Search in sources :

Example 91 with UnsupportedCallbackException

use of javax.security.auth.callback.UnsupportedCallbackException in project kafka by apache.

the class KerberosClientCallbackHandler method handle.

@Override
public void handle(Callback[] callbacks) throws UnsupportedCallbackException {
    for (Callback callback : callbacks) {
        if (callback instanceof NameCallback) {
            NameCallback nc = (NameCallback) callback;
            nc.setName(nc.getDefaultName());
        } else if (callback instanceof PasswordCallback) {
            String errorMessage = "Could not login: the client is being asked for a password, but the Kafka" + " client code does not currently support obtaining a password from the user.";
            errorMessage += " Make sure -Djava.security.auth.login.config property passed to JVM and" + " the client is configured to use a ticket cache (using" + " the JAAS configuration setting 'useTicketCache=true)'. Make sure you are using" + " FQDN of the Kafka broker you are trying to connect to.";
            throw new UnsupportedCallbackException(callback, errorMessage);
        } else if (callback instanceof RealmCallback) {
            RealmCallback rc = (RealmCallback) callback;
            rc.setText(rc.getDefaultText());
        } else if (callback instanceof AuthorizeCallback) {
            AuthorizeCallback ac = (AuthorizeCallback) callback;
            String authId = ac.getAuthenticationID();
            String authzId = ac.getAuthorizationID();
            ac.setAuthorized(authId.equals(authzId));
            if (ac.isAuthorized())
                ac.setAuthorizedID(authzId);
        } else {
            throw new UnsupportedCallbackException(callback, "Unrecognized SASL ClientCallback");
        }
    }
}
Also used : RealmCallback(javax.security.sasl.RealmCallback) PasswordCallback(javax.security.auth.callback.PasswordCallback) NameCallback(javax.security.auth.callback.NameCallback) AuthorizeCallback(javax.security.sasl.AuthorizeCallback) Callback(javax.security.auth.callback.Callback) NameCallback(javax.security.auth.callback.NameCallback) PasswordCallback(javax.security.auth.callback.PasswordCallback) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) AuthorizeCallback(javax.security.sasl.AuthorizeCallback) RealmCallback(javax.security.sasl.RealmCallback)

Example 92 with UnsupportedCallbackException

use of javax.security.auth.callback.UnsupportedCallbackException in project kafka by apache.

the class OAuthBearerSaslServer method process.

private byte[] process(String tokenValue, String authorizationId, SaslExtensions extensions) throws SaslException {
    OAuthBearerValidatorCallback callback = new OAuthBearerValidatorCallback(tokenValue);
    try {
        callbackHandler.handle(new Callback[] { callback });
    } catch (IOException | UnsupportedCallbackException e) {
        handleCallbackError(e);
    }
    OAuthBearerToken token = callback.token();
    if (token == null) {
        errorMessage = jsonErrorResponse(callback.errorStatus(), callback.errorScope(), callback.errorOpenIDConfiguration());
        log.debug(errorMessage);
        return errorMessage.getBytes(StandardCharsets.UTF_8);
    }
    /*
         * We support the client specifying an authorization ID as per the SASL
         * specification, but it must match the principal name if it is specified.
         */
    if (!authorizationId.isEmpty() && !authorizationId.equals(token.principalName()))
        throw new SaslAuthenticationException(String.format("Authentication failed: Client requested an authorization id (%s) that is different from the token's principal name (%s)", authorizationId, token.principalName()));
    Map<String, String> validExtensions = processExtensions(token, extensions);
    tokenForNegotiatedProperty = token;
    this.extensions = new SaslExtensions(validExtensions);
    complete = true;
    log.debug("Successfully authenticate User={}", token.principalName());
    return new byte[0];
}
Also used : SaslExtensions(org.apache.kafka.common.security.auth.SaslExtensions) OAuthBearerToken(org.apache.kafka.common.security.oauthbearer.OAuthBearerToken) OAuthBearerValidatorCallback(org.apache.kafka.common.security.oauthbearer.OAuthBearerValidatorCallback) IOException(java.io.IOException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) SaslAuthenticationException(org.apache.kafka.common.errors.SaslAuthenticationException)

Example 93 with UnsupportedCallbackException

use of javax.security.auth.callback.UnsupportedCallbackException in project AuthMeReloaded by AuthMe.

the class OAuth2SaslClient method evaluateChallenge.

public byte[] evaluateChallenge(byte[] challenge) throws SaslException {
    if (isComplete) {
        // Empty final response from server, just ignore it.
        return new byte[] {};
    }
    NameCallback nameCallback = new NameCallback("Enter name");
    Callback[] callbacks = new Callback[] { nameCallback };
    try {
        callbackHandler.handle(callbacks);
    } catch (UnsupportedCallbackException e) {
        throw new SaslException("Unsupported callback: " + e);
    } catch (IOException e) {
        throw new SaslException("Failed to execute callback: " + e);
    }
    String email = nameCallback.getName();
    byte[] response = String.format("user=%s\1auth=Bearer %s\1\1", email, oauthToken).getBytes();
    isComplete = true;
    return response;
}
Also used : NameCallback(javax.security.auth.callback.NameCallback) NameCallback(javax.security.auth.callback.NameCallback) Callback(javax.security.auth.callback.Callback) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) IOException(java.io.IOException) SaslException(javax.security.sasl.SaslException)

Example 94 with UnsupportedCallbackException

use of javax.security.auth.callback.UnsupportedCallbackException in project hbase by apache.

the class TestHBaseSaslRpcClient method testDigestSaslClientCallbackHandlerWithException.

@Test
public void testDigestSaslClientCallbackHandlerWithException() {
    final Token<? extends TokenIdentifier> token = createTokenMock();
    when(token.getIdentifier()).thenReturn(Bytes.toBytes(DEFAULT_USER_NAME));
    when(token.getPassword()).thenReturn(Bytes.toBytes(DEFAULT_USER_PASSWORD));
    final DigestSaslClientCallbackHandler saslClCallbackHandler = new DigestSaslClientCallbackHandler(token);
    try {
        saslClCallbackHandler.handle(new Callback[] { mock(TextOutputCallback.class) });
    } catch (UnsupportedCallbackException expEx) {
    // expected
    } catch (Exception ex) {
        fail("testDigestSaslClientCallbackHandlerWithException error : " + ex.getMessage());
    }
}
Also used : DigestSaslClientCallbackHandler(org.apache.hadoop.hbase.security.provider.DigestSaslClientAuthenticationProvider.DigestSaslClientCallbackHandler) TextOutputCallback(javax.security.auth.callback.TextOutputCallback) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) ExpectedException(org.junit.rules.ExpectedException) IOException(java.io.IOException) Test(org.junit.Test)

Example 95 with UnsupportedCallbackException

use of javax.security.auth.callback.UnsupportedCallbackException in project jackrabbit by apache.

the class AbstractLoginModule method getCredentials.

/**
 * Method tries to resolve the {@link Credentials} used for login. It takes
 * authentication-extension of an already authenticated {@link Subject} into
 * account.
 * <p>
 * Therefore the credentials are retrieved as follows:
 * <ol>
 * <li>Test if the shared state contains credentials.</li>
 * <li>Ask CallbackHandler for Credentials with using a {@link
 * CredentialsCallback}. Expects {@link CredentialsCallback#getCredentials}
 * to return an instance of {@link Credentials}.</li>
 * <li>Ask the Subject for its public <code>SimpleCredentials</code> see
 * {@link Subject#getPublicCredentials(Class)}, thus enabling to
 * pre-authenticate the Subject.</li>
 * </ol>
 *
 * @return Credentials or null if not found
 * @see #login()
 */
protected Credentials getCredentials() {
    Credentials credentials = null;
    if (sharedState.containsKey(KEY_CREDENTIALS)) {
        credentials = (Credentials) sharedState.get(KEY_CREDENTIALS);
    } else {
        try {
            CredentialsCallback callback = new CredentialsCallback();
            callbackHandler.handle(new Callback[] { callback });
            credentials = callback.getCredentials();
            if (credentials != null && supportsCredentials(credentials)) {
                sharedState.put(KEY_CREDENTIALS, credentials);
            }
        } catch (UnsupportedCallbackException e) {
            log.warn("Credentials-Callback not supported try Name-Callback");
        } catch (IOException e) {
            log.error("Credentials-Callback failed: " + e.getMessage() + ": try Name-Callback");
        }
    }
    // if still no credentials -> try to retrieve them from the subject.
    if (null == credentials) {
        // try if subject contains SimpleCredentials
        Set<SimpleCredentials> preAuthCreds = subject.getPublicCredentials(SimpleCredentials.class);
        if (!preAuthCreds.isEmpty()) {
            credentials = preAuthCreds.iterator().next();
        }
    }
    if (null == credentials) {
        // try if subject contains GuestCredentials
        Set<GuestCredentials> preAuthCreds = subject.getPublicCredentials(GuestCredentials.class);
        if (!preAuthCreds.isEmpty()) {
            credentials = preAuthCreds.iterator().next();
        }
    }
    return credentials;
}
Also used : SimpleCredentials(javax.jcr.SimpleCredentials) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) IOException(java.io.IOException) GuestCredentials(javax.jcr.GuestCredentials) SimpleCredentials(javax.jcr.SimpleCredentials) Credentials(javax.jcr.Credentials) GuestCredentials(javax.jcr.GuestCredentials)

Aggregations

UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)332 Callback (javax.security.auth.callback.Callback)213 IOException (java.io.IOException)201 NameCallback (javax.security.auth.callback.NameCallback)182 PasswordCallback (javax.security.auth.callback.PasswordCallback)177 LoginException (javax.security.auth.login.LoginException)89 CallbackHandler (javax.security.auth.callback.CallbackHandler)63 FailedLoginException (javax.security.auth.login.FailedLoginException)45 LoginContext (javax.security.auth.login.LoginContext)43 Subject (javax.security.auth.Subject)36 Principal (java.security.Principal)34 AuthorizeCallback (javax.security.sasl.AuthorizeCallback)31 RealmCallback (javax.security.sasl.RealmCallback)27 HttpServletRequest (javax.servlet.http.HttpServletRequest)27 HashMap (java.util.HashMap)23 CallerPrincipalCallback (javax.security.auth.message.callback.CallerPrincipalCallback)23 Test (org.junit.Test)21 GroupPrincipalCallback (javax.security.auth.message.callback.GroupPrincipalCallback)20 SaslException (javax.security.sasl.SaslException)19 AuthException (javax.security.auth.message.AuthException)18