Search in sources :

Example 6 with ClientPrincipal

use of org.apache.karaf.jaas.boot.principal.ClientPrincipal in project karaf by apache.

the class KarafJaasAuthenticator method doLogin.

private boolean doLogin(final ServerSession session, CallbackHandler callbackHandler) {
    try {
        Subject subject = new Subject();
        subject.getPrincipals().add(new ClientPrincipal("ssh", session.getClientAddress().toString()));
        LoginContext loginContext = new LoginContext(realm, subject, callbackHandler);
        loginContext.login();
        assertRolePresent(subject);
        session.setAttribute(SUBJECT_ATTRIBUTE_KEY, subject);
        return true;
    } catch (Exception e) {
        LOGGER.debug("User authentication failed with " + e.getMessage(), e);
        return false;
    }
}
Also used : LoginContext(javax.security.auth.login.LoginContext) ClientPrincipal(org.apache.karaf.jaas.boot.principal.ClientPrincipal) Subject(javax.security.auth.Subject) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) FailedLoginException(javax.security.auth.login.FailedLoginException)

Example 7 with ClientPrincipal

use of org.apache.karaf.jaas.boot.principal.ClientPrincipal in project karaf by apache.

the class JaasAuthenticator method handle.

@Override
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    NameCallback tmpNameCallback = null;
    PasswordCallback tmpPasswordCallback = null;
    AuthorizeCallback tmpAuthorizeCallback = null;
    for (int i = 0; i < callbacks.length; i++) {
        if (callbacks[i] instanceof NameCallback) {
            tmpNameCallback = NameCallback.class.cast(callbacks[i]);
        } else if (callbacks[i] instanceof PasswordCallback) {
            tmpPasswordCallback = PasswordCallback.class.cast(callbacks[i]);
        } else if (callbacks[i] instanceof AuthorizeCallback) {
            tmpAuthorizeCallback = AuthorizeCallback.class.cast(callbacks[i]);
        } else {
            throw new UnsupportedCallbackException(callbacks[i]);
        }
    }
    Subject subject = new Subject();
    try {
        subject.getPrincipals().add(new ClientPrincipal("jmx", RemoteServer.getClientHost()));
    } catch (Throwable t) {
    // Ignore
    }
    try {
        final NameCallback localNameCallback = tmpNameCallback;
        final PasswordCallback localPasswordCallback = tmpPasswordCallback;
        LoginContext loginContext = new LoginContext(realm, subject, cb -> {
            for (Callback callback : cb) {
                if (callback instanceof NameCallback) {
                    ((NameCallback) callback).setName(localNameCallback.getName());
                } else if (callback instanceof PasswordCallback) {
                    ((PasswordCallback) callback).setPassword(localPasswordCallback.getPassword());
                } else {
                    throw new UnsupportedCallbackException(callback);
                }
            }
        });
        loginContext.login();
    } catch (Exception e) {
        throw new SecurityException("Authentication failed", e);
    }
    int roleCount = 0;
    for (Principal principal : subject.getPrincipals()) {
        if (principal instanceof RolePrincipal) {
            roleCount++;
        }
    }
    if (roleCount == 0) {
        throw new SecurityException("User doesn't have role defined");
    }
    tmpAuthorizeCallback.setAuthorized(true);
}
Also used : ClientPrincipal(org.apache.karaf.jaas.boot.principal.ClientPrincipal) AuthorizeCallback(javax.security.sasl.AuthorizeCallback) Subject(javax.security.auth.Subject) LoginException(javax.security.auth.login.LoginException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) IOException(java.io.IOException) FailedLoginException(javax.security.auth.login.FailedLoginException) NameCallback(javax.security.auth.callback.NameCallback) LoginContext(javax.security.auth.login.LoginContext) PasswordCallback(javax.security.auth.callback.PasswordCallback) NameCallback(javax.security.auth.callback.NameCallback) AuthorizeCallback(javax.security.sasl.AuthorizeCallback) Callback(javax.security.auth.callback.Callback) PasswordCallback(javax.security.auth.callback.PasswordCallback) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal) ClientPrincipal(org.apache.karaf.jaas.boot.principal.ClientPrincipal) RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal) Principal(java.security.Principal)

Aggregations

ClientPrincipal (org.apache.karaf.jaas.boot.principal.ClientPrincipal)7 Subject (javax.security.auth.Subject)6 Principal (java.security.Principal)4 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)4 FailedLoginException (javax.security.auth.login.FailedLoginException)4 LoginContext (javax.security.auth.login.LoginContext)4 Callback (javax.security.auth.callback.Callback)3 NameCallback (javax.security.auth.callback.NameCallback)3 PasswordCallback (javax.security.auth.callback.PasswordCallback)3 RolePrincipal (org.apache.karaf.jaas.boot.principal.RolePrincipal)3 LoginException (javax.security.auth.login.LoginException)2 AuthorizeCallback (javax.security.sasl.AuthorizeCallback)2 UserPrincipal (org.apache.karaf.jaas.boot.principal.UserPrincipal)2 IOException (java.io.IOException)1 GeneralSecurityException (java.security.GeneralSecurityException)1 HashMap (java.util.HashMap)1 AccountException (javax.security.auth.login.AccountException)1 NamePasswordCallbackHandler (org.apache.karaf.jaas.modules.NamePasswordCallbackHandler)1 Test (org.junit.Test)1