Search in sources :

Example 1 with OAuthBearerUnsecuredValidatorCallbackHandler

use of org.apache.kafka.common.security.oauthbearer.internals.unsecured.OAuthBearerUnsecuredValidatorCallbackHandler in project kafka by apache.

the class SaslChannelBuilder method createServerCallbackHandlers.

private void createServerCallbackHandlers(Map<String, ?> configs) {
    for (String mechanism : jaasContexts.keySet()) {
        AuthenticateCallbackHandler callbackHandler;
        String prefix = ListenerName.saslMechanismPrefix(mechanism);
        @SuppressWarnings("unchecked") Class<? extends AuthenticateCallbackHandler> clazz = (Class<? extends AuthenticateCallbackHandler>) configs.get(prefix + BrokerSecurityConfigs.SASL_SERVER_CALLBACK_HANDLER_CLASS);
        if (clazz != null)
            callbackHandler = Utils.newInstance(clazz);
        else if (mechanism.equals(PlainSaslServer.PLAIN_MECHANISM))
            callbackHandler = new PlainServerCallbackHandler();
        else if (ScramMechanism.isScram(mechanism))
            callbackHandler = new ScramServerCallbackHandler(credentialCache.cache(mechanism, ScramCredential.class), tokenCache);
        else if (mechanism.equals(OAuthBearerLoginModule.OAUTHBEARER_MECHANISM))
            callbackHandler = new OAuthBearerUnsecuredValidatorCallbackHandler();
        else
            callbackHandler = new SaslServerCallbackHandler();
        saslCallbackHandlers.put(mechanism, callbackHandler);
    }
}
Also used : OAuthBearerUnsecuredValidatorCallbackHandler(org.apache.kafka.common.security.oauthbearer.internals.unsecured.OAuthBearerUnsecuredValidatorCallbackHandler) ScramCredential(org.apache.kafka.common.security.scram.ScramCredential) ScramServerCallbackHandler(org.apache.kafka.common.security.scram.internals.ScramServerCallbackHandler) PlainServerCallbackHandler(org.apache.kafka.common.security.plain.internals.PlainServerCallbackHandler) SaslServerCallbackHandler(org.apache.kafka.common.security.authenticator.SaslServerCallbackHandler) AuthenticateCallbackHandler(org.apache.kafka.common.security.auth.AuthenticateCallbackHandler)

Example 2 with OAuthBearerUnsecuredValidatorCallbackHandler

use of org.apache.kafka.common.security.oauthbearer.internals.unsecured.OAuthBearerUnsecuredValidatorCallbackHandler in project kafka by apache.

the class OAuthBearerSaslServerTest method throwsAuthenticationExceptionOnInvalidExtensions.

/**
 * If the callback handler handles the `OAuthBearerExtensionsValidatorCallback`
 *  and finds an invalid extension, SaslServer should throw an authentication exception
 */
@Test
public void throwsAuthenticationExceptionOnInvalidExtensions() {
    OAuthBearerUnsecuredValidatorCallbackHandler invalidHandler = new OAuthBearerUnsecuredValidatorCallbackHandler() {

        @Override
        public void handle(Callback[] callbacks) throws UnsupportedCallbackException {
            for (Callback callback : callbacks) {
                if (callback instanceof OAuthBearerValidatorCallback) {
                    OAuthBearerValidatorCallback validationCallback = (OAuthBearerValidatorCallback) callback;
                    validationCallback.token(new OAuthBearerTokenMock());
                } else if (callback instanceof OAuthBearerExtensionsValidatorCallback) {
                    OAuthBearerExtensionsValidatorCallback extensionsCallback = (OAuthBearerExtensionsValidatorCallback) callback;
                    extensionsCallback.error("firstKey", "is not valid");
                    extensionsCallback.error("secondKey", "is not valid either");
                } else
                    throw new UnsupportedCallbackException(callback);
            }
        }
    };
    saslServer = new OAuthBearerSaslServer(invalidHandler);
    Map<String, String> customExtensions = new HashMap<>();
    customExtensions.put("firstKey", "value");
    customExtensions.put("secondKey", "value");
    assertThrows(SaslAuthenticationException.class, () -> saslServer.evaluateResponse(clientInitialResponse(null, false, customExtensions)));
}
Also used : OAuthBearerUnsecuredValidatorCallbackHandler(org.apache.kafka.common.security.oauthbearer.internals.unsecured.OAuthBearerUnsecuredValidatorCallbackHandler) OAuthBearerTokenMock(org.apache.kafka.common.security.oauthbearer.OAuthBearerTokenMock) OAuthBearerTokenCallback(org.apache.kafka.common.security.oauthbearer.OAuthBearerTokenCallback) OAuthBearerValidatorCallback(org.apache.kafka.common.security.oauthbearer.OAuthBearerValidatorCallback) OAuthBearerExtensionsValidatorCallback(org.apache.kafka.common.security.oauthbearer.OAuthBearerExtensionsValidatorCallback) Callback(javax.security.auth.callback.Callback) HashMap(java.util.HashMap) OAuthBearerValidatorCallback(org.apache.kafka.common.security.oauthbearer.OAuthBearerValidatorCallback) OAuthBearerExtensionsValidatorCallback(org.apache.kafka.common.security.oauthbearer.OAuthBearerExtensionsValidatorCallback) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) Test(org.junit.jupiter.api.Test)

Aggregations

OAuthBearerUnsecuredValidatorCallbackHandler (org.apache.kafka.common.security.oauthbearer.internals.unsecured.OAuthBearerUnsecuredValidatorCallbackHandler)2 HashMap (java.util.HashMap)1 Callback (javax.security.auth.callback.Callback)1 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)1 AuthenticateCallbackHandler (org.apache.kafka.common.security.auth.AuthenticateCallbackHandler)1 SaslServerCallbackHandler (org.apache.kafka.common.security.authenticator.SaslServerCallbackHandler)1 OAuthBearerExtensionsValidatorCallback (org.apache.kafka.common.security.oauthbearer.OAuthBearerExtensionsValidatorCallback)1 OAuthBearerTokenCallback (org.apache.kafka.common.security.oauthbearer.OAuthBearerTokenCallback)1 OAuthBearerTokenMock (org.apache.kafka.common.security.oauthbearer.OAuthBearerTokenMock)1 OAuthBearerValidatorCallback (org.apache.kafka.common.security.oauthbearer.OAuthBearerValidatorCallback)1 PlainServerCallbackHandler (org.apache.kafka.common.security.plain.internals.PlainServerCallbackHandler)1 ScramCredential (org.apache.kafka.common.security.scram.ScramCredential)1 ScramServerCallbackHandler (org.apache.kafka.common.security.scram.internals.ScramServerCallbackHandler)1 Test (org.junit.jupiter.api.Test)1