Examples with VerifyPasswordCallback - org.jivesoftware.openfire.sasl.VerifyPasswordCallback

Example 1 with VerifyPasswordCallback

use of org.jivesoftware.openfire.sasl.VerifyPasswordCallback in project Openfire by igniterealtime.

the class XMPPCallbackHandler method handle.

@Override
public void handle(final Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    String realm;
    String name = null;
    for (Callback callback : callbacks) {
        if (callback instanceof RealmCallback) {
            ((RealmCallback) callback).setText(XMPPServer.getInstance().getServerInfo().getXMPPDomain());
        } else if (callback instanceof NameCallback) {
            name = ((NameCallback) callback).getName();
            if (name == null) {
                name = ((NameCallback) callback).getDefaultName();
            }
        // Log.debug("XMPPCallbackHandler: NameCallback: " + name);
        } else if (callback instanceof PasswordCallback) {
            try {
                // Get the password from the UserProvider. Some UserProviders may not support
                // this operation
                ((PasswordCallback) callback).setPassword(AuthFactory.getPassword(name).toCharArray());
            // Log.debug("XMPPCallbackHandler: PasswordCallback");
            } catch (UserNotFoundException | UnsupportedOperationException e) {
                throw new IOException(e.toString());
            }
        } else if (callback instanceof VerifyPasswordCallback) {
            // Log.debug("XMPPCallbackHandler: VerifyPasswordCallback");
            VerifyPasswordCallback vpcb = (VerifyPasswordCallback) callback;
            try {
                AuthToken at = AuthFactory.authenticate(name, new String(vpcb.getPassword()));
                vpcb.setVerified((at != null));
            } catch (Exception e) {
                vpcb.setVerified(false);
            }
        } else if (callback instanceof AuthorizeCallback) {
            // Log.debug("XMPPCallbackHandler: AuthorizeCallback");
            AuthorizeCallback authCallback = ((AuthorizeCallback) callback);
            // Principal that authenticated
            String principal = authCallback.getAuthenticationID();
            // Username requested (not full JID)
            String username = authCallback.getAuthorizationID();
            // a lot of users to fail to log in if their clients is sending an incorrect value
            if (username != null && username.contains("@")) {
                username = username.substring(0, username.lastIndexOf("@"));
            }
            if (principal.equals(username)) {
                // client perhaps made no request, get default username
                username = AuthorizationManager.map(principal);
                if (Log.isDebugEnabled()) {
                // Log.debug("XMPPCallbackHandler: no username requested, using " + username);
                }
            }
            if (AuthorizationManager.authorize(username, principal)) {
                if (Log.isDebugEnabled()) {
                // Log.debug("XMPPCallbackHandler: " + principal + " authorized to " + username);
                }
                authCallback.setAuthorized(true);
                authCallback.setAuthorizedID(username);
            } else {
                if (Log.isDebugEnabled()) {
                // Log.debug("XMPPCallbackHandler: " + principal + " not authorized to " + username);
                }
                authCallback.setAuthorized(false);
            }
        } else {
            if (Log.isDebugEnabled()) {
            // Log.debug("XMPPCallbackHandler: Callback: " + callback.getClass().getSimpleName());
            }
            throw new UnsupportedCallbackException(callback, "Unrecognized Callback");
        }
    }
}

Also used : UserNotFoundException(org.jivesoftware.openfire.user.UserNotFoundException) VerifyPasswordCallback(org.jivesoftware.openfire.sasl.VerifyPasswordCallback) IOException(java.io.IOException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) IOException(java.io.IOException) UserNotFoundException(org.jivesoftware.openfire.user.UserNotFoundException) AuthorizeCallback(javax.security.sasl.AuthorizeCallback) RealmCallback(javax.security.sasl.RealmCallback) PasswordCallback(javax.security.auth.callback.PasswordCallback) NameCallback(javax.security.auth.callback.NameCallback) VerifyPasswordCallback(org.jivesoftware.openfire.sasl.VerifyPasswordCallback) AuthorizeCallback(javax.security.sasl.AuthorizeCallback) Callback(javax.security.auth.callback.Callback) NameCallback(javax.security.auth.callback.NameCallback) PasswordCallback(javax.security.auth.callback.PasswordCallback) VerifyPasswordCallback(org.jivesoftware.openfire.sasl.VerifyPasswordCallback) AuthToken(org.jivesoftware.openfire.auth.AuthToken) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) RealmCallback(javax.security.sasl.RealmCallback)

Aggregations

IOException (java.io.IOException)1 Callback (javax.security.auth.callback.Callback)1 NameCallback (javax.security.auth.callback.NameCallback)1 PasswordCallback (javax.security.auth.callback.PasswordCallback)1 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)1 AuthorizeCallback (javax.security.sasl.AuthorizeCallback)1 RealmCallback (javax.security.sasl.RealmCallback)1 AuthToken (org.jivesoftware.openfire.auth.AuthToken)1 VerifyPasswordCallback (org.jivesoftware.openfire.sasl.VerifyPasswordCallback)1 UserNotFoundException (org.jivesoftware.openfire.user.UserNotFoundException)1