Package javax.security.sasl

Examples of javax.security.sasl.SaslClient


        props.put(Sasl.POLICY_NOPLAINTEXT, "false");
        props.put(Sasl.REUSE, "false");
        props.put(Sasl.POLICY_NOANONYMOUS, "true");
       
        String[] mechsArray = (String[]) mechs.toArray(new String[mechs.size()]);
        SaslClient client = null;
        for (int i = 0; i < mechsArray.length; i++) {
            String mech = mechsArray[i];
            try {
                if ("ANONYMOUS".equals(mech) || "EXTERNAL".equals(mech)) {
                    props.put(Sasl.POLICY_NOANONYMOUS, "false");
View Full Code Here


                // createSaslClient() must be declared synchronized so that login is initialized only once.
                login = new Login(loginContext, new ClientCallbackHandler(null));
                login.startThreadIfNeeded();
            }
            Subject subject = login.getSubject();
            SaslClient saslClient;
            // Use subject.getPrincipals().isEmpty() as an indication of which SASL mechanism to use:
            // if empty, use DIGEST-MD5; otherwise, use GSSAPI.
            if (subject.getPrincipals().isEmpty()) {
                // no principals: must not be GSSAPI: use DIGEST-MD5 mechanism instead.
                LOG.info("Client will use DIGEST-MD5 as SASL mechanism.");
                String[] mechs = {"DIGEST-MD5"};
                String username = (String)(subject.getPublicCredentials().toArray()[0]);
                String password = (String)(subject.getPrivateCredentials().toArray()[0]);
                // "zk-sasl-md5" is a hard-wired 'domain' parameter shared with zookeeper server code (see ServerCnxnFactory.java)
                saslClient = Sasl.createSaslClient(mechs, username, "zookeeper", "zk-sasl-md5", null, new ClientCallbackHandler(password));
                return saslClient;
            }
            else { // GSSAPI.
                final Object[] principals = subject.getPrincipals().toArray();
                // determine client principal from subject.
                final Principal clientPrincipal = (Principal)principals[0];
                final KerberosName clientKerberosName = new KerberosName(clientPrincipal.getName());
                // assume that server and client are in the same realm (by default; unless the system property
                // "zookeeper.server.realm" is set).
                String serverRealm = System.getProperty("zookeeper.server.realm",clientKerberosName.getRealm());
                KerberosName serviceKerberosName = new KerberosName(servicePrincipal+"@"+serverRealm);
                final String serviceName = serviceKerberosName.getServiceName();
                final String serviceHostname = serviceKerberosName.getHostName();
                final String clientPrincipalName = clientKerberosName.toString();
                try {
                    saslClient = Subject.doAs(subject,new PrivilegedExceptionAction<SaslClient>() {
                        public SaslClient run() throws SaslException {
                            LOG.info("Client will use GSSAPI as SASL mechanism.");
                            String[] mechs = {"GSSAPI"};
                            LOG.debug("creating sasl client: client="+clientPrincipalName+";service="+serviceName+";serviceHostname="+serviceHostname);
                            SaslClient saslClient = Sasl.createSaslClient(mechs,clientPrincipalName,serviceName,serviceHostname,null,new ClientCallbackHandler(null));
                            return saslClient;
                        }
                    });
                    return saslClient;
                }
View Full Code Here

            final AMQProtocolSession ps = evt.getProtocolSession();
            byte[] saslResponse;
            try
            {
                SaslClient sc = Sasl.createSaslClient(new String[]{mechanism},
                                                      null, "AMQP", "localhost",
                                                      null, createCallbackHandler(mechanism, ps));
                if (sc == null)
                {
                    throw new AMQException("Client SASL configuration error: no SaslClient could be created for mechanism " +
                                           mechanism + ". Please ensure all factories are registered. See DynamicSaslRegistrar for " +
                                           " details of how to register non-standard SASL client providers.");
                }
                ps.setSaslClient(sc);
                saslResponse = (sc.hasInitialResponse() ? sc.evaluateChallenge(new byte[0]) : null);
            }
            catch (SaslException e)
            {
                ps.setSaslClient(null);
                throw new AMQException("Unable to create SASL client: " + e, e);
View Full Code Here

        return _instance;
    }

    public void methodReceived(AMQStateManager stateManager, AMQMethodEvent evt) throws AMQException
    {
        SaslClient client = evt.getProtocolSession().getSaslClient();
        if (client == null)
        {
            throw new AMQException("No SASL client set up - cannot proceed with authentication");
        }

        ConnectionSecureBody body = (ConnectionSecureBody) evt.getMethod();

        try
        {
            // Evaluate server challenge
            byte[] response = client.evaluateChallenge(body.challenge);
            AMQFrame responseFrame = ConnectionSecureOkBody.createAMQFrame(evt.getChannelId(), response);
            evt.getProtocolSession().writeFrame(responseFrame);
        }
        catch (SaslException e)
        {
View Full Code Here

  private void runNegotiation(CallbackHandler clientCbh,
                              CallbackHandler serverCbh)
                                  throws SaslException {
    String mechanism = AuthMethod.PLAIN.getMechanismName();

    SaslClient saslClient = Sasl.createSaslClient(
        new String[]{ mechanism }, null, null, null, null, clientCbh);
    assertNotNull(saslClient);

    SaslServer saslServer = Sasl.createSaslServer(
        mechanism, null, "localhost", null, serverCbh);
    assertNotNull("failed to find PLAIN server", saslServer);
   
    byte[] response = saslClient.evaluateChallenge(new byte[0]);
    assertNotNull(response);
    assertTrue(saslClient.isComplete());

    response = saslServer.evaluateResponse(response);
    assertNull(response);
    assertTrue(saslServer.isComplete());
    assertNotNull(saslServer.getAuthorizationID());
View Full Code Here

                        "Testing provider SaslClientFactory - 2", CLNTSRV
                                .concat("NAME-2"), fClientClass) };
        addProviders();

        CallbackHandler cbH = new cbHandN();
        SaslClient saslC = Sasl.createSaslClient(new String[] { "NAME-2" },
                null, "protocol", null, null, cbH);
        assertNotNull("Null result", saslC);
        try {
            saslC.unwrap(null, 1, 1);
            fail("SaslException sould be thrown");
        } catch (SaslException e) {
        }
        assertFalse("Incorrect isComplete() result", saslC.isComplete());
        // try to create client for wrong mechanism
        try {
            saslC = Sasl.createSaslClient(new String[] { "NAME-1" }, null,
                    "protocol", null, null, cbH);
            fail("SaslException sould be thrown");
View Full Code Here

                "Testing provider SaslClientFactory - 1", CLNTSRV
                        .concat("NAME-1"), fClientClass) };
        mProv[0].put(CLNTSRV.concat("NAME-2"), fClientClass);
        addProviders();
        CallbackHandler cbH = new cbHandN();
        SaslClient saslC = Sasl.createSaslClient(new String[] { "NAME-2" },
                null, "protocol", null, null, cbH);
        assertNotNull("Null result for NAME-2", saslC);
        assertFalse("Incorrect isComplete() result", saslC.isComplete());
        // try to create client for wrong mechanism
        try {
            saslC = Sasl.createSaslClient(new String[] { "NAME-1" }, null,
                    "protocol", null, null, cbH);
            fail("SaslException sould be thrown");
View Full Code Here

                                .concat("NAME-6"), fClientClass) };
        addProviders();

        CallbackHandler cbH = new cbHandN();

        SaslClient saslC;
        // try to create SaslClient for wrong mechanism
        // there is no provider supported NAME-77, NAME-66 mechanisms

        assertNull("Not null object was created for wrong mechanism", Sasl
                .createSaslClient(new String[] { "NAME-77", "NAME-66" }, null,
                        "protocol", null, null, cbH));

        saslC = Sasl.createSaslClient(new String[] { "NAME-2" }, null,
                "protocol", null, null, cbH);
        assertNotNull("Null result for NAME-2", saslC);
        try {
            saslC.unwrap(null, 1, 1);
            fail("SaslException sould be thrown");
        } catch (SaslException e) {
        }
        assertFalse("Incorrect isComplete() result", saslC.isComplete());
        // NAME-1 was defined in some provider but it is supported in
        // another provider
        try {
            Sasl.createSaslClient(new String[] { "NAME-1" }, null, "protocol",
                    null, null, cbH);
View Full Code Here

            {
                properties.put( Sasl.SERVER_AUTH, "true" );
            }

            // Creating a SASL Client
            SaslClient sc = Sasl.createSaslClient(
                new String[]
                    { bindRequest.getSaslMechanism() },
                saslRequest.getAuthorizationId(),
                "ldap",
                config.getLdapHost(),
                properties,
                new SaslCallbackHandler( saslRequest ) );

            // If the SaslClient wasn't created, that means we can't create the SASL client
            // for the requested mechanism. We then produce an Exception
            if ( sc == null )
            {
                String message = "Cannot find a SASL factory for the " + bindRequest.getSaslMechanism() + " mechanism";
                LOG.error( message );
                throw new LdapException( message );
            }

            // Corner case : the SASL mech might send an initial challenge, and we have to
            // deal with it immediately.
            if ( sc.hasInitialResponse() )
            {
                byte[] challengeResponse = sc.evaluateChallenge( new byte[0] );

                // Stores the challenge's response, and send it to the server
                bindRequest.setCredentials( challengeResponse );
                writeBindRequest( bindRequest );

                // Get the server's response, blocking
                bindResponse = bindFuture.get( timeout, TimeUnit.MILLISECONDS );

                if ( bindResponse == null )
                {
                    // We didn't received anything : this is an error
                    LOG.error( "bind failed : timeout occured" );
                    throw new LdapException( TIME_OUT_ERROR );
                }

                result = bindResponse.getLdapResult().getResultCode();
            }
            else
            {
                // Copy the bindRequest without setting the credentials
                BindRequest bindRequestCopy = new BindRequestImpl();
                bindRequestCopy.setMessageId( newId );

                bindRequestCopy.setName( bindRequest.getName() );
                bindRequestCopy.setSaslMechanism( bindRequest.getSaslMechanism() );
                bindRequestCopy.setSimple( bindRequest.isSimple() );
                bindRequestCopy.setVersion3( bindRequest.getVersion3() );
                bindRequestCopy.addAllControls( bindRequest.getControls().values().toArray( new Control[0] ) );

                writeBindRequest( bindRequestCopy );

                bindResponse = bindFuture.get( timeout, TimeUnit.MILLISECONDS );

                if ( bindResponse == null )
                {
                    // We didn't received anything : this is an error
                    LOG.error( "bind failed : timeout occured" );
                    throw new LdapException( TIME_OUT_ERROR );
                }

                result = bindResponse.getLdapResult().getResultCode();
            }

            while ( !sc.isComplete()
                && ( ( result == ResultCodeEnum.SASL_BIND_IN_PROGRESS ) || ( result == ResultCodeEnum.SUCCESS ) ) )
            {
                response = sc.evaluateChallenge( bindResponse.getServerSaslCreds() );

                if ( result == ResultCodeEnum.SUCCESS )
                {
                    if ( response != null )
                    {
View Full Code Here

                }

                byte[] saslResponse;
                try
                {
                    SaslClient sc =
                        Sasl.createSaslClient(new String[] { mechanism }, null, "AMQP", "localhost", null,
                            createCallbackHandler(mechanism, session));
                    if (sc == null)
                    {
                        throw new AMQException(null, "Client SASL configuration error: no SaslClient could be created for mechanism " + mechanism
                            + ". Please ensure all factories are registered. See DynamicSaslRegistrar for "
                            + " details of how to register non-standard SASL client providers.", null);
                    }

                    session.setSaslClient(sc);
                    saslResponse = (sc.hasInitialResponse() ? sc.evaluateChallenge(new byte[0]) : null);
                }
                catch (SaslException e)
                {
                    session.setSaslClient(null);
                    throw new AMQException(null, "Unable to create SASL client: " + e, e);
View Full Code Here

TOP

Related Classes of javax.security.sasl.SaslClient

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.