Examples with PasswordCallback javax.security.auth.callback.PasswordCallback used on opensource projects

Example 21 with PasswordCallback

use of javax.security.auth.callback.PasswordCallback in project jdk8u_jdk by JetBrains.

the class CustomLoginModule method login.

/*
     * Authenticate the user.
     */
@Override
public boolean login() throws LoginException {
    // prompt for a user name and password
    if (callbackHandler == null) {
        throw new LoginException("No CallbackHandler available");
    }
    // standard callbacks
    NameCallback name = new NameCallback("username: ", "default");
    PasswordCallback passwd = new PasswordCallback("password: ", false);
    LanguageCallback language = new LanguageCallback();
    TextOutputCallback error = new TextOutputCallback(TextOutputCallback.ERROR, "This is an error");
    TextOutputCallback warning = new TextOutputCallback(TextOutputCallback.WARNING, "This is a warning");
    TextOutputCallback info = new TextOutputCallback(TextOutputCallback.INFORMATION, "This is a FYI");
    TextInputCallback text = new TextInputCallback("Please type " + HELLO, "Bye");
    ChoiceCallback choice = new ChoiceCallback("Choice: ", new String[] { "pass", "fail" }, 1, true);
    ConfirmationCallback confirmation = new ConfirmationCallback("confirmation: ", ConfirmationCallback.INFORMATION, ConfirmationCallback.YES_NO_OPTION, ConfirmationCallback.NO);
    CustomCallback custom = new CustomCallback();
    Callback[] callbacks = new Callback[] { choice, info, warning, error, name, passwd, text, language, confirmation, custom };
    boolean uce = false;
    try {
        callbackHandler.handle(callbacks);
    } catch (UnsupportedCallbackException e) {
        Callback callback = e.getCallback();
        if (custom.equals(callback)) {
            uce = true;
            System.out.println("CustomLoginModule: " + "custom callback not supported as expected");
        } else {
            throw new LoginException("Unsupported callback: " + callback);
        }
    } catch (IOException ioe) {
        throw new LoginException(ioe.toString());
    }
    if (!uce) {
        throw new RuntimeException("UnsupportedCallbackException " + "not thrown");
    }
    if (!HELLO.equals(text.getText())) {
        System.out.println("Text: " + text.getText());
        throw new FailedLoginException("No hello");
    }
    if (!Locale.GERMANY.equals(language.getLocale())) {
        System.out.println("Selected locale: " + language.getLocale());
        throw new FailedLoginException("Achtung bitte");
    }
    String readUsername = name.getName();
    char[] readPassword = passwd.getPassword();
    if (readPassword == null) {
        // treat a NULL password as an empty password
        readPassword = new char[0];
    }
    passwd.clearPassword();
    // verify the username/password
    if (!username.equals(readUsername) || !Arrays.equals(password, readPassword)) {
        loginSucceeded = false;
        throw new FailedLoginException("Username/password is not correct");
    }
    // check chosen option
    int[] selected = choice.getSelectedIndexes();
    if (selected == null || selected.length == 0) {
        throw new FailedLoginException("Nothing selected");
    }
    if (selected[0] != 0) {
        throw new FailedLoginException("Wrong choice: " + selected[0]);
    }
    // check confirmation
    if (confirmation.getSelectedIndex() != ConfirmationCallback.YES) {
        throw new FailedLoginException("Not confirmed: " + confirmation.getSelectedIndex());
    }
    loginSucceeded = true;
    System.out.println("CustomLoginModule: authentication succeeded");
    return true;
}

Example 22 with PasswordCallback

use of javax.security.auth.callback.PasswordCallback in project jdk8u_jdk by JetBrains.

the class TestSampleLoginModule method login.

/*
   * Authenticate the user by comparing the values of the java properties
   * (username and password) against the values of the credentials.
   * */
public boolean login() throws LoginException {
    String credentials_username = null;
    String credentials_password = null;
    String authenticated_username = System.getProperty("susername");
    String authenticated_password = System.getProperty("spassword");
    System.out.println("TestSampleLoginModule::login: Start");
    // First retreive the credentials {username, password} from
    // the callback handler
    Callback[] callbacks = new Callback[2];
    callbacks[0] = new NameCallback("username");
    callbacks[1] = new PasswordCallback("password", false);
    try {
        callbackHandler.handle(callbacks);
        credentials_username = ((NameCallback) callbacks[0]).getName();
        credentials_password = new String(((PasswordCallback) callbacks[1]).getPassword());
    } catch (Exception e) {
        throw new LoginException(e.toString());
    }
    System.out.println("TestSampleLoginModule::login: credentials username = " + credentials_username);
    System.out.println("TestSampleLoginModule::login: credentials password = " + credentials_password);
    System.out.println("TestSampleLoginModule::login: authenticated username = " + authenticated_username);
    System.out.println("TestSampleLoginModule::login: authenticated password = " + authenticated_password);
    if (credentials_username.equals(authenticated_username) && credentials_password.equals(authenticated_password)) {
        System.out.println("TestSampleLoginModule::login: " + "Authentication should succeed");
        return true;
    } else {
        System.out.println("TestSampleLoginModule::login: " + "Authentication should reject");
        throw new LoginException("TestSampleLoginModule throws EXCEPTION");
    }
}

Example 23 with PasswordCallback

use of javax.security.auth.callback.PasswordCallback in project opennms by OpenNMS.

the class LoginModuleUtils method doLogin.

public static boolean doLogin(final OpenNMSLoginHandler handler, final Subject subject, final Map<String, ?> sharedState, final Map<String, ?> options) throws LoginException {
    LOG.debug("OpenNMSLoginModule: login(): handler={}, subject={}, sharedState={}, options={}", handler.getClass(), subject.getClass(), sharedState, options);
    final Callback[] callbacks = new Callback[2];
    callbacks[0] = new NameCallback("Username: ");
    callbacks[1] = new PasswordCallback("Password: ", false);
    try {
        handler.callbackHandler().handle(callbacks);
    } catch (final IOException ioe) {
        LOG.debug("IO exception while attempting to prompt for username and password.", ioe);
        throw new LoginException(ioe.getMessage());
    } catch (final UnsupportedCallbackException uce) {
        LOG.debug("Username or password prompt not supported.", uce);
        throw new LoginException(uce.getMessage() + " not available to obtain information from user.");
    }
    final String user = ((NameCallback) callbacks[0]).getName();
    handler.setUser(user);
    if (user == null) {
        final String msg = "Username can not be null.";
        LOG.debug(msg);
        throw new LoginException(msg);
    }
    // password callback get value
    if (((PasswordCallback) callbacks[1]).getPassword() == null) {
        final String msg = "Password can not be null.";
        LOG.debug(msg);
        throw new LoginException(msg);
    }
    final String password = new String(((PasswordCallback) callbacks[1]).getPassword());
    final User configUser;
    final SpringSecurityUser onmsUser;
    try {
        configUser = handler.userConfig().getUser(user);
        onmsUser = handler.springSecurityUserDao().getByUsername(user);
    } catch (final Exception e) {
        final String message = "Failed to retrieve user " + user + " from OpenNMS UserConfig.";
        LOG.debug(message, e);
        throw new LoginException(message);
    }
    if (configUser == null) {
        final String msg = "User  " + user + " does not exist.";
        LOG.debug(msg);
        throw new FailedLoginException(msg);
    }
    if (!handler.userConfig().comparePasswords(user, password)) {
        final String msg = "Login failed: passwords did not match.";
        LOG.debug(msg);
        throw new FailedLoginException(msg);
    }
    ;
    boolean allowed = true;
    final Set<Principal> principals = LoginModuleUtils.createPrincipals(handler, onmsUser.getAuthorities());
    handler.setPrincipals(principals);
    if (handler.requiresAdminRole()) {
        allowed = false;
        for (final Principal principal : principals) {
            final String name = principal.getName().toLowerCase().replaceAll("^role_", "");
            if ("admin".equals(name)) {
                allowed = true;
            }
        }
    }
    if (!allowed) {
        final String msg = "User " + user + " is not an administrator!  OSGi console access is forbidden.";
        LOG.debug(msg);
        throw new LoginException(msg);
    }
    LOG.debug("Successfully logged in {}.", user);
    return true;
}

Example 24 with PasswordCallback

use of javax.security.auth.callback.PasswordCallback in project OpenAM by OpenRock.

the class DevicePrintAuthenticationServiceTest method shouldThrowExceptionWhenSubmittedtOTPWithIncorrectErrorCode.

/**
     * 6) third call, using OPT, 2 - OPT code submitted, with incorrect code - should throw exception
     */
@Test
public void shouldThrowExceptionWhenSubmittedtOTPWithIncorrectErrorCode() throws AuthLoginException {
    //Given
    Callback[] callbacks = new Callback[2];
    PasswordCallback smsOTPCallback = mock(PasswordCallback.class);
    ConfirmationCallback confirmationCallback = mock(ConfirmationCallback.class);
    int state = 2;
    String otpCode = "OTPCODEWRONG";
    callbacks[0] = smsOTPCallback;
    callbacks[1] = confirmationCallback;
    given(smsOTPCallback.getPassword()).willReturn(otpCode.toCharArray());
    given(confirmationCallback.getSelectedIndex()).willReturn(0);
    given(hotpService.isValidHOTP("OTPCODEWRONG")).willReturn(false);
    //When
    boolean exceptionCaught = false;
    try {
        devicePrintAuthenticationService.process(callbacks, state);
        fail();
    } catch (AuthLoginException e) {
        exceptionCaught = true;
    }
    //Then
    assertTrue(exceptionCaught);
}

Example 25 with PasswordCallback

use of javax.security.auth.callback.PasswordCallback in project OpenAM by OpenRock.

the class DevicePrintAuthenticationServiceTest method shouldAutoSaveProfilePageWhenSubmittedOTPWithCorrectCodeWithAuthSaveProp.

/**
     * 5a) third call, using OPT, 2 - OPT code submitted, with correct code - with Auth Save Profile prop set to "true"
     */
@Test
public void shouldAutoSaveProfilePageWhenSubmittedOTPWithCorrectCodeWithAuthSaveProp() throws AuthLoginException {
    //Given
    Callback[] callbacks = new Callback[2];
    PasswordCallback smsOTPCallback = mock(PasswordCallback.class);
    ConfirmationCallback confirmationCallback = mock(ConfirmationCallback.class);
    int state = 2;
    String otpCode = "OTPCODE";
    callbacks[0] = smsOTPCallback;
    callbacks[1] = confirmationCallback;
    given(smsOTPCallback.getPassword()).willReturn(otpCode.toCharArray());
    given(confirmationCallback.getSelectedIndex()).willReturn(0);
    given(hotpService.isValidHOTP("OTPCODE")).willReturn(true);
    given(devicePrintService.hasRequiredAttributes(Matchers.<DevicePrint>anyObject())).willReturn(true);
    given(devicePrintAuthenticationConfig.getBoolean(DevicePrintAuthenticationConfig.AUTO_STORE_PROFILES)).willReturn(true);
    //When
    int nextState = devicePrintAuthenticationService.process(callbacks, state);
    //Then
    assertEquals(nextState, ISAuthConstants.LOGIN_SUCCEED);
    verify(devicePrintService).createNewProfile(Matchers.<DevicePrint>anyObject());
}