Example 6 with SaslExtensionsCallback
use of org.apache.kafka.common.security.auth.SaslExtensionsCallback in project kafka by apache.
the class SaslClientCallbackHandler method handle.
@Override
public void handle(Callback[] callbacks) throws UnsupportedCallbackException {
Subject subject = Subject.getSubject(AccessController.getContext());
for (Callback callback : callbacks) {
if (callback instanceof NameCallback) {
NameCallback nc = (NameCallback) callback;
if (subject != null && !subject.getPublicCredentials(String.class).isEmpty()) {
nc.setName(subject.getPublicCredentials(String.class).iterator().next());
} else
nc.setName(nc.getDefaultName());
} else if (callback instanceof PasswordCallback) {
if (subject != null && !subject.getPrivateCredentials(String.class).isEmpty()) {
char[] password = subject.getPrivateCredentials(String.class).iterator().next().toCharArray();
((PasswordCallback) callback).setPassword(password);
} else {
String errorMessage = "Could not login: the client is being asked for a password, but the Kafka" + " client code does not currently support obtaining a password from the user.";
throw new UnsupportedCallbackException(callback, errorMessage);
}
} else if (callback instanceof RealmCallback) {
RealmCallback rc = (RealmCallback) callback;
rc.setText(rc.getDefaultText());
} else if (callback instanceof AuthorizeCallback) {
AuthorizeCallback ac = (AuthorizeCallback) callback;
String authId = ac.getAuthenticationID();
String authzId = ac.getAuthorizationID();
ac.setAuthorized(authId.equals(authzId));
if (ac.isAuthorized())
ac.setAuthorizedID(authzId);
} else if (callback instanceof ScramExtensionsCallback) {
if (ScramMechanism.isScram(mechanism) && subject != null && !subject.getPublicCredentials(Map.class).isEmpty()) {
@SuppressWarnings("unchecked") Map<String, String> extensions = (Map<String, String>) subject.getPublicCredentials(Map.class).iterator().next();
((ScramExtensionsCallback) callback).extensions(extensions);
}
} else if (callback instanceof SaslExtensionsCallback) {
if (!SaslConfigs.GSSAPI_MECHANISM.equals(mechanism) && subject != null && !subject.getPublicCredentials(SaslExtensions.class).isEmpty()) {
SaslExtensions extensions = subject.getPublicCredentials(SaslExtensions.class).iterator().next();
((SaslExtensionsCallback) callback).extensions(extensions);
}
} else {
throw new UnsupportedCallbackException(callback, "Unrecognized SASL ClientCallback");
}
}
}
Also used :
Subject(javax.security.auth.Subject)
AuthorizeCallback(javax.security.sasl.AuthorizeCallback)
SaslExtensionsCallback(org.apache.kafka.common.security.auth.SaslExtensionsCallback)
RealmCallback(javax.security.sasl.RealmCallback)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
ScramExtensionsCallback(org.apache.kafka.common.security.scram.ScramExtensionsCallback)
SaslExtensionsCallback(org.apache.kafka.common.security.auth.SaslExtensionsCallback)
NameCallback(javax.security.auth.callback.NameCallback)
AuthorizeCallback(javax.security.sasl.AuthorizeCallback)
Callback(javax.security.auth.callback.Callback)
NameCallback(javax.security.auth.callback.NameCallback)
ScramExtensionsCallback(org.apache.kafka.common.security.scram.ScramExtensionsCallback)
SaslExtensions(org.apache.kafka.common.security.auth.SaslExtensions)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
Map(java.util.Map)
RealmCallback(javax.security.sasl.RealmCallback)
Example 7 with SaslExtensionsCallback
use of org.apache.kafka.common.security.auth.SaslExtensionsCallback in project kafka by apache.
the class OAuthBearerUnsecuredLoginCallbackHandlerTest method throwsErrorOnInvalidExtensionName.
@Test
public void throwsErrorOnInvalidExtensionName() {
Map<String, String> options = new HashMap<>();
options.put("unsecuredLoginExtension_test.Id", "1");
OAuthBearerUnsecuredLoginCallbackHandler callbackHandler = createCallbackHandler(options, new MockTime());
SaslExtensionsCallback callback = new SaslExtensionsCallback();
assertThrows(IOException.class, () -> callbackHandler.handle(new Callback[] { callback }));
}
Also used :
SaslExtensionsCallback(org.apache.kafka.common.security.auth.SaslExtensionsCallback)
OAuthBearerTokenCallback(org.apache.kafka.common.security.oauthbearer.OAuthBearerTokenCallback)
SaslExtensionsCallback(org.apache.kafka.common.security.auth.SaslExtensionsCallback)
Callback(javax.security.auth.callback.Callback)
HashMap(java.util.HashMap)
MockTime(org.apache.kafka.common.utils.MockTime)
Test(org.junit.jupiter.api.Test)
Aggregations
SaslExtensionsCallback (org.apache.kafka.common.security.auth.SaslExtensionsCallback)7
HashMap (java.util.HashMap)5
Test (org.junit.jupiter.api.Test)5
Callback (javax.security.auth.callback.Callback)4
OAuthBearerTokenCallback (org.apache.kafka.common.security.oauthbearer.OAuthBearerTokenCallback)3
MockTime (org.apache.kafka.common.utils.MockTime)3
UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)2
IOException (java.io.IOException)1
Map (java.util.Map)1
Subject (javax.security.auth.Subject)1
NameCallback (javax.security.auth.callback.NameCallback)1
PasswordCallback (javax.security.auth.callback.PasswordCallback)1
LoginException (javax.security.auth.login.LoginException)1
AuthorizeCallback (javax.security.sasl.AuthorizeCallback)1
RealmCallback (javax.security.sasl.RealmCallback)1
SaslExtensions (org.apache.kafka.common.security.auth.SaslExtensions)1
ScramExtensionsCallback (org.apache.kafka.common.security.scram.ScramExtensionsCallback)1
