Callback[] callbacks = new Callback[2]; callbacks[0] = new NameCallback("Username: "); callbacks[1] = new PasswordCallback("Password: ", false); try { callbackHandler.handle(callbacks); } catch (IOException ioe) { throw new LoginException(ioe.getMessage()); } catch (UnsupportedCallbackException uce) { throw new LoginException(uce.getMessage() + " not available to obtain information from user"); user = ((NameCallback) callbacks[0]).getName(); char[] tmpPassword = ((PasswordCallback) callbacks[1]).getPassword(); if (tmpPassword == null) { tmpPassword = new char[0];
@Override public boolean login() throws LoginException { Callback[] callbacks = new Callback[2]; callbacks[0] = new NameCallback("User name"); callbacks[1] = new PasswordCallback("Password", false); try { handler.handle(callbacks); } catch (IOException ioe) { throw (LoginException)new LoginException().initCause(ioe); } catch (UnsupportedCallbackException uce) { throw (LoginException)new LoginException().initCause(uce); } String password; String username = ((NameCallback)callbacks[0]).getName(); if (username == null) return false; if (((PasswordCallback)callbacks[1]).getPassword() != null) password = new String(((PasswordCallback)callbacks[1]).getPassword()); else password=""; // authenticate will throw LoginException // in case of failed authentication authenticate(username, password); user = new UserPrincipal(username); succeeded = true; return true; }
/** * Performs a login using the specified principal and keytab. * * @throws LoginException if the login fails */ @Override public synchronized void login() throws LoginException { if (isLoggedIn()) { return; } try { // If it's the first time ever calling login then we need to initialize a new context if (loginContext == null) { LOGGER.debug("Initializing new login context..."); this.subject = new Subject(); this.loginContext = createLoginContext(subject); } loginContext.login(); loggedIn.set(true); LOGGER.debug("Successful login for {}", new Object[]{principal}); } catch (LoginException le) { throw new LoginException("Unable to login with " + principal + " due to: " + le.getMessage()); } }
@Override public final LoginException failureCallingSecurityRealm(final String cause) { final LoginException result = new LoginException(String.format(getLoggingLocale(), failureCallingSecurityRealm$str(), cause)); final StackTraceElement[] st = result.getStackTrace(); result.setStackTrace(Arrays.copyOfRange(st, 1, st.length)); return result; } private static final String noAuthenticationCacheAvailable = "WFLYSEC0032: No authentication cache for security domain '%s' available";
protected Object getCredential() throws LoginException { NameCallback nc = new NameCallback("Alias: "); ObjectCallback oc = new ObjectCallback("Credential: "); Callback[] callbacks = { nc, oc }; try { callbackHandler.handle(callbacks); return oc.getCredential(); } catch (IOException ioe) { LoginException le = new LoginException(); le.initCause(ioe); throw le; } catch (UnsupportedCallbackException uce) { LoginException le = new LoginException(); le.initCause(uce); throw le; } }
@Override public boolean login() throws LoginException { if (callbackHandler == null) { throw new LoginException("CallbackHandler not registered"); } Callback[] callbacks = new Callback[2]; callbacks[0] = new NameCallback("Username"); callbacks[1] = new PasswordCallback("Password", false); try { callbackHandler.handle(callbacks); } catch (IOException ie) { throw new LoginException("IOException: " + ie.toString()); } catch (UnsupportedCallbackException uce) { throw new LoginException("UnsupportedCallbackException: " + uce.getCallback().toString()); } String username = ((NameCallback)callbacks[0]).getName(); if (options.containsKey(PLAIN_TEXT_USER_PREFIX + username)) { String expectedPassword = (String) options.get(PLAIN_TEXT_USER_PREFIX + username); String password = new String(((PasswordCallback)callbacks[1]).getPassword()); if (!expectedPassword.equals(password)) { throw new LoginException("Incorrect password for: " + username); } } else { throw new LoginException("User: " + username + " not found"); } return true; }
private void _checkAuthentication(String username, String password) throws LoginException { try { UsernamePasswordHandler handler = new UsernamePasswordHandler(username, password.toCharArray()); LoginContext loginContext; loginContext = new LoginContext(CustomJaasDeploymentServiceMBean.RHQ_USER_SECURITY_DOMAIN, handler); loginContext.login(); loginContext.getSubject().getPrincipals().iterator().next(); loginContext.logout(); } catch (javax.security.auth.login.LoginException e) { throw new LoginException(e.getMessage()); } }
/** * Re-login a principal. This method assumes that {@link #login()} has happened already. * @throws javax.security.auth.login.LoginException on a failure */ private void reLogin() throws LoginException { if (!isKrbTicket) { return; } if (loginContext == null) { throw new LoginException("Login must be done first"); } if (!hasSufficientTimeElapsed()) { return; } synchronized (KerberosLogin.class) { log.info("Initiating logout for {}", principal); // register most recent relogin attempt lastLogin = currentElapsedTime(); //clear up the kerberos state. But the tokens are not cleared! As per //the Java kerberos login module code, only the kerberos credentials //are cleared loginContext.logout(); //login and also update the subject field of this instance to //have the new credentials (pass it to the LoginContext constructor) loginContext = new LoginContext(contextName(), subject, null, configuration()); log.info("Initiating re-login for {}", principal); loginContext.login(); } }
@Override public boolean login() throws LoginException { if (!options.containsKey(REALM_PROPERTY)) { logger.warn(REALM_PROPERTY + " is not set"); throw new LoginException("cannot authenticate through the delegating realm"); } context = new LoginContext((String) options.get(REALM_PROPERTY), this.subject, this.callbackHandler); context.login(); try { return Subject.doAs(context.getSubject(), (PrivilegedExceptionAction<Boolean>) this::doLogin); } catch (PrivilegedActionException pExcp) { logger.error("error with delegated authentication", pExcp); throw new LoginException(pExcp.getMessage()); } }
AuthType authType = conf.getEnum(PropertyKey.SECURITY_AUTHENTICATION_TYPE, AuthType.class); checkSecurityEnabled(authType); Subject subject = new Subject(); loginContext.login(); } catch (LoginException e) { throw new UnauthenticatedException("Failed to login: " + e.getMessage(), e); Set<User> userSet = subject.getPrincipals(User.class); if (userSet.isEmpty()) { throw new UnauthenticatedException("Failed to login: No Alluxio User is found.");
@Override public boolean login() throws LoginException { NameCallback name = new NameCallback("username"); PasswordCallback password = new PasswordCallback("password", false); try { handler.handle(new Callback[] {name, password}); } catch (Exception e) { Logger.suppress(e); throw new LoginException(e.getMessage()); } subject.getPrincipals().add(new UserPrincipal(name.getName())); subject.getPrivateCredentials().add(name); subject.getPrivateCredentials().add(password); return true; }
public String isTicketValid(String spn, byte[] ticket) { checkCreds(); LoginContext ctx = null; try { if (!config.getKeytab().exists()) { throw new LoginException(String.format("KeyTab does not exist: %s", config.getKeytab().getAbsolutePath())); } final Principal principal = new KerberosPrincipal(spn, KerberosPrincipal.KRB_NT_SRV_INST); Set<Principal> principals = new HashSet<>(); principals.add(principal); final Subject subject = new Subject(false, principals, new HashSet<>(), new HashSet<>()); ctx = new LoginContext(config.getContextName(), subject, null, getJaasKrb5TicketCfg(spn)); ctx.login(); final Krb5TicketValidateAction validateAction = new Krb5TicketValidateAction(ticket, spn); final String username = Subject.doAs(subject, validateAction); return username; } catch (java.security.PrivilegedActionException | LoginException e) { LOG.fatal(spn, e); } finally { try { if (ctx != null) { ctx.logout(); } } catch (LoginException e2) { LOG.fatal(spn, e2); } } return FAILED; }
/** * Retrieves the user name by querying the property of * {@link PropertyKey#SECURITY_LOGIN_USERNAME} through {@link AppCallbackHandler}. * * @return true if user name provided by application is set and not empty * @throws LoginException when the login fails */ @Override public boolean login() throws LoginException { Callback[] callbacks = new Callback[1]; callbacks[0] = new NameCallback("user name: "); try { mCallbackHandler.handle(callbacks); } catch (IOException | UnsupportedCallbackException e) { throw new LoginException(e.getMessage()); } String userName = ((NameCallback) callbacks[0]).getName(); if (!userName.isEmpty()) { mUser = new User(userName); return true; } return false; }
private synchronized LoginContext login(final String loginContextName) throws LoginException { if (loginContextName == null) { throw new LoginException("loginContext name (JAAS file section header) was null. " + "Please check your java.security.login.auth.config (=" + System.getProperty("java.security.login.auth.config") + ") and your " + ZooKeeperSaslClient.LOGIN_CONTEXT_NAME_KEY + "(=" + System.getProperty(ZooKeeperSaslClient.LOGIN_CONTEXT_NAME_KEY, "Client") + ")"); } LoginContext loginContext = new LoginContext(loginContextName, callbackHandler); loginContext.login(); LOG.info("successfully logged in."); return loginContext; }
/** * Commits the authentication (second phase). * * <p> * This method is called if the LoginContext's overall authentication succeeded. The * implementation first checks if there is already Alluxio user in the subject. If not, it adds * the previously logged in Alluxio user into the subject. * * @return true if an Alluxio user is found or created * @throws LoginException not Alluxio user is found or created */ @Override public boolean commit() throws LoginException { // if there is already an Alluxio user, it's done. if (!mSubject.getPrincipals(User.class).isEmpty()) { return true; } // add the logged in user into subject if (mUser != null) { mSubject.getPrincipals().add(mUser); return true; } // throw exception if no Alluxio user is found or created. throw new LoginException("Cannot find a user"); }
public boolean commit() throws LoginException { if (isSucceeded() == false) { return false; } if (subject == null || subject.isReadOnly()) { kerbTicket = null; throw new LoginException("Authentication failed because the Subject is invalid."); } // Let us add the kerbClientPrinc and kerbTicket subject.getPrivateCredentials().add(kerbTicket); subject.getPrincipals().add(getKerbTicketClient()); LOG.debug("Commit Succeeded."); return true; }
/** * Logs out the user. * * The implementation removes the User associated with the Subject. * @return true in all cases * @throws LoginException if logout fails */ @Override public boolean logout() throws LoginException { if (mSubject.isReadOnly()) { throw new LoginException("logout Failed: Subject is Readonly."); } if (mUser != null) { mSubject.getPrincipals().remove(mUser); } return true; }
protected void setUsernameAndPassword(boolean shared) throws LoginException{ if(shared){ username = (String) sharedState.get(SHARED_NAME); password = (char[]) sharedState.get(SHARED_PWD); return; } if(callbackHandler == null) throw new LoginException("Callback handler needed."); Callback[] callbacks = new Callback[2]; callbacks[0] = new NameCallback("username: "); callbacks[1] = new PasswordCallback("password: ",false); try{ callbackHandler.handle(callbacks); username = ((NameCallback) callbacks[0]).getName(); password = ((PasswordCallback) callbacks[1]).getPassword(); }catch(IOException ioe){ throw new LoginException("login failed cased by " + ioe.getLocalizedMessage()); }catch(UnsupportedCallbackException uce){ throw new LoginException("login failed caused by " + uce.getLocalizedMessage()); } }
private JsonResponse doPrivilegedRequest(String method, String url, ArrayList<Header> headers, StringEntity entity) throws CygnusRuntimeError { try { LoginContext loginContext = new LoginContext("cygnus_krb5_login", new KerberosCallbackHandler(krb5User, krb5Password)); loginContext.login(); PrivilegedRequest req = new PrivilegedRequest(method, url, headers, entity); return createJsonResponse((HttpResponse) Subject.doAs(loginContext.getSubject(), req)); } catch (LoginException e) { throw new CygnusRuntimeError("Privileged request error", "LoginException", e.getMessage()); } // try catch } // doPrivilegedRequest
@Override public void logout(Subject subject) throws LoginException { if (ObjectHelper.isEmpty(getName())) { throw new LoginException("Realm has not been configured on this SecurityAuthenticator: " + this); } String username = ""; if (!subject.getPrincipals().isEmpty()) { username = subject.getPrincipals().iterator().next().getName(); } LOG.trace("Logging out username: {} using realm: {}", username, getName()); LoginContext context = new LoginContext(getName(), subject); context.logout(); LOG.debug("Logout username: {} successful", username); }