NameCallback) {
((NameCallback) callbacks[i]).setName(username);
} else if (callbacks[i] instanceof PasswordCallback) {
((PasswordCallback) callbacks[i]).setPassword(password.toCharArray());
} else {
throw new UnsupportedCallbackException(callbacks[i]);
}
}
}
});
loginContext.login();
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("Login successful: {}", subject);
}
boolean found = false;
for (String role : roles) {
if (role != null && role.length() > 0 && !found) {
String roleName = role.trim();
int idx = roleName.indexOf(':');
if (idx > 0) {
roleName = roleName.substring(idx + 1);
}
for (Principal p : subject.getPrincipals()) {
if (p.getName().equals(roleName)) {
found = true;
break;
}
}
}
}
if (!found) {
throw new FailedLoginException("User does not have the required role " + Arrays.asList(roles));
}
return subject;
} catch (AccountException e) {
LOGGER.warn("Account failure", e);
return null;
} catch (LoginException e) {
LOGGER.debug("Login failed", e);
return null;
}
}
Also used :
CallbackHandler(javax.security.auth.callback.CallbackHandler)
IOException(java.io.IOException)
Subject(javax.security.auth.Subject)
LoginContext(javax.security.auth.login.LoginContext)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
NameCallback(javax.security.auth.callback.NameCallback)
Callback(javax.security.auth.callback.Callback)
NameCallback(javax.security.auth.callback.NameCallback)
FailedLoginException(javax.security.auth.login.FailedLoginException)
AccountException(javax.security.auth.login.AccountException)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
LoginException(javax.security.auth.login.LoginException)
FailedLoginException(javax.security.auth.login.FailedLoginException)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
Principal(java.security.Principal)
Example 69 with PasswordCallback
use of javax.security.auth.callback.PasswordCallback in project fabric8 by jboss-fuse.
the class GitSecureHttpContext method doAuthenticate.
private Subject doAuthenticate(final String username, final String password) {
try {
Subject subject = new Subject();
LoginContext loginContext = new LoginContext(realm, subject, new CallbackHandler() {
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof NameCallback) {
((NameCallback) callbacks[i]).setName(username);
} else if (callbacks[i] instanceof PasswordCallback) {
((PasswordCallback) callbacks[i]).setPassword(password.toCharArray());
} else {
throw new UnsupportedCallbackException(callbacks[i]);
}
}
}
});
loginContext.login();
boolean found = false;
main: for (String role : roles) {
if (role != null && role.length() > 0) {
for (Principal p : subject.getPrincipals()) {
if (role.equals(p.getName()) || p instanceof Group && isGroupMember((Group) p, role)) {
found = true;
break main;
}
}
}
}
if (!found) {
throw new FailedLoginException("User does not have any of the required roles: " + Arrays.asList(roles));
}
return subject;
} catch (AccountException e) {
LOGGER.debug("Account failure", e);
return null;
} catch (LoginException e) {
LOGGER.debug("Login failed", e);
return null;
}
}
Also used :
Group(java.security.acl.Group)
CallbackHandler(javax.security.auth.callback.CallbackHandler)
IOException(java.io.IOException)
Subject(javax.security.auth.Subject)
LoginContext(javax.security.auth.login.LoginContext)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
NameCallback(javax.security.auth.callback.NameCallback)
Callback(javax.security.auth.callback.Callback)
NameCallback(javax.security.auth.callback.NameCallback)
FailedLoginException(javax.security.auth.login.FailedLoginException)
AccountException(javax.security.auth.login.AccountException)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
LoginException(javax.security.auth.login.LoginException)
FailedLoginException(javax.security.auth.login.FailedLoginException)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
Principal(java.security.Principal)
Example 70 with PasswordCallback
use of javax.security.auth.callback.PasswordCallback in project fabric8 by jboss-fuse.
the class TestLoginModule method login.
public boolean login() throws LoginException {
String user = null;
try {
Callback[] callbacks = new Callback[2];
callbacks[0] = new NameCallback("Username: ");
callbacks[1] = new PasswordCallback("Password: ", false);
try {
callbackHandler.handle(callbacks);
} catch (IOException ioe) {
throw new LoginException(ioe.getMessage());
} catch (UnsupportedCallbackException uce) {
throw new LoginException(uce.getMessage() + " not available to obtain information from user");
}
user = ((NameCallback) callbacks[0]).getName();
if (user == null)
throw new FailedLoginException("user name is null");
this.name = user;
char[] tmpPassword = ((PasswordCallback) callbacks[1]).getPassword();
if (tmpPassword == null) {
tmpPassword = new char[0];
}
this.password = new String(tmpPassword);
// verify the username/password
boolean usernameCorrect = false;
if (name.equals(USER1) || name.equals(USER2)) {
usernameCorrect = true;
}
if (usernameCorrect && (password.equals(PASSWORD1))) {
succeeded = true;
return true;
} else {
succeeded = false;
name = null;
password = null;
if (!usernameCorrect) {
throw new FailedLoginException("User Name Incorrect");
} else {
throw new FailedLoginException("Password Incorrect");
}
}
} catch (LoginException ex) {
LOGGER.info("Login failed {}", user, ex);
throw ex;
}
}
Also used :
PasswordCallback(javax.security.auth.callback.PasswordCallback)
NameCallback(javax.security.auth.callback.NameCallback)
Callback(javax.security.auth.callback.Callback)
NameCallback(javax.security.auth.callback.NameCallback)
FailedLoginException(javax.security.auth.login.FailedLoginException)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
LoginException(javax.security.auth.login.LoginException)
FailedLoginException(javax.security.auth.login.FailedLoginException)
IOException(java.io.IOException)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
Aggregations
PasswordCallback (javax.security.auth.callback.PasswordCallback)316
NameCallback (javax.security.auth.callback.NameCallback)255
Callback (javax.security.auth.callback.Callback)207
UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)167
IOException (java.io.IOException)102
LoginException (javax.security.auth.login.LoginException)72
CallbackHandler (javax.security.auth.callback.CallbackHandler)66
LoginContext (javax.security.auth.login.LoginContext)39
FailedLoginException (javax.security.auth.login.FailedLoginException)35
RealmCallback (javax.security.sasl.RealmCallback)35
Subject (javax.security.auth.Subject)31
Test (org.junit.Test)28
ConfirmationCallback (javax.security.auth.callback.ConfirmationCallback)26
AuthorizeCallback (javax.security.sasl.AuthorizeCallback)26
ChoiceCallback (javax.security.auth.callback.ChoiceCallback)24
Principal (java.security.Principal)21
AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)18
TextOutputCallback (javax.security.auth.callback.TextOutputCallback)18
HashMap (java.util.HashMap)16
Test (org.testng.annotations.Test)15
