/** * {@inheritDoc} */ @Override public String getSubject() { return innerToken.getSubject(); }
/** * {@inheritDoc} */ @Override public void addAttribute(String name, Object value) { innerToken.addAttribute(name, value); }
/** * {@inheritDoc} */ @Override public Map<String, Object> getAttributes() { return innerToken.getAttributes(); }
/** * {@inheritDoc} */ @Override public void doAuthenticate(AuthToken userToken, AuthToken authToken) throws HasAuthenException { String user = (String) userToken.getAttributes().get("ldap_user"); String pwd = (String) userToken.getAttributes().get("ldap_pwd"); if (user == null || pwd == null) { LOG.error("LDAP: user or pwd is null"); throw new HasAuthenException("LDAP: user or pwd is null"); } try { if (LDAPUtils.doUserAuth(user, pwd)) { authToken.setIssuer(userToken.getIssuer()); authToken.setSubject(user); authToken.setExpirationTime(userToken.getExpiredTime()); authToken.addAttribute("passPhrase", pwd); } else { throw new HasAuthenException("LDAP user auth failed"); } } catch (HasException | IOException | LdapInvalidAttributeValueException e) { throw new HasAuthenException("LDAP user auth failed. " + e.getMessage()); } } }
@Override protected void doLogin(AuthToken authToken) throws HasLoginException { //Get the user info from env String userName = System.getenv("userName"); if (userName == null || userName.isEmpty()) { throw new HasLoginException("Please set the userName."); } String password = System.getenv("password"); if (password == null || password.isEmpty()) { throw new HasLoginException("Please set the password."); } LOG.debug("Get the user info successfully."); authToken.setIssuer("has"); authToken.setSubject(userName); final Date now = new Date(System.currentTimeMillis() / 1000 * 1000); authToken.setIssueTime(now); // Set expiration in 60 minutes Date exp = new Date(now.getTime() + 1000 * 60 * 60); authToken.setExpirationTime(exp); authToken.addAttribute("user", userName); authToken.addAttribute("secret", password); authToken.addAttribute("passPhrase", userName + password); } }
public static AuthToken issueToken(String principal, String group, String role) { AuthToken authToken = KrbRuntime.getTokenProvider("JWT").createTokenFactory().createToken(); String iss = "token-service"; authToken.setIssuer(iss); String sub = principal; authToken.setSubject(sub); authToken.addAttribute("group", group); if (role != null) { authToken.addAttribute("role", role); } List<String> aud = new ArrayList<>(); aud.add("krb5kdc-with-token-extension"); authToken.setAudiences(aud); // Set expiration in 60 minutes final Date now = new Date(new Date().getTime() / 1000 * 1000); Date exp = new Date(now.getTime() + 1000 * 60 * 60); authToken.setExpirationTime(exp); Date nbf = now; authToken.setNotBeforeTime(nbf); Date iat = now; authToken.setIssueTime(iat); return authToken; }
PrincipalName clientPrincipal; if (isToken()) { LOG.info("The request has a token with subject: " + getToken().getSubject()); clientPrincipal = new PrincipalName(getToken().getSubject()); } else { clientPrincipal = request.getReqBody().getCname(); if (isToken()) { clientEntry = new KrbIdentity(clientPrincipal.getName()); clientEntry.setExpireTime(new KerberosTime(getToken().getExpiredTime().getTime())); } else { clientEntry = getEntry(clientPrincipal.getName());
String audience = getAudience("krbtgt"); auds.add(audience); authToken.setAudiences(auds); PrincipalName clientPrincipal = new PrincipalName(authToken.getSubject()); String clientRealm = asReq.getReqBody().getRealm(); if (clientRealm == null || clientRealm.isEmpty()) {
/** * {@inheritDoc} */ @Override public String getIssuer() { return innerToken.getIssuer(); }
/** * {@inheritDoc} */ @Override public void setIssuer(String issuer) { innerToken.setIssuer(issuer); }
/** * {@inheritDoc} */ @Override public void setSubject(String sub) { innerToken.setSubject(sub); }
/** * {@inheritDoc} */ @Override public void setExpirationTime(Date exp) { innerToken.setExpirationTime(exp); }
/** * {@inheritDoc} */ @Override public void setIssueTime(Date iat) { innerToken.setIssueTime(iat); }
/** * {@inheritDoc} */ @Override public Date getExpiredTime() { return innerToken.getExpiredTime(); }
/** * {@inheritDoc} */ @Override public void setAudiences(List<String> audiences) { innerToken.setAudiences(audiences); }
/** * {@inheritDoc} */ @Override public void doAuthenticate(AuthToken userToken, AuthToken authToken) throws HasAuthenException { String user = (String) userToken.getAttributes().get("ldap_user"); String pwd = (String) userToken.getAttributes().get("ldap_pwd"); if (user == null || pwd == null) { LOG.error("LDAP: user or pwd is null"); throw new HasAuthenException("LDAP: user or pwd is null"); } try { if (LDAPUtils.doUserAuth(user, pwd)) { authToken.setIssuer(userToken.getIssuer()); authToken.setSubject(user); authToken.setExpirationTime(userToken.getExpiredTime()); authToken.addAttribute("passPhrase", pwd); } else { throw new HasAuthenException("LDAP user auth failed"); } } catch (HasException | IOException | LdapInvalidAttributeValueException e) { throw new HasAuthenException("LDAP user auth failed. " + e.getMessage()); } } }
@Override protected void doLogin(AuthToken authToken) throws HasLoginException { //Get the user info from env String userName = System.getenv("userName"); if (userName == null || userName.isEmpty()) { throw new HasLoginException("Please set the userName."); } String password = System.getenv("password"); if (password == null || password.isEmpty()) { throw new HasLoginException("Please set the password."); } LOG.debug("Get the user info successfully."); authToken.setIssuer("has"); authToken.setSubject(userName); final Date now = new Date(System.currentTimeMillis() / 1000 * 1000); authToken.setIssueTime(now); // Set expiration in 60 minutes Date exp = new Date(now.getTime() + 1000 * 60 * 60); authToken.setExpirationTime(exp); authToken.addAttribute("user", userName); authToken.addAttribute("secret", password); authToken.addAttribute("passPhrase", userName + password); } }
public static AuthToken issueToken(String principal, String group, String role) { AuthToken authToken = KrbRuntime.getTokenProvider("JWT").createTokenFactory().createToken(); String iss = "token-service"; authToken.setIssuer(iss); String sub = principal; authToken.setSubject(sub); authToken.addAttribute("group", group); if (role != null) { authToken.addAttribute("role", role); } List<String> aud = new ArrayList<>(); aud.add("krb5kdc-with-token-extension"); authToken.setAudiences(aud); // Set expiration in 60 minutes final Date now = new Date(new Date().getTime() / 1000 * 1000); Date exp = new Date(now.getTime() + 1000 * 60 * 60); authToken.setExpirationTime(exp); Date nbf = now; authToken.setNotBeforeTime(nbf); Date iat = now; authToken.setIssueTime(iat); return authToken; }
PrincipalName clientPrincipal; if (isToken()) { LOG.info("The request has a token with subject: " + getToken().getSubject()); clientPrincipal = new PrincipalName(getToken().getSubject()); } else { clientPrincipal = request.getReqBody().getCname(); if (isToken()) { clientEntry = new KrbIdentity(clientPrincipal.getName()); clientEntry.setExpireTime(new KerberosTime(getToken().getExpiredTime().getTime())); } else { clientEntry = getEntry(clientPrincipal.getName());
String audience = getAudience("krbtgt"); auds.add(audience); authToken.setAudiences(auds); PrincipalName clientPrincipal = new PrincipalName(authToken.getSubject()); String clientRealm = asReq.getReqBody().getRealm(); if (clientRealm == null || clientRealm.isEmpty()) {