Example 1 with SaslCallbackHandler
use of org.apache.directory.ldap.client.api.callback.SaslCallbackHandler in project directory-ldap-api by apache.
the class LdapNetworkConnection method bindAsync.
/**
* Do an asynchronous bind, based on a GssApiRequest.
*
* @param request The GssApiRequest POJO containing all the needed parameters
* @return The bind operation's future
* @throws LdapException if some error occurred
*/
public BindFuture bindAsync(SaslGssApiRequest request) throws LdapException {
// Krb5.conf file
if (request.getKrb5ConfFilePath() != null) {
// Using the krb5.conf file provided by the user
System.setProperty(KRB5_CONF, request.getKrb5ConfFilePath());
} else if ((request.getRealmName() != null) && (request.getKdcHost() != null) && (request.getKdcPort() != 0)) {
try {
// Using a custom krb5.conf we create from the settings provided by the user
String krb5ConfPath = createKrb5ConfFile(request.getRealmName(), request.getKdcHost(), request.getKdcPort());
System.setProperty(KRB5_CONF, krb5ConfPath);
} catch (IOException ioe) {
throw new LdapException(ioe);
}
} else {
// Using the system Kerberos configuration
System.clearProperty(KRB5_CONF);
}
// Login Module configuration
if (request.getLoginModuleConfiguration() != null) {
// Using the configuration provided by the user
Configuration.setConfiguration(request.getLoginModuleConfiguration());
} else {
// Using the default configuration
Configuration.setConfiguration(new Krb5LoginConfiguration());
}
try {
System.setProperty("javax.security.auth.useSubjectCredsOnly", "true");
LoginContext loginContext = new LoginContext(request.getLoginContextName(), new SaslCallbackHandler(request));
loginContext.login();
final SaslGssApiRequest requetFinal = request;
return (BindFuture) Subject.doAs(loginContext.getSubject(), new PrivilegedExceptionAction<Object>() {
@Override
public Object run() throws Exception {
return bindSasl(requetFinal);
}
});
} catch (Exception e) {
throw new LdapException(e);
}
}
Also used :
LoginContext(javax.security.auth.login.LoginContext)
SaslCallbackHandler(org.apache.directory.ldap.client.api.callback.SaslCallbackHandler)
IOException(java.io.IOException)
BindFuture(org.apache.directory.ldap.client.api.future.BindFuture)
PrivilegedExceptionAction(java.security.PrivilegedExceptionAction)
LdapException(org.apache.directory.api.ldap.model.exception.LdapException)
UnresolvedAddressException(java.nio.channels.UnresolvedAddressException)
ConnectException(java.net.ConnectException)
IOException(java.io.IOException)
LdapInvalidDnException(org.apache.directory.api.ldap.model.exception.LdapInvalidDnException)
InvalidConnectionException(org.apache.directory.ldap.client.api.exception.InvalidConnectionException)
LdapOperationException(org.apache.directory.api.ldap.model.exception.LdapOperationException)
LdapAuthenticationException(org.apache.directory.api.ldap.model.exception.LdapAuthenticationException)
MessageEncoderException(org.apache.directory.api.ldap.codec.api.MessageEncoderException)
CursorException(org.apache.directory.api.ldap.model.cursor.CursorException)
DecoderException(org.apache.directory.api.asn1.DecoderException)
LdapNoPermissionException(org.apache.directory.api.ldap.model.exception.LdapNoPermissionException)
LdapOtherException(org.apache.directory.api.ldap.model.exception.LdapOtherException)
ProtocolEncoderException(org.apache.mina.filter.codec.ProtocolEncoderException)
LdapException(org.apache.directory.api.ldap.model.exception.LdapException)
Example 2 with SaslCallbackHandler
use of org.apache.directory.ldap.client.api.callback.SaslCallbackHandler in project directory-ldap-api by apache.
the class LdapNetworkConnection method bindSasl.
/**
* Process the SASL Bind. It's a dialog with the server, we will send a first BindRequest, receive
* a response and the, if this response is a challenge, continue by sending a new BindRequest with
* the requested informations.
*
* @param saslRequest The SASL request object containing all the needed parameters
* @return A {@link BindResponse} containing the result
* @throws LdapException if some error occurred
*/
public BindFuture bindSasl(SaslRequest saslRequest) throws LdapException {
// First switch to anonymous state
authenticated.set(false);
// try to connect, if we aren't already connected.
connect();
// If the session has not been establish, or is closed, we get out immediately
checkSession();
BindRequest bindRequest = createBindRequest((String) null, null, saslRequest.getSaslMechanism(), saslRequest.getControls());
// Update the messageId
int newId = messageId.incrementAndGet();
bindRequest.setMessageId(newId);
if (LOG.isDebugEnabled()) {
LOG.debug(I18n.msg(I18n.MSG_03205_SENDING_REQUEST, bindRequest));
}
// Create a future for this Bind operation
BindFuture bindFuture = new BindFuture(this, newId);
// Store it in the future Map
addToFutureMap(newId, bindFuture);
try {
BindResponse bindResponse;
byte[] response;
ResultCodeEnum result;
// Creating a map for SASL properties
Map<String, Object> properties = new HashMap<>();
// Quality of Protection SASL property
if (saslRequest.getQualityOfProtection() != null) {
properties.put(Sasl.QOP, saslRequest.getQualityOfProtection().getValue());
}
// Security Strength SASL property
if (saslRequest.getSecurityStrength() != null) {
properties.put(Sasl.STRENGTH, saslRequest.getSecurityStrength().getValue());
}
// Mutual Authentication SASL property
if (saslRequest.isMutualAuthentication()) {
properties.put(Sasl.SERVER_AUTH, "true");
}
// Creating a SASL Client
SaslClient sc = Sasl.createSaslClient(new String[] { bindRequest.getSaslMechanism() }, saslRequest.getAuthorizationId(), "ldap", config.getLdapHost(), properties, new SaslCallbackHandler(saslRequest));
// for the requested mechanism. We then produce an Exception
if (sc == null) {
String message = "Cannot find a SASL factory for the " + bindRequest.getSaslMechanism() + " mechanism";
LOG.error(message);
throw new LdapException(message);
}
// deal with it immediately.
if (sc.hasInitialResponse()) {
byte[] challengeResponse = sc.evaluateChallenge(Strings.EMPTY_BYTES);
// Stores the challenge's response, and send it to the server
bindRequest.setCredentials(challengeResponse);
writeRequest(bindRequest);
// Get the server's response, blocking
bindResponse = bindFuture.get(timeout, TimeUnit.MILLISECONDS);
if (bindResponse == null) {
// We didn't received anything : this is an error
if (LOG.isErrorEnabled()) {
LOG.error(I18n.err(I18n.ERR_03203_OP_FAILED_TIMEOUT, "Bind"));
}
throw new LdapException(TIME_OUT_ERROR);
}
result = bindResponse.getLdapResult().getResultCode();
} else {
// Copy the bindRequest without setting the credentials
BindRequest bindRequestCopy = new BindRequestImpl();
bindRequestCopy.setMessageId(newId);
bindRequestCopy.setName(bindRequest.getName());
bindRequestCopy.setSaslMechanism(bindRequest.getSaslMechanism());
bindRequestCopy.setSimple(bindRequest.isSimple());
bindRequestCopy.setVersion3(bindRequest.getVersion3());
bindRequestCopy.addAllControls(bindRequest.getControls().values().toArray(new Control[0]));
writeRequest(bindRequestCopy);
bindResponse = bindFuture.get(timeout, TimeUnit.MILLISECONDS);
if (bindResponse == null) {
// We didn't received anything : this is an error
if (LOG.isErrorEnabled()) {
LOG.error(I18n.err(I18n.ERR_03203_OP_FAILED_TIMEOUT, "Bind"));
}
throw new LdapException(TIME_OUT_ERROR);
}
result = bindResponse.getLdapResult().getResultCode();
}
while (!sc.isComplete() && ((result == ResultCodeEnum.SASL_BIND_IN_PROGRESS) || (result == ResultCodeEnum.SUCCESS))) {
response = sc.evaluateChallenge(bindResponse.getServerSaslCreds());
if (result == ResultCodeEnum.SUCCESS) {
if (response != null) {
throw new LdapException("protocol error");
}
} else {
newId = messageId.incrementAndGet();
bindRequest.setMessageId(newId);
bindRequest.setCredentials(response);
addToFutureMap(newId, bindFuture);
writeRequest(bindRequest);
bindResponse = bindFuture.get(timeout, TimeUnit.MILLISECONDS);
if (bindResponse == null) {
// We didn't received anything : this is an error
if (LOG.isErrorEnabled()) {
LOG.error(I18n.err(I18n.ERR_03203_OP_FAILED_TIMEOUT, "Bind"));
}
throw new LdapException(TIME_OUT_ERROR);
}
result = bindResponse.getLdapResult().getResultCode();
}
}
bindFuture.set(bindResponse);
return bindFuture;
} catch (LdapException e) {
throw e;
} catch (Exception e) {
LOG.error(e.getMessage());
throw new LdapException(e);
}
}
Also used :
ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap)
HashMap(java.util.HashMap)
BindRequest(org.apache.directory.api.ldap.model.message.BindRequest)
BindFuture(org.apache.directory.ldap.client.api.future.BindFuture)
BindResponse(org.apache.directory.api.ldap.model.message.BindResponse)
UnresolvedAddressException(java.nio.channels.UnresolvedAddressException)
ConnectException(java.net.ConnectException)
IOException(java.io.IOException)
LdapInvalidDnException(org.apache.directory.api.ldap.model.exception.LdapInvalidDnException)
InvalidConnectionException(org.apache.directory.ldap.client.api.exception.InvalidConnectionException)
LdapOperationException(org.apache.directory.api.ldap.model.exception.LdapOperationException)
LdapAuthenticationException(org.apache.directory.api.ldap.model.exception.LdapAuthenticationException)
MessageEncoderException(org.apache.directory.api.ldap.codec.api.MessageEncoderException)
CursorException(org.apache.directory.api.ldap.model.cursor.CursorException)
DecoderException(org.apache.directory.api.asn1.DecoderException)
LdapNoPermissionException(org.apache.directory.api.ldap.model.exception.LdapNoPermissionException)
LdapOtherException(org.apache.directory.api.ldap.model.exception.LdapOtherException)
ProtocolEncoderException(org.apache.mina.filter.codec.ProtocolEncoderException)
LdapException(org.apache.directory.api.ldap.model.exception.LdapException)
ResultCodeEnum(org.apache.directory.api.ldap.model.message.ResultCodeEnum)
SaslClient(javax.security.sasl.SaslClient)
Control(org.apache.directory.api.ldap.model.message.Control)
OpaqueControl(org.apache.directory.api.ldap.model.message.controls.OpaqueControl)
SaslCallbackHandler(org.apache.directory.ldap.client.api.callback.SaslCallbackHandler)
LdapException(org.apache.directory.api.ldap.model.exception.LdapException)
BindRequestImpl(org.apache.directory.api.ldap.model.message.BindRequestImpl)
Aggregations
IOException (java.io.IOException)2
ConnectException (java.net.ConnectException)2
UnresolvedAddressException (java.nio.channels.UnresolvedAddressException)2
DecoderException (org.apache.directory.api.asn1.DecoderException)2
MessageEncoderException (org.apache.directory.api.ldap.codec.api.MessageEncoderException)2
CursorException (org.apache.directory.api.ldap.model.cursor.CursorException)2
LdapAuthenticationException (org.apache.directory.api.ldap.model.exception.LdapAuthenticationException)2
LdapException (org.apache.directory.api.ldap.model.exception.LdapException)2
LdapInvalidDnException (org.apache.directory.api.ldap.model.exception.LdapInvalidDnException)2
LdapNoPermissionException (org.apache.directory.api.ldap.model.exception.LdapNoPermissionException)2
LdapOperationException (org.apache.directory.api.ldap.model.exception.LdapOperationException)2
LdapOtherException (org.apache.directory.api.ldap.model.exception.LdapOtherException)2
SaslCallbackHandler (org.apache.directory.ldap.client.api.callback.SaslCallbackHandler)2
InvalidConnectionException (org.apache.directory.ldap.client.api.exception.InvalidConnectionException)2
BindFuture (org.apache.directory.ldap.client.api.future.BindFuture)2
ProtocolEncoderException (org.apache.mina.filter.codec.ProtocolEncoderException)2
PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)1
HashMap (java.util.HashMap)1
ConcurrentHashMap (java.util.concurrent.ConcurrentHashMap)1
LoginContext (javax.security.auth.login.LoginContext)1
