Example 16 with AuthorizeCallback
use of javax.security.sasl.AuthorizeCallback in project jstorm by alibaba.
the class ClientCallbackHandler method handle.
/**
* This method is invoked by SASL for authentication challenges
*
* @param callbacks a collection of challenge callbacks
*/
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (Callback c : callbacks) {
if (c instanceof NameCallback) {
LOG.debug("name callback");
} else if (c instanceof PasswordCallback) {
LOG.debug("password callback");
LOG.warn("Could not login: the client is being asked for a password, but the " + " client code does not currently support obtaining a password from the user." + " Make sure that the client is configured to use a ticket cache (using" + " the JAAS configuration setting 'useTicketCache=true)' and restart the client. If" + " you still get this message after that, the TGT in the ticket cache has expired and must" + " be manually refreshed. To do so, first determine if you are using a password or a" + " keytab. If the former, run kinit in a Unix shell in the environment of the user who" + " is running this client using the command" + " 'kinit <princ>' (where <princ> is the name of the client's Kerberos principal)." + " If the latter, do" + " 'kinit -k -t <keytab> <princ>' (where <princ> is the name of the Kerberos principal, and" + " <keytab> is the location of the keytab file). After manually refreshing your cache," + " restart this client. If you continue to see this message after manually refreshing" + " your cache, ensure that your KDC host's clock is in sync with this host's clock.");
} else if (c instanceof AuthorizeCallback) {
LOG.debug("authorization callback");
AuthorizeCallback ac = (AuthorizeCallback) c;
String authid = ac.getAuthenticationID();
String authzid = ac.getAuthorizationID();
if (authid.equals(authzid)) {
ac.setAuthorized(true);
} else {
ac.setAuthorized(false);
}
if (ac.isAuthorized()) {
ac.setAuthorizedID(authzid);
}
} else {
throw new UnsupportedCallbackException(c);
}
}
}
Also used :
RealmCallback(javax.security.sasl.RealmCallback)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
NameCallback(javax.security.auth.callback.NameCallback)
AuthorizeCallback(javax.security.sasl.AuthorizeCallback)
Callback(javax.security.auth.callback.Callback)
NameCallback(javax.security.auth.callback.NameCallback)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
AuthorizeCallback(javax.security.sasl.AuthorizeCallback)
Example 17 with AuthorizeCallback
use of javax.security.sasl.AuthorizeCallback in project storm by nathanmarz.
the class ClientCallbackHandler method handle.
/**
* This method is invoked by SASL for authentication challenges
* @param callbacks a collection of challenge callbacks
*/
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (Callback c : callbacks) {
if (c instanceof NameCallback) {
LOG.debug("name callback");
NameCallback nc = (NameCallback) c;
nc.setName(_username);
} else if (c instanceof PasswordCallback) {
LOG.debug("password callback");
PasswordCallback pc = (PasswordCallback) c;
if (_password != null) {
pc.setPassword(_password.toCharArray());
}
} else if (c instanceof AuthorizeCallback) {
LOG.debug("authorization callback");
AuthorizeCallback ac = (AuthorizeCallback) c;
String authid = ac.getAuthenticationID();
String authzid = ac.getAuthorizationID();
if (authid.equals(authzid)) {
ac.setAuthorized(true);
} else {
ac.setAuthorized(false);
}
if (ac.isAuthorized()) {
ac.setAuthorizedID(authzid);
}
} else if (c instanceof RealmCallback) {
RealmCallback rc = (RealmCallback) c;
((RealmCallback) c).setText(rc.getDefaultText());
} else {
throw new UnsupportedCallbackException(c);
}
}
}
Also used :
RealmCallback(javax.security.sasl.RealmCallback)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
NameCallback(javax.security.auth.callback.NameCallback)
AuthorizeCallback(javax.security.sasl.AuthorizeCallback)
Callback(javax.security.auth.callback.Callback)
NameCallback(javax.security.auth.callback.NameCallback)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
AuthorizeCallback(javax.security.sasl.AuthorizeCallback)
RealmCallback(javax.security.sasl.RealmCallback)
Example 18 with AuthorizeCallback
use of javax.security.sasl.AuthorizeCallback in project Openfire by igniterealtime.
the class SaslServerPlainImpl method evaluateResponse.
/**
* Evaluates the response data and generates a challenge.
*
* If a response is received from the client during the authentication
* process, this method is called to prepare an appropriate next
* challenge to submit to the client. The challenge is null if the
* authentication has succeeded and no more challenge data is to be sent
* to the client. It is non-null if the authentication must be continued
* by sending a challenge to the client, or if the authentication has
* succeeded but challenge data needs to be processed by the client.
* {@code isComplete()} should be called
* after each call to {@code evaluateResponse()},to determine if any further
* response is needed from the client.
*
* @param response The non-null (but possibly empty) response sent
* by the client.
*
* @return The possibly null challenge to send to the client.
* It is null if the authentication has succeeded and there is
* no more challenge data to be sent to the client.
* @exception SaslException If an error occurred while processing
* the response or generating a challenge.
*/
@Override
public byte[] evaluateResponse(byte[] response) throws SaslException {
if (completed) {
throw new IllegalStateException("PLAIN authentication already completed");
}
if (aborted) {
throw new IllegalStateException("PLAIN authentication previously aborted due to error");
}
try {
if (response.length != 0) {
String data = new String(response, StandardCharsets.UTF_8);
StringTokenizer tokens = new StringTokenizer(data, "\0");
if (tokens.countTokens() > 2) {
username = tokens.nextToken();
principal = tokens.nextToken();
} else {
username = tokens.nextToken();
principal = username;
}
password = tokens.nextToken();
NameCallback ncb = new NameCallback("PLAIN authentication ID: ", principal);
VerifyPasswordCallback vpcb = new VerifyPasswordCallback(password.toCharArray());
cbh.handle(new Callback[] { ncb, vpcb });
if (vpcb.getVerified()) {
vpcb.clearPassword();
AuthorizeCallback acb = new AuthorizeCallback(principal, username);
cbh.handle(new Callback[] { acb });
if (acb.isAuthorized()) {
username = acb.getAuthorizedID();
completed = true;
} else {
completed = true;
username = null;
throw new SaslException("PLAIN: user not authorized: " + principal);
}
} else {
throw new SaslException("PLAIN: user not authorized: " + principal);
}
} else {
// Client gave no initial response
if (counter++ > 1) {
throw new SaslException("PLAIN expects a response");
}
return null;
}
} catch (UnsupportedCallbackException | IOException | NoSuchElementException e) {
aborted = true;
throw new SaslException("PLAIN authentication failed for: " + username, e);
}
return null;
}
Also used :
StringTokenizer(java.util.StringTokenizer)
NameCallback(javax.security.auth.callback.NameCallback)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
IOException(java.io.IOException)
SaslException(javax.security.sasl.SaslException)
AuthorizeCallback(javax.security.sasl.AuthorizeCallback)
NoSuchElementException(java.util.NoSuchElementException)
Example 19 with AuthorizeCallback
use of javax.security.sasl.AuthorizeCallback in project storm by apache.
the class AbstractSaslClientCallbackHandler method handle.
/**
* This method is invoked by SASL for authentication challenges
* @param callbacks a collection of challenge callbacks
*/
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (Callback c : callbacks) {
if (c instanceof NameCallback) {
LOG.debug("name callback");
NameCallback nc = (NameCallback) c;
nc.setName(_username);
} else if (c instanceof PasswordCallback) {
LOG.debug("password callback");
PasswordCallback pc = (PasswordCallback) c;
if (_password != null) {
pc.setPassword(_password.toCharArray());
}
} else if (c instanceof AuthorizeCallback) {
LOG.debug("authorization callback");
AuthorizeCallback ac = (AuthorizeCallback) c;
String authid = ac.getAuthenticationID();
String authzid = ac.getAuthorizationID();
if (authid.equals(authzid)) {
ac.setAuthorized(true);
} else {
ac.setAuthorized(false);
}
if (ac.isAuthorized()) {
ac.setAuthorizedID(authzid);
}
} else if (c instanceof RealmCallback) {
RealmCallback rc = (RealmCallback) c;
((RealmCallback) c).setText(rc.getDefaultText());
} else {
throw new UnsupportedCallbackException(c);
}
}
}
Also used :
RealmCallback(javax.security.sasl.RealmCallback)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
NameCallback(javax.security.auth.callback.NameCallback)
AuthorizeCallback(javax.security.sasl.AuthorizeCallback)
Callback(javax.security.auth.callback.Callback)
NameCallback(javax.security.auth.callback.NameCallback)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
AuthorizeCallback(javax.security.sasl.AuthorizeCallback)
RealmCallback(javax.security.sasl.RealmCallback)
Example 20 with AuthorizeCallback
use of javax.security.sasl.AuthorizeCallback in project hadoop by apache.
the class SaslPlainServer method evaluateResponse.
@Override
public byte[] evaluateResponse(byte[] response) throws SaslException {
if (completed) {
throw new IllegalStateException("PLAIN authentication has completed");
}
if (response == null) {
throw new IllegalArgumentException("Received null response");
}
try {
String payload;
try {
payload = new String(response, "UTF-8");
} catch (Exception e) {
throw new IllegalArgumentException("Received corrupt response", e);
}
// [ authz, authn, password ]
String[] parts = payload.split("�", 3);
if (parts.length != 3) {
throw new IllegalArgumentException("Received corrupt response");
}
if (parts[0].isEmpty()) {
// authz = authn
parts[0] = parts[1];
}
NameCallback nc = new NameCallback("SASL PLAIN");
nc.setName(parts[1]);
PasswordCallback pc = new PasswordCallback("SASL PLAIN", false);
pc.setPassword(parts[2].toCharArray());
AuthorizeCallback ac = new AuthorizeCallback(parts[1], parts[0]);
cbh.handle(new Callback[] { nc, pc, ac });
if (ac.isAuthorized()) {
authz = ac.getAuthorizedID();
}
} catch (Exception e) {
throw new SaslException("PLAIN auth failed: " + e.toString(), e);
} finally {
completed = true;
}
return null;
}
Also used :
SaslException(javax.security.sasl.SaslException)
SaslException(javax.security.sasl.SaslException)
AuthorizeCallback(javax.security.sasl.AuthorizeCallback)
Aggregations
AuthorizeCallback (javax.security.sasl.AuthorizeCallback)36
Callback (javax.security.auth.callback.Callback)29
NameCallback (javax.security.auth.callback.NameCallback)28
PasswordCallback (javax.security.auth.callback.PasswordCallback)26
UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)26
RealmCallback (javax.security.sasl.RealmCallback)16
IOException (java.io.IOException)12
SaslException (javax.security.sasl.SaslException)9
HashMap (java.util.HashMap)5
Map (java.util.Map)5
SaslServer (javax.security.sasl.SaslServer)3
TProtocolFactory (org.apache.thrift.protocol.TProtocolFactory)3
TSaslServerTransport (org.apache.thrift.transport.TSaslServerTransport)3
TTransportFactory (org.apache.thrift.transport.TTransportFactory)3
InetAddress (java.net.InetAddress)2
InetSocketAddress (java.net.InetSocketAddress)2
ArrayDeque (java.util.ArrayDeque)2
List (java.util.List)2
ExecutorService (java.util.concurrent.ExecutorService)2
LinkedBlockingQueue (java.util.concurrent.LinkedBlockingQueue)2
