use of javax.security.auth.callback.UnsupportedCallbackException in project kafka by apache.
the class KerberosClientCallbackHandler method handle.
@Override
public void handle(Callback[] callbacks) throws UnsupportedCallbackException {
for (Callback callback : callbacks) {
if (callback instanceof NameCallback) {
NameCallback nc = (NameCallback) callback;
nc.setName(nc.getDefaultName());
} else if (callback instanceof PasswordCallback) {
String errorMessage = "Could not login: the client is being asked for a password, but the Kafka" + " client code does not currently support obtaining a password from the user.";
errorMessage += " Make sure -Djava.security.auth.login.config property passed to JVM and" + " the client is configured to use a ticket cache (using" + " the JAAS configuration setting 'useTicketCache=true)'. Make sure you are using" + " FQDN of the Kafka broker you are trying to connect to.";
throw new UnsupportedCallbackException(callback, errorMessage);
} else if (callback instanceof RealmCallback) {
RealmCallback rc = (RealmCallback) callback;
rc.setText(rc.getDefaultText());
} else if (callback instanceof AuthorizeCallback) {
AuthorizeCallback ac = (AuthorizeCallback) callback;
String authId = ac.getAuthenticationID();
String authzId = ac.getAuthorizationID();
ac.setAuthorized(authId.equals(authzId));
if (ac.isAuthorized())
ac.setAuthorizedID(authzId);
} else {
throw new UnsupportedCallbackException(callback, "Unrecognized SASL ClientCallback");
}
}
}
use of javax.security.auth.callback.UnsupportedCallbackException in project kafka by apache.
the class OAuthBearerSaslServer method process.
private byte[] process(String tokenValue, String authorizationId, SaslExtensions extensions) throws SaslException {
OAuthBearerValidatorCallback callback = new OAuthBearerValidatorCallback(tokenValue);
try {
callbackHandler.handle(new Callback[] { callback });
} catch (IOException | UnsupportedCallbackException e) {
handleCallbackError(e);
}
OAuthBearerToken token = callback.token();
if (token == null) {
errorMessage = jsonErrorResponse(callback.errorStatus(), callback.errorScope(), callback.errorOpenIDConfiguration());
log.debug(errorMessage);
return errorMessage.getBytes(StandardCharsets.UTF_8);
}
/*
* We support the client specifying an authorization ID as per the SASL
* specification, but it must match the principal name if it is specified.
*/
if (!authorizationId.isEmpty() && !authorizationId.equals(token.principalName()))
throw new SaslAuthenticationException(String.format("Authentication failed: Client requested an authorization id (%s) that is different from the token's principal name (%s)", authorizationId, token.principalName()));
Map<String, String> validExtensions = processExtensions(token, extensions);
tokenForNegotiatedProperty = token;
this.extensions = new SaslExtensions(validExtensions);
complete = true;
log.debug("Successfully authenticate User={}", token.principalName());
return new byte[0];
}
use of javax.security.auth.callback.UnsupportedCallbackException in project AuthMeReloaded by AuthMe.
the class OAuth2SaslClient method evaluateChallenge.
public byte[] evaluateChallenge(byte[] challenge) throws SaslException {
if (isComplete) {
// Empty final response from server, just ignore it.
return new byte[] {};
}
NameCallback nameCallback = new NameCallback("Enter name");
Callback[] callbacks = new Callback[] { nameCallback };
try {
callbackHandler.handle(callbacks);
} catch (UnsupportedCallbackException e) {
throw new SaslException("Unsupported callback: " + e);
} catch (IOException e) {
throw new SaslException("Failed to execute callback: " + e);
}
String email = nameCallback.getName();
byte[] response = String.format("user=%s\1auth=Bearer %s\1\1", email, oauthToken).getBytes();
isComplete = true;
return response;
}
use of javax.security.auth.callback.UnsupportedCallbackException in project hbase by apache.
the class TestHBaseSaslRpcClient method testDigestSaslClientCallbackHandlerWithException.
@Test
public void testDigestSaslClientCallbackHandlerWithException() {
final Token<? extends TokenIdentifier> token = createTokenMock();
when(token.getIdentifier()).thenReturn(Bytes.toBytes(DEFAULT_USER_NAME));
when(token.getPassword()).thenReturn(Bytes.toBytes(DEFAULT_USER_PASSWORD));
final DigestSaslClientCallbackHandler saslClCallbackHandler = new DigestSaslClientCallbackHandler(token);
try {
saslClCallbackHandler.handle(new Callback[] { mock(TextOutputCallback.class) });
} catch (UnsupportedCallbackException expEx) {
// expected
} catch (Exception ex) {
fail("testDigestSaslClientCallbackHandlerWithException error : " + ex.getMessage());
}
}
use of javax.security.auth.callback.UnsupportedCallbackException in project jackrabbit by apache.
the class AbstractLoginModule method getCredentials.
/**
* Method tries to resolve the {@link Credentials} used for login. It takes
* authentication-extension of an already authenticated {@link Subject} into
* account.
* <p>
* Therefore the credentials are retrieved as follows:
* <ol>
* <li>Test if the shared state contains credentials.</li>
* <li>Ask CallbackHandler for Credentials with using a {@link
* CredentialsCallback}. Expects {@link CredentialsCallback#getCredentials}
* to return an instance of {@link Credentials}.</li>
* <li>Ask the Subject for its public <code>SimpleCredentials</code> see
* {@link Subject#getPublicCredentials(Class)}, thus enabling to
* pre-authenticate the Subject.</li>
* </ol>
*
* @return Credentials or null if not found
* @see #login()
*/
protected Credentials getCredentials() {
Credentials credentials = null;
if (sharedState.containsKey(KEY_CREDENTIALS)) {
credentials = (Credentials) sharedState.get(KEY_CREDENTIALS);
} else {
try {
CredentialsCallback callback = new CredentialsCallback();
callbackHandler.handle(new Callback[] { callback });
credentials = callback.getCredentials();
if (credentials != null && supportsCredentials(credentials)) {
sharedState.put(KEY_CREDENTIALS, credentials);
}
} catch (UnsupportedCallbackException e) {
log.warn("Credentials-Callback not supported try Name-Callback");
} catch (IOException e) {
log.error("Credentials-Callback failed: " + e.getMessage() + ": try Name-Callback");
}
}
// if still no credentials -> try to retrieve them from the subject.
if (null == credentials) {
// try if subject contains SimpleCredentials
Set<SimpleCredentials> preAuthCreds = subject.getPublicCredentials(SimpleCredentials.class);
if (!preAuthCreds.isEmpty()) {
credentials = preAuthCreds.iterator().next();
}
}
if (null == credentials) {
// try if subject contains GuestCredentials
Set<GuestCredentials> preAuthCreds = subject.getPublicCredentials(GuestCredentials.class);
if (!preAuthCreds.isEmpty()) {
credentials = preAuthCreds.iterator().next();
}
}
return credentials;
}
Aggregations