Java Code Examples for javax.security.sasl.AuthorizeCallback#isAuthorized()

The following examples show how to use javax.security.sasl.AuthorizeCallback#isAuthorized() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: SaslNettyServer.java    From herddb with Apache License 2.0 5 votes vote down vote up
@Override
public void handle(Callback[] callbacks) throws
        UnsupportedCallbackException {
    for (Callback callback : callbacks) {
        if (callback instanceof NameCallback) {
            NameCallback nc = (NameCallback) callback;
            nc.setName(nc.getDefaultName());
        } else {
            if (callback instanceof PasswordCallback) {
                PasswordCallback pc = (PasswordCallback) callback;
                if (password != null) {
                    pc.setPassword(this.password.toCharArray());
                }
            } else {
                if (callback instanceof RealmCallback) {
                    RealmCallback rc = (RealmCallback) callback;
                    rc.setText(rc.getDefaultText());
                } else {
                    if (callback instanceof AuthorizeCallback) {
                        AuthorizeCallback ac = (AuthorizeCallback) callback;
                        String authid = ac.getAuthenticationID();
                        String authzid = ac.getAuthorizationID();
                        if (authid.equals(authzid)) {
                            ac.setAuthorized(true);
                        } else {
                            ac.setAuthorized(false);
                        }
                        if (ac.isAuthorized()) {
                            ac.setAuthorizedID(authzid);
                        }
                    } else {
                        throw new UnsupportedCallbackException(callback, "Unrecognized SASL ClientCallback");
                    }
                }
            }
        }
    }
}
 
Example 2
Source File: SaslNettyClient.java    From herddb with Apache License 2.0 5 votes vote down vote up
@Override
public void handle(Callback[] callbacks) throws
        UnsupportedCallbackException {
    for (Callback callback : callbacks) {
        if (callback instanceof NameCallback) {
            NameCallback nc = (NameCallback) callback;
            nc.setName(nc.getDefaultName());
        } else {
            if (callback instanceof PasswordCallback) {
                PasswordCallback pc = (PasswordCallback) callback;
                if (password != null) {
                    pc.setPassword(this.password.toCharArray());
                }
            } else {
                if (callback instanceof RealmCallback) {
                    RealmCallback rc = (RealmCallback) callback;
                    rc.setText(rc.getDefaultText());
                } else {
                    if (callback instanceof AuthorizeCallback) {
                        AuthorizeCallback ac = (AuthorizeCallback) callback;
                        String authid = ac.getAuthenticationID();
                        String authzid = ac.getAuthorizationID();
                        if (authid.equals(authzid)) {
                            ac.setAuthorized(true);
                        } else {
                            ac.setAuthorized(false);
                        }
                        if (ac.isAuthorized()) {
                            ac.setAuthorizedID(authzid);
                        }
                    } else {
                        throw new UnsupportedCallbackException(callback, "Unrecognized SASL ClientCallback");
                    }
                }
            }
        }
    }
}
 
Example 3
Source File: PulsarSaslClient.java    From pulsar with Apache License 2.0 5 votes vote down vote up
private void handleAuthorizeCallback(AuthorizeCallback ac) {
    String authid = ac.getAuthenticationID();
    String authzid = ac.getAuthorizationID();
    if (authid.equals(authzid)) {
        ac.setAuthorized(true);
    } else {
        ac.setAuthorized(false);
    }
    if (ac.isAuthorized()) {
        ac.setAuthorizedID(authzid);
    }
    log.info("Successfully authenticated. authenticationID: {};  authorizationID: {}.",
        authid, authzid);
}
 
Example 4
Source File: SaslNettyServer.java    From blazingcache with Apache License 2.0 5 votes vote down vote up
@Override
public void handle(Callback[] callbacks) throws
    UnsupportedCallbackException {
    for (Callback callback : callbacks) {
        if (callback instanceof NameCallback) {
            NameCallback nc = (NameCallback) callback;
            nc.setName(nc.getDefaultName());
        } else {
            if (callback instanceof PasswordCallback) {
                PasswordCallback pc = (PasswordCallback) callback;
                if (password != null) {
                    pc.setPassword(this.password.toCharArray());
                }
            } else {
                if (callback instanceof RealmCallback) {
                    RealmCallback rc = (RealmCallback) callback;
                    rc.setText(rc.getDefaultText());
                } else {
                    if (callback instanceof AuthorizeCallback) {
                        AuthorizeCallback ac = (AuthorizeCallback) callback;
                        String authid = ac.getAuthenticationID();
                        String authzid = ac.getAuthorizationID();
                        if (authid.equals(authzid)) {
                            ac.setAuthorized(true);
                        } else {
                            ac.setAuthorized(false);
                        }
                        if (ac.isAuthorized()) {
                            ac.setAuthorizedID(authzid);
                        }
                    } else {
                        throw new UnsupportedCallbackException(callback, "Unrecognized SASL ClientCallback");
                    }
                }
            }
        }
    }
}
 
Example 5
Source File: SaslNettyClient.java    From blazingcache with Apache License 2.0 5 votes vote down vote up
@Override
public void handle(Callback[] callbacks) throws
    UnsupportedCallbackException {
    for (Callback callback : callbacks) {
        if (callback instanceof NameCallback) {
            NameCallback nc = (NameCallback) callback;
            nc.setName(nc.getDefaultName());
        } else {
            if (callback instanceof PasswordCallback) {
                PasswordCallback pc = (PasswordCallback) callback;
                if (password != null) {
                    pc.setPassword(this.password.toCharArray());
                }
            } else {
                if (callback instanceof RealmCallback) {
                    RealmCallback rc = (RealmCallback) callback;
                    rc.setText(rc.getDefaultText());
                } else {
                    if (callback instanceof AuthorizeCallback) {
                        AuthorizeCallback ac = (AuthorizeCallback) callback;
                        String authid = ac.getAuthenticationID();
                        String authzid = ac.getAuthorizationID();
                        if (authid.equals(authzid)) {
                            ac.setAuthorized(true);
                        } else {
                            ac.setAuthorized(false);
                        }
                        if (ac.isAuthorized()) {
                            ac.setAuthorizedID(authzid);
                        }
                    } else {
                        throw new UnsupportedCallbackException(callback, "Unrecognized SASL ClientCallback");
                    }
                }
            }
        }
    }
}
 
Example 6
Source File: SaslPlainTextAuthenticator.java    From Krackle with Apache License 2.0 5 votes vote down vote up
@Override
public void handle(Callback[] callbacks) throws UnsupportedCallbackException {
	for (Callback callback : callbacks) {
		LOG.info("callback {} received", callback.toString());
		if (callback instanceof NameCallback) {
			NameCallback nc = (NameCallback) callback;
			nc.setName(nc.getDefaultName());
		} else {
			if (callback instanceof PasswordCallback) {
				// Call `setPassword` once we support obtaining a password from the user and update message below
				throw new UnsupportedCallbackException(callback, "Could not login: the client is being asked for a password, but the Kafka"
					 + " client code does not currently support obtaining a password from the user."
					 + " Make sure -Djava.security.auth.login.config property passed to JVM and"
					 + " the client is configured to use a ticket cache (using"
					 + " the JAAS configuration setting 'useTicketCache=true)'. Make sure you are using"
					 + " FQDN of the Kafka broker you are trying to connect to.");
			} else {
				if (callback instanceof RealmCallback) {
					RealmCallback rc = (RealmCallback) callback;
					rc.setText(rc.getDefaultText());
				} else {
					if (callback instanceof AuthorizeCallback) {
						AuthorizeCallback ac = (AuthorizeCallback) callback;
						String authId = ac.getAuthenticationID();
						String authzId = ac.getAuthorizationID();
						ac.setAuthorized(authId.equals(authzId));
						if (ac.isAuthorized()) {
							ac.setAuthorizedID(authzId);
						}
					} else {
						throw new UnsupportedCallbackException(callback, "Unrecognized SASL ClientCallback");
					}
				}
			}
		}
	}
}
 
Example 7
Source File: Login.java    From Krackle with Apache License 2.0 5 votes vote down vote up
@Override
public void handle(Callback[] callbacks) throws
	 UnsupportedCallbackException {
	for (Callback callback : callbacks) {
		if (callback instanceof NameCallback) {
			NameCallback nc = (NameCallback) callback;
			nc.setName(nc.getDefaultName());
		} else {
			if (callback instanceof PasswordCallback) {
				LOG.warn("Could not login: the client is being asked for a password");
			} else {
				if (callback instanceof RealmCallback) {
					RealmCallback rc = (RealmCallback) callback;
					rc.setText(rc.getDefaultText());
				} else {
					if (callback instanceof AuthorizeCallback) {
						AuthorizeCallback ac = (AuthorizeCallback) callback;
						String authid = ac.getAuthenticationID();
						String authzid = ac.getAuthorizationID();
						if (authid.equals(authzid)) {
							ac.setAuthorized(true);
						} else {
							ac.setAuthorized(false);
						}
						if (ac.isAuthorized()) {
							ac.setAuthorizedID(authzid);
						}
					} else {
						throw new UnsupportedCallbackException(callback, "Unrecognized SASL ClientCallback");
					}
				}
			}
		}
	}
}
 
Example 8
Source File: ClientCallbackHandler.java    From jstorm with Apache License 2.0 5 votes vote down vote up
/**
 * This method is invoked by SASL for authentication challenges
 * 
 * @param callbacks a collection of challenge callbacks
 */
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (Callback c : callbacks) {
        if (c instanceof NameCallback) {
            LOG.debug("name callback");
        } else if (c instanceof PasswordCallback) {
            LOG.debug("password callback");
            LOG.warn("Could not login: the client is being asked for a password, but the "
                    + " client code does not currently support obtaining a password from the user."
                    + " Make sure that the client is configured to use a ticket cache (using"
                    + " the JAAS configuration setting 'useTicketCache=true)' and restart the client. If"
                    + " you still get this message after that, the TGT in the ticket cache has expired and must"
                    + " be manually refreshed. To do so, first determine if you are using a password or a"
                    + " keytab. If the former, run kinit in a Unix shell in the environment of the user who" + " is running this client using the command"
                    + " 'kinit <princ>' (where <princ> is the name of the client's Kerberos principal)." + " If the latter, do"
                    + " 'kinit -k -t <keytab> <princ>' (where <princ> is the name of the Kerberos principal, and"
                    + " <keytab> is the location of the keytab file). After manually refreshing your cache,"
                    + " restart this client. If you continue to see this message after manually refreshing"
                    + " your cache, ensure that your KDC host's clock is in sync with this host's clock.");
        } else if (c instanceof AuthorizeCallback) {
            LOG.debug("authorization callback");
            AuthorizeCallback ac = (AuthorizeCallback) c;
            String authid = ac.getAuthenticationID();
            String authzid = ac.getAuthorizationID();
            if (authid.equals(authzid)) {
                ac.setAuthorized(true);
            } else {
                ac.setAuthorized(false);
            }
            if (ac.isAuthorized()) {
                ac.setAuthorizedID(authzid);
            }
        } else {
            throw new UnsupportedCallbackException(c);
        }
    }
}
 
Example 9
Source File: ClientCallbackHandler.java    From jstorm with Apache License 2.0 5 votes vote down vote up
/**
 * This method is invoked by SASL for authentication challenges
 * 
 * @param callbacks a collection of challenge callbacks
 */
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (Callback c : callbacks) {
        if (c instanceof NameCallback) {
            LOG.debug("name callback");
            NameCallback nc = (NameCallback) c;
            nc.setName(_username);
        } else if (c instanceof PasswordCallback) {
            LOG.debug("password callback");
            PasswordCallback pc = (PasswordCallback) c;
            if (_password != null) {
                pc.setPassword(_password.toCharArray());
            }
        } else if (c instanceof AuthorizeCallback) {
            LOG.debug("authorization callback");
            AuthorizeCallback ac = (AuthorizeCallback) c;
            String authid = ac.getAuthenticationID();
            String authzid = ac.getAuthorizationID();
            if (authid.equals(authzid)) {
                ac.setAuthorized(true);
            } else {
                ac.setAuthorized(false);
            }
            if (ac.isAuthorized()) {
                ac.setAuthorizedID(authzid);
            }
        } else if (c instanceof RealmCallback) {
            RealmCallback rc = (RealmCallback) c;
            ((RealmCallback) c).setText(rc.getDefaultText());
        } else {
            throw new UnsupportedCallbackException(c);
        }
    }
}
 
Example 10
Source File: SaslServerPlainImpl.java    From Openfire with Apache License 2.0 4 votes vote down vote up
/**
 * Evaluates the response data and generates a challenge.
 *
 * If a response is received from the client during the authentication
 * process, this method is called to prepare an appropriate next
 * challenge to submit to the client. The challenge is null if the
 * authentication has succeeded and no more challenge data is to be sent
 * to the client. It is non-null if the authentication must be continued
 * by sending a challenge to the client, or if the authentication has
 * succeeded but challenge data needs to be processed by the client.
 * {@code isComplete()} should be called
 * after each call to {@code evaluateResponse()},to determine if any further
 * response is needed from the client.
 *
 * @param response The non-null (but possibly empty) response sent
 * by the client.
 *
 * @return The possibly null challenge to send to the client.
 * It is null if the authentication has succeeded and there is
 * no more challenge data to be sent to the client.
 * @exception SaslException If an error occurred while processing
 * the response or generating a challenge.
 */
@Override
public byte[] evaluateResponse(byte[] response)
    throws SaslException {
    if (completed) {
        throw new IllegalStateException("PLAIN authentication already completed");
    }
    if (aborted) {
        throw new IllegalStateException("PLAIN authentication previously aborted due to error");
    }
    try {
        if(response.length != 0) {
            String data = new String(response, StandardCharsets.UTF_8);
            StringTokenizer tokens = new StringTokenizer(data, "\0");
            if (tokens.countTokens() > 2) {
                username = tokens.nextToken();
                principal = tokens.nextToken();
            } else {
                username = tokens.nextToken();
                principal = username;
            }
            password = tokens.nextToken();
            NameCallback ncb = new NameCallback("PLAIN authentication ID: ",principal);
            VerifyPasswordCallback vpcb = new VerifyPasswordCallback(password.toCharArray());
            cbh.handle(new Callback[]{ncb,vpcb});

            if (vpcb.getVerified()) {
                vpcb.clearPassword();
                AuthorizeCallback acb = new AuthorizeCallback(principal,username);
                cbh.handle(new Callback[]{acb});
                if(acb.isAuthorized()) {
                    username = acb.getAuthorizedID();
                    completed = true;
                } else {
                    completed = true;
                    username = null;
                    throw new SaslException("PLAIN: user not authorized: "+principal);
                }
            } else {
                throw new SaslException("PLAIN: user not authorized: "+principal);
            }
        } else {
            //Client gave no initial response
            if( counter++ > 1 ) {
                throw new SaslException("PLAIN expects a response");
            }
            return null;
        }
    } catch (UnsupportedCallbackException | IOException | NoSuchElementException e) {
        aborted = true;
        throw new SaslException("PLAIN authentication failed for: "+username, e);
    }
    return null;
}
 
Example 11
Source File: PlainSaslServer.java    From incubator-retired-blur with Apache License 2.0 4 votes vote down vote up
public byte[] evaluateResponse(byte[] response) throws SaslException {
  try {
    // parse the response
    // message   = [authzid] UTF8NUL authcid UTF8NUL passwd'

    Deque<String> tokenList = new ArrayDeque<String>();
    StringBuilder messageToken = new StringBuilder();
    for (byte b : response) {
      if (b == 0) {
        tokenList.addLast(messageToken.toString());
        messageToken = new StringBuilder();
      } else {
        messageToken.append((char)b);
      }
    }
    tokenList.addLast(messageToken.toString());

    // validate response
    if ((tokenList.size() < 2) || (tokenList.size() > 3)) {
      throw new SaslException("Invalid message format");
    }
    _passwd = tokenList.removeLast();
    _user = tokenList.removeLast();
    // optional authzid
    if (!tokenList.isEmpty()) {
      _authzId = tokenList.removeLast();
    } else {
      _authzId = _user;
    }
    if (_user == null || _user.isEmpty()) {
      throw new SaslException("No user name provide");
    }
    if (_passwd == null || _passwd.isEmpty()) {
      throw new SaslException("No password name provide");
    }

    NameCallback nameCallback = new NameCallback("User");
    nameCallback.setName(_user);
    PasswordCallback pcCallback = new PasswordCallback("Password", false);
    pcCallback.setPassword(_passwd.toCharArray());
    AuthorizeCallback acCallback = new AuthorizeCallback(_user, _authzId);

    Callback[] cbList = new Callback[] {nameCallback, pcCallback, acCallback};
    _handler.handle(cbList);
    if (!acCallback.isAuthorized()) {
      throw new SaslException("Authentication failed");
    }
  } catch (IllegalStateException eL) {
    throw new SaslException("Invalid message format", eL);
  } catch (IOException eI) {
    throw new SaslException("Error validating the login", eI);
  } catch (UnsupportedCallbackException eU) {
    throw new SaslException("Error validating the login", eU);
  }
  return null;
}