private String token() { return header(SecureAdmin.Util.ADMIN_ONE_TIME_AUTH_TOKEN_HEADER_NAME); }
private String header(final String headerName) { // final List<String> matches = headers(headerName); // if (matches != null && matches.size() > 0) { // return matches.get(0); // } // return null; return headers().get(headerName(headerName)); }
private Subject authenticate(final Request req, final String alternateHostname) throws IOException, LoginException { final AdminCallbackHandler cbh = new AdminCallbackHandler(habitat, req, alternateHostname, if (ADMSEC_LOGGER.isLoggable(Level.FINE)) { ADMSEC_LOGGER.log(Level.FINE, "*** Login worked\n user={0}\n dn={1}\n tkn={2}\n admInd={3}\n host={4}\n", new Object[] {cbh.pw().getUserName(), cbh.clientPrincipal() == null ? "null" : cbh.clientPrincipal().getName(), cbh.tkn(), cbh.adminIndicator(), cbh.remoteHost()}); if (ADMSEC_LOGGER.isLoggable(Level.FINE)) { ADMSEC_LOGGER.log(Level.FINE, "*** RemoteAdminAccessException during auth for {5}\n user={0}\n dn={1}\n tkn={2}\n admInd={3}\n host={4}\n", new Object[] {cbh.pw().getUserName(), cbh.clientPrincipal() == null ? "null" : cbh.clientPrincipal().getName(), cbh.tkn(), cbh.adminIndicator(), cbh.remoteHost(), cmd}); if (ADMSEC_LOGGER.isLoggable(Level.FINE)) { ADMSEC_LOGGER.log(Level.FINE, "*** LoginException during auth for {5}\n user={0}\n dn={1}\n tkn={2}\n admInd={3}\n host={4}\n", new Object[] {cbh.pw().getUserName(), cbh.clientPrincipal() == null ? "null" : cbh.clientPrincipal().getName(), cbh.tkn(), cbh.adminIndicator(), cbh.remoteHost(), cmd});
public AdminCallbackHandler( final ServiceLocator serviceLocator, final Request request, final String alternateHostName, final String defaultAdminUsername, final LocalPassword localPassword) throws IOException { this.serviceLocator = serviceLocator; this.request = request; this.defaultAdminUsername = defaultAdminUsername; this.localPassword = localPassword; clientPrincipal = request.getUserPrincipal(); originHost = alternateHostName != null ? alternateHostName : request.getRemoteHost(); passwordAuthentication = basicAuth(); specialAdminIndicator = specialAdminIndicator(); token = token(); }
private void rejectRemoteAdminIfDisabled(final AdminCallbackHandler cbh) throws RemoteAdminAccessException { /* * If the secure admin config is not available then do not try to * enforce the remote access restrictions. */ if (secureAdmin == null) { return; } /* * If the request contains the special admin indicator, then it's a * message from the DAS to an instance and it's OK for it to be remote * even if secure admin is not enabled. */ if (secureAdmin.getSpecialAdminIndicator().equals(cbh.adminIndicator())) { return; } /* * If the request has an admin token then it can be a remote request * from an instance start-up (for example). Accept it. */ if (cbh.tkn() != null) { return; } rejectRemoteAdminIfDisabled(cbh.getRemoteHost()); }
private synchronized Map<String,String> headers() { if (headers == null) { headers = headers(request); } return headers; } private String header(final String headerName) {
@Override public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options) { if (callbackHandler instanceof AdminCallbackHandler) { ServiceLocator sl = ((AdminCallbackHandler) callbackHandler).getServiceLocator(); findServices(sl); } this.subject = subject; this.callbackHandler = callbackHandler; }
private static Map<String,String> headers(final Request req) { final Map<String,String> result = new HashMap<String,String>(); for (String headerName : req.getHeaderNames()) { result.put(headerName(headerName), req.getHeader(headerName)); } return result; }
private String specialAdminIndicator() { return header(SecureAdmin.Util.ADMIN_INDICATOR_HEADER_NAME); }
private PasswordAuthentication basicAuth() throws IOException { final String authHeader = header("Authorization"); if (authHeader == null) { logger.log(PROGRESS_LEVEL, "No Authorization header found; preparing default with username {0} and empty password", defaultAdminUsername); return new PasswordAuthentication(defaultAdminUsername, new char[0]); } String enc = authHeader.substring(BASIC.length()); String dec = new String(decoder.decodeBuffer(enc)); int i = dec.indexOf(':'); if (i < 0) { logger.log(PROGRESS_LEVEL, "Authorization header contained no : to separate the username from the password; proceeding with an empty username and empty password"); return new PasswordAuthentication("", new char[0]); } final char[] password = dec.substring(i + 1).toCharArray(); String username = dec.substring(0, i); if (username.isEmpty() && ! localPassword.isLocalPassword(new String(password))) { logger.log(PROGRESS_LEVEL, "Authorization header contained no username and the password is not the local password, so continue with the default username {0}", defaultAdminUsername); username = defaultAdminUsername; } logger.log(PROGRESS_LEVEL, "basicAuth processing returning PasswordAuthentication with username {0}", username); return new PasswordAuthentication(username, password); }