org.jboss.security.auth.callback.ObjectCallback Java Examples

The following examples show how to use org.jboss.security.auth.callback.ObjectCallback. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: DatawavePrincipalLoginModule.java    From datawave with Apache License 2.0 5 votes vote down vote up
protected DatawaveCredential getDatawaveCredential() throws LoginException {
    if (trace)
        log.trace("enter: getDatawaveCredential()");
    if (callbackHandler == null) {
        log.error("Error: no CallbackHandler available to collect authentication information");
        throw new LoginException("Error: no CallbackHandler available to collect authentication information");
    }
    NameCallback nc = new NameCallback("Username: ");
    ObjectCallback oc = new ObjectCallback("Credentials: ");
    Callback callbacks[] = {nc, oc};
    try {
        callbackHandler.handle(callbacks);
        
        // We use a custom authentication mechanism to convert the certificate into a DatawaveCredential.
        // The custom authentication mechanism checks the request for the X-ProxiedEntitiesChain/X-ProxiedIssuersChain
        // headers and uses them along with either the certificate subject and issuer DNs or trusted headers
        // (supplied by the load balancer) containing the subject and issuer DNs to construct a list of entities.
        Object tmpCreds = oc.getCredential();
        if (tmpCreds instanceof DatawaveCredential) {
            return (DatawaveCredential) tmpCreds;
        } else {
            String credentialClass = tmpCreds == null ? "null" : tmpCreds.getClass().getName();
            String msg = "Unknown credential class " + credentialClass + " is not a " + DatawaveCredential.class.getName();
            log.warn(msg);
            throw new LoginException(msg);
        }
    } catch (IOException e) {
        log.debug("Failed to invoke callback", e);
        throw new LoginException("Failed to invoke callback: " + e);
    } catch (UnsupportedCallbackException uce) {
        log.debug("CallbackHandler does not support: " + uce.getCallback());
        throw new LoginException("CallbackHandler does not support: " + uce.getCallback());
    } finally {
        if (trace)
            log.trace("exit: getDatawaveCredential()");
    }
}
 
Example #2
Source File: MockCallbackHandler.java    From datawave with Apache License 2.0 5 votes vote down vote up
@Override
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    assertEquals(2, callbacks.length);
    assertEquals(NameCallback.class, callbacks[0].getClass());
    assertEquals(ObjectCallback.class, callbacks[1].getClass());
    
    NameCallback nc = (NameCallback) callbacks[0];
    ObjectCallback oc = (ObjectCallback) callbacks[1];
    
    assertEquals(nameCallbackPrompt, nc.getPrompt());
    assertEquals(credentialsCallbackPrompt, oc.getPrompt());
    
    nc.setName(name);
    oc.setCredential(credential);
}
 
Example #3
Source File: PicketBoxCallbackHandler.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/**
 * @see CallbackHandler#handle(Callback[])
 */
public void handle(Callback[] callbacks) 
throws IOException, UnsupportedCallbackException
{
   int len = callbacks.length;
   if(len > 0)
   {
      for(Callback cb: callbacks)
      {
        if(cb instanceof NameCallback)
        {
           NameCallback nameCallback = (NameCallback) cb;
           nameCallback.setName(principal.getName());
        }
        else
        if(cb instanceof ObjectCallback)
        {
           ((ObjectCallback)cb).setCredential(credential);
        }
        else
        if(cb instanceof PasswordCallback)
        {
          char[] passwd = null;
          if(credential instanceof String)
          {
             passwd = ((String)credential).toCharArray();
          }
          else if(credential instanceof char[])
          {
             passwd = (char[]) credential;
          }
          ((PasswordCallback)cb).setPassword(passwd);
        }
        else
        throw PicketBoxMessages.MESSAGES.unableToHandleCallback(cb, this.getClass().getName(),
                cb.getClass().getCanonicalName());
      }
   }
}
 
Example #4
Source File: ClientLoginExampleBean.java    From datawave with Apache License 2.0 4 votes vote down vote up
@Schedule(hour = "*", minute = "*", second = "0", persistent = false)
public void doScheduledEvent() {
    try {
        // Grab the server certificate from the keystore (we are assuming it is the first one).
        // This is the credential we'll set on the object callback.
        KeyStore keystore = domain.getKeyStore();
        final X509Certificate cert = (X509Certificate) keystore.getCertificate(keystore.aliases().nextElement());
        
        // Compute the username. This would either be just a user DN if you are using a user's client
        // certificate, or a server DN combined with a proxied user DN as we demonstrate here.
        String userDN = System.getenv("USER_DN"); // Normally a username would go here. Hack for local testing--query the sid running jboss.
        String userIssuerDN = System.getenv("ISSUER_DN"); // We need the issuer of the user's cert. This needs to be set in the environment for this test.
        String serverDN = cert.getSubjectX500Principal().getName();
        String serverIssuerDN = cert.getIssuerX500Principal().getName();
        final String dn = DnUtils.buildNormalizedProxyDN(serverDN, serverIssuerDN, userDN, userIssuerDN);
        
        // Handle the callback for authentication. We expect two callbacks, a NameCallback and an ObjectCallback.
        CallbackHandler cbh = new CallbackHandler() {
            @Override
            public void handle(Callback[] callbacks) {
                NameCallback nc = (NameCallback) callbacks[0];
                ObjectCallback oc = (ObjectCallback) callbacks[1];
                nc.setName(dn);
                oc.setCredential(cert);
            }
        };
        
        // Authenticate to the DATAWAVE client domain. This saves the credentials
        // we passed in the callback handler above, and passes them along to the server
        // when we attempt any calls that require a login on the server.
        LoginContext lc = new LoginContext("datawave-client", cbh);
        lc.login();
        
        // Call secured EJBs
        try {
            AuthorizationsListBase auths = userOps.listEffectiveAuthorizations();
            System.err.println("***** Auths for user " + dn + " are: " + auths);
        } finally {
            // Logout, which will restore previous credentials, if any.
            // Be sure to do this in a finally block.
            lc.logout();
        }
    } catch (Exception e) {
        System.err.println("Error doing login!");
        e.printStackTrace(System.err);
    }
}