Example 1 with GmsHeader
use of org.jgroups.protocols.pbcast.GMS.GmsHeader in project JGroups by belaban.
the class SASL method up.
@Override
public Object up(Message msg) {
SaslHeader saslHeader = msg.getHeader(SASL_ID);
GmsHeader gmsHeader = msg.getHeader(GMS_ID);
Address remoteAddress = msg.getSrc();
if (needsAuthentication(gmsHeader, remoteAddress)) {
if (saslHeader == null)
throw new IllegalStateException("Found GMS join or merge request but no SASL header");
if (!serverChallenge(gmsHeader, saslHeader, msg))
// failed auth, don't pass up
return null;
} else if (saslHeader != null) {
SaslContext saslContext = sasl_context.get(remoteAddress);
if (saslContext == null) {
throw new IllegalStateException(String.format("Cannot find server context to challenge SASL request from %s", remoteAddress.toString()));
}
switch(saslHeader.getType()) {
case CHALLENGE:
try {
if (log.isTraceEnabled())
log.trace("%s: received CHALLENGE from %s", getAddress(), remoteAddress);
// the response computed can be null if the challenge-response cycle has ended
Message response = saslContext.nextMessage(remoteAddress, saslHeader);
if (response != null) {
if (log.isTraceEnabled())
log.trace("%s: sending RESPONSE to %s", getAddress(), remoteAddress);
down_prot.down(response);
} else {
if (!saslContext.isSuccessful()) {
throw new SaslException("computed response is null but challenge-response cycle not complete!");
}
if (log.isTraceEnabled())
log.trace("%s: authentication complete from %s", getAddress(), remoteAddress);
}
} catch (SaslException e) {
disposeContext(remoteAddress);
if (log.isWarnEnabled()) {
log.warn(getAddress() + ": failed to validate CHALLENGE from " + remoteAddress + ", token", e);
}
}
break;
case RESPONSE:
try {
if (log.isTraceEnabled())
log.trace("%s: received RESPONSE from %s", getAddress(), remoteAddress);
Message challenge = saslContext.nextMessage(remoteAddress, saslHeader);
// the challenge computed can be null if the challenge-response cycle has ended
if (challenge != null) {
if (log.isTraceEnabled())
log.trace("%s: sending CHALLENGE to %s", getAddress(), remoteAddress);
down_prot.down(challenge);
} else {
if (!saslContext.isSuccessful()) {
throw new SaslException("computed challenge is null but challenge-response cycle not complete!");
}
if (log.isTraceEnabled())
log.trace("%s: authentication complete from %s", getAddress(), remoteAddress);
}
} catch (SaslException e) {
disposeContext(remoteAddress);
if (log.isWarnEnabled()) {
log.warn("failed to validate RESPONSE from " + remoteAddress + ", token", e);
}
}
break;
}
return null;
}
return up_prot.up(msg);
}
Also used :
Address(org.jgroups.Address)
Message(org.jgroups.Message)
GmsHeader(org.jgroups.protocols.pbcast.GMS.GmsHeader)
SaslException(javax.security.sasl.SaslException)
SaslContext(org.jgroups.auth.sasl.SaslContext)
Example 2 with GmsHeader
use of org.jgroups.protocols.pbcast.GMS.GmsHeader in project JGroups by belaban.
the class SASL method down.
public Object down(Message msg) {
GmsHeader hdr = msg.getHeader(GMS_ID);
Address remoteAddress = msg.getDest();
if (needsAuthentication(hdr, remoteAddress)) {
// We are a client who needs to authenticate
SaslClientContext ctx = null;
try {
ctx = new SaslClientContext(saslClientFactory, mech, server_name != null ? server_name : remoteAddress.toString(), client_callback_handler, sasl_props, client_subject);
sasl_context.put(remoteAddress, ctx);
ctx.addHeader(msg, null);
} catch (Exception e) {
if (ctx != null) {
disposeContext(remoteAddress);
}
throw new SecurityException(e);
}
}
return down_prot.down(msg);
}
Also used :
SaslClientContext(org.jgroups.auth.sasl.SaslClientContext)
Address(org.jgroups.Address)
GmsHeader(org.jgroups.protocols.pbcast.GMS.GmsHeader)
SaslException(javax.security.sasl.SaslException)
Example 3 with GmsHeader
use of org.jgroups.protocols.pbcast.GMS.GmsHeader in project JGroups by belaban.
the class SASL method up.
@Override
public void up(MessageBatch batch) {
for (Message msg : batch) {
// If we have a join or merge request --> authenticate, else pass up
GmsHeader gmsHeader = msg.getHeader(GMS_ID);
Address remoteAddress = msg.getSrc();
if (needsAuthentication(gmsHeader, remoteAddress)) {
SaslHeader saslHeader = msg.getHeader(id);
if (saslHeader == null) {
log.warn("Found GMS join or merge request but no SASL header");
sendRejectionMessage(gmsHeader.getType(), batch.sender(), "join or merge without an SASL header");
batch.remove(msg);
} else if (// authentication failed
!serverChallenge(gmsHeader, saslHeader, msg))
// don't pass up
batch.remove(msg);
}
}
if (!batch.isEmpty())
up_prot.up(batch);
}Example 4 with GmsHeader
use of org.jgroups.protocols.pbcast.GMS.GmsHeader in project JGroups by belaban.
the class SASL method sendJoinRejectionMessage.
protected void sendJoinRejectionMessage(Address dest, String error_msg) {
if (dest == null)
return;
// specify the error message on the JoinRsp
JoinRsp joinRes = new JoinRsp(error_msg);
Message msg = new Message(dest).putHeader(GMS_ID, new GmsHeader(GmsHeader.JOIN_RSP)).setBuffer(GMS.marshal(joinRes));
down_prot.down(msg);
}Example 5 with GmsHeader
use of org.jgroups.protocols.pbcast.GMS.GmsHeader in project JGroups by belaban.
the class SASL method sendMergeRejectionMessage.
protected void sendMergeRejectionMessage(Address dest) {
Message msg = new Message(dest).setFlag(Message.Flag.OOB);
GmsHeader hdr = new GmsHeader(GmsHeader.MERGE_RSP);
hdr.setMergeRejected(true);
msg.putHeader(GMS_ID, hdr);
if (log.isDebugEnabled())
log.debug("merge response=" + hdr);
down_prot.down(msg);
}Aggregations
GmsHeader (org.jgroups.protocols.pbcast.GMS.GmsHeader)5
Message (org.jgroups.Message)4
Address (org.jgroups.Address)3
SaslException (javax.security.sasl.SaslException)2
SaslClientContext (org.jgroups.auth.sasl.SaslClientContext)1
SaslContext (org.jgroups.auth.sasl.SaslContext)1
JoinRsp (org.jgroups.protocols.pbcast.JoinRsp)1
