private boolean authorize(String username) throws AuthenticationMechanismException { AuthorizeCallback authorizeCallback = new AuthorizeCallback(username, username); try { callbackHandler.handle(new Callback[] {authorizeCallback}); return authorizeCallback.isAuthorized(); } catch (UnsupportedCallbackException e) { return false; } catch (Throwable t) { throw httpDigest.mechCallbackHandlerFailedForUnknownReason(t); } }
if (ac.isAuthorized()) { ac.setAuthorizedID(authorizationID); LOG.info("Successfully authenticated learner: authenticationID={}; authorizationID={}.", authenticationID, authorizationID); LOG.debug("SASL authorization completed, authorized flag set to {}", ac.isAuthorized());
AuthorizeCallback ac = new AuthorizeCallback(parts[1], parts[0]); cbh.handle(new Callback[]{ nc, pc, ac }); if (ac.isAuthorized()) { authz = ac.getAuthorizedID();
if (!authCallback.isAuthorized()) { throw new SaslException("AuthorizeCallback authorized failure");
protected boolean authorize(String username) throws HttpAuthenticationException { httpUserPass.debugf("Username authorization. Username: [%s].", username); AuthorizeCallback authorizeCallback = new AuthorizeCallback(username, username); try { callbackHandler.handle(new Callback[] {authorizeCallback}); return authorizeCallback.isAuthorized(); } catch (UnsupportedCallbackException e) { return false; } catch (IOException e) { throw new HttpAuthenticationException(e); } }
if (ac.isAuthorized()) { ac.setAuthorizedID(authorizationID); LOG.info("Successfully authenticated learner: authenticationID={}; authorizationID={}.", authenticationID, authorizationID); LOG.debug("SASL authorization completed, authorized flag set to {}", ac.isAuthorized());
String authzId = ac.getAuthorizationID(); ac.setAuthorized(authId.equals(authzId)); if (ac.isAuthorized()) ac.setAuthorizedID(authzId); } else if (callback instanceof ScramExtensionsCallback) {
ac.setAuthorized(false); if (ac.isAuthorized()) { ac.setAuthorizedID(authzid);
@Override public void handle(Callback[] callbacks) throws UnsupportedCallbackException { for (Callback callback : callbacks) { if (callback instanceof NameCallback) { NameCallback nc = (NameCallback) callback; nc.setName(nc.getDefaultName()); } else if (callback instanceof PasswordCallback) { String errorMessage = "Could not login: the client is being asked for a password, but the Kafka" + " client code does not currently support obtaining a password from the user."; errorMessage += " Make sure -Djava.security.auth.login.config property passed to JVM and" + " the client is configured to use a ticket cache (using" + " the JAAS configuration setting 'useTicketCache=true)'. Make sure you are using" + " FQDN of the Kafka broker you are trying to connect to."; throw new UnsupportedCallbackException(callback, errorMessage); } else if (callback instanceof RealmCallback) { RealmCallback rc = (RealmCallback) callback; rc.setText(rc.getDefaultText()); } else if (callback instanceof AuthorizeCallback) { AuthorizeCallback ac = (AuthorizeCallback) callback; String authId = ac.getAuthenticationID(); String authzId = ac.getAuthorizationID(); ac.setAuthorized(authId.equals(authzId)); if (ac.isAuthorized()) ac.setAuthorizedID(authzId); } else { throw new UnsupportedCallbackException(callback, "Unrecognized SASL ClientCallback"); } } }
if (ac.isAuthorized()) { LOG.debug("handle: SASL server DIGEST-MD5 callback: setting canonicalized client ID: ", userName);
ac.setAuthorized(false); if (ac.isAuthorized()) { ac.setAuthorizedID(authzid);
ac.setAuthorized(false); if (ac.isAuthorized()) { ac.setAuthorizedID(authzid);
ac.setAuthorized(false); if (ac.isAuthorized()) { ac.setAuthorizedID(authzid);
/** {@inheritDoc} */ @Override public void handle(Callback[] callbacks) throws UnsupportedCallbackException { AuthorizeCallback ac = null; for (Callback callback : callbacks) { if (callback instanceof AuthorizeCallback) { ac = (AuthorizeCallback) callback; } else { throw new UnsupportedCallbackException(callback, "Unrecognized SASL GSSAPI Callback"); } } if (ac != null) { String authid = ac.getAuthenticationID(); String authzid = ac.getAuthorizationID(); if (authid.equals(authzid)) { ac.setAuthorized(true); } else { ac.setAuthorized(false); } if (ac.isAuthorized()) { if (LOG.isDebugEnabled()) { LOG.debug( "SASL server GSSAPI callback: setting " + "canonicalized client ID: " + authzid); } ac.setAuthorizedID(authzid); } } } }
@Override public void handle(Callback[] callbacks) throws UnsupportedCallbackException { AuthorizeCallback ac = null; for (Callback callback : callbacks) { if (callback instanceof AuthorizeCallback) { ac = (AuthorizeCallback) callback; } else { throw new UnsupportedCallbackException(callback, "Unrecognized SASL GSSAPI Callback"); } } if (ac != null) { String authid = ac.getAuthenticationID(); String authzid = ac.getAuthorizationID(); if (authid.equals(authzid)) { ac.setAuthorized(true); } else { ac.setAuthorized(false); } if (ac.isAuthorized()) { if (LOG.isDebugEnabled()) LOG.debug("SASL server GSSAPI callback: setting " + "canonicalized client ID: " + authzid); ac.setAuthorizedID(authzid); } } } }
ac.setAuthorized(false); if (ac.isAuthorized()) { ac.setAuthorizedID(authzid);
public byte[] evaluateResponse(final byte[] response) throws SaslException { if (complete) { throw saslExternal.mechMessageAfterComplete().toSaslException(); } complete = true; String authorizationId; if (response.length == 0) { authorizationId = null; } else { authorizationId = Normalizer.normalize(new String(response, StandardCharsets.UTF_8), Normalizer.Form.NFKC); if (authorizationId.indexOf(0) != -1) { throw saslExternal.mechUserNameContainsInvalidCharacter().toSaslException(); } } final AuthorizeCallback authorizeCallback = new AuthorizeCallback(null, authorizationId); try { cbh.handle(Arrays2.of(authorizeCallback)); } catch (SaslException e) { throw e; } catch (IOException e) { throw saslExternal.mechAuthorizationFailed(e).toSaslException(); } catch (UnsupportedCallbackException e) { throw saslExternal.mechAuthorizationFailed(e).toSaslException(); } if (!authorizeCallback.isAuthorized()) { throw saslExternal.mechAuthorizationFailed(null, authorizationId).toSaslException(); } this.authorizationID = authorizeCallback.getAuthorizedID(); return null; }
private void checkAuthorizationID() throws SaslException { final String authenticationID; try { authenticationID = gssContext.getSrcName().toString(); } catch (GSSException e) { throw saslGs2.mechUnableToDeterminePeerName(e).toSaslException(); } saslGs2.tracef("checking if [%s] is authorized to act as [%s]...", authenticationID, authorizationID); if (authorizationID == null || authorizationID.isEmpty()) { authorizationID = authenticationID; } AuthorizeCallback authorizeCallback = new AuthorizeCallback(authenticationID, authorizationID); handleCallbacks(authorizeCallback); if (! authorizeCallback.isAuthorized()) { throw saslGs2.mechAuthorizationFailed(authenticationID, authorizationID).toSaslException(); } saslGs2.trace("authorization id check successful"); }
if (authorizeCallback.isAuthorized()) { try { callbackHandler.handle(new Callback[]{new IdentityCredentialCallback(new BearerTokenCredential(evidence.getToken()), true)});
@Override public void evaluateRequest(HttpServerRequest request) throws HttpAuthenticationException { List<String> authorizationValues = request.getRequestHeaderValues(HttpConstants.AUTHORIZATION); if (authorizationValues != null) { Matcher matcher; for (String current : authorizationValues) { if ((matcher = BEARER_TOKEN_PATTERN.matcher(current)).matches()) { BearerTokenEvidence tokenEvidence = new BearerTokenEvidence(matcher.group(1)); EvidenceVerifyCallback verifyCallback = new EvidenceVerifyCallback(tokenEvidence); handleCallback(verifyCallback); if (verifyCallback.isVerified()) { AuthorizeCallback authorizeCallback = new AuthorizeCallback(null, null); handleCallback(authorizeCallback); if (authorizeCallback.isAuthorized()) { httpBearer.debugf("Token authentication successful."); handleCallback(new IdentityCredentialCallback(new BearerTokenCredential(tokenEvidence.getToken()), true)); handleCallback(AuthenticationCompleteCallback.SUCCEEDED); request.authenticationComplete(); return; } } httpBearer.debugf("Token authentication failed."); request.authenticationFailed("Invalid bearer token", response -> response.setStatusCode(FORBIDDEN)); return; } } } request.noAuthenticationInProgress(this::unauthorizedResponse); }