Search in sources :

Example 1 with GmsHeader

use of org.jgroups.protocols.pbcast.GMS.GmsHeader in project JGroups by belaban.

the class SASL method up.

@Override
public Object up(Message msg) {
    SaslHeader saslHeader = msg.getHeader(SASL_ID);
    GmsHeader gmsHeader = msg.getHeader(GMS_ID);
    Address remoteAddress = msg.getSrc();
    if (needsAuthentication(gmsHeader, remoteAddress)) {
        if (saslHeader == null)
            throw new IllegalStateException("Found GMS join or merge request but no SASL header");
        if (!serverChallenge(gmsHeader, saslHeader, msg))
            // failed auth, don't pass up
            return null;
    } else if (saslHeader != null) {
        SaslContext saslContext = sasl_context.get(remoteAddress);
        if (saslContext == null) {
            throw new IllegalStateException(String.format("Cannot find server context to challenge SASL request from %s", remoteAddress.toString()));
        }
        switch(saslHeader.getType()) {
            case CHALLENGE:
                try {
                    if (log.isTraceEnabled())
                        log.trace("%s: received CHALLENGE from %s", getAddress(), remoteAddress);
                    // the response computed can be null if the challenge-response cycle has ended
                    Message response = saslContext.nextMessage(remoteAddress, saslHeader);
                    if (response != null) {
                        if (log.isTraceEnabled())
                            log.trace("%s: sending RESPONSE to %s", getAddress(), remoteAddress);
                        down_prot.down(response);
                    } else {
                        if (!saslContext.isSuccessful()) {
                            throw new SaslException("computed response is null but challenge-response cycle not complete!");
                        }
                        if (log.isTraceEnabled())
                            log.trace("%s: authentication complete from %s", getAddress(), remoteAddress);
                    }
                } catch (SaslException e) {
                    disposeContext(remoteAddress);
                    if (log.isWarnEnabled()) {
                        log.warn(getAddress() + ": failed to validate CHALLENGE from " + remoteAddress + ", token", e);
                    }
                }
                break;
            case RESPONSE:
                try {
                    if (log.isTraceEnabled())
                        log.trace("%s: received RESPONSE from %s", getAddress(), remoteAddress);
                    Message challenge = saslContext.nextMessage(remoteAddress, saslHeader);
                    // the challenge computed can be null if the challenge-response cycle has ended
                    if (challenge != null) {
                        if (log.isTraceEnabled())
                            log.trace("%s: sending CHALLENGE to %s", getAddress(), remoteAddress);
                        down_prot.down(challenge);
                    } else {
                        if (!saslContext.isSuccessful()) {
                            throw new SaslException("computed challenge is null but challenge-response cycle not complete!");
                        }
                        if (log.isTraceEnabled())
                            log.trace("%s: authentication complete from %s", getAddress(), remoteAddress);
                    }
                } catch (SaslException e) {
                    disposeContext(remoteAddress);
                    if (log.isWarnEnabled()) {
                        log.warn("failed to validate RESPONSE from " + remoteAddress + ", token", e);
                    }
                }
                break;
        }
        return null;
    }
    return up_prot.up(msg);
}
Also used : Address(org.jgroups.Address) Message(org.jgroups.Message) GmsHeader(org.jgroups.protocols.pbcast.GMS.GmsHeader) SaslException(javax.security.sasl.SaslException) SaslContext(org.jgroups.auth.sasl.SaslContext)

Example 2 with GmsHeader

use of org.jgroups.protocols.pbcast.GMS.GmsHeader in project JGroups by belaban.

the class SASL method down.

public Object down(Message msg) {
    GmsHeader hdr = msg.getHeader(GMS_ID);
    Address remoteAddress = msg.getDest();
    if (needsAuthentication(hdr, remoteAddress)) {
        // We are a client who needs to authenticate
        SaslClientContext ctx = null;
        try {
            ctx = new SaslClientContext(saslClientFactory, mech, server_name != null ? server_name : remoteAddress.toString(), client_callback_handler, sasl_props, client_subject);
            sasl_context.put(remoteAddress, ctx);
            ctx.addHeader(msg, null);
        } catch (Exception e) {
            if (ctx != null) {
                disposeContext(remoteAddress);
            }
            throw new SecurityException(e);
        }
    }
    return down_prot.down(msg);
}
Also used : SaslClientContext(org.jgroups.auth.sasl.SaslClientContext) Address(org.jgroups.Address) GmsHeader(org.jgroups.protocols.pbcast.GMS.GmsHeader) SaslException(javax.security.sasl.SaslException)

Example 3 with GmsHeader

use of org.jgroups.protocols.pbcast.GMS.GmsHeader in project JGroups by belaban.

the class SASL method up.

@Override
public void up(MessageBatch batch) {
    for (Message msg : batch) {
        // If we have a join or merge request --> authenticate, else pass up
        GmsHeader gmsHeader = msg.getHeader(GMS_ID);
        Address remoteAddress = msg.getSrc();
        if (needsAuthentication(gmsHeader, remoteAddress)) {
            SaslHeader saslHeader = msg.getHeader(id);
            if (saslHeader == null) {
                log.warn("Found GMS join or merge request but no SASL header");
                sendRejectionMessage(gmsHeader.getType(), batch.sender(), "join or merge without an SASL header");
                batch.remove(msg);
            } else if (// authentication failed
            !serverChallenge(gmsHeader, saslHeader, msg))
                // don't pass up
                batch.remove(msg);
        }
    }
    if (!batch.isEmpty())
        up_prot.up(batch);
}
Also used : Message(org.jgroups.Message) Address(org.jgroups.Address) GmsHeader(org.jgroups.protocols.pbcast.GMS.GmsHeader)

Example 4 with GmsHeader

use of org.jgroups.protocols.pbcast.GMS.GmsHeader in project JGroups by belaban.

the class SASL method sendJoinRejectionMessage.

protected void sendJoinRejectionMessage(Address dest, String error_msg) {
    if (dest == null)
        return;
    // specify the error message on the JoinRsp
    JoinRsp joinRes = new JoinRsp(error_msg);
    Message msg = new Message(dest).putHeader(GMS_ID, new GmsHeader(GmsHeader.JOIN_RSP)).setBuffer(GMS.marshal(joinRes));
    down_prot.down(msg);
}
Also used : JoinRsp(org.jgroups.protocols.pbcast.JoinRsp) Message(org.jgroups.Message) GmsHeader(org.jgroups.protocols.pbcast.GMS.GmsHeader)

Example 5 with GmsHeader

use of org.jgroups.protocols.pbcast.GMS.GmsHeader in project JGroups by belaban.

the class SASL method sendMergeRejectionMessage.

protected void sendMergeRejectionMessage(Address dest) {
    Message msg = new Message(dest).setFlag(Message.Flag.OOB);
    GmsHeader hdr = new GmsHeader(GmsHeader.MERGE_RSP);
    hdr.setMergeRejected(true);
    msg.putHeader(GMS_ID, hdr);
    if (log.isDebugEnabled())
        log.debug("merge response=" + hdr);
    down_prot.down(msg);
}
Also used : Message(org.jgroups.Message) GmsHeader(org.jgroups.protocols.pbcast.GMS.GmsHeader)

Aggregations

GmsHeader (org.jgroups.protocols.pbcast.GMS.GmsHeader)5 Message (org.jgroups.Message)4 Address (org.jgroups.Address)3 SaslException (javax.security.sasl.SaslException)2 SaslClientContext (org.jgroups.auth.sasl.SaslClientContext)1 SaslContext (org.jgroups.auth.sasl.SaslContext)1 JoinRsp (org.jgroups.protocols.pbcast.JoinRsp)1