Example 36 with UnsupportedCallbackException
use of javax.security.auth.callback.UnsupportedCallbackException in project wildfly by wildfly.
the class TrustedIdentityTokenLoginModule method login.
@Override
@SuppressWarnings("unchecked")
public boolean login() throws LoginException {
// See if shared credentials exist
if (super.login() == true) {
// Setup our view of the user
Object username = sharedState.get("javax.security.auth.login.name");
if (username instanceof Principal)
identity = (Principal) username;
else {
String name = username.toString();
try {
identity = createIdentity(name);
} catch (Exception e) {
LoginException le = new LoginException();
le.initCause(e);
throw le;
}
}
return true;
}
super.loginOk = false;
if (callbackHandler == null) {
throw new LoginException();
}
SecurityAssociationCallback callback = new SecurityAssociationCallback();
Callback[] callbacks = { callback };
final String username;
try {
callbackHandler.handle(callbacks);
username = callback.getPrincipal().getName();
final Object c = callback.getCredential();
if (c instanceof SASCurrent) {
credential = (SASCurrent) c;
} else {
return false;
}
} catch (IOException e) {
LoginException le = new LoginException();
le.initCause(e);
throw le;
} catch (UnsupportedCallbackException e) {
LoginException le = new LoginException();
le.initCause(e);
throw le;
}
validateCredential(username, credential);
if (username == null) {
return false;
}
if (identity == null) {
try {
identity = createIdentity(username);
} catch (Exception e) {
LoginException le = new LoginException();
le.initCause(e);
throw le;
}
}
if (getUseFirstPass() == true) {
// Add the principal to the shared state map
sharedState.put("javax.security.auth.login.name", identity);
sharedState.put("javax.security.auth.login.password", credential);
}
super.loginOk = true;
return true;
}
Also used :
SASCurrent(org.jboss.iiop.csiv2.SASCurrent)
SecurityAssociationCallback(org.jboss.security.auth.callback.SecurityAssociationCallback)
Callback(javax.security.auth.callback.Callback)
LoginException(javax.security.auth.login.LoginException)
IOException(java.io.IOException)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
SecurityAssociationCallback(org.jboss.security.auth.callback.SecurityAssociationCallback)
Principal(java.security.Principal)
LoginException(javax.security.auth.login.LoginException)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
IOException(java.io.IOException)
Example 37 with UnsupportedCallbackException
use of javax.security.auth.callback.UnsupportedCallbackException in project wildfly by wildfly.
the class UsernameTokenCallbackHandler method handle.
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof DelegationCallback) {
DelegationCallback callback = (DelegationCallback) callbacks[i];
Message message = callback.getCurrentMessage();
String username = (String) message.getContextualProperty(SecurityConstants.USERNAME);
String password = (String) message.getContextualProperty(SecurityConstants.PASSWORD);
if (username != null) {
Node contentNode = message.getContent(Node.class);
Document doc = null;
if (contentNode != null) {
doc = contentNode.getOwnerDocument();
} else {
doc = DOMUtils.createDocument();
}
UsernameToken usernameToken = createWSSEUsernameToken(username, password, doc);
callback.setToken(usernameToken.getElement());
}
} else {
throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
}
}
}
Also used :
Message(org.apache.cxf.message.Message)
Node(org.w3c.dom.Node)
UsernameToken(org.apache.wss4j.dom.message.token.UsernameToken)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
Document(org.w3c.dom.Document)
DelegationCallback(org.apache.cxf.ws.security.trust.delegation.DelegationCallback)
Example 38 with UnsupportedCallbackException
use of javax.security.auth.callback.UnsupportedCallbackException in project wildfly by wildfly.
the class DefaultApplicationClientCallbackHandler method handle.
@Override
public void handle(final Callback[] callbacks) throws IOException, UnsupportedCallbackException {
final SecurityContext context = doPrivileged(SECURITY_CONTEXT);
for (final Callback current : callbacks) {
if (current instanceof NameCallback) {
final NameCallback ncb = (NameCallback) current;
if (context != null) {
final Set<Identity> identities = getSubjectInfo(context).getIdentities();
if (identities.isEmpty()) {
ncb.setName(DOLLAR_LOCAL);
} else {
final Identity identity = identities.iterator().next();
ncb.setName(identity.getName());
}
} else {
ncb.setName(DOLLAR_LOCAL);
}
} else if (current instanceof PasswordCallback) {
if (context != null) {
final PasswordCallback pcb = (PasswordCallback) current;
final Set<Identity> identities = getSubjectInfo(context).getIdentities();
if (identities.isEmpty()) {
throw new UnsupportedCallbackException(current);
} else {
final Identity identity = identities.iterator().next();
if (identity instanceof CredentialIdentity) {
pcb.setPassword((char[]) ((CredentialIdentity) identity).getCredential());
} else {
throw new UnsupportedCallbackException(current);
}
}
}
} else if (current instanceof RealmCallback) {
final RealmCallback realmCallback = (RealmCallback) current;
if (realmCallback.getText() == null) {
realmCallback.setText(realmCallback.getDefaultText());
}
}
}
}
Also used :
CredentialIdentity(org.jboss.security.identity.extensions.CredentialIdentity)
RealmCallback(javax.security.sasl.RealmCallback)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
NameCallback(javax.security.auth.callback.NameCallback)
Callback(javax.security.auth.callback.Callback)
NameCallback(javax.security.auth.callback.NameCallback)
Set(java.util.Set)
SecurityContext(org.jboss.security.SecurityContext)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
Identity(org.jboss.security.identity.Identity)
CredentialIdentity(org.jboss.security.identity.extensions.CredentialIdentity)
RealmCallback(javax.security.sasl.RealmCallback)
Example 39 with UnsupportedCallbackException
use of javax.security.auth.callback.UnsupportedCallbackException in project wildfly by wildfly.
the class ElytronSubjectFactory method createSubject.
/**
* Create a {@link Subject} with the principal and password credential obtained from the authentication configuration
* that matches the target {@link URI}.
*
* @param authenticationContext the {@link AuthenticationContext} used to select a configuration that matches the
* target {@link URI}.
* @return the constructed {@link Subject}. It contains a single principal and a {@link PasswordCredential}.
*/
private Subject createSubject(final AuthenticationContext authenticationContext) {
final AuthenticationConfiguration configuration = AUTH_CONFIG_CLIENT.getAuthenticationConfiguration(this.targetURI, authenticationContext);
final CallbackHandler handler = AUTH_CONFIG_CLIENT.getCallbackHandler(configuration);
final NameCallback nameCallback = new NameCallback("Username: ");
final PasswordCallback passwordCallback = new PasswordCallback("Password: ", false);
try {
handler.handle(new Callback[] { nameCallback, passwordCallback });
Subject subject = new Subject();
if (nameCallback.getName() != null) {
subject.getPrincipals().add(new NamePrincipal(nameCallback.getName()));
}
// add the password as a private credential in the Subject.
if (passwordCallback.getPassword() != null) {
this.addPrivateCredential(subject, new PasswordCredential(nameCallback.getName(), passwordCallback.getPassword()));
}
return subject;
} catch (IOException | UnsupportedCallbackException e) {
throw new SecurityException(e);
}
}
Also used :
AuthenticationConfiguration(org.wildfly.security.auth.client.AuthenticationConfiguration)
CallbackHandler(javax.security.auth.callback.CallbackHandler)
NameCallback(javax.security.auth.callback.NameCallback)
NamePrincipal(org.wildfly.security.auth.principal.NamePrincipal)
PasswordCredential(javax.resource.spi.security.PasswordCredential)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
IOException(java.io.IOException)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
Subject(javax.security.auth.Subject)
Example 40 with UnsupportedCallbackException
use of javax.security.auth.callback.UnsupportedCallbackException in project wildfly by wildfly.
the class ElytronSASClientInterceptor method createInitialContextToken.
/**
* Create an encoded {@link InitialContextToken} with an username/password pair obtained from an Elytron client configuration
* matched by the specified {@link URI} and purpose.
*
* @param uri the target {@link URI}.
* @param purpose a {@link String} representing the purpose of the configuration that will be used.
* @param secMech a reference to the {@link CompoundSecMech} that was found in the {@link ClientRequestInfo}.
* @return the encoded {@link InitialContextToken}, if a valid username is obtained from the matched configuration;
* an empty {@code byte[]} otherwise;
* @throws Exception if an error occurs while building the encoded {@link InitialContextToken}.
*/
private byte[] createInitialContextToken(final URI uri, final String purpose, final CompoundSecMech secMech) throws Exception {
AuthenticationContext authContext = this.authContext == null ? AuthenticationContext.captureCurrent() : this.authContext;
// obtain the configuration that matches the URI and purpose.
final AuthenticationConfiguration configuration = AUTH_CONFIG_CLIENT.getAuthenticationConfiguration(uri, authContext, -1, null, null, purpose);
// get the callback handler from the configuration and use it to obtain a username/password pair.
final CallbackHandler handler = AUTH_CONFIG_CLIENT.getCallbackHandler(configuration);
final NameCallback nameCallback = new NameCallback("Username: ");
final PasswordCallback passwordCallback = new PasswordCallback("Password: ", false);
try {
handler.handle(new Callback[] { nameCallback, passwordCallback });
} catch (UnsupportedCallbackException e) {
return NO_AUTHENTICATION_TOKEN;
}
// if the name callback contains a valid username we create the initial context token.
if (nameCallback.getName() != null && !nameCallback.getName().equals(AnonymousPrincipal.getInstance().getName())) {
byte[] encodedTargetName = secMech.as_context_mech.target_name;
String name = nameCallback.getName();
if (name.indexOf('@') < 0) {
byte[] decodedTargetName = CSIv2Util.decodeGssExportedName(encodedTargetName);
String targetName = new String(decodedTargetName, StandardCharsets.UTF_8);
// "@default"
name += "@" + targetName;
}
byte[] username = name.getBytes(StandardCharsets.UTF_8);
byte[] password = {};
if (passwordCallback.getPassword() != null)
password = new String(passwordCallback.getPassword()).getBytes(StandardCharsets.UTF_8);
// create the initial context token and ASN.1-encode it, as defined in RFC 2743.
InitialContextToken authenticationToken = new InitialContextToken(username, password, encodedTargetName);
return CSIv2Util.encodeInitialContextToken(authenticationToken, codec);
}
return NO_AUTHENTICATION_TOKEN;
}
Also used :
AuthenticationConfiguration(org.wildfly.security.auth.client.AuthenticationConfiguration)
CallbackHandler(javax.security.auth.callback.CallbackHandler)
AuthenticationContext(org.wildfly.security.auth.client.AuthenticationContext)
NameCallback(javax.security.auth.callback.NameCallback)
InitialContextToken(org.omg.GSSUP.InitialContextToken)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
Aggregations
UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)197
IOException (java.io.IOException)123
Callback (javax.security.auth.callback.Callback)123
NameCallback (javax.security.auth.callback.NameCallback)105
PasswordCallback (javax.security.auth.callback.PasswordCallback)96
LoginException (javax.security.auth.login.LoginException)51
CallbackHandler (javax.security.auth.callback.CallbackHandler)31
FailedLoginException (javax.security.auth.login.FailedLoginException)24
CallerPrincipalCallback (javax.security.auth.message.callback.CallerPrincipalCallback)20
Principal (java.security.Principal)19
Subject (javax.security.auth.Subject)18
AuthException (javax.security.auth.message.AuthException)18
HttpServletRequest (javax.servlet.http.HttpServletRequest)18
HashMap (java.util.HashMap)17
LoginContext (javax.security.auth.login.LoginContext)17
GroupPrincipalCallback (javax.security.auth.message.callback.GroupPrincipalCallback)17
AuthorizeCallback (javax.security.sasl.AuthorizeCallback)16
RealmCallback (javax.security.sasl.RealmCallback)15
WSPasswordCallback (org.apache.wss4j.common.ext.WSPasswordCallback)11
TextOutputCallback (javax.security.auth.callback.TextOutputCallback)10
