Example 6 with AuthToken
use of org.jivesoftware.openfire.auth.AuthToken in project Openfire by igniterealtime.
the class XMPPCallbackHandler method handle.
@Override
public void handle(final Callback[] callbacks) throws IOException, UnsupportedCallbackException {
String realm;
String name = null;
for (Callback callback : callbacks) {
if (callback instanceof RealmCallback) {
((RealmCallback) callback).setText(XMPPServer.getInstance().getServerInfo().getXMPPDomain());
} else if (callback instanceof NameCallback) {
name = ((NameCallback) callback).getName();
if (name == null) {
name = ((NameCallback) callback).getDefaultName();
}
//Log.debug("XMPPCallbackHandler: NameCallback: " + name);
} else if (callback instanceof PasswordCallback) {
try {
// Get the password from the UserProvider. Some UserProviders may not support
// this operation
((PasswordCallback) callback).setPassword(AuthFactory.getPassword(name).toCharArray());
//Log.debug("XMPPCallbackHandler: PasswordCallback");
} catch (UserNotFoundException | UnsupportedOperationException e) {
throw new IOException(e.toString());
}
} else if (callback instanceof VerifyPasswordCallback) {
//Log.debug("XMPPCallbackHandler: VerifyPasswordCallback");
VerifyPasswordCallback vpcb = (VerifyPasswordCallback) callback;
try {
AuthToken at = AuthFactory.authenticate(name, new String(vpcb.getPassword()));
vpcb.setVerified((at != null));
} catch (Exception e) {
vpcb.setVerified(false);
}
} else if (callback instanceof AuthorizeCallback) {
//Log.debug("XMPPCallbackHandler: AuthorizeCallback");
AuthorizeCallback authCallback = ((AuthorizeCallback) callback);
// Principal that authenticated
String principal = authCallback.getAuthenticationID();
// Username requested (not full JID)
String username = authCallback.getAuthorizationID();
// a lot of users to fail to log in if their clients is sending an incorrect value
if (username != null && username.contains("@")) {
username = username.substring(0, username.lastIndexOf("@"));
}
if (principal.equals(username)) {
//client perhaps made no request, get default username
username = AuthorizationManager.map(principal);
if (Log.isDebugEnabled()) {
//Log.debug("XMPPCallbackHandler: no username requested, using " + username);
}
}
if (AuthorizationManager.authorize(username, principal)) {
if (Log.isDebugEnabled()) {
//Log.debug("XMPPCallbackHandler: " + principal + " authorized to " + username);
}
authCallback.setAuthorized(true);
authCallback.setAuthorizedID(username);
} else {
if (Log.isDebugEnabled()) {
//Log.debug("XMPPCallbackHandler: " + principal + " not authorized to " + username);
}
authCallback.setAuthorized(false);
}
} else {
if (Log.isDebugEnabled()) {
//Log.debug("XMPPCallbackHandler: Callback: " + callback.getClass().getSimpleName());
}
throw new UnsupportedCallbackException(callback, "Unrecognized Callback");
}
}
}
Also used :
UserNotFoundException(org.jivesoftware.openfire.user.UserNotFoundException)
VerifyPasswordCallback(org.jivesoftware.openfire.sasl.VerifyPasswordCallback)
IOException(java.io.IOException)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
IOException(java.io.IOException)
UserNotFoundException(org.jivesoftware.openfire.user.UserNotFoundException)
AuthorizeCallback(javax.security.sasl.AuthorizeCallback)
RealmCallback(javax.security.sasl.RealmCallback)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
NameCallback(javax.security.auth.callback.NameCallback)
VerifyPasswordCallback(org.jivesoftware.openfire.sasl.VerifyPasswordCallback)
AuthorizeCallback(javax.security.sasl.AuthorizeCallback)
Callback(javax.security.auth.callback.Callback)
NameCallback(javax.security.auth.callback.NameCallback)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
VerifyPasswordCallback(org.jivesoftware.openfire.sasl.VerifyPasswordCallback)
AuthToken(org.jivesoftware.openfire.auth.AuthToken)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
RealmCallback(javax.security.sasl.RealmCallback)
Example 7 with AuthToken
use of org.jivesoftware.openfire.auth.AuthToken in project Openfire by igniterealtime.
the class LocalClientSession method setAnonymousAuth.
/**
* Initialize the session as an anonymous login. This automatically upgrades the session's
* status to authenticated and enables many features that are not available until
* authenticated (obtaining managers for example).<p>
*/
public void setAnonymousAuth() {
// Anonymous users have a full JID. Use the random resource as the JID's node
String resource = getAddress().getResource();
setAddress(new JID(resource, getServerName(), resource, true));
setStatus(Session.STATUS_AUTHENTICATED);
if (authToken == null) {
authToken = new AuthToken(resource, true);
}
// Add session to the session manager. The session will be added to the routing table as well
sessionManager.addSession(this);
}Example 8 with AuthToken
use of org.jivesoftware.openfire.auth.AuthToken in project Openfire by igniterealtime.
the class IQAuthHandler method login.
private IQ login(String username, Element iq, IQ packet, String password, LocalClientSession session, String digest) throws UnauthorizedException, UserNotFoundException, ConnectionException, InternalUnauthenticatedException {
// Verify the validity of the username
if (username == null || username.trim().length() == 0) {
throw new UnauthorizedException("Invalid username (empty or null).");
}
try {
Stringprep.nodeprep(username);
} catch (StringprepException e) {
throw new UnauthorizedException("Invalid username: " + username, e);
}
// Verify that specified resource is not violating any string prep rule
String resource = iq.elementText("resource");
if (resource != null) {
try {
resource = JID.resourceprep(resource);
} catch (StringprepException e) {
throw new UnauthorizedException("Invalid resource: " + resource, e);
}
} else {
// Answer a not_acceptable error since a resource was not supplied
IQ response = IQ.createResultIQ(packet);
response.setChildElement(packet.getChildElement().createCopy());
response.setError(PacketError.Condition.not_acceptable);
return response;
}
if (!JiveGlobals.getBooleanProperty("xmpp.auth.iqauth", true)) {
throw new UnauthorizedException();
}
username = username.toLowerCase();
// Verify that supplied username and password are correct (i.e. user authentication was successful)
AuthToken token = null;
if (AuthFactory.supportsPasswordRetrieval()) {
if (password != null) {
token = AuthFactory.authenticate(username, password);
} else if (digest != null) {
token = authenticate(username, session.getStreamID().toString(), digest);
}
}
if (token == null) {
throw new UnauthorizedException();
}
// Verify if there is a resource conflict between new resource and existing one.
// Check if a session already exists with the requested full JID and verify if
// we should kick it off or refuse the new connection
ClientSession oldSession = routingTable.getClientRoute(new JID(username, serverName, resource, true));
if (oldSession != null) {
try {
int conflictLimit = sessionManager.getConflictKickLimit();
if (conflictLimit == SessionManager.NEVER_KICK) {
IQ response = IQ.createResultIQ(packet);
response.setChildElement(packet.getChildElement().createCopy());
response.setError(PacketError.Condition.forbidden);
return response;
}
int conflictCount = oldSession.incrementConflictCount();
if (conflictCount > conflictLimit) {
// Send a stream:error before closing the old connection
StreamError error = new StreamError(StreamError.Condition.conflict);
oldSession.deliverRawText(error.toXML());
oldSession.close();
} else {
IQ response = IQ.createResultIQ(packet);
response.setChildElement(packet.getChildElement().createCopy());
response.setError(PacketError.Condition.forbidden);
return response;
}
} catch (Exception e) {
Log.error("Error during login", e);
}
}
// Set that the new session has been authenticated successfully
session.setAuthToken(token, resource);
packet.setFrom(session.getAddress());
return IQ.createResultIQ(packet);
}
Also used :
StringprepException(gnu.inet.encoding.StringprepException)
StreamError(org.xmpp.packet.StreamError)
JID(org.xmpp.packet.JID)
LocalClientSession(org.jivesoftware.openfire.session.LocalClientSession)
ClientSession(org.jivesoftware.openfire.session.ClientSession)
UnauthorizedException(org.jivesoftware.openfire.auth.UnauthorizedException)
IQ(org.xmpp.packet.IQ)
AuthToken(org.jivesoftware.openfire.auth.AuthToken)
StringprepException(gnu.inet.encoding.StringprepException)
PacketException(org.jivesoftware.openfire.PacketException)
UnauthorizedException(org.jivesoftware.openfire.auth.UnauthorizedException)
ConnectionException(org.jivesoftware.openfire.auth.ConnectionException)
UserNotFoundException(org.jivesoftware.openfire.user.UserNotFoundException)
InternalUnauthenticatedException(org.jivesoftware.openfire.auth.InternalUnauthenticatedException)
Aggregations
AuthToken (org.jivesoftware.openfire.auth.AuthToken)8
UnauthorizedException (org.jivesoftware.openfire.auth.UnauthorizedException)4
UserNotFoundException (org.jivesoftware.openfire.user.UserNotFoundException)4
JID (org.xmpp.packet.JID)3
StringprepException (gnu.inet.encoding.StringprepException)2
IOException (java.io.IOException)2
ClientSession (org.jivesoftware.openfire.session.ClientSession)2
LocalClientSession (org.jivesoftware.openfire.session.LocalClientSession)2
IQ (org.xmpp.packet.IQ)2
StreamError (org.xmpp.packet.StreamError)2
Principal (java.security.Principal)1
Subject (javax.security.auth.Subject)1
Callback (javax.security.auth.callback.Callback)1
NameCallback (javax.security.auth.callback.NameCallback)1
PasswordCallback (javax.security.auth.callback.PasswordCallback)1
UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)1
AuthorizeCallback (javax.security.sasl.AuthorizeCallback)1
RealmCallback (javax.security.sasl.RealmCallback)1
Element (org.dom4j.Element)1
UserIdentity (org.eclipse.jetty.server.UserIdentity)1
