Examples with AuthorizeCallback javax.security.sasl.AuthorizeCallback used on opensource projects

Search in sources :

Example 26 with AuthorizeCallback

use of javax.security.sasl.AuthorizeCallback in project storm by apache.

the class SimpleSaslServerCallbackHandler method handle.

@Override
public void handle(Callback[] callbacks) throws UnsupportedCallbackException, IOException {
    NameCallback nc = null;
    PasswordCallback pc = null;
    AuthorizeCallback ac = null;
    RealmCallback rc = null;
    for (Callback callback : callbacks) {
        if (callback instanceof AuthorizeCallback) {
            ac = (AuthorizeCallback) callback;
        } else if (callback instanceof NameCallback) {
            nc = (NameCallback) callback;
        } else if (callback instanceof PasswordCallback) {
            pc = (PasswordCallback) callback;
        } else if (callback instanceof RealmCallback) {
            rc = (RealmCallback) callback;
        } else {
            throw new UnsupportedCallbackException(callback, "Unrecognized SASL Callback");
        }
    }
    log("GOT", ac, nc, pc, rc);
    if (nc != null) {
        String userName = nc.getDefaultName();
        boolean passwordFound = false;
        for (PasswordProvider provider : providers) {
            Optional<char[]> password = provider.getPasswordFor(userName);
            if (password.isPresent()) {
                pc.setPassword(password.get());
                nc.setName(provider.userName(userName));
                passwordFound = true;
                break;
            }
        }
        if (!passwordFound) {
            LOG.warn("No password found for user: {}", userName);
            throw new IOException("NOT ALLOWED.");
        }
    }
    if (rc != null) {
        rc.setText(rc.getDefaultText());
    }
    if (ac != null) {
        boolean allowImpersonation = impersonationAllowed;
        String nid = ac.getAuthenticationID();
        if (nid != null) {
            Pair<String, Boolean> tmp = translateName(nid);
            nid = tmp.getFirst();
            allowImpersonation = allowImpersonation && tmp.getSecond();
        }
        String zid = ac.getAuthorizationID();
        if (zid != null) {
            Pair<String, Boolean> tmp = translateName(zid);
            zid = tmp.getFirst();
            allowImpersonation = allowImpersonation && tmp.getSecond();
        }
        LOG.debug("Successfully authenticated client: authenticationID = {} authorizationID = {}", nid, zid);
        // if authorizationId is not set, set it to authenticationId.
        if (zid == null) {
            ac.setAuthorizedID(nid);
            zid = nid;
        } else {
            ac.setAuthorizedID(zid);
        }
        // add the nid as the real user in reqContext's subject which will be used during authorization.
        if (!Objects.equals(nid, zid)) {
            LOG.info("Impersonation attempt  authenticationID = {} authorizationID = {}", nid, zid);
            if (!allowImpersonation) {
                throw new IllegalArgumentException(ac.getAuthenticationID() + " attempting to impersonate " + ac.getAuthorizationID() + ".  This is not allowed.");
            }
            ReqContext.context().setRealPrincipal(new SaslTransportPlugin.User(nid));
        } else {
            ReqContext.context().setRealPrincipal(null);
        }
        ac.setAuthorized(true);
    }
    log("FINISHED", ac, nc, pc, rc);
}
Also used : IOException(java.io.IOException) AuthorizeCallback(javax.security.sasl.AuthorizeCallback) NameCallback(javax.security.auth.callback.NameCallback) RealmCallback(javax.security.sasl.RealmCallback) PasswordCallback(javax.security.auth.callback.PasswordCallback) NameCallback(javax.security.auth.callback.NameCallback) AuthorizeCallback(javax.security.sasl.AuthorizeCallback) Callback(javax.security.auth.callback.Callback) PasswordCallback(javax.security.auth.callback.PasswordCallback) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) RealmCallback(javax.security.sasl.RealmCallback)

Example 27 with AuthorizeCallback

use of javax.security.sasl.AuthorizeCallback in project jstorm by alibaba.

the class ClientCallbackHandler method handle.

/**
 * This method is invoked by SASL for authentication challenges
 *
 * @param callbacks a collection of challenge callbacks
 */
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (Callback c : callbacks) {
        if (c instanceof NameCallback) {
            LOG.debug("name callback");
            NameCallback nc = (NameCallback) c;
            nc.setName(_username);
        } else if (c instanceof PasswordCallback) {
            LOG.debug("password callback");
            PasswordCallback pc = (PasswordCallback) c;
            if (_password != null) {
                pc.setPassword(_password.toCharArray());
            }
        } else if (c instanceof AuthorizeCallback) {
            LOG.debug("authorization callback");
            AuthorizeCallback ac = (AuthorizeCallback) c;
            String authid = ac.getAuthenticationID();
            String authzid = ac.getAuthorizationID();
            if (authid.equals(authzid)) {
                ac.setAuthorized(true);
            } else {
                ac.setAuthorized(false);
            }
            if (ac.isAuthorized()) {
                ac.setAuthorizedID(authzid);
            }
        } else if (c instanceof RealmCallback) {
            RealmCallback rc = (RealmCallback) c;
            ((RealmCallback) c).setText(rc.getDefaultText());
        } else {
            throw new UnsupportedCallbackException(c);
        }
    }
}
Also used : RealmCallback(javax.security.sasl.RealmCallback) PasswordCallback(javax.security.auth.callback.PasswordCallback) NameCallback(javax.security.auth.callback.NameCallback) AuthorizeCallback(javax.security.sasl.AuthorizeCallback) Callback(javax.security.auth.callback.Callback) NameCallback(javax.security.auth.callback.NameCallback) PasswordCallback(javax.security.auth.callback.PasswordCallback) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) AuthorizeCallback(javax.security.sasl.AuthorizeCallback) RealmCallback(javax.security.sasl.RealmCallback)

Example 28 with AuthorizeCallback

use of javax.security.sasl.AuthorizeCallback in project kafka by apache.

the class SaslClientCallbackHandler method handle.

@Override
public void handle(Callback[] callbacks) throws UnsupportedCallbackException {
    Subject subject = Subject.getSubject(AccessController.getContext());
    for (Callback callback : callbacks) {
        if (callback instanceof NameCallback) {
            NameCallback nc = (NameCallback) callback;
            if (subject != null && !subject.getPublicCredentials(String.class).isEmpty()) {
                nc.setName(subject.getPublicCredentials(String.class).iterator().next());
            } else
                nc.setName(nc.getDefaultName());
        } else if (callback instanceof PasswordCallback) {
            if (subject != null && !subject.getPrivateCredentials(String.class).isEmpty()) {
                char[] password = subject.getPrivateCredentials(String.class).iterator().next().toCharArray();
                ((PasswordCallback) callback).setPassword(password);
            } else {
                String errorMessage = "Could not login: the client is being asked for a password, but the Kafka" + " client code does not currently support obtaining a password from the user.";
                throw new UnsupportedCallbackException(callback, errorMessage);
            }
        } else if (callback instanceof RealmCallback) {
            RealmCallback rc = (RealmCallback) callback;
            rc.setText(rc.getDefaultText());
        } else if (callback instanceof AuthorizeCallback) {
            AuthorizeCallback ac = (AuthorizeCallback) callback;
            String authId = ac.getAuthenticationID();
            String authzId = ac.getAuthorizationID();
            ac.setAuthorized(authId.equals(authzId));
            if (ac.isAuthorized())
                ac.setAuthorizedID(authzId);
        } else if (callback instanceof ScramExtensionsCallback) {
            if (ScramMechanism.isScram(mechanism) && subject != null && !subject.getPublicCredentials(Map.class).isEmpty()) {
                @SuppressWarnings("unchecked") Map<String, String> extensions = (Map<String, String>) subject.getPublicCredentials(Map.class).iterator().next();
                ((ScramExtensionsCallback) callback).extensions(extensions);
            }
        } else if (callback instanceof SaslExtensionsCallback) {
            if (!SaslConfigs.GSSAPI_MECHANISM.equals(mechanism) && subject != null && !subject.getPublicCredentials(SaslExtensions.class).isEmpty()) {
                SaslExtensions extensions = subject.getPublicCredentials(SaslExtensions.class).iterator().next();
                ((SaslExtensionsCallback) callback).extensions(extensions);
            }
        } else {
            throw new UnsupportedCallbackException(callback, "Unrecognized SASL ClientCallback");
        }
    }
}
Also used : Subject(javax.security.auth.Subject) AuthorizeCallback(javax.security.sasl.AuthorizeCallback) SaslExtensionsCallback(org.apache.kafka.common.security.auth.SaslExtensionsCallback) RealmCallback(javax.security.sasl.RealmCallback) PasswordCallback(javax.security.auth.callback.PasswordCallback) ScramExtensionsCallback(org.apache.kafka.common.security.scram.ScramExtensionsCallback) SaslExtensionsCallback(org.apache.kafka.common.security.auth.SaslExtensionsCallback) NameCallback(javax.security.auth.callback.NameCallback) AuthorizeCallback(javax.security.sasl.AuthorizeCallback) Callback(javax.security.auth.callback.Callback) NameCallback(javax.security.auth.callback.NameCallback) ScramExtensionsCallback(org.apache.kafka.common.security.scram.ScramExtensionsCallback) SaslExtensions(org.apache.kafka.common.security.auth.SaslExtensions) PasswordCallback(javax.security.auth.callback.PasswordCallback) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) Map(java.util.Map) RealmCallback(javax.security.sasl.RealmCallback)

Example 29 with AuthorizeCallback

use of javax.security.sasl.AuthorizeCallback in project alluxio by Alluxio.

the class PlainSaslServerCallbackHandlerTest method authenticateNameNotMatch.

/**
 * Tests that the authentication callbacks do not match.
 */
@Test
public void authenticateNameNotMatch() throws Exception {
    mThrown.expect(AuthenticationException.class);
    mThrown.expectMessage("Only allow the user starting with alluxio");
    String authenticateId = "not-alluxio-1";
    NameCallback ncb = new NameCallback(" authentication id: ");
    ncb.setName(authenticateId);
    PasswordCallback pcb = new PasswordCallback(" password: ", false);
    pcb.setPassword("password".toCharArray());
    Callback[] callbacks = new Callback[] { ncb, pcb, new AuthorizeCallback(authenticateId, authenticateId) };
    mPlainServerCBHandler.handle(callbacks);
}
Also used : NameCallback(javax.security.auth.callback.NameCallback) PasswordCallback(javax.security.auth.callback.PasswordCallback) NameCallback(javax.security.auth.callback.NameCallback) AuthorizeCallback(javax.security.sasl.AuthorizeCallback) Callback(javax.security.auth.callback.Callback) PasswordCallback(javax.security.auth.callback.PasswordCallback) AuthorizeCallback(javax.security.sasl.AuthorizeCallback) Test(org.junit.Test)

Example 30 with AuthorizeCallback

use of javax.security.sasl.AuthorizeCallback in project alluxio by Alluxio.

the class PlainSaslServerCallbackHandlerTest method authenticateCorrectPassword.

/**
 * Tests that the incorrect password should fail the authentication.
 */
@Test
public void authenticateCorrectPassword() throws Exception {
    mThrown.expect(AuthenticationException.class);
    mThrown.expectMessage("Wrong password");
    String authenticateId = "alluxio-1";
    NameCallback ncb = new NameCallback(" authentication id: ");
    ncb.setName(authenticateId);
    PasswordCallback pcb = new PasswordCallback(" password: ", false);
    pcb.setPassword("not-password".toCharArray());
    Callback[] callbacks = new Callback[] { ncb, pcb, new AuthorizeCallback(authenticateId, authenticateId) };
    mPlainServerCBHandler.handle(callbacks);
}
Also used : NameCallback(javax.security.auth.callback.NameCallback) PasswordCallback(javax.security.auth.callback.PasswordCallback) NameCallback(javax.security.auth.callback.NameCallback) AuthorizeCallback(javax.security.sasl.AuthorizeCallback) Callback(javax.security.auth.callback.Callback) PasswordCallback(javax.security.auth.callback.PasswordCallback) AuthorizeCallback(javax.security.sasl.AuthorizeCallback) Test(org.junit.Test)

Aggregations

AuthorizeCallback (javax.security.sasl.AuthorizeCallback)36 Callback (javax.security.auth.callback.Callback)29 NameCallback (javax.security.auth.callback.NameCallback)28 PasswordCallback (javax.security.auth.callback.PasswordCallback)26 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)26 RealmCallback (javax.security.sasl.RealmCallback)16 IOException (java.io.IOException)12 SaslException (javax.security.sasl.SaslException)9 HashMap (java.util.HashMap)5 Map (java.util.Map)5 SaslServer (javax.security.sasl.SaslServer)3 TProtocolFactory (org.apache.thrift.protocol.TProtocolFactory)3 TSaslServerTransport (org.apache.thrift.transport.TSaslServerTransport)3 TTransportFactory (org.apache.thrift.transport.TTransportFactory)3 InetAddress (java.net.InetAddress)2 InetSocketAddress (java.net.InetSocketAddress)2 ArrayDeque (java.util.ArrayDeque)2 List (java.util.List)2 ExecutorService (java.util.concurrent.ExecutorService)2 LinkedBlockingQueue (java.util.concurrent.LinkedBlockingQueue)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial