private void handleAuthorizeCallback(AuthorizeCallback ac) { String authenticationID = ac.getAuthenticationID(); String authorizationID = ac.getAuthorizationID(); LOG.info("Successfully authenticated client: authenticationID=" + authenticationID + "; authorizationID=" + authorizationID + "."); ac.setAuthorized(true); // canonicalize authorization id according to system properties: // zookeeper.kerberos.removeRealmFromPrincipal(={true,false}) // zookeeper.kerberos.removeHostFromPrincipal(={true,false}) KerberosName kerberosName = new KerberosName(authenticationID); try { StringBuilder userNameBuilder = new StringBuilder(kerberosName.getShortName()); if (shouldAppendHost(kerberosName)) { userNameBuilder.append("/").append(kerberosName.getHostName()); } if (shouldAppendRealm(kerberosName)) { userNameBuilder.append("@").append(kerberosName.getRealm()); } LOG.info("Setting authorizedID: " + userNameBuilder); ac.setAuthorizedID(userNameBuilder.toString()); } catch (IOException e) { LOG.error("Failed to set name based on Kerberos authentication rules."); } }
private void handleAuthorizeCallback(AuthorizeCallback ac) { String authenticationID = ac.getAuthenticationID(); String authorizationID = ac.getAuthorizationID(); LOG.info("Successfully authenticated client: authenticationID=" + authenticationID + "; authorizationID=" + authorizationID + "."); ac.setAuthorized(true); // canonicalize authorization id according to system properties: // zookeeper.kerberos.removeRealmFromPrincipal(={true,false}) // zookeeper.kerberos.removeHostFromPrincipal(={true,false}) KerberosName kerberosName = new KerberosName(authenticationID); try { StringBuilder userNameBuilder = new StringBuilder(kerberosName.getShortName()); if (shouldAppendHost(kerberosName)) { userNameBuilder.append("/").append(kerberosName.getHostName()); } if (shouldAppendRealm(kerberosName)) { userNameBuilder.append("@").append(kerberosName.getRealm()); } LOG.info("Setting authorizedID: " + userNameBuilder); ac.setAuthorizedID(userNameBuilder.toString()); } catch (IOException e) { LOG.error("Failed to set name based on Kerberos authentication rules.", e); } }
private void handleAuthorizeCallback(AuthorizeCallback ac) { String authenticationID = ac.getAuthenticationID(); String authorizationID = ac.getAuthorizationID(); LOG.info("Successfully authenticated client: authenticationID={}; authorizationID={}.", authenticationID, authorizationID); ac.setAuthorized(true); KerberosName kerberosName = KerberosName.parse(authenticationID); try { String userName = kerberosShortNamer.shortName(kerberosName); LOG.info("Setting authorizedID: {}", userName); ac.setAuthorizedID(userName); } catch (IOException e) { LOG.error("Failed to set name for '{}' based on Kerberos authentication rules.", kerberosName, e); } }
@Override public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { for (Callback callback : callbacks) { if (callback instanceof NameCallback) { NameCallback nameCallback = (NameCallback) callback; nameCallback.setName(nameCallback.getDefaultName()); } else if (callback instanceof PasswordCallback) { PasswordCallback passwordCallback = (PasswordCallback) callback; passwordCallback.setPassword(TestJaasConfig.PASSWORD.toCharArray()); } else if (callback instanceof RealmCallback) { RealmCallback realmCallback = (RealmCallback) callback; realmCallback.setText(realmCallback.getDefaultText()); } else if (callback instanceof AuthorizeCallback) { AuthorizeCallback authCallback = (AuthorizeCallback) callback; if (TestJaasConfig.USERNAME.equals(authCallback.getAuthenticationID())) { authCallback.setAuthorized(true); authCallback.setAuthorizedID(authCallback.getAuthenticationID()); } } } }
private void handleAuthorizeCallback(AuthorizeCallback ac) { String authenticationID = ac.getAuthenticationID(); String authorizationID = ac.getAuthorizationID(); LOG.info("Successfully authenticated client: authenticationID={}; authorizationID={}.", authenticationID, authorizationID); ac.setAuthorized(true); KerberosName kerberosName = KerberosName.parse(authenticationID); try { String userName = kerberosShortNamer.shortName(kerberosName); LOG.info("Setting authorizedID: {}", userName); ac.setAuthorizedID(userName); } catch (IOException e) { LOG.error("Failed to set name based on Kerberos authentication rules."); } }
private void handleAuthorizeCallback(AuthorizeCallback ac) { String authenticationID = ac.getAuthenticationID(); String authorizationID = ac.getAuthorizationID(); LOG.info("Successfully authenticated client: authenticationID=" + authenticationID + "; authorizationID=" + authorizationID + "."); ac.setAuthorized(true); KerberosName kerberosName = new KerberosName(authenticationID); try { StringBuilder userNameBuilder = new StringBuilder(kerberosName.getShortName()); userNameBuilder.append("/").append(kerberosName.getHostName()); userNameBuilder.append("@").append(kerberosName.getRealm()); LOG.info("Setting authorizedID: " + userNameBuilder); ac.setAuthorizedID(userNameBuilder.toString()); } catch (IOException e) { LOG.severe("Failed to set name based on Kerberos authentication rules."); } }
@Override public void handle(final Callback[] callbacks) throws IOException, UnsupportedCallbackException { for (final Callback callback : callbacks) { if (callback instanceof AuthorizeCallback) { final AuthorizeCallback authorizeCallback = (AuthorizeCallback) callback; if (!authorizeCallback.getAuthenticationID() .equals(authorizeCallback.getAuthorizationID())) { throw new SaslException("Drill expects authorization ID and authentication ID to match. " + "Use inbound impersonation feature so one entity can act on behalf of another."); } else { authorizeCallback.setAuthorized(true); } } else { throw new UnsupportedCallbackException(callback); } } }
@Override public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { for(Callback callback : callbacks) { if (callback instanceof NameCallback) { NameCallback nameCallback = (NameCallback)callback; nameCallback.setName("user"); } else if (callback instanceof PasswordCallback) { PasswordCallback passwordCallback = (PasswordCallback)callback; passwordCallback.setPassword(password.toCharArray()); } else if (callback instanceof AuthorizeCallback) { AuthorizeCallback authorizeCallback = (AuthorizeCallback)callback; authorizeCallback.setAuthorized(authorizeCallback.getAuthenticationID().equals(authorizeCallback.getAuthorizationID())); } else if (callback instanceof RealmCallback) { RealmCallback realmCallback = (RealmCallback) callback; realmCallback.setText(REALM); } else { throw new UnsupportedCallbackException(callback); } } }
private void handleAuthorizeCallback(AuthorizeCallback ac) { String authenticationID = ac.getAuthenticationID(); String authorizationID = ac.getAuthorizationID(); LOG.severe("Successfully authenticated client: authenticationID=" + authenticationID + "; authorizationID=" + authorizationID + "."); ac.setAuthorized(true); KerberosName kerberosName = new KerberosName(authenticationID); try { StringBuilder userNameBuilder = new StringBuilder(kerberosName.getShortName()); userNameBuilder.append("/").append(kerberosName.getHostName()); userNameBuilder.append("@").append(kerberosName.getRealm()); LOG.severe("Setting authorizedID: " + userNameBuilder); ac.setAuthorizedID(userNameBuilder.toString()); } catch (IOException e) { LOG.severe("Failed to set name based on Kerberos authentication rules."); } }
private void handleAuthorizeCallback(AuthorizeCallback ac) { String authenticationID = ac.getAuthenticationID(); LOG.info("Successfully authenticated client: authenticationID=" + authenticationID + " authorizationID= " + ac.getAuthorizationID()); // if authorizationId is not set, set it to authenticationId. if (ac.getAuthorizationID() == null) { ac.setAuthorizedID(authenticationID); } // When authNid and authZid are not equal , authNId is attempting to impersonate authZid, We // add the authNid as the real user in reqContext's subject which will be used during authorization. if (!ac.getAuthenticationID().equals(ac.getAuthorizationID())) { ReqContext.context().setRealPrincipal(new SaslTransportPlugin.User(ac.getAuthenticationID())); } ac.setAuthorized(true); }
private void handleAuthorizeCallback(AuthorizeCallback ac) { String authenticationID = ac.getAuthenticationID(); LOG.info("Successfully authenticated client: authenticationID = " + authenticationID + " authorizationID = " + ac.getAuthorizationID()); // if authorizationId is not set, set it to authenticationId. if (ac.getAuthorizationID() == null) { ac.setAuthorizedID(authenticationID); } // When authNid and authZid are not equal , authNId is attempting to impersonate authZid, We // add the authNid as the real user in reqContext's subject which will be used during authorization. if (!authenticationID.equals(ac.getAuthorizationID())) { LOG.info("Impersonation attempt authenticationID = " + ac.getAuthenticationID() + " authorizationID = " + ac.getAuthorizationID()); ReqContext.context().setRealPrincipal(new SaslTransportPlugin.User(ac.getAuthenticationID())); } ac.setAuthorized(true); }
@Override public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { for (Callback callback : callbacks) { if (callback instanceof AuthorizeCallback) { AuthorizeCallback authorizeCallback = (AuthorizeCallback) callback; String authenticationId = authorizeCallback.getAuthenticationID(); String authorizationId = authorizeCallback.getAuthorizationID(); authorizeCallback.setAuthorized(authenticationId.equals(authorizationId)); } else if (callback instanceof NameCallback) { ((NameCallback) callback).setName("glowroot"); } else if (callback instanceof PasswordCallback) { ((PasswordCallback) callback).setPassword(password); } else if (callback instanceof RealmCallback) { ((RealmCallback) callback).setText("glowroot"); } } }
public void assertDeserialized(Serializable oref, Serializable otest) { AuthorizeCallback ref = (AuthorizeCallback) oref; AuthorizeCallback test = (AuthorizeCallback) otest; String idC = ref.getAuthenticationID(); String idZ = ref.getAuthorizationID(); String id = ref.getAuthorizedID(); boolean is = ref.isAuthorized(); if (idC == null) { assertNull(test.getAuthenticationID()); } else { assertEquals(test.getAuthenticationID(), idC); } if (idZ == null) { assertNull(test.getAuthorizationID()); } else { assertEquals(test.getAuthorizationID(), idZ); } if (id == null) { assertNull(test.getAuthorizedID()); } else { assertEquals(test.getAuthorizedID(), id); } assertEquals(test.isAuthorized(), is); }
/** * Test for <code>AuthorizeCallback(String authnID, String authzID)</code> * and get/set methods */ public void test01() { AuthorizeCallback auth = new AuthorizeCallback(null, null); assertNull(auth.getAuthenticationID()); assertNull(auth.getAuthorizationID()); assertNull(auth.getAuthorizedID()); assertFalse(auth.isAuthorized()); auth.setAuthorized(true); assertTrue(auth.isAuthorized()); assertNull(auth.getAuthorizedID()); auth.setAuthorized(false); assertNull(auth.getAuthorizedID()); assertFalse(auth.isAuthorized()); auth.setAuthorizedID("ZZZ"); auth.setAuthorized(true); assertEquals(auth.getAuthorizedID(), "ZZZ"); assertNull(auth.getAuthorizationID()); assertTrue(auth.isAuthorized()); }
private CallbackHandler serverCallbackHandler(String username, String realm, String password) { return callbacks -> { for (Callback callback : callbacks) { if (callback instanceof NameCallback) { Assert.assertEquals(username, ((NameCallback) callback).getDefaultName()); } else if (callback instanceof RealmCallback) { Assert.assertEquals(realm, ((RealmCallback) callback).getDefaultText()); } else if (callback instanceof PasswordCallback) { ((PasswordCallback) callback).setPassword(password.toCharArray()); } else if (callback instanceof AuthorizeCallback) { ((AuthorizeCallback) callback).setAuthorized(((AuthorizeCallback) callback).getAuthorizationID().equals(((AuthorizeCallback) callback).getAuthenticationID())); } else { throw new UnsupportedCallbackException(callback); } } }; }
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { for (Callback current : callbacks) { if (current instanceof AuthorizeCallback) { AuthorizeCallback acb = (AuthorizeCallback) current; boolean authorized = acb.getAuthenticationID().equals(acb.getAuthorizationID()); if (authorized == false) { SECURITY_LOGGER.tracef( "Checking 'AuthorizeCallback', authorized=false, authenticationID=%s, authorizationID=%s.", acb.getAuthenticationID(), acb.getAuthorizationID()); } acb.setAuthorized(authorized); } else { throw new UnsupportedCallbackException(current); } } }
@SuppressWarnings("unused") protected void handleAuthorizeCallback(AuthorizeCallback authCallback) { String authenId = authCallback.getAuthenticationID(); if (log.isLoggable(Level.FINEST)) { log.log(Level.FINEST, "AuthorizeCallback: authenId: {0}", authenId); } String authorId = authCallback.getAuthorizationID(); if (log.isLoggable(Level.FINEST)) { log.log(Level.FINEST, "AuthorizeCallback: authorId: {0}", authorId); } if (AbstractSasl.isAuthzIDIgnored() || authenId.equals(authorId)) { authCallback.setAuthorized(true); } }
protected void handleAuthorizeCallback(AuthorizeCallback authCallback) { String authenId = authCallback.getAuthenticationID(); if (log.isLoggable(Level.FINEST)) { log.log(Level.FINEST, "AuthorizeCallback: authenId: {0}", authenId); } String authorId = authCallback.getAuthorizationID(); if (log.isLoggable(Level.FINEST)) { log.log(Level.FINEST, "AuthorizeCallback: authorId: {0}", authorId); } if (AbstractSasl.isAuthzIDIgnored() || authenId.equals(authorId)) { authCallback.setAuthorized(true); } }
protected void handleCallback(Callback callback) throws UnsupportedCallbackException, IOException { if (callback instanceof XMPPSessionCallback) { ((XMPPSessionCallback) callback).setSession(session); } else if (callback instanceof ChannelBindingCallback) { handleChannelBindingCallback((ChannelBindingCallback) callback); } else if (callback instanceof PBKDIterationsCallback) { handlePBKDIterationsCallback((PBKDIterationsCallback) callback); } else if (callback instanceof SaltedPasswordCallback) { handleSaltedPasswordCallbackCallback((SaltedPasswordCallback) callback); } else if (callback instanceof NameCallback) { handleNameCallback((NameCallback) callback); } else if (callback instanceof SaltCallback) { handleSaltCallback((SaltCallback) callback); } else if (callback instanceof AuthorizeCallback) { handleAuthorizeCallback((AuthorizeCallback) callback); } else { throw new UnsupportedCallbackException(callback, "Unrecognized Callback " + callback); } }
protected void handleCallback(Callback callback) throws UnsupportedCallbackException, IOException { if (callback instanceof XMPPSessionCallback) { ((XMPPSessionCallback) callback).setSession(session); } else if (callback instanceof ChannelBindingCallback) { handleChannelBindingCallback((ChannelBindingCallback) callback); } else if (callback instanceof PBKDIterationsCallback) { handlePBKDIterationsCallback((PBKDIterationsCallback) callback); } else if (callback instanceof SaltedPasswordCallback) { handleSaltedPasswordCallback((SaltedPasswordCallback) callback); } else if (callback instanceof NameCallback) { handleNameCallback((NameCallback) callback); } else if (callback instanceof SaltCallback) { handleSaltCallback((SaltCallback) callback); } else if (callback instanceof AuthorizeCallback) { handleAuthorizeCallback((AuthorizeCallback) callback); } else { throw new UnsupportedCallbackException(callback, "Unrecognized Callback " + callback); } }
@Override public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { for (Callback c : callbacks) { if (c instanceof NameCallback) { ((NameCallback) c).setName(PRINCIPAL); } else if (c instanceof PasswordCallback) { ((PasswordCallback) c).setPassword(password.toCharArray()); } else if (c instanceof AuthorizeCallback) { ((AuthorizeCallback) c).setAuthorized(true); } else if (c instanceof RealmCallback) { ((RealmCallback) c).setText(REALM); } else { throw new UnsupportedCallbackException(c); } } }
