Example 6 with ClientPrincipal
use of org.apache.karaf.jaas.boot.principal.ClientPrincipal in project karaf by apache.
the class KarafJaasAuthenticator method doLogin.
private boolean doLogin(final ServerSession session, CallbackHandler callbackHandler) {
try {
Subject subject = new Subject();
subject.getPrincipals().add(new ClientPrincipal("ssh", session.getClientAddress().toString()));
LoginContext loginContext = new LoginContext(realm, subject, callbackHandler);
loginContext.login();
assertRolePresent(subject);
session.setAttribute(SUBJECT_ATTRIBUTE_KEY, subject);
return true;
} catch (Exception e) {
LOGGER.debug("User authentication failed with " + e.getMessage(), e);
return false;
}
}
Also used :
LoginContext(javax.security.auth.login.LoginContext)
ClientPrincipal(org.apache.karaf.jaas.boot.principal.ClientPrincipal)
Subject(javax.security.auth.Subject)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
FailedLoginException(javax.security.auth.login.FailedLoginException)
Example 7 with ClientPrincipal
use of org.apache.karaf.jaas.boot.principal.ClientPrincipal in project karaf by apache.
the class JaasAuthenticator method handle.
@Override
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
NameCallback tmpNameCallback = null;
PasswordCallback tmpPasswordCallback = null;
AuthorizeCallback tmpAuthorizeCallback = null;
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof NameCallback) {
tmpNameCallback = NameCallback.class.cast(callbacks[i]);
} else if (callbacks[i] instanceof PasswordCallback) {
tmpPasswordCallback = PasswordCallback.class.cast(callbacks[i]);
} else if (callbacks[i] instanceof AuthorizeCallback) {
tmpAuthorizeCallback = AuthorizeCallback.class.cast(callbacks[i]);
} else {
throw new UnsupportedCallbackException(callbacks[i]);
}
}
Subject subject = new Subject();
try {
subject.getPrincipals().add(new ClientPrincipal("jmx", RemoteServer.getClientHost()));
} catch (Throwable t) {
// Ignore
}
try {
final NameCallback localNameCallback = tmpNameCallback;
final PasswordCallback localPasswordCallback = tmpPasswordCallback;
LoginContext loginContext = new LoginContext(realm, subject, cb -> {
for (Callback callback : cb) {
if (callback instanceof NameCallback) {
((NameCallback) callback).setName(localNameCallback.getName());
} else if (callback instanceof PasswordCallback) {
((PasswordCallback) callback).setPassword(localPasswordCallback.getPassword());
} else {
throw new UnsupportedCallbackException(callback);
}
}
});
loginContext.login();
} catch (Exception e) {
throw new SecurityException("Authentication failed", e);
}
int roleCount = 0;
for (Principal principal : subject.getPrincipals()) {
if (principal instanceof RolePrincipal) {
roleCount++;
}
}
if (roleCount == 0) {
throw new SecurityException("User doesn't have role defined");
}
tmpAuthorizeCallback.setAuthorized(true);
}
Also used :
ClientPrincipal(org.apache.karaf.jaas.boot.principal.ClientPrincipal)
AuthorizeCallback(javax.security.sasl.AuthorizeCallback)
Subject(javax.security.auth.Subject)
LoginException(javax.security.auth.login.LoginException)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
IOException(java.io.IOException)
FailedLoginException(javax.security.auth.login.FailedLoginException)
NameCallback(javax.security.auth.callback.NameCallback)
LoginContext(javax.security.auth.login.LoginContext)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
NameCallback(javax.security.auth.callback.NameCallback)
AuthorizeCallback(javax.security.sasl.AuthorizeCallback)
Callback(javax.security.auth.callback.Callback)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal)
ClientPrincipal(org.apache.karaf.jaas.boot.principal.ClientPrincipal)
RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal)
Principal(java.security.Principal)
Aggregations
ClientPrincipal (org.apache.karaf.jaas.boot.principal.ClientPrincipal)7
Subject (javax.security.auth.Subject)6
Principal (java.security.Principal)4
UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)4
FailedLoginException (javax.security.auth.login.FailedLoginException)4
LoginContext (javax.security.auth.login.LoginContext)4
Callback (javax.security.auth.callback.Callback)3
NameCallback (javax.security.auth.callback.NameCallback)3
PasswordCallback (javax.security.auth.callback.PasswordCallback)3
RolePrincipal (org.apache.karaf.jaas.boot.principal.RolePrincipal)3
LoginException (javax.security.auth.login.LoginException)2
AuthorizeCallback (javax.security.sasl.AuthorizeCallback)2
UserPrincipal (org.apache.karaf.jaas.boot.principal.UserPrincipal)2
IOException (java.io.IOException)1
GeneralSecurityException (java.security.GeneralSecurityException)1
HashMap (java.util.HashMap)1
AccountException (javax.security.auth.login.AccountException)1
NamePasswordCallbackHandler (org.apache.karaf.jaas.modules.NamePasswordCallbackHandler)1
Test (org.junit.Test)1
