/** * Creates a new limited use authentication token with the given Subject * and the default lifetime. * @param subject the Subject to associated with this token when it is consumed * @return */ public String createToken(final Subject subject) { return createToken(subject, DEFAULT_TOKEN_LIFETIME); }
private boolean authenticateUsingOneTimeToken( final String oneTimeAuthToken) { return oneTimeAuthToken == null ? false : authTokenManager.consumeToken(oneTimeAuthToken); }
Subject result = null; final long now = System.currentTimeMillis(); final TokenInfo ti = findTokenInfo(token, now); if (ti != null) { if (ti.use(isReusedToken(token), now)) { retireExpiredTokens(now);
/** * Interface to enable factoring out common HTTP connection management code. * <p> * The implementation of this interface must implement * <ul> * <li>{@link #prepareConnection} - to perform all pre-connection configuration - set headers, chunking, etc. * as well as writing any payload to the outbound connection. In short * anything needed prior to the URLConnection#connect invocation. * <p> * The caller will invoke this method after it has invoked {@link URL#openConnection} * but before it invokes {@link URL#connect}. * <li>{@link #useConnection} - to read from the * input stream, etc. The caller will invoke this method after it has * successfully invoked {@link URL#connect}. * </ul> * Because the caller might have to work with multiple URLConnection objects * (as it follows redirection, for example) this contract allows the caller * to delegate to the HttpCommand implementation multiple times to configure * each of the URLConnections objects, then to invoke useConnection only * once after it has the "final" URLConnection object. For this reason * be sure to implement prepareConnection so that it can be invoked * multiple times. * */ interface HttpCommand { /** * Configures the HttpURLConnection (headers, chuncking, etc.) according * to the needs of this use of the connection and then writes any * required outbound payload to the connection.
/** * Creates a new limited use authentication token. * @return auth token */ public String createToken() { final byte[] newToken = new byte[TOKEN_SIZE]; rng.nextBytes(newToken); final String token = toHex(newToken); liveTokens.put(token, new TokenInfo(token)); logger.log(Level.FINER, "Auth token {0} created", token); return token; }
private TokenInfo findTokenInfo(final String token, final long now) { final int firstReuseMarker = token.indexOf(REUSE_TOKEN_MARKER); final String tokenAsRecorded = (isReusedToken(token) ? token.substring(0, firstReuseMarker) : token); final TokenInfo ti = liveTokens.get(tokenAsRecorded); if (ti == null) { logger.log(Level.WARNING, CULoggerInfo.useNonexistentToken, logger.isLoggable(Level.FINER) ? tokenAsRecorded : SUPPRESSED_TOKEN_OUTPUT); return null; } return (ti.isOKTouse(now) ? ti : null); }
/** * Locates the Subject for the specified token (if any) without consuming * the token. * <p> * Use this method only from authentication logic that needs to find the * token. Later command processing will consume the token if it is present. * This avoids having to force the special admin LoginModule to run even if * username/password authentication works. * * @param token the token to find * @return Subject for the token; null if the token does not exist; */ public Subject findToken(final String token) { final TokenInfo ti = findTokenInfo(token, System.currentTimeMillis()); return (ti != null ? ti.subject : null); }
@Override public boolean identify(Subject subject) throws LoginException { if (authTokenManager == null) { return false; } Subject s = null; final String token = textCB.getText(); if (token != null) { s = authTokenManager.findToken(token); if (s != null) { /* * The token manager knows which Subject was effective when the token * was created. We add those to the lists we'll add if this module's * commit is invoked. */ logger.log(PROGRESS_LEVEL, "Recognized valid limited-use token"); updateFromSubject(subject, s); /* * Add an additional principal indicating that we trust this * subject to make remote requests. Otherwise we would * reject attempts to use a token from off-node, and that's * partly the whole point of tokens. */ subject.getPrincipals().add(new AdminTokenPrincipal(token)); } } return s != null; } }
/** * Interface to enable factoring out common HTTP connection management code. * <p> * The implementation of this interface must implement * <ul> * <li>{@link #prepareConnection} - to perform all pre-connection configuration - set headers, chunking, etc. * as well as writing any payload to the outbound connection. In short * anything needed prior to the URLConnection#connect invocation. * <p> * The caller will invoke this method after it has invoked {@link URL#openConnection} * but before it invokes {@link URL#connect}. * <li>{@link #useConnection} - to read from the * input stream, etc. The caller will invoke this method after it has * successfully invoked {@link URL#connect}. * </ul> * Because the caller might have to work with multiple URLConnection objects * (as it follows redirection, for example) this contract allows the caller * to delegate to the HttpCommand implementation multiple times to configure * each of the URLConnections objects, then to invoke useConnection only * once after it has the "final" URLConnection object. For this reason * be sure to implement prepareConnection so that it can be invoked * multiple times. * */ interface HttpCommand { /** * Configures the HttpURLConnection (headers, chuncking, etc.) according * to the needs of this use of the connection and then writes any * required outbound payload to the connection.
/** * Creates a new limited use authentication token with the specified * lifetime (in ms). * @param subject the Subject to associate with this token when it is consumed * @param lifetime how long each use of the token extends its lifetime * @return auth token */ public String createToken(final Subject subject, final long lifetime) { final byte[] newToken = new byte[TOKEN_SIZE]; rng.nextBytes(newToken); final String token = toHex(newToken); liveTokens.put(token, new TokenInfo(subject, token, lifetime)); logger.log(Level.FINER, "Auth token {0} created", token); return token; }
private TokenInfo findTokenInfo(final String token, final long now) { final int firstReuseMarker = token.indexOf(REUSE_TOKEN_MARKER); final String tokenAsRecorded = (isReusedToken(token) ? token.substring(0, firstReuseMarker) : token); final TokenInfo ti = liveTokens.get(tokenAsRecorded); if (ti == null) { logger.log(Level.WARNING, CULoggerInfo.useNonexistentToken, logger.isLoggable(Level.FINER) ? tokenAsRecorded : SUPPRESSED_TOKEN_OUTPUT); return null; } return (ti.isOKTouse(now) ? ti : null); }
/** * Locates the Subject for the specified token (if any) without consuming * the token. * <p> * Use this method only from authentication logic that needs to find the * token. Later command processing will consume the token if it is present. * This avoids having to force the special admin LoginModule to run even if * username/password authentication works. * * @param token the token to find * @return Subject for the token; null if the token does not exist; */ public Subject findToken(final String token) { final TokenInfo ti = findTokenInfo(token, System.currentTimeMillis()); return (ti != null ? ti.subject : null); }
/** * Creates a new limited use authentication token with the default * lifetime. * @return auth token */ public String createToken() { return createToken(DEFAULT_TOKEN_LIFETIME); }
programOpts.setAuthToken(AuthTokenManager.markTokenForReuse(origAuthToken));
Subject result = null; final long now = System.currentTimeMillis(); final TokenInfo ti = findTokenInfo(token, now); if (ti != null) { if (ti.use(isReusedToken(token), now)) { retireExpiredTokens(now);
/** * Creates a new limited use authentication token with the specified * lifetime (in ms). * @param subject the Subject to associate with this token when it is consumed * @param lifetime how long each use of the token extends its lifetime * @return auth token */ public String createToken(final Subject subject, final long lifetime) { final byte[] newToken = new byte[TOKEN_SIZE]; rng.nextBytes(newToken); final String token = toHex(newToken); liveTokens.put(token, new TokenInfo(subject, token, lifetime)); logger.log(Level.FINER, "Auth token {0} created", token); return token; }
private Subject consumeTokenIfPresent(final Request req) { Subject result = null; final String token = req.getHeader(SecureAdmin.Util.ADMIN_ONE_TIME_AUTH_TOKEN_HEADER_NAME); if (token != null) { result = authTokenManager.consumeToken(token); } return result; }
/** * Creates a new limited use authentication token with the default * lifetime. * @return auth token */ public String createToken() { return createToken(DEFAULT_TOKEN_LIFETIME); }
(isForMetadata ? AuthTokenManager.markTokenForReuse(authToken) : authToken));