use of org.apache.karaf.jaas.boot.principal.ClientPrincipal in project karaf by apache.
the class KarafJaasAuthenticator method doLogin.
private boolean doLogin(final ServerSession session, CallbackHandler callbackHandler) {
try {
Subject subject = new Subject();
subject.getPrincipals().add(new ClientPrincipal("ssh", session.getClientAddress().toString()));
LoginContext loginContext = new LoginContext(realm, subject, callbackHandler);
loginContext.login();
assertRolePresent(subject);
session.setAttribute(SUBJECT_ATTRIBUTE_KEY, subject);
return true;
} catch (Exception e) {
LOGGER.debug("User authentication failed with " + e.getMessage(), e);
return false;
}
}
use of org.apache.karaf.jaas.boot.principal.ClientPrincipal in project karaf by apache.
the class JaasAuthenticator method handle.
@Override
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
NameCallback tmpNameCallback = null;
PasswordCallback tmpPasswordCallback = null;
AuthorizeCallback tmpAuthorizeCallback = null;
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof NameCallback) {
tmpNameCallback = NameCallback.class.cast(callbacks[i]);
} else if (callbacks[i] instanceof PasswordCallback) {
tmpPasswordCallback = PasswordCallback.class.cast(callbacks[i]);
} else if (callbacks[i] instanceof AuthorizeCallback) {
tmpAuthorizeCallback = AuthorizeCallback.class.cast(callbacks[i]);
} else {
throw new UnsupportedCallbackException(callbacks[i]);
}
}
Subject subject = new Subject();
try {
subject.getPrincipals().add(new ClientPrincipal("jmx", RemoteServer.getClientHost()));
} catch (Throwable t) {
// Ignore
}
try {
final NameCallback localNameCallback = tmpNameCallback;
final PasswordCallback localPasswordCallback = tmpPasswordCallback;
LoginContext loginContext = new LoginContext(realm, subject, cb -> {
for (Callback callback : cb) {
if (callback instanceof NameCallback) {
((NameCallback) callback).setName(localNameCallback.getName());
} else if (callback instanceof PasswordCallback) {
((PasswordCallback) callback).setPassword(localPasswordCallback.getPassword());
} else {
throw new UnsupportedCallbackException(callback);
}
}
});
loginContext.login();
} catch (Exception e) {
throw new SecurityException("Authentication failed", e);
}
int roleCount = 0;
for (Principal principal : subject.getPrincipals()) {
if (principal instanceof RolePrincipal) {
roleCount++;
}
}
if (roleCount == 0) {
throw new SecurityException("User doesn't have role defined");
}
tmpAuthorizeCallback.setAuthorized(true);
}
Aggregations