Example 31 with AuthorizeCallback
use of javax.security.sasl.AuthorizeCallback in project alluxio by Alluxio.
the class PlainSaslServerCallbackHandler method handle.
@Override
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
String username = null;
String password = null;
AuthorizeCallback ac = null;
// We need to do an initial pass since callbacks may depend on each other.
for (Callback callback : callbacks) {
if (callback instanceof NameCallback) {
NameCallback nc = (NameCallback) callback;
username = nc.getName();
} else if (callback instanceof PasswordCallback) {
PasswordCallback pc = (PasswordCallback) callback;
password = new String(pc.getPassword());
} else if (callback instanceof AuthorizeCallback) {
ac = (AuthorizeCallback) callback;
} else {
throw new UnsupportedCallbackException(callback, "Unsupport callback");
}
}
mAuthenticationProvider.authenticate(username, password);
if (ac != null) {
ac.setAuthorized(true);
try {
// getAuthorizedID() only works after the AuthorizeCallback is authorized
mImpersonationAuthenticator.authenticate(username, ac.getAuthorizedID());
} catch (Exception e) {
ac.setAuthorized(false);
throw e;
}
// After verification succeeds, a user with this authz id will be set to a Threadlocal.
AuthenticatedClientUser.set(ac.getAuthorizedID());
}
}
Also used :
PasswordCallback(javax.security.auth.callback.PasswordCallback)
NameCallback(javax.security.auth.callback.NameCallback)
AuthorizeCallback(javax.security.sasl.AuthorizeCallback)
Callback(javax.security.auth.callback.Callback)
NameCallback(javax.security.auth.callback.NameCallback)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
AuthorizeCallback(javax.security.sasl.AuthorizeCallback)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
IOException(java.io.IOException)
Example 32 with AuthorizeCallback
use of javax.security.sasl.AuthorizeCallback in project Openfire by igniterealtime.
the class XMPPCallbackHandler method handle.
@Override
public void handle(final Callback[] callbacks) throws IOException, UnsupportedCallbackException {
String realm;
String name = null;
for (Callback callback : callbacks) {
if (callback instanceof RealmCallback) {
((RealmCallback) callback).setText(XMPPServer.getInstance().getServerInfo().getXMPPDomain());
} else if (callback instanceof NameCallback) {
name = ((NameCallback) callback).getName();
if (name == null) {
name = ((NameCallback) callback).getDefaultName();
}
// Log.debug("XMPPCallbackHandler: NameCallback: " + name);
} else if (callback instanceof PasswordCallback) {
try {
// Get the password from the UserProvider. Some UserProviders may not support
// this operation
((PasswordCallback) callback).setPassword(AuthFactory.getPassword(name).toCharArray());
// Log.debug("XMPPCallbackHandler: PasswordCallback");
} catch (UserNotFoundException | UnsupportedOperationException e) {
throw new IOException(e.toString());
}
} else if (callback instanceof VerifyPasswordCallback) {
// Log.debug("XMPPCallbackHandler: VerifyPasswordCallback");
VerifyPasswordCallback vpcb = (VerifyPasswordCallback) callback;
try {
AuthToken at = AuthFactory.authenticate(name, new String(vpcb.getPassword()));
vpcb.setVerified((at != null));
} catch (Exception e) {
vpcb.setVerified(false);
}
} else if (callback instanceof AuthorizeCallback) {
// Log.debug("XMPPCallbackHandler: AuthorizeCallback");
AuthorizeCallback authCallback = ((AuthorizeCallback) callback);
// Principal that authenticated
String principal = authCallback.getAuthenticationID();
// Username requested (not full JID)
String username = authCallback.getAuthorizationID();
// a lot of users to fail to log in if their clients is sending an incorrect value
if (username != null && username.contains("@")) {
username = username.substring(0, username.lastIndexOf("@"));
}
if (principal.equals(username)) {
// client perhaps made no request, get default username
username = AuthorizationManager.map(principal);
if (Log.isDebugEnabled()) {
// Log.debug("XMPPCallbackHandler: no username requested, using " + username);
}
}
if (AuthorizationManager.authorize(username, principal)) {
if (Log.isDebugEnabled()) {
// Log.debug("XMPPCallbackHandler: " + principal + " authorized to " + username);
}
authCallback.setAuthorized(true);
authCallback.setAuthorizedID(username);
} else {
if (Log.isDebugEnabled()) {
// Log.debug("XMPPCallbackHandler: " + principal + " not authorized to " + username);
}
authCallback.setAuthorized(false);
}
} else {
if (Log.isDebugEnabled()) {
// Log.debug("XMPPCallbackHandler: Callback: " + callback.getClass().getSimpleName());
}
throw new UnsupportedCallbackException(callback, "Unrecognized Callback");
}
}
}
Also used :
UserNotFoundException(org.jivesoftware.openfire.user.UserNotFoundException)
VerifyPasswordCallback(org.jivesoftware.openfire.sasl.VerifyPasswordCallback)
IOException(java.io.IOException)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
IOException(java.io.IOException)
UserNotFoundException(org.jivesoftware.openfire.user.UserNotFoundException)
AuthorizeCallback(javax.security.sasl.AuthorizeCallback)
RealmCallback(javax.security.sasl.RealmCallback)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
NameCallback(javax.security.auth.callback.NameCallback)
VerifyPasswordCallback(org.jivesoftware.openfire.sasl.VerifyPasswordCallback)
AuthorizeCallback(javax.security.sasl.AuthorizeCallback)
Callback(javax.security.auth.callback.Callback)
NameCallback(javax.security.auth.callback.NameCallback)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
VerifyPasswordCallback(org.jivesoftware.openfire.sasl.VerifyPasswordCallback)
AuthToken(org.jivesoftware.openfire.auth.AuthToken)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
RealmCallback(javax.security.sasl.RealmCallback)
Example 33 with AuthorizeCallback
use of javax.security.sasl.AuthorizeCallback in project hive by apache.
the class PlainSaslServer method evaluateResponse.
@Override
public byte[] evaluateResponse(byte[] response) throws SaslException {
try {
// parse the response
// message = [authzid] UTF8NUL authcid UTF8NUL passwd'
Deque<String> tokenList = new ArrayDeque<String>();
StringBuilder messageToken = new StringBuilder();
for (byte b : response) {
if (b == 0) {
tokenList.addLast(messageToken.toString());
messageToken = new StringBuilder();
} else {
messageToken.append((char) b);
}
}
tokenList.addLast(messageToken.toString());
// validate response
if (tokenList.size() < 2 || tokenList.size() > 3) {
throw new SaslException("Invalid message format");
}
String passwd = tokenList.removeLast();
user = tokenList.removeLast();
// optional authzid
String authzId;
if (tokenList.isEmpty()) {
authzId = user;
} else {
authzId = tokenList.removeLast();
}
if (user == null || user.isEmpty()) {
throw new SaslException("No user name provided");
}
if (passwd == null || passwd.isEmpty()) {
throw new SaslException("No password name provided");
}
NameCallback nameCallback = new NameCallback("User");
nameCallback.setName(user);
PasswordCallback pcCallback = new PasswordCallback("Password", false);
pcCallback.setPassword(passwd.toCharArray());
AuthorizeCallback acCallback = new AuthorizeCallback(user, authzId);
Callback[] cbList = { nameCallback, pcCallback, acCallback };
handler.handle(cbList);
if (!acCallback.isAuthorized()) {
throw new SaslException("Authentication failed");
}
} catch (IllegalStateException eL) {
throw new SaslException("Invalid message format", eL);
} catch (IOException eI) {
throw new SaslException("Error validating the login", eI);
} catch (UnsupportedCallbackException eU) {
throw new SaslException("Error validating the login", eU);
}
return null;
}
Also used :
IOException(java.io.IOException)
SaslException(javax.security.sasl.SaslException)
ArrayDeque(java.util.ArrayDeque)
AuthorizeCallback(javax.security.sasl.AuthorizeCallback)
NameCallback(javax.security.auth.callback.NameCallback)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
NameCallback(javax.security.auth.callback.NameCallback)
AuthorizeCallback(javax.security.sasl.AuthorizeCallback)
Callback(javax.security.auth.callback.Callback)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
Example 34 with AuthorizeCallback
use of javax.security.sasl.AuthorizeCallback in project hive by apache.
the class MetaStorePlainSaslServer method evaluateResponse.
@Override
public byte[] evaluateResponse(byte[] response) throws SaslException {
try {
// parse the response
// message = [authzid] UTF8NUL authcid UTF8NUL passwd'
Deque<String> tokenList = new ArrayDeque<String>();
StringBuilder messageToken = new StringBuilder();
for (byte b : response) {
if (b == 0) {
tokenList.addLast(messageToken.toString());
messageToken = new StringBuilder();
} else {
messageToken.append((char) b);
}
}
tokenList.addLast(messageToken.toString());
// validate response
if (tokenList.size() < 2 || tokenList.size() > 3) {
throw new SaslException("Invalid message format");
}
String passwd = tokenList.removeLast();
user = tokenList.removeLast();
// optional authzid
String authzId;
if (tokenList.isEmpty()) {
authzId = user;
} else {
authzId = tokenList.removeLast();
}
if (user == null || user.isEmpty()) {
throw new SaslException("No user name provided");
}
if (passwd == null || passwd.isEmpty()) {
throw new SaslException("No password name provided");
}
NameCallback nameCallback = new NameCallback("User");
nameCallback.setName(user);
PasswordCallback pcCallback = new PasswordCallback("Password", false);
pcCallback.setPassword(passwd.toCharArray());
AuthorizeCallback acCallback = new AuthorizeCallback(user, authzId);
Callback[] cbList = { nameCallback, pcCallback, acCallback };
handler.handle(cbList);
if (!acCallback.isAuthorized()) {
throw new SaslException("Authentication failed");
}
} catch (IllegalStateException eL) {
throw new SaslException("Invalid message format", eL);
} catch (IOException eI) {
throw new SaslException("Error validating the login", eI);
} catch (UnsupportedCallbackException eU) {
throw new SaslException("Error validating the login", eU);
}
return null;
}
Also used :
IOException(java.io.IOException)
SaslException(javax.security.sasl.SaslException)
ArrayDeque(java.util.ArrayDeque)
AuthorizeCallback(javax.security.sasl.AuthorizeCallback)
NameCallback(javax.security.auth.callback.NameCallback)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
NameCallback(javax.security.auth.callback.NameCallback)
AuthorizeCallback(javax.security.sasl.AuthorizeCallback)
Callback(javax.security.auth.callback.Callback)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
Example 35 with AuthorizeCallback
use of javax.security.sasl.AuthorizeCallback in project zookeeper by apache.
the class SaslClientCallbackHandler method handle.
public void handle(Callback[] callbacks) throws UnsupportedCallbackException {
for (Callback callback : callbacks) {
if (callback instanceof NameCallback) {
NameCallback nc = (NameCallback) callback;
nc.setName(nc.getDefaultName());
} else {
if (callback instanceof PasswordCallback) {
PasswordCallback pc = (PasswordCallback) callback;
if (password != null) {
pc.setPassword(this.password.toCharArray());
} else {
LOG.warn("Could not login: the {} is being asked for a password, but the ZooKeeper {}" + " code does not currently support obtaining a password from the user." + " Make sure that the {} is configured to use a ticket cache (using" + " the JAAS configuration setting 'useTicketCache=true)' and restart the {}. If" + " you still get this message after that, the TGT in the ticket cache has expired and must" + " be manually refreshed. To do so, first determine if you are using a password or a" + " keytab. If the former, run kinit in a Unix shell in the environment of the user who" + " is running this Zookeeper {} using the command" + " 'kinit <princ>' (where <princ> is the name of the {}'s Kerberos principal)." + " If the latter, do" + " 'kinit -k -t <keytab> <princ>' (where <princ> is the name of the Kerberos principal, and" + " <keytab> is the location of the keytab file). After manually refreshing your cache," + " restart this {}. If you continue to see this message after manually refreshing" + " your cache, ensure that your KDC host's clock is in sync with this host's clock.", entity, entity, entity, entity, entity, entity, entity);
}
} else {
if (callback instanceof RealmCallback) {
RealmCallback rc = (RealmCallback) callback;
rc.setText(rc.getDefaultText());
} else {
if (callback instanceof AuthorizeCallback) {
AuthorizeCallback ac = (AuthorizeCallback) callback;
String authid = ac.getAuthenticationID();
String authzid = ac.getAuthorizationID();
if (authid.equals(authzid)) {
ac.setAuthorized(true);
} else {
ac.setAuthorized(false);
}
if (ac.isAuthorized()) {
ac.setAuthorizedID(authzid);
}
} else {
throw new UnsupportedCallbackException(callback, "Unrecognized SASL " + entity + "Callback");
}
}
}
}
}
}
Also used :
RealmCallback(javax.security.sasl.RealmCallback)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
NameCallback(javax.security.auth.callback.NameCallback)
AuthorizeCallback(javax.security.sasl.AuthorizeCallback)
Callback(javax.security.auth.callback.Callback)
NameCallback(javax.security.auth.callback.NameCallback)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
AuthorizeCallback(javax.security.sasl.AuthorizeCallback)
RealmCallback(javax.security.sasl.RealmCallback)
Aggregations
AuthorizeCallback (javax.security.sasl.AuthorizeCallback)36
Callback (javax.security.auth.callback.Callback)29
NameCallback (javax.security.auth.callback.NameCallback)28
PasswordCallback (javax.security.auth.callback.PasswordCallback)26
UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)26
RealmCallback (javax.security.sasl.RealmCallback)16
IOException (java.io.IOException)12
SaslException (javax.security.sasl.SaslException)9
HashMap (java.util.HashMap)5
Map (java.util.Map)5
SaslServer (javax.security.sasl.SaslServer)3
TProtocolFactory (org.apache.thrift.protocol.TProtocolFactory)3
TSaslServerTransport (org.apache.thrift.transport.TSaslServerTransport)3
TTransportFactory (org.apache.thrift.transport.TTransportFactory)3
InetAddress (java.net.InetAddress)2
InetSocketAddress (java.net.InetSocketAddress)2
ArrayDeque (java.util.ArrayDeque)2
List (java.util.List)2
ExecutorService (java.util.concurrent.ExecutorService)2
LinkedBlockingQueue (java.util.concurrent.LinkedBlockingQueue)2
