@Override public void handle(Callback[] callbacks) throws UnsupportedCallbackException { for (Callback callback : callbacks) { if (callback instanceof NameCallback) { NameCallback nc = (NameCallback) callback; nc.setName(nc.getDefaultName()); } else if (callback instanceof PasswordCallback) { String errorMessage = "Could not login: the client is being asked for a password, but the Kafka" + " client code does not currently support obtaining a password from the user."; errorMessage += " Make sure -Djava.security.auth.login.config property passed to JVM and" + " the client is configured to use a ticket cache (using" + " the JAAS configuration setting 'useTicketCache=true)'. Make sure you are using" + " FQDN of the Kafka broker you are trying to connect to."; throw new UnsupportedCallbackException(callback, errorMessage); } else if (callback instanceof RealmCallback) { RealmCallback rc = (RealmCallback) callback; rc.setText(rc.getDefaultText()); } else if (callback instanceof AuthorizeCallback) { AuthorizeCallback ac = (AuthorizeCallback) callback; String authId = ac.getAuthenticationID(); String authzId = ac.getAuthorizationID(); ac.setAuthorized(authId.equals(authzId)); if (ac.isAuthorized()) ac.setAuthorizedID(authzId); } else { throw new UnsupportedCallbackException(callback, "Unrecognized SASL ClientCallback"); } } }
NameCallback nc = new NameCallback("SASL PLAIN"); nc.setName(parts[1]); PasswordCallback pc = new PasswordCallback("SASL PLAIN", false); pc.setPassword(parts[2].toCharArray()); AuthorizeCallback ac = new AuthorizeCallback(parts[1], parts[0]); cbh.handle(new Callback[]{ nc, pc, ac }); if (ac.isAuthorized()) { authz = ac.getAuthorizedID();
private void handleAuthorizeCallback(AuthorizeCallback ac) { String authenticationID = ac.getAuthenticationID(); String authorizationID = ac.getAuthorizationID(); LOG.info("Successfully authenticated client: authenticationID={}; authorizationID={}.", authenticationID, authorizationID); ac.setAuthorized(true); ac.setAuthorizedID(authenticationID); }
private static void log(String type, AuthorizeCallback ac, NameCallback nc, PasswordCallback pc, RealmCallback rc) { if (LOG.isDebugEnabled()) { String acs = "null"; if (ac != null) { acs = "athz: " + ac.getAuthorizationID() + " athn: " + ac.getAuthenticationID() + " authorized: " + ac.getAuthorizedID(); } String ncs = "null"; if (nc != null) { ncs = "default: " + nc.getDefaultName() + " name: " + nc.getName(); } String pcs = "null"; if (pc != null) { char[] pwd = pc.getPassword(); pcs = "password: " + (pwd == null ? "null" : "not null " + pwd.length); } String rcs = "null"; if (rc != null) { rcs = "default: " + rc.getDefaultText() + " text: " + rc.getText(); } LOG.debug("{}\nAC: {}\nNC: {}\nPC: {}\nRC: {}", type, acs, ncs, pcs, rcs); } }
@Override public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { for (Callback c : callbacks) { if (c instanceof NameCallback) { ((NameCallback) c).setName(PRINCIPAL); } else if (c instanceof PasswordCallback) { ((PasswordCallback) c).setPassword("wrong".toCharArray()); } else if (c instanceof AuthorizeCallback) { ((AuthorizeCallback) c).setAuthorized(true); } else if (c instanceof RealmCallback) { ((RealmCallback) c).setText(REALM); } else { throw new UnsupportedCallbackException(c); } } } }
continue; // realm is ignored } else { throw new UnsupportedCallbackException(callback, "Unrecognized SASL DIGEST-MD5 Callback"); getIdentifier(nc.getDefaultName(), secretManager); char[] password = getPassword(tokenIdentifier); + "for client: " + tokenIdentifier.getUser()); pc.setPassword(password); String authid = ac.getAuthenticationID(); String authzid = ac.getAuthorizationID(); if (authid.equals(authzid)) { ac.setAuthorized(true); } else { ac.setAuthorized(false); if (ac.isAuthorized()) { if (LOG.isDebugEnabled()) { String username = + "canonicalized client ID: " + username); ac.setAuthorizedID(authzid);
@Override public void handle(Callback[] callbacks) { Preconditions.checkState(client != null, "Handshake not initialized yet."); for (Callback cb : callbacks) { if (cb instanceof NameCallback) { ((NameCallback)cb).setName(clientId); } else if (cb instanceof PasswordCallback) { ((PasswordCallback)cb).setPassword(client.secret.toCharArray()); } else if (cb instanceof AuthorizeCallback) { ((AuthorizeCallback) cb).setAuthorized(true); } else if (cb instanceof RealmCallback) { RealmCallback rb = (RealmCallback) cb; rb.setText(rb.getDefaultText()); } } }
NameCallback ncb = new NameCallback("PLAIN authentication ID: ",principal); VerifyPasswordCallback vpcb = new VerifyPasswordCallback(password.toCharArray()); cbh.handle(new Callback[]{ncb,vpcb}); AuthorizeCallback acb = new AuthorizeCallback(principal,username); cbh.handle(new Callback[]{acb}); if(acb.isAuthorized()) { username = acb.getAuthorizedID(); completed = true; } else {
((RealmCallback) callback).setText( XMPPServer.getInstance().getServerInfo().getXMPPDomain() ); name = ((NameCallback) callback).getName(); if (name == null) { name = ((NameCallback) callback).getDefaultName(); .setPassword(AuthFactory.getPassword(name).toCharArray()); String principal = authCallback.getAuthenticationID(); String username = authCallback.getAuthorizationID(); authCallback.setAuthorized(true); authCallback.setAuthorizedID(username); authCallback.setAuthorized(false); throw new UnsupportedCallbackException(callback, "Unrecognized Callback");
@Override public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { for (Callback callback : callbacks) { if (callback instanceof NameCallback) { NameCallback nameCallback = (NameCallback) callback; nameCallback.setName(username); } else if (callback instanceof PasswordCallback) { PasswordCallback passwordCallback = (PasswordCallback) callback; passwordCallback.setPassword(password); } else if (callback instanceof AuthorizeCallback) { AuthorizeCallback authorizeCallback = (AuthorizeCallback) callback; authorizeCallback.setAuthorized(authorizeCallback.getAuthenticationID().equals( authorizeCallback.getAuthorizationID())); } else if (callback instanceof RealmCallback) { RealmCallback realmCallback = (RealmCallback) callback; realmCallback.setText(realm); } else { throw new UnsupportedCallbackException(callback); } } }
if (callback instanceof NameCallback) { NameCallback nc = (NameCallback) callback; username = nc.getName(); } else if (callback instanceof PasswordCallback) { PasswordCallback pc = (PasswordCallback) callback; password = new String(pc.getPassword()); } else if (callback instanceof AuthorizeCallback) { ac = (AuthorizeCallback) callback; } else { throw new UnsupportedCallbackException(callback, "Unsupport callback"); ac.setAuthorized(true); mImpersonationAuthenticator.authenticate(username, ac.getAuthorizedID()); } catch (Exception e) { ac.setAuthorized(false); throw e; AuthenticatedClientUser.set(ac.getAuthorizedID());
throw new UnsupportedCallbackException(callback, "Unrecognized SASL Callback"); if (nc != null) { LOG.debug("handleNameCallback"); userName = nc.getDefaultName(); nc.setName(nc.getDefaultName()); String authenticationID = ac.getAuthenticationID(); LOG.debug("Successfully authenticated client: authenticationID={} authorizationID= {}", authenticationID, ac.getAuthorizationID()); if (ac.getAuthorizationID() == null) { ac.setAuthorizedID(authenticationID); if (!ac.getAuthenticationID().equals(ac.getAuthorizationID())) { if (!impersonationAllowed) { throw new IllegalArgumentException(ac.getAuthenticationID() + " attempting to impersonate " + ac.getAuthorizationID() + ". This is not allowed by this server."); ReqContext.context().setRealPrincipal(new SaslTransportPlugin.User(ac.getAuthenticationID())); } else { ReqContext.context().setRealPrincipal(null); ac.setAuthorized(true);
private boolean authorize(String username) throws AuthenticationMechanismException { AuthorizeCallback authorizeCallback = new AuthorizeCallback(username, username); try { callbackHandler.handle(new Callback[] {authorizeCallback}); return authorizeCallback.isAuthorized(); } catch (UnsupportedCallbackException e) { return false; } catch (Throwable t) { throw httpDigest.mechCallbackHandlerFailedForUnknownReason(t); } }
@Override public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { NameCallback nc = null; PasswordCallback pc = null; AuthorizeCallback ac = null; for (Callback callback : callbacks) { if (callback instanceof AuthorizeCallback) { ac = (AuthorizeCallback) callback; } else if (callback instanceof PasswordCallback) { pc = (PasswordCallback) callback; } else if (callback instanceof NameCallback) { nc = (NameCallback) callback; } else if (callback instanceof RealmCallback) { continue; // realm is ignored } else { throw new UnsupportedCallbackException(callback, "Unrecognized SASL DIGEST-MD5 Callback: " + callback); } } if (pc != null) { pc.setPassword(passwordFunction.apply(nc.getDefaultName())); } if (ac != null) { ac.setAuthorized(true); ac.setAuthorizedID(ac.getAuthorizationID()); } } }
} else if (callback instanceof AuthorizeCallback) { final AuthorizeCallback authorizeCallback = (AuthorizeCallback) callback; String authenticationID = authorizeCallback.getAuthenticationID(); if (authenticationID != null) { String authorizationID = authorizeCallback.getAuthorizationID(); boolean authorized = authorizationID != null ? authorize(authorizationID) : authorize(); log.tracef("Handling AuthorizeCallback: authenticationID = %s authorizationID = %s authorized = %b", authenticationID, authorizationID, authorized); authorizeCallback.setAuthorized(authorized); handleOne(callbacks, idx + 1); } else if (callback instanceof ExclusiveNameCallback) { } else if (callback instanceof NameCallback) { final String name = ((NameCallback) callback).getDefaultName(); try { log.tracef("Handling NameCallback: authenticationName = %s", name); passwordCallback.setPassword(clearPasswordSpec.getEncodedPassword()); handleOne(callbacks, idx + 1); return; } else if (callback instanceof RealmCallback) { RealmCallback rcb = (RealmCallback) callback; String mechanismRealm = rcb.getText(); if (mechanismRealm == null) { mechanismRealm = rcb.getDefaultText();
LOG.debug( "NameCallback default name: {}", nameCB.getDefaultName() ); username = nameCB.getDefaultName(); LOG.debug( "RealmCallback default text: {}", realmCB.getDefaultText() ); realm = realmCB.getDefaultText(); passwordCB.setPassword( strPassword.toCharArray() ); LOG.debug( "AuthorizeCallback authnID: {}", authorizeCB.getAuthenticationID() ); LOG.debug( "AuthorizeCallback authzID: {}", authorizeCB.getAuthorizationID() ); LOG.debug( "AuthorizeCallback authorizedID: {}", authorizeCB.getAuthorizedID() ); LOG.debug( "AuthorizeCallback isAuthorized: {}", authorizeCB.isAuthorized() );
final NameCallback nameCallback = new NameCallback("User name", authenticationId); final AuthorizeCallback authorizeCallback = new AuthorizeCallback(authenticationId, authorizationId); if (authenticationRealm == null) { handleCallbacks(nameCallback, authorizeCallback); } else { final RealmCallback realmCallback = new RealmCallback("User realm", authenticationRealm); handleCallbacks(realmCallback, nameCallback, authorizeCallback); if (!authorizeCallback.isAuthorized()) { throw saslLocal.mechAuthorizationFailed(authenticationId, authorizationId).toSaslException();
authorizeCallBack = cacheCallback; } else { AuthorizeCallback plainCallback = new AuthorizeCallback(clientName, clientName); authorizedFunction = plainCallback::isAuthorized; authorizeCallBack = plainCallback; callbackHandler.handle(new Callback[] { authorizeCallBack }); authorized = authorizedFunction.getAsBoolean(); httpSpnego.tracef("Authorized by callback handler = %b clientName = [%s]", authorized, clientName);
@Override public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { for (Callback callback : callbacks) { LOG.info("Kerberos Callback Handler got callback: {}", callback.getClass()); if (callback instanceof AuthorizeCallback) { AuthorizeCallback ac = (AuthorizeCallback) callback; if (!ac.getAuthenticationID().equals(ac.getAuthorizationID())) { LOG.debug("{} != {}", ac.getAuthenticationID(), ac.getAuthorizationID()); continue; } LOG.debug("Authorized Users: {}", authorizedUsers); LOG.debug("Checking authorization for: {}", ac.getAuthorizationID()); for (String user : authorizedUsers) { String requester = ac.getAuthorizationID(); KerberosPrincipal principal = new KerberosPrincipal(requester); requester = new KerberosPrincipalToLocal().toLocal(principal); if (requester.equals(user)) { ac.setAuthorized(true); break; } } } } } }
private void checkAuthorizationID() throws SaslException { final String authenticationID; try { authenticationID = gssContext.getSrcName().toString(); } catch (GSSException e) { throw saslGs2.mechUnableToDeterminePeerName(e).toSaslException(); } saslGs2.tracef("checking if [%s] is authorized to act as [%s]...", authenticationID, authorizationID); if (authorizationID == null || authorizationID.isEmpty()) { authorizationID = authenticationID; } AuthorizeCallback authorizeCallback = new AuthorizeCallback(authenticationID, authorizationID); handleCallbacks(authorizeCallback); if (! authorizeCallback.isAuthorized()) { throw saslGs2.mechAuthorizationFailed(authenticationID, authorizationID).toSaslException(); } saslGs2.trace("authorization id check successful"); }