Java Code Examples for javax.security.sasl.AuthorizeCallback#setAuthorized()
The following examples show how to use
javax.security.sasl.AuthorizeCallback#setAuthorized() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: ServerCallbackHandler.java From jstorm with Apache License 2.0 | 6 votes |
|
private void handleAuthorizeCallback(AuthorizeCallback ac) {
String authenticationID = ac.getAuthenticationID();
LOG.info("Successfully authenticated client: authenticationID = " + authenticationID + " authorizationID = " + ac.getAuthorizationID());
// if authorizationId is not set, set it to authenticationId.
if (ac.getAuthorizationID() == null) {
ac.setAuthorizedID(authenticationID);
}
// When authNid and authZid are not equal , authNId is attempting to impersonate authZid, We
// add the authNid as the real user in reqContext's subject which will be used during authorization.
if (!authenticationID.equals(ac.getAuthorizationID())) {
LOG.info("Impersonation attempt authenticationID = " + ac.getAuthenticationID() + " authorizationID = " + ac.getAuthorizationID());
ReqContext.context().setRealPrincipal(new SaslTransportPlugin.User(ac.getAuthenticationID()));
}
ac.setAuthorized(true);
}
Example 2
| Source File: ServerCallbackHandler.java From jstorm with Apache License 2.0 | 6 votes |
|
private void handleAuthorizeCallback(AuthorizeCallback ac) {
String authenticationID = ac.getAuthenticationID();
LOG.info("Successfully authenticated client: authenticationID=" + authenticationID + " authorizationID= " + ac.getAuthorizationID());
// if authorizationId is not set, set it to authenticationId.
if (ac.getAuthorizationID() == null) {
ac.setAuthorizedID(authenticationID);
}
// When authNid and authZid are not equal , authNId is attempting to impersonate authZid, We
// add the authNid as the real user in reqContext's subject which will be used during authorization.
if (!ac.getAuthenticationID().equals(ac.getAuthorizationID())) {
ReqContext.context().setRealPrincipal(new SaslTransportPlugin.User(ac.getAuthenticationID()));
}
ac.setAuthorized(true);
}
Example 3
| Source File: ServerCallbackHandler.java From tutorials with MIT License | 6 votes |
|
@Override
public void handle(Callback[] cbs) throws IOException, UnsupportedCallbackException {
for (Callback cb : cbs) {
if (cb instanceof AuthorizeCallback) {
AuthorizeCallback ac = (AuthorizeCallback) cb;
ac.setAuthorized(true);
} else if (cb instanceof NameCallback) {
NameCallback nc = (NameCallback) cb;
nc.setName("username");
} else if (cb instanceof PasswordCallback) {
PasswordCallback pc = (PasswordCallback) cb;
pc.setPassword("password".toCharArray());
} else if (cb instanceof RealmCallback) {
RealmCallback rc = (RealmCallback) cb;
rc.setText("myServer");
}
}
}
Example 4
| Source File: PulsarSaslServer.java From pulsar with Apache License 2.0 | 6 votes |
|
private void handleAuthorizeCallback(AuthorizeCallback ac) {
String authenticationID = ac.getAuthenticationID();
String authorizationID = ac.getAuthorizationID();
if (!authenticationID.equals(authorizationID)) {
ac.setAuthorized(false);
log.info("Forbidden access to client: authenticationID: {} is different from authorizationID: {}",
authenticationID, authorizationID);
return;
}
if (!allowedIdsPattern.matcher(authenticationID).matches()) {
ac.setAuthorized(false);
log.info("Forbidden access to client: authenticationID {}, is not allowed (see {} property).",
authenticationID, SaslConstants.JAAS_CLIENT_ALLOWED_IDS);
return;
}
ac.setAuthorized(true);
log.info("Successfully authenticated client: authenticationID: {}; authorizationID: {}.",
authenticationID, authorizationID);
}
Example 5
| Source File: SaslNettyServer.java From blazingcache with Apache License 2.0 | 6 votes |
|
private void handleAuthorizeCallback(AuthorizeCallback ac) {
String authenticationID = ac.getAuthenticationID();
String authorizationID = ac.getAuthorizationID();
LOG.severe("Successfully authenticated client: authenticationID=" + authenticationID
+ "; authorizationID=" + authorizationID + ".");
ac.setAuthorized(true);
KerberosName kerberosName = new KerberosName(authenticationID);
try {
StringBuilder userNameBuilder = new StringBuilder(kerberosName.getShortName());
userNameBuilder.append("/").append(kerberosName.getHostName());
userNameBuilder.append("@").append(kerberosName.getRealm());
LOG.severe("Setting authorizedID: " + userNameBuilder);
ac.setAuthorizedID(userNameBuilder.toString());
} catch (IOException e) {
LOG.severe("Failed to set name based on Kerberos authentication rules.");
}
}
Example 6
| Source File: SaslCallbackHandler.java From glowroot with Apache License 2.0 | 6 votes |
|
@Override
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (Callback callback : callbacks) {
if (callback instanceof AuthorizeCallback) {
AuthorizeCallback authorizeCallback = (AuthorizeCallback) callback;
String authenticationId = authorizeCallback.getAuthenticationID();
String authorizationId = authorizeCallback.getAuthorizationID();
authorizeCallback.setAuthorized(authenticationId.equals(authorizationId));
} else if (callback instanceof NameCallback) {
((NameCallback) callback).setName("glowroot");
} else if (callback instanceof PasswordCallback) {
((PasswordCallback) callback).setPassword(password);
} else if (callback instanceof RealmCallback) {
((RealmCallback) callback).setText("glowroot");
}
}
}
Example 7
| Source File: KerberosFactory.java From Bats with Apache License 2.0 | 6 votes |
|
@Override
public void handle(final Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (final Callback callback : callbacks) {
if (callback instanceof AuthorizeCallback) {
final AuthorizeCallback authorizeCallback = (AuthorizeCallback) callback;
if (!authorizeCallback.getAuthenticationID()
.equals(authorizeCallback.getAuthorizationID())) {
throw new SaslException("Drill expects authorization ID and authentication ID to match. " +
"Use inbound impersonation feature so one entity can act on behalf of another.");
} else {
authorizeCallback.setAuthorized(true);
}
} else {
throw new UnsupportedCallbackException(callback);
}
}
}
Example 8
| Source File: ClientCertCallbackHandler.java From wildfly-core with GNU Lesser General Public License v2.1 | 6 votes |
|
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (Callback current : callbacks) {
if (current instanceof AuthorizeCallback) {
AuthorizeCallback acb = (AuthorizeCallback) current;
boolean authorized = acb.getAuthenticationID().equals(acb.getAuthorizationID());
if (authorized == false) {
SECURITY_LOGGER.tracef(
"Checking 'AuthorizeCallback', authorized=false, authenticationID=%s, authorizationID=%s.",
acb.getAuthenticationID(), acb.getAuthorizationID());
}
acb.setAuthorized(authorized);
} else {
throw new UnsupportedCallbackException(current);
}
}
}
Example 9
| Source File: LocalCallbackHandlerService.java From wildfly-core with GNU Lesser General Public License v2.1 | 5 votes |
|
/**
* @see javax.security.auth.callback.CallbackHandler#handle(javax.security.auth.callback.Callback[])
*/
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (Callback current : callbacks) {
if (current instanceof NameCallback) {
NameCallback ncb = (NameCallback) current;
String userName = ncb.getDefaultName();
if ((allowAll || allowedUsersSet.contains(userName)) == false) {
SECURITY_LOGGER.tracef("Username '%s' is not permitted for local authentication.", userName);
throw DomainManagementLogger.ROOT_LOGGER.invalidLocalUser(userName);
}
} else if (current instanceof AuthorizeCallback) {
AuthorizeCallback acb = (AuthorizeCallback) current;
boolean authorized = acb.getAuthenticationID().equals(acb.getAuthorizationID());
if (authorized == false) {
SECURITY_LOGGER.tracef(
"Checking 'AuthorizeCallback', authorized=false, authenticationID=%s, authorizationID=%s.",
acb.getAuthenticationID(), acb.getAuthorizationID());
}
acb.setAuthorized(authorized);
if (authorized && skipGroupLoading) {
sharedState.put(SKIP_GROUP_LOADING_KEY, Boolean.TRUE);
}
} else {
throw new UnsupportedCallbackException(current);
}
}
}
Example 10
| Source File: ClientCallbackHandler.java From jstorm with Apache License 2.0 | 5 votes |
|
/**
* This method is invoked by SASL for authentication challenges
*
* @param callbacks a collection of challenge callbacks
*/
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (Callback c : callbacks) {
if (c instanceof NameCallback) {
LOG.debug("name callback");
} else if (c instanceof PasswordCallback) {
LOG.debug("password callback");
LOG.warn("Could not login: the client is being asked for a password, but the "
+ " client code does not currently support obtaining a password from the user."
+ " Make sure that the client is configured to use a ticket cache (using"
+ " the JAAS configuration setting 'useTicketCache=true)' and restart the client. If"
+ " you still get this message after that, the TGT in the ticket cache has expired and must"
+ " be manually refreshed. To do so, first determine if you are using a password or a"
+ " keytab. If the former, run kinit in a Unix shell in the environment of the user who" + " is running this client using the command"
+ " 'kinit <princ>' (where <princ> is the name of the client's Kerberos principal)." + " If the latter, do"
+ " 'kinit -k -t <keytab> <princ>' (where <princ> is the name of the Kerberos principal, and"
+ " <keytab> is the location of the keytab file). After manually refreshing your cache,"
+ " restart this client. If you continue to see this message after manually refreshing"
+ " your cache, ensure that your KDC host's clock is in sync with this host's clock.");
} else if (c instanceof AuthorizeCallback) {
LOG.debug("authorization callback");
AuthorizeCallback ac = (AuthorizeCallback) c;
String authid = ac.getAuthenticationID();
String authzid = ac.getAuthorizationID();
if (authid.equals(authzid)) {
ac.setAuthorized(true);
} else {
ac.setAuthorized(false);
}
if (ac.isAuthorized()) {
ac.setAuthorizedID(authzid);
}
} else {
throw new UnsupportedCallbackException(c);
}
}
}
Example 11
| Source File: Login.java From Krackle with Apache License 2.0 | 5 votes |
|
@Override
public void handle(Callback[] callbacks) throws
UnsupportedCallbackException {
for (Callback callback : callbacks) {
if (callback instanceof NameCallback) {
NameCallback nc = (NameCallback) callback;
nc.setName(nc.getDefaultName());
} else {
if (callback instanceof PasswordCallback) {
LOG.warn("Could not login: the client is being asked for a password");
} else {
if (callback instanceof RealmCallback) {
RealmCallback rc = (RealmCallback) callback;
rc.setText(rc.getDefaultText());
} else {
if (callback instanceof AuthorizeCallback) {
AuthorizeCallback ac = (AuthorizeCallback) callback;
String authid = ac.getAuthenticationID();
String authzid = ac.getAuthorizationID();
if (authid.equals(authzid)) {
ac.setAuthorized(true);
} else {
ac.setAuthorized(false);
}
if (ac.isAuthorized()) {
ac.setAuthorizedID(authzid);
}
} else {
throw new UnsupportedCallbackException(callback, "Unrecognized SASL ClientCallback");
}
}
}
}
}
}
Example 12
| Source File: SaslPlainTextAuthenticator.java From Krackle with Apache License 2.0 | 5 votes |
|
@Override
public void handle(Callback[] callbacks) throws UnsupportedCallbackException {
for (Callback callback : callbacks) {
LOG.info("callback {} received", callback.toString());
if (callback instanceof NameCallback) {
NameCallback nc = (NameCallback) callback;
nc.setName(nc.getDefaultName());
} else {
if (callback instanceof PasswordCallback) {
// Call `setPassword` once we support obtaining a password from the user and update message below
throw new UnsupportedCallbackException(callback, "Could not login: the client is being asked for a password, but the Kafka"
+ " client code does not currently support obtaining a password from the user."
+ " Make sure -Djava.security.auth.login.config property passed to JVM and"
+ " the client is configured to use a ticket cache (using"
+ " the JAAS configuration setting 'useTicketCache=true)'. Make sure you are using"
+ " FQDN of the Kafka broker you are trying to connect to.");
} else {
if (callback instanceof RealmCallback) {
RealmCallback rc = (RealmCallback) callback;
rc.setText(rc.getDefaultText());
} else {
if (callback instanceof AuthorizeCallback) {
AuthorizeCallback ac = (AuthorizeCallback) callback;
String authId = ac.getAuthenticationID();
String authzId = ac.getAuthorizationID();
ac.setAuthorized(authId.equals(authzId));
if (ac.isAuthorized()) {
ac.setAuthorizedID(authzId);
}
} else {
throw new UnsupportedCallbackException(callback, "Unrecognized SASL ClientCallback");
}
}
}
}
}
}
Example 13
| Source File: KerberosCallbackHandler.java From wildfly-core with GNU Lesser General Public License v2.1 | 5 votes |
|
public CallbackHandler getCallbackHandler(final Map<String, Object> sharedState) {
return new CallbackHandler() {
@Override
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (Callback current : callbacks) {
if (current instanceof AuthorizeCallback) {
AuthorizeCallback acb = (AuthorizeCallback) current;
boolean authorized = acb.getAuthenticationID().equals(acb.getAuthorizationID());
if (authorized) {
String userName = acb.getAuthenticationID();
int atIndex = acb.getAuthenticationID().indexOf('@');
if (removeRealm && atIndex > 0) {
sharedState.put(LOADED_USERNAME_KEY, userName.substring(0, atIndex));
}
} else {
SECURITY_LOGGER.tracef(
"Checking 'AuthorizeCallback', authorized=false, authenticationID=%s, authorizationID=%s.",
acb.getAuthenticationID(), acb.getAuthorizationID());
}
acb.setAuthorized(authorized);
} else {
throw new UnsupportedCallbackException(current);
}
}
}
};
}
Example 14
| Source File: SaslNettyClient.java From blazingcache with Apache License 2.0 | 5 votes |
|
@Override
public void handle(Callback[] callbacks) throws
UnsupportedCallbackException {
for (Callback callback : callbacks) {
if (callback instanceof NameCallback) {
NameCallback nc = (NameCallback) callback;
nc.setName(nc.getDefaultName());
} else {
if (callback instanceof PasswordCallback) {
PasswordCallback pc = (PasswordCallback) callback;
if (password != null) {
pc.setPassword(this.password.toCharArray());
}
} else {
if (callback instanceof RealmCallback) {
RealmCallback rc = (RealmCallback) callback;
rc.setText(rc.getDefaultText());
} else {
if (callback instanceof AuthorizeCallback) {
AuthorizeCallback ac = (AuthorizeCallback) callback;
String authid = ac.getAuthenticationID();
String authzid = ac.getAuthorizationID();
if (authid.equals(authzid)) {
ac.setAuthorized(true);
} else {
ac.setAuthorized(false);
}
if (ac.isAuthorized()) {
ac.setAuthorizedID(authzid);
}
} else {
throw new UnsupportedCallbackException(callback, "Unrecognized SASL ClientCallback");
}
}
}
}
}
}
Example 15
| Source File: SaslNettyServer.java From blazingcache with Apache License 2.0 | 5 votes |
|
@Override
public void handle(Callback[] callbacks) throws
UnsupportedCallbackException {
for (Callback callback : callbacks) {
if (callback instanceof NameCallback) {
NameCallback nc = (NameCallback) callback;
nc.setName(nc.getDefaultName());
} else {
if (callback instanceof PasswordCallback) {
PasswordCallback pc = (PasswordCallback) callback;
if (password != null) {
pc.setPassword(this.password.toCharArray());
}
} else {
if (callback instanceof RealmCallback) {
RealmCallback rc = (RealmCallback) callback;
rc.setText(rc.getDefaultText());
} else {
if (callback instanceof AuthorizeCallback) {
AuthorizeCallback ac = (AuthorizeCallback) callback;
String authid = ac.getAuthenticationID();
String authzid = ac.getAuthorizationID();
if (authid.equals(authzid)) {
ac.setAuthorized(true);
} else {
ac.setAuthorized(false);
}
if (ac.isAuthorized()) {
ac.setAuthorizedID(authzid);
}
} else {
throw new UnsupportedCallbackException(callback, "Unrecognized SASL ClientCallback");
}
}
}
}
}
}
Example 16
| Source File: PulsarSaslClient.java From pulsar with Apache License 2.0 | 5 votes |
|
private void handleAuthorizeCallback(AuthorizeCallback ac) {
String authid = ac.getAuthenticationID();
String authzid = ac.getAuthorizationID();
if (authid.equals(authzid)) {
ac.setAuthorized(true);
} else {
ac.setAuthorized(false);
}
if (ac.isAuthorized()) {
ac.setAuthorizedID(authzid);
}
log.info("Successfully authenticated. authenticationID: {}; authorizationID: {}.",
authid, authzid);
}
Example 17
| Source File: SaslNettyClient.java From herddb with Apache License 2.0 | 5 votes |
|
@Override
public void handle(Callback[] callbacks) throws
UnsupportedCallbackException {
for (Callback callback : callbacks) {
if (callback instanceof NameCallback) {
NameCallback nc = (NameCallback) callback;
nc.setName(nc.getDefaultName());
} else {
if (callback instanceof PasswordCallback) {
PasswordCallback pc = (PasswordCallback) callback;
if (password != null) {
pc.setPassword(this.password.toCharArray());
}
} else {
if (callback instanceof RealmCallback) {
RealmCallback rc = (RealmCallback) callback;
rc.setText(rc.getDefaultText());
} else {
if (callback instanceof AuthorizeCallback) {
AuthorizeCallback ac = (AuthorizeCallback) callback;
String authid = ac.getAuthenticationID();
String authzid = ac.getAuthorizationID();
if (authid.equals(authzid)) {
ac.setAuthorized(true);
} else {
ac.setAuthorized(false);
}
if (ac.isAuthorized()) {
ac.setAuthorizedID(authzid);
}
} else {
throw new UnsupportedCallbackException(callback, "Unrecognized SASL ClientCallback");
}
}
}
}
}
}
Example 18
| Source File: ClientCallbackHandler.java From jstorm with Apache License 2.0 | 5 votes |
|
/**
* This method is invoked by SASL for authentication challenges
*
* @param callbacks a collection of challenge callbacks
*/
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (Callback c : callbacks) {
if (c instanceof NameCallback) {
LOG.debug("name callback");
NameCallback nc = (NameCallback) c;
nc.setName(_username);
} else if (c instanceof PasswordCallback) {
LOG.debug("password callback");
PasswordCallback pc = (PasswordCallback) c;
if (_password != null) {
pc.setPassword(_password.toCharArray());
}
} else if (c instanceof AuthorizeCallback) {
LOG.debug("authorization callback");
AuthorizeCallback ac = (AuthorizeCallback) c;
String authid = ac.getAuthenticationID();
String authzid = ac.getAuthorizationID();
if (authid.equals(authzid)) {
ac.setAuthorized(true);
} else {
ac.setAuthorized(false);
}
if (ac.isAuthorized()) {
ac.setAuthorizedID(authzid);
}
} else if (c instanceof RealmCallback) {
RealmCallback rc = (RealmCallback) c;
((RealmCallback) c).setText(rc.getDefaultText());
} else {
throw new UnsupportedCallbackException(c);
}
}
}
Example 19
| Source File: SaslNettyServer.java From herddb with Apache License 2.0 | 5 votes |
|
@Override
public void handle(Callback[] callbacks) throws
UnsupportedCallbackException {
for (Callback callback : callbacks) {
if (callback instanceof NameCallback) {
NameCallback nc = (NameCallback) callback;
nc.setName(nc.getDefaultName());
} else {
if (callback instanceof PasswordCallback) {
PasswordCallback pc = (PasswordCallback) callback;
if (password != null) {
pc.setPassword(this.password.toCharArray());
}
} else {
if (callback instanceof RealmCallback) {
RealmCallback rc = (RealmCallback) callback;
rc.setText(rc.getDefaultText());
} else {
if (callback instanceof AuthorizeCallback) {
AuthorizeCallback ac = (AuthorizeCallback) callback;
String authid = ac.getAuthenticationID();
String authzid = ac.getAuthorizationID();
if (authid.equals(authzid)) {
ac.setAuthorized(true);
} else {
ac.setAuthorized(false);
}
if (ac.isAuthorized()) {
ac.setAuthorizedID(authzid);
}
} else {
throw new UnsupportedCallbackException(callback, "Unrecognized SASL ClientCallback");
}
}
}
}
}
}
Example 20
| Source File: UserLdapCallbackHandler.java From wildfly-core with GNU Lesser General Public License v2.1 | 4 votes |
|
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
if (callbacks.length == 1 && callbacks[0] instanceof AuthorizeCallback) {
AuthorizeCallback acb = (AuthorizeCallback) callbacks[0];
String authenticationId = acb.getAuthenticationID();
String authorizationId = acb.getAuthorizationID();
boolean authorized = authenticationId.equals(authorizationId);
if (authorized == false) {
SECURITY_LOGGER.tracef(
"Checking 'AuthorizeCallback', authorized=false, authenticationID=%s, authorizationID=%s.",
authenticationId, authorizationId);
}
acb.setAuthorized(authorized);
return;
}
EvidenceVerifyCallback evidenceVerifyCallback = null;
String username = null;
for (Callback current : callbacks) {
if (current instanceof NameCallback) {
username = ((NameCallback) current).getDefaultName();
} else if (current instanceof RealmCallback) {
// TODO - Nothing at the moment
} else if (current instanceof EvidenceVerifyCallback) {
evidenceVerifyCallback = (EvidenceVerifyCallback) current;
} else {
throw new UnsupportedCallbackException(current);
}
}
if (username == null || username.length() == 0) {
SECURITY_LOGGER.trace("No username or 0 length username supplied.");
throw DomainManagementLogger.ROOT_LOGGER.noUsername();
}
if (evidenceVerifyCallback == null || evidenceVerifyCallback.getEvidence() == null) {
SECURITY_LOGGER.trace("No password to verify.");
throw DomainManagementLogger.ROOT_LOGGER.noPassword();
}
final String password;
if (evidenceVerifyCallback.getEvidence() instanceof PasswordGuessEvidence) {
char[] guess = ((PasswordGuessEvidence) evidenceVerifyCallback.getEvidence()).getGuess();
password = guess != null ? new String(guess) : null;
} else {
password = null;
}
if (password == null || (allowEmptyPassword == false && password.length() == 0)) {
SECURITY_LOGGER.trace("No password or 0 length password supplied.");
throw DomainManagementLogger.ROOT_LOGGER.noPassword();
}
LdapConnectionHandler lch = createLdapConnectionHandler();
try {
// 2 - Search to identify the DN of the user connecting
SearchResult<LdapEntry> searchResult = userSearcherSupplier.get().search(lch, username);
evidenceVerifyCallback.setVerified(verifyPassword(lch, searchResult, username, password, sharedState));
} catch (Exception e) {
SECURITY_LOGGER.trace("Unable to verify identity.", e);
throw DomainManagementLogger.ROOT_LOGGER.cannotPerformVerification(e);
} finally {
if (shareConnection && lch != null && evidenceVerifyCallback != null && evidenceVerifyCallback.isVerified()) {
sharedState.put(LdapConnectionHandler.class.getName(), lch);
} else {
lch.close();
}
}
}
