Example usage for javax.security.sasl AuthorizeCallback isAuthorized

List of usage examples for javax.security.sasl AuthorizeCallback isAuthorized

Introduction

In this page you can find the example usage for javax.security.sasl AuthorizeCallback isAuthorized.

Prototype

public boolean isAuthorized() 

Source Link

Document

Determines whether the authentication id is allowed to act on behalf of the authorization id.

Usage

From source file:com.delphix.session.impl.sasl.PlainSaslServer.java

@Override
protected byte[] evaluate(byte[] message) throws SaslException {
    // Parse the SASL message
    String[] userInfo = parse(message);

    // Perform authentication
    String prompt = getMechanismName() + " authentication ID: ";
    NameCallback nc = new NameCallback(prompt, userInfo[1]);
    AuthenticateCallback ac = new AuthenticateCallback(userInfo[2]);

    invokeCallbacks(nc, ac);//from   w  w w .j  a v a  2s.  com

    if (!ac.isAuthenticated()) {
        throw new SaslException("sasl authentication failed");
    }

    // Perform authorization
    AuthorizeCallback az = new AuthorizeCallback(userInfo[1], userInfo[0]);

    invokeCallbacks(az);

    if (az.isAuthorized()) {
        authorizationId = az.getAuthorizedID();
    } else {
        throw new SaslException();
    }

    // Mark the SASL server completed
    setComplete();

    return null;
}

From source file:org.apache.directory.server.ldap.handlers.sasl.AbstractSaslCallbackHandler.java

/**
 * SaslServer will use this method to call various callbacks, depending on the SASL
 * mechanism in use for a session./*w ww .j  a va 2  s  .  c  o m*/
 * 
 * @param callbacks An array of one or more callbacks.
 */
public void handle(Callback[] callbacks) {
    for (int i = 0; i < callbacks.length; i++) {
        Callback callback = callbacks[i];

        if (LOG.isDebugEnabled()) {
            LOG.debug("Processing callback {} of {}: {}", callback.getClass(), (i + 1), callbacks.length);
        }

        if (callback instanceof NameCallback) {
            NameCallback nameCB = (NameCallback) callback;
            LOG.debug("NameCallback default name:  {}", nameCB.getDefaultName());

            username = nameCB.getDefaultName();
        } else if (callback instanceof RealmCallback) {
            RealmCallback realmCB = (RealmCallback) callback;
            LOG.debug("RealmCallback default text:  {}", realmCB.getDefaultText());

            realm = realmCB.getDefaultText();
        } else if (callback instanceof PasswordCallback) {
            PasswordCallback passwordCB = (PasswordCallback) callback;
            Attribute userPassword = lookupPassword(getUsername(), getRealm());

            if (userPassword != null) {
                // We assume that we have only one password available
                byte[] password = userPassword.get().getBytes();

                String strPassword = Strings.utf8ToString(password);
                passwordCB.setPassword(strPassword.toCharArray());
            }
        } else if (callback instanceof AuthorizeCallback) {
            AuthorizeCallback authorizeCB = (AuthorizeCallback) callback;

            // hnelson (CRAM-MD5, DIGEST-MD5)
            // hnelson@EXAMPLE.COM (GSSAPI)
            LOG.debug("AuthorizeCallback authnID:  {}", authorizeCB.getAuthenticationID());

            // hnelson (CRAM-MD5, DIGEST-MD5)
            // hnelson@EXAMPLE.COM (GSSAPI)
            LOG.debug("AuthorizeCallback authzID:  {}", authorizeCB.getAuthorizationID());

            // null (CRAM-MD5, DIGEST-MD5, GSSAPI)
            LOG.debug("AuthorizeCallback authorizedID:  {}", authorizeCB.getAuthorizedID());

            // false (CRAM-MD5, DIGEST-MD5, GSSAPI)
            LOG.debug("AuthorizeCallback isAuthorized:  {}", authorizeCB.isAuthorized());

            try {
                authorize(authorizeCB);
            } catch (Exception e) {
                // TODO - figure out how to handle this properly.
                throw new RuntimeException(I18n.err(I18n.ERR_677), e);
            }
        }
    }
}