Java Code Examples for javax.security.sasl.AuthorizeCallback#setAuthorizedID()

The following examples show how to use javax.security.sasl.AuthorizeCallback#setAuthorizedID() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: SaslNettyServer.java    From herddb with Apache License 2.0 6 votes vote down vote up
private void handleAuthorizeCallback(AuthorizeCallback ac) {
    String authenticationID = ac.getAuthenticationID();
    String authorizationID = ac.getAuthorizationID();

    LOG.info("Successfully authenticated client: authenticationID=" + authenticationID
            + ";  authorizationID=" + authorizationID + ".");
    ac.setAuthorized(true);

    KerberosName kerberosName = new KerberosName(authenticationID);
    try {
        StringBuilder userNameBuilder = new StringBuilder(kerberosName.getShortName());
        userNameBuilder.append("/").append(kerberosName.getHostName());
        userNameBuilder.append("@").append(kerberosName.getRealm());
        LOG.info("Setting authorizedID: " + userNameBuilder);
        ac.setAuthorizedID(userNameBuilder.toString());
    } catch (IOException e) {
        LOG.severe("Failed to set name based on Kerberos authentication rules.");
    }
}
 
Example 2
Source File: SaslNettyServer.java    From blazingcache with Apache License 2.0 6 votes vote down vote up
private void handleAuthorizeCallback(AuthorizeCallback ac) {
    String authenticationID = ac.getAuthenticationID();
    String authorizationID = ac.getAuthorizationID();

    LOG.severe("Successfully authenticated client: authenticationID=" + authenticationID
        + ";  authorizationID=" + authorizationID + ".");
    ac.setAuthorized(true);

    KerberosName kerberosName = new KerberosName(authenticationID);
    try {
        StringBuilder userNameBuilder = new StringBuilder(kerberosName.getShortName());
        userNameBuilder.append("/").append(kerberosName.getHostName());
        userNameBuilder.append("@").append(kerberosName.getRealm());
        LOG.severe("Setting authorizedID: " + userNameBuilder);
        ac.setAuthorizedID(userNameBuilder.toString());
    } catch (IOException e) {
        LOG.severe("Failed to set name based on Kerberos authentication rules.");
    }
}
 
Example 3
Source File: ServerCallbackHandler.java    From jstorm with Apache License 2.0 6 votes vote down vote up
private void handleAuthorizeCallback(AuthorizeCallback ac) {
    String authenticationID = ac.getAuthenticationID();
    LOG.info("Successfully authenticated client: authenticationID=" + authenticationID + " authorizationID= " + ac.getAuthorizationID());

    // if authorizationId is not set, set it to authenticationId.
    if (ac.getAuthorizationID() == null) {
        ac.setAuthorizedID(authenticationID);
    }

    // When authNid and authZid are not equal , authNId is attempting to impersonate authZid, We
    // add the authNid as the real user in reqContext's subject which will be used during authorization.
    if (!ac.getAuthenticationID().equals(ac.getAuthorizationID())) {
        ReqContext.context().setRealPrincipal(new SaslTransportPlugin.User(ac.getAuthenticationID()));
    }

    ac.setAuthorized(true);
}
 
Example 4
Source File: ServerCallbackHandler.java    From jstorm with Apache License 2.0 6 votes vote down vote up
private void handleAuthorizeCallback(AuthorizeCallback ac) {
    String authenticationID = ac.getAuthenticationID();
    LOG.info("Successfully authenticated client: authenticationID = " + authenticationID + " authorizationID = " + ac.getAuthorizationID());

    // if authorizationId is not set, set it to authenticationId.
    if (ac.getAuthorizationID() == null) {
        ac.setAuthorizedID(authenticationID);
    }

    // When authNid and authZid are not equal , authNId is attempting to impersonate authZid, We
    // add the authNid as the real user in reqContext's subject which will be used during authorization.
    if (!authenticationID.equals(ac.getAuthorizationID())) {
        LOG.info("Impersonation attempt  authenticationID = " + ac.getAuthenticationID() + " authorizationID = " + ac.getAuthorizationID());
        ReqContext.context().setRealPrincipal(new SaslTransportPlugin.User(ac.getAuthenticationID()));
    }

    ac.setAuthorized(true);
}
 
Example 5
Source File: SaslNettyServer.java    From herddb with Apache License 2.0 5 votes vote down vote up
@Override
public void handle(Callback[] callbacks) throws
        UnsupportedCallbackException {
    for (Callback callback : callbacks) {
        if (callback instanceof NameCallback) {
            NameCallback nc = (NameCallback) callback;
            nc.setName(nc.getDefaultName());
        } else {
            if (callback instanceof PasswordCallback) {
                PasswordCallback pc = (PasswordCallback) callback;
                if (password != null) {
                    pc.setPassword(this.password.toCharArray());
                }
            } else {
                if (callback instanceof RealmCallback) {
                    RealmCallback rc = (RealmCallback) callback;
                    rc.setText(rc.getDefaultText());
                } else {
                    if (callback instanceof AuthorizeCallback) {
                        AuthorizeCallback ac = (AuthorizeCallback) callback;
                        String authid = ac.getAuthenticationID();
                        String authzid = ac.getAuthorizationID();
                        if (authid.equals(authzid)) {
                            ac.setAuthorized(true);
                        } else {
                            ac.setAuthorized(false);
                        }
                        if (ac.isAuthorized()) {
                            ac.setAuthorizedID(authzid);
                        }
                    } else {
                        throw new UnsupportedCallbackException(callback, "Unrecognized SASL ClientCallback");
                    }
                }
            }
        }
    }
}
 
Example 6
Source File: SaslNettyClient.java    From herddb with Apache License 2.0 5 votes vote down vote up
@Override
public void handle(Callback[] callbacks) throws
        UnsupportedCallbackException {
    for (Callback callback : callbacks) {
        if (callback instanceof NameCallback) {
            NameCallback nc = (NameCallback) callback;
            nc.setName(nc.getDefaultName());
        } else {
            if (callback instanceof PasswordCallback) {
                PasswordCallback pc = (PasswordCallback) callback;
                if (password != null) {
                    pc.setPassword(this.password.toCharArray());
                }
            } else {
                if (callback instanceof RealmCallback) {
                    RealmCallback rc = (RealmCallback) callback;
                    rc.setText(rc.getDefaultText());
                } else {
                    if (callback instanceof AuthorizeCallback) {
                        AuthorizeCallback ac = (AuthorizeCallback) callback;
                        String authid = ac.getAuthenticationID();
                        String authzid = ac.getAuthorizationID();
                        if (authid.equals(authzid)) {
                            ac.setAuthorized(true);
                        } else {
                            ac.setAuthorized(false);
                        }
                        if (ac.isAuthorized()) {
                            ac.setAuthorizedID(authzid);
                        }
                    } else {
                        throw new UnsupportedCallbackException(callback, "Unrecognized SASL ClientCallback");
                    }
                }
            }
        }
    }
}
 
Example 7
Source File: PulsarSaslClient.java    From pulsar with Apache License 2.0 5 votes vote down vote up
private void handleAuthorizeCallback(AuthorizeCallback ac) {
    String authid = ac.getAuthenticationID();
    String authzid = ac.getAuthorizationID();
    if (authid.equals(authzid)) {
        ac.setAuthorized(true);
    } else {
        ac.setAuthorized(false);
    }
    if (ac.isAuthorized()) {
        ac.setAuthorizedID(authzid);
    }
    log.info("Successfully authenticated. authenticationID: {};  authorizationID: {}.",
        authid, authzid);
}
 
Example 8
Source File: SaslNettyServer.java    From blazingcache with Apache License 2.0 5 votes vote down vote up
@Override
public void handle(Callback[] callbacks) throws
    UnsupportedCallbackException {
    for (Callback callback : callbacks) {
        if (callback instanceof NameCallback) {
            NameCallback nc = (NameCallback) callback;
            nc.setName(nc.getDefaultName());
        } else {
            if (callback instanceof PasswordCallback) {
                PasswordCallback pc = (PasswordCallback) callback;
                if (password != null) {
                    pc.setPassword(this.password.toCharArray());
                }
            } else {
                if (callback instanceof RealmCallback) {
                    RealmCallback rc = (RealmCallback) callback;
                    rc.setText(rc.getDefaultText());
                } else {
                    if (callback instanceof AuthorizeCallback) {
                        AuthorizeCallback ac = (AuthorizeCallback) callback;
                        String authid = ac.getAuthenticationID();
                        String authzid = ac.getAuthorizationID();
                        if (authid.equals(authzid)) {
                            ac.setAuthorized(true);
                        } else {
                            ac.setAuthorized(false);
                        }
                        if (ac.isAuthorized()) {
                            ac.setAuthorizedID(authzid);
                        }
                    } else {
                        throw new UnsupportedCallbackException(callback, "Unrecognized SASL ClientCallback");
                    }
                }
            }
        }
    }
}
 
Example 9
Source File: SaslNettyClient.java    From blazingcache with Apache License 2.0 5 votes vote down vote up
@Override
public void handle(Callback[] callbacks) throws
    UnsupportedCallbackException {
    for (Callback callback : callbacks) {
        if (callback instanceof NameCallback) {
            NameCallback nc = (NameCallback) callback;
            nc.setName(nc.getDefaultName());
        } else {
            if (callback instanceof PasswordCallback) {
                PasswordCallback pc = (PasswordCallback) callback;
                if (password != null) {
                    pc.setPassword(this.password.toCharArray());
                }
            } else {
                if (callback instanceof RealmCallback) {
                    RealmCallback rc = (RealmCallback) callback;
                    rc.setText(rc.getDefaultText());
                } else {
                    if (callback instanceof AuthorizeCallback) {
                        AuthorizeCallback ac = (AuthorizeCallback) callback;
                        String authid = ac.getAuthenticationID();
                        String authzid = ac.getAuthorizationID();
                        if (authid.equals(authzid)) {
                            ac.setAuthorized(true);
                        } else {
                            ac.setAuthorized(false);
                        }
                        if (ac.isAuthorized()) {
                            ac.setAuthorizedID(authzid);
                        }
                    } else {
                        throw new UnsupportedCallbackException(callback, "Unrecognized SASL ClientCallback");
                    }
                }
            }
        }
    }
}
 
Example 10
Source File: SaslPlainTextAuthenticator.java    From Krackle with Apache License 2.0 5 votes vote down vote up
@Override
public void handle(Callback[] callbacks) throws UnsupportedCallbackException {
	for (Callback callback : callbacks) {
		LOG.info("callback {} received", callback.toString());
		if (callback instanceof NameCallback) {
			NameCallback nc = (NameCallback) callback;
			nc.setName(nc.getDefaultName());
		} else {
			if (callback instanceof PasswordCallback) {
				// Call `setPassword` once we support obtaining a password from the user and update message below
				throw new UnsupportedCallbackException(callback, "Could not login: the client is being asked for a password, but the Kafka"
					 + " client code does not currently support obtaining a password from the user."
					 + " Make sure -Djava.security.auth.login.config property passed to JVM and"
					 + " the client is configured to use a ticket cache (using"
					 + " the JAAS configuration setting 'useTicketCache=true)'. Make sure you are using"
					 + " FQDN of the Kafka broker you are trying to connect to.");
			} else {
				if (callback instanceof RealmCallback) {
					RealmCallback rc = (RealmCallback) callback;
					rc.setText(rc.getDefaultText());
				} else {
					if (callback instanceof AuthorizeCallback) {
						AuthorizeCallback ac = (AuthorizeCallback) callback;
						String authId = ac.getAuthenticationID();
						String authzId = ac.getAuthorizationID();
						ac.setAuthorized(authId.equals(authzId));
						if (ac.isAuthorized()) {
							ac.setAuthorizedID(authzId);
						}
					} else {
						throw new UnsupportedCallbackException(callback, "Unrecognized SASL ClientCallback");
					}
				}
			}
		}
	}
}
 
Example 11
Source File: Login.java    From Krackle with Apache License 2.0 5 votes vote down vote up
@Override
public void handle(Callback[] callbacks) throws
	 UnsupportedCallbackException {
	for (Callback callback : callbacks) {
		if (callback instanceof NameCallback) {
			NameCallback nc = (NameCallback) callback;
			nc.setName(nc.getDefaultName());
		} else {
			if (callback instanceof PasswordCallback) {
				LOG.warn("Could not login: the client is being asked for a password");
			} else {
				if (callback instanceof RealmCallback) {
					RealmCallback rc = (RealmCallback) callback;
					rc.setText(rc.getDefaultText());
				} else {
					if (callback instanceof AuthorizeCallback) {
						AuthorizeCallback ac = (AuthorizeCallback) callback;
						String authid = ac.getAuthenticationID();
						String authzid = ac.getAuthorizationID();
						if (authid.equals(authzid)) {
							ac.setAuthorized(true);
						} else {
							ac.setAuthorized(false);
						}
						if (ac.isAuthorized()) {
							ac.setAuthorizedID(authzid);
						}
					} else {
						throw new UnsupportedCallbackException(callback, "Unrecognized SASL ClientCallback");
					}
				}
			}
		}
	}
}
 
Example 12
Source File: ClientCallbackHandler.java    From jstorm with Apache License 2.0 5 votes vote down vote up
/**
 * This method is invoked by SASL for authentication challenges
 * 
 * @param callbacks a collection of challenge callbacks
 */
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (Callback c : callbacks) {
        if (c instanceof NameCallback) {
            LOG.debug("name callback");
        } else if (c instanceof PasswordCallback) {
            LOG.debug("password callback");
            LOG.warn("Could not login: the client is being asked for a password, but the "
                    + " client code does not currently support obtaining a password from the user."
                    + " Make sure that the client is configured to use a ticket cache (using"
                    + " the JAAS configuration setting 'useTicketCache=true)' and restart the client. If"
                    + " you still get this message after that, the TGT in the ticket cache has expired and must"
                    + " be manually refreshed. To do so, first determine if you are using a password or a"
                    + " keytab. If the former, run kinit in a Unix shell in the environment of the user who" + " is running this client using the command"
                    + " 'kinit <princ>' (where <princ> is the name of the client's Kerberos principal)." + " If the latter, do"
                    + " 'kinit -k -t <keytab> <princ>' (where <princ> is the name of the Kerberos principal, and"
                    + " <keytab> is the location of the keytab file). After manually refreshing your cache,"
                    + " restart this client. If you continue to see this message after manually refreshing"
                    + " your cache, ensure that your KDC host's clock is in sync with this host's clock.");
        } else if (c instanceof AuthorizeCallback) {
            LOG.debug("authorization callback");
            AuthorizeCallback ac = (AuthorizeCallback) c;
            String authid = ac.getAuthenticationID();
            String authzid = ac.getAuthorizationID();
            if (authid.equals(authzid)) {
                ac.setAuthorized(true);
            } else {
                ac.setAuthorized(false);
            }
            if (ac.isAuthorized()) {
                ac.setAuthorizedID(authzid);
            }
        } else {
            throw new UnsupportedCallbackException(c);
        }
    }
}
 
Example 13
Source File: ClientCallbackHandler.java    From jstorm with Apache License 2.0 5 votes vote down vote up
/**
 * This method is invoked by SASL for authentication challenges
 * 
 * @param callbacks a collection of challenge callbacks
 */
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (Callback c : callbacks) {
        if (c instanceof NameCallback) {
            LOG.debug("name callback");
            NameCallback nc = (NameCallback) c;
            nc.setName(_username);
        } else if (c instanceof PasswordCallback) {
            LOG.debug("password callback");
            PasswordCallback pc = (PasswordCallback) c;
            if (_password != null) {
                pc.setPassword(_password.toCharArray());
            }
        } else if (c instanceof AuthorizeCallback) {
            LOG.debug("authorization callback");
            AuthorizeCallback ac = (AuthorizeCallback) c;
            String authid = ac.getAuthenticationID();
            String authzid = ac.getAuthorizationID();
            if (authid.equals(authzid)) {
                ac.setAuthorized(true);
            } else {
                ac.setAuthorized(false);
            }
            if (ac.isAuthorized()) {
                ac.setAuthorizedID(authzid);
            }
        } else if (c instanceof RealmCallback) {
            RealmCallback rc = (RealmCallback) c;
            ((RealmCallback) c).setText(rc.getDefaultText());
        } else {
            throw new UnsupportedCallbackException(c);
        }
    }
}