You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@storm.apache.org by bo...@apache.org on 2016/03/07 21:29:37 UTC
[2/7] storm git commit: Refactoring SaslServerCallbackHandler and
SaslClientCallbackHandler
Refactoring SaslServerCallbackHandler and SaslClientCallbackHandler
Project: http://git-wip-us.apache.org/repos/asf/storm/repo
Commit: http://git-wip-us.apache.org/repos/asf/storm/commit/cccb9766
Tree: http://git-wip-us.apache.org/repos/asf/storm/tree/cccb9766
Diff: http://git-wip-us.apache.org/repos/asf/storm/diff/cccb9766
Branch: refs/heads/master
Commit: cccb9766eb6b01477b44cd35e836997811464632
Parents: b1e4c94
Author: Kishor Patil <kp...@yahoo-inc.com>
Authored: Wed Mar 2 00:12:57 2016 -0600
Committer: Kishor Patil <kp...@yahoo-inc.com>
Committed: Wed Mar 2 00:12:57 2016 -0600
----------------------------------------------------------------------
.../auth/AbstractSaslClientCallbackHandler.java | 76 +++++++++++++++++++
.../auth/AbstractSaslServerCallbackHandler.java | 77 ++++++++++++++++++++
.../auth/digest/ClientCallbackHandler.java | 60 ++-------------
.../auth/digest/ServerCallbackHandler.java | 61 ++--------------
.../auth/plain/PlainClientCallbackHandler.java | 63 ++--------------
.../auth/plain/PlainSaslTransportPlugin.java | 15 +---
.../auth/plain/PlainServerCallbackHandler.java | 66 +----------------
.../security/auth/plain/SaslPlainServer.java | 13 ++--
8 files changed, 184 insertions(+), 247 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/storm/blob/cccb9766/storm-core/src/jvm/org/apache/storm/security/auth/AbstractSaslClientCallbackHandler.java
----------------------------------------------------------------------
diff --git a/storm-core/src/jvm/org/apache/storm/security/auth/AbstractSaslClientCallbackHandler.java b/storm-core/src/jvm/org/apache/storm/security/auth/AbstractSaslClientCallbackHandler.java
new file mode 100644
index 0000000..04710ba
--- /dev/null
+++ b/storm-core/src/jvm/org/apache/storm/security/auth/AbstractSaslClientCallbackHandler.java
@@ -0,0 +1,76 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.storm.security.auth;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.sasl.AuthorizeCallback;
+import javax.security.sasl.RealmCallback;
+import java.io.IOException;
+
+public abstract class AbstractSaslClientCallbackHandler implements CallbackHandler {
+ protected static final String USERNAME = "username";
+ protected static final String PASSWORD = "password";
+ private static final Logger LOG = LoggerFactory.getLogger(AbstractSaslClientCallbackHandler.class);
+ protected String _username = null;
+ protected String _password = null;
+
+ /**
+ * This method is invoked by SASL for authentication challenges
+ * @param callbacks a collection of challenge callbacks
+ */
+ public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+ for (Callback c : callbacks) {
+ if (c instanceof NameCallback) {
+ LOG.debug("name callback");
+ NameCallback nc = (NameCallback) c;
+ nc.setName(_username);
+ } else if (c instanceof PasswordCallback) {
+ LOG.debug("password callback");
+ PasswordCallback pc = (PasswordCallback)c;
+ if (_password != null) {
+ pc.setPassword(_password.toCharArray());
+ }
+ } else if (c instanceof AuthorizeCallback) {
+ LOG.debug("authorization callback");
+ AuthorizeCallback ac = (AuthorizeCallback) c;
+ String authid = ac.getAuthenticationID();
+ String authzid = ac.getAuthorizationID();
+ if (authid.equals(authzid)) {
+ ac.setAuthorized(true);
+ } else {
+ ac.setAuthorized(false);
+ }
+ if (ac.isAuthorized()) {
+ ac.setAuthorizedID(authzid);
+ }
+ } else if (c instanceof RealmCallback) {
+ RealmCallback rc = (RealmCallback) c;
+ ((RealmCallback) c).setText(rc.getDefaultText());
+ } else {
+ throw new UnsupportedCallbackException(c);
+ }
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/storm/blob/cccb9766/storm-core/src/jvm/org/apache/storm/security/auth/AbstractSaslServerCallbackHandler.java
----------------------------------------------------------------------
diff --git a/storm-core/src/jvm/org/apache/storm/security/auth/AbstractSaslServerCallbackHandler.java b/storm-core/src/jvm/org/apache/storm/security/auth/AbstractSaslServerCallbackHandler.java
new file mode 100644
index 0000000..0a57f93
--- /dev/null
+++ b/storm-core/src/jvm/org/apache/storm/security/auth/AbstractSaslServerCallbackHandler.java
@@ -0,0 +1,77 @@
+package org.apache.storm.security.auth;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.sasl.AuthorizeCallback;
+import javax.security.sasl.RealmCallback;
+import java.util.HashMap;
+import java.util.Map;
+
+public abstract class AbstractSaslServerCallbackHandler implements CallbackHandler {
+ private static final Logger LOG = LoggerFactory.getLogger(AbstractSaslServerCallbackHandler.class);
+ protected final Map<String,String> credentials = new HashMap<>();
+ protected String userName;
+
+ public void handle(Callback[] callbacks) throws UnsupportedCallbackException {
+ for (Callback callback : callbacks) {
+ if (callback instanceof NameCallback) {
+ handleNameCallback((NameCallback) callback);
+ } else if (callback instanceof PasswordCallback) {
+ handlePasswordCallback((PasswordCallback) callback);
+ } else if (callback instanceof RealmCallback) {
+ handleRealmCallback((RealmCallback) callback);
+ } else if (callback instanceof AuthorizeCallback) {
+ handleAuthorizeCallback((AuthorizeCallback) callback);
+ }
+ }
+ }
+
+ private void handleNameCallback(NameCallback nc) {
+ LOG.debug("handleNameCallback");
+ userName = nc.getDefaultName();
+ nc.setName(nc.getDefaultName());
+ }
+
+ protected void handlePasswordCallback(PasswordCallback pc) {
+ LOG.debug("handlePasswordCallback");
+ if (credentials.containsKey(userName) ) {
+ pc.setPassword(credentials.get(userName).toCharArray());
+ } else {
+ LOG.warn("No password found for user: " + userName);
+ }
+ }
+
+ private void handleRealmCallback(RealmCallback rc) {
+ LOG.debug("handleRealmCallback: "+ rc.getDefaultText());
+ rc.setText(rc.getDefaultText());
+ }
+
+ private void handleAuthorizeCallback(AuthorizeCallback ac) {
+ String authenticationID = ac.getAuthenticationID();
+ LOG.info("Successfully authenticated client: authenticationID = {} authorizationID = {}",
+ authenticationID, ac.getAuthorizationID());
+
+ //if authorizationId is not set, set it to authenticationId.
+ if(ac.getAuthorizationID() == null) {
+ ac.setAuthorizedID(authenticationID);
+ }
+
+ //When authNid and authZid are not equal , authNId is attempting to impersonate authZid, We
+ //add the authNid as the real user in reqContext's subject which will be used during authorization.
+ if(!authenticationID.equals(ac.getAuthorizationID())) {
+ LOG.info("Impersonation attempt authenticationID = {} authorizationID = {}",
+ ac.getAuthenticationID(), ac.getAuthorizationID());
+ ReqContext.context().setRealPrincipal(new SaslTransportPlugin.User(ac.getAuthenticationID()));
+ } else {
+ ReqContext.context().setRealPrincipal(null);
+ }
+
+ ac.setAuthorized(true);
+ }
+}
http://git-wip-us.apache.org/repos/asf/storm/blob/cccb9766/storm-core/src/jvm/org/apache/storm/security/auth/digest/ClientCallbackHandler.java
----------------------------------------------------------------------
diff --git a/storm-core/src/jvm/org/apache/storm/security/auth/digest/ClientCallbackHandler.java b/storm-core/src/jvm/org/apache/storm/security/auth/digest/ClientCallbackHandler.java
index 013ce06..312e4ab 100644
--- a/storm-core/src/jvm/org/apache/storm/security/auth/digest/ClientCallbackHandler.java
+++ b/storm-core/src/jvm/org/apache/storm/security/auth/digest/ClientCallbackHandler.java
@@ -17,30 +17,17 @@
*/
package org.apache.storm.security.auth.digest;
-import java.io.IOException;
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.NameCallback;
-import javax.security.auth.callback.PasswordCallback;
-import javax.security.auth.callback.UnsupportedCallbackException;
-import javax.security.sasl.AuthorizeCallback;
-import javax.security.sasl.RealmCallback;
+import org.apache.storm.security.auth.AbstractSaslClientCallbackHandler;
+import org.apache.storm.security.auth.AuthUtils;
+
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import org.apache.storm.security.auth.AuthUtils;
+import java.io.IOException;
/**
* client side callback handler.
*/
-public class ClientCallbackHandler implements CallbackHandler {
- private static final String USERNAME = "username";
- private static final String PASSWORD = "password";
- private static final Logger LOG = LoggerFactory.getLogger(ClientCallbackHandler.class);
- private String _username = null;
- private String _password = null;
+public class ClientCallbackHandler extends AbstractSaslClientCallbackHandler {
/**
* Constructor based on a JAAS configuration
@@ -68,41 +55,4 @@ public class ClientCallbackHandler implements CallbackHandler {
}
}
- /**
- * This method is invoked by SASL for authentication challenges
- * @param callbacks a collection of challenge callbacks
- */
- public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
- for (Callback c : callbacks) {
- if (c instanceof NameCallback) {
- LOG.debug("name callback");
- NameCallback nc = (NameCallback) c;
- nc.setName(_username);
- } else if (c instanceof PasswordCallback) {
- LOG.debug("password callback");
- PasswordCallback pc = (PasswordCallback)c;
- if (_password != null) {
- pc.setPassword(_password.toCharArray());
- }
- } else if (c instanceof AuthorizeCallback) {
- LOG.debug("authorization callback");
- AuthorizeCallback ac = (AuthorizeCallback) c;
- String authid = ac.getAuthenticationID();
- String authzid = ac.getAuthorizationID();
- if (authid.equals(authzid)) {
- ac.setAuthorized(true);
- } else {
- ac.setAuthorized(false);
- }
- if (ac.isAuthorized()) {
- ac.setAuthorizedID(authzid);
- }
- } else if (c instanceof RealmCallback) {
- RealmCallback rc = (RealmCallback) c;
- ((RealmCallback) c).setText(rc.getDefaultText());
- } else {
- throw new UnsupportedCallbackException(c);
- }
- }
- }
}
http://git-wip-us.apache.org/repos/asf/storm/blob/cccb9766/storm-core/src/jvm/org/apache/storm/security/auth/digest/ServerCallbackHandler.java
----------------------------------------------------------------------
diff --git a/storm-core/src/jvm/org/apache/storm/security/auth/digest/ServerCallbackHandler.java b/storm-core/src/jvm/org/apache/storm/security/auth/digest/ServerCallbackHandler.java
index 4fe21c2..7c4414f 100644
--- a/storm-core/src/jvm/org/apache/storm/security/auth/digest/ServerCallbackHandler.java
+++ b/storm-core/src/jvm/org/apache/storm/security/auth/digest/ServerCallbackHandler.java
@@ -21,6 +21,7 @@ import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
+import org.apache.storm.security.auth.AbstractSaslServerCallbackHandler;
import org.apache.storm.security.auth.ReqContext;
import org.apache.storm.security.auth.SaslTransportPlugin;
import org.slf4j.Logger;
@@ -41,13 +42,10 @@ import org.apache.storm.security.auth.AuthUtils;
/**
* SASL server side callback handler
*/
-public class ServerCallbackHandler implements CallbackHandler {
- private static final String USER_PREFIX = "user_";
+public class ServerCallbackHandler extends AbstractSaslServerCallbackHandler {
private static final Logger LOG = LoggerFactory.getLogger(ServerCallbackHandler.class);
- private static final String SYSPROP_SUPER_PASSWORD = "storm.SASLAuthenticationProvider.superPassword";
-
- private String userName;
- private final Map<String,String> credentials = new HashMap<>();
+ private static final String USER_PREFIX = "user_";
+ public static final String SYSPROP_SUPER_PASSWORD = "storm.SASLAuthenticationProvider.superPassword";
public ServerCallbackHandler(Configuration configuration) throws IOException {
if (configuration==null) return;
@@ -72,61 +70,16 @@ public class ServerCallbackHandler implements CallbackHandler {
}
}
- public void handle(Callback[] callbacks) throws UnsupportedCallbackException {
- for (Callback callback : callbacks) {
- if (callback instanceof NameCallback) {
- handleNameCallback((NameCallback) callback);
- } else if (callback instanceof PasswordCallback) {
- handlePasswordCallback((PasswordCallback) callback);
- } else if (callback instanceof RealmCallback) {
- handleRealmCallback((RealmCallback) callback);
- } else if (callback instanceof AuthorizeCallback) {
- handleAuthorizeCallback((AuthorizeCallback) callback);
- }
- }
- }
-
- private void handleNameCallback(NameCallback nc) {
- LOG.debug("handleNameCallback");
- userName = nc.getDefaultName();
- nc.setName(nc.getDefaultName());
- }
-
- private void handlePasswordCallback(PasswordCallback pc) {
+ @Override
+ protected void handlePasswordCallback(PasswordCallback pc) {
LOG.debug("handlePasswordCallback");
if ("super".equals(this.userName) && System.getProperty(SYSPROP_SUPER_PASSWORD) != null) {
// superuser: use Java system property for password, if available.
pc.setPassword(System.getProperty(SYSPROP_SUPER_PASSWORD).toCharArray());
- } else if (credentials.containsKey(userName) ) {
- pc.setPassword(credentials.get(userName).toCharArray());
} else {
- LOG.warn("No password found for user: " + userName);
+ super.handlePasswordCallback(pc);
}
- }
- private void handleRealmCallback(RealmCallback rc) {
- LOG.debug("handleRealmCallback: "+ rc.getDefaultText());
- rc.setText(rc.getDefaultText());
}
- private void handleAuthorizeCallback(AuthorizeCallback ac) {
- String authenticationID = ac.getAuthenticationID();
- LOG.info("Successfully authenticated client: authenticationID = " + authenticationID + " authorizationID = " + ac.getAuthorizationID());
-
- //if authorizationId is not set, set it to authenticationId.
- if(ac.getAuthorizationID() == null) {
- ac.setAuthorizedID(authenticationID);
- }
-
- //When authNid and authZid are not equal , authNId is attempting to impersonate authZid, We
- //add the authNid as the real user in reqContext's subject which will be used during authorization.
- if(!authenticationID.equals(ac.getAuthorizationID())) {
- LOG.info("Impersonation attempt authenticationID = " + ac.getAuthenticationID() + " authorizationID = " + ac.getAuthorizationID());
- ReqContext.context().setRealPrincipal(new SaslTransportPlugin.User(ac.getAuthenticationID()));
- } else {
- ReqContext.context().setRealPrincipal(null);
- }
-
- ac.setAuthorized(true);
- }
}
http://git-wip-us.apache.org/repos/asf/storm/blob/cccb9766/storm-core/src/jvm/org/apache/storm/security/auth/plain/PlainClientCallbackHandler.java
----------------------------------------------------------------------
diff --git a/storm-core/src/jvm/org/apache/storm/security/auth/plain/PlainClientCallbackHandler.java b/storm-core/src/jvm/org/apache/storm/security/auth/plain/PlainClientCallbackHandler.java
index 25c7609..1350bdf 100644
--- a/storm-core/src/jvm/org/apache/storm/security/auth/plain/PlainClientCallbackHandler.java
+++ b/storm-core/src/jvm/org/apache/storm/security/auth/plain/PlainClientCallbackHandler.java
@@ -17,64 +17,15 @@
*/
package org.apache.storm.security.auth.plain;
-import java.io.IOException;
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.NameCallback;
-import javax.security.auth.callback.PasswordCallback;
-import javax.security.auth.callback.UnsupportedCallbackException;
-import javax.security.sasl.AuthorizeCallback;
-import javax.security.sasl.RealmCallback;
+import org.apache.storm.security.auth.AbstractSaslClientCallbackHandler;
+public class PlainClientCallbackHandler extends AbstractSaslClientCallbackHandler {
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * client side callback handler.
- */
-public class PlainClientCallbackHandler implements CallbackHandler {
- private static final String USERNAME = "username";
- private static final String PASSWORD = "password";
- private static final Logger LOG = LoggerFactory.getLogger(PlainClientCallbackHandler.class);
- private String _username = "username";
- private String _password = "password";
-
- /**
- * This method is invoked by SASL for authentication challenges
- * @param callbacks a collection of challenge callbacks
+ /*
+ * For plain, using constants for a pair of user name and password.
*/
- public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
- for (Callback c : callbacks) {
- if (c instanceof NameCallback) {
- LOG.debug("name callback");
- NameCallback nc = (NameCallback) c;
- nc.setName(_username);
- } else if (c instanceof PasswordCallback) {
- LOG.debug("password callback");
- PasswordCallback pc = (PasswordCallback)c;
- if (_password != null) {
- pc.setPassword(_password.toCharArray());
- }
- } else if (c instanceof AuthorizeCallback) {
- LOG.debug("authorization callback");
- AuthorizeCallback ac = (AuthorizeCallback) c;
- String authid = ac.getAuthenticationID();
- String authzid = ac.getAuthorizationID();
- if (authid.equals(authzid)) {
- ac.setAuthorized(true);
- } else {
- ac.setAuthorized(false);
- }
- if (ac.isAuthorized()) {
- ac.setAuthorizedID(authzid);
- }
- } else if (c instanceof RealmCallback) {
- RealmCallback rc = (RealmCallback) c;
- ((RealmCallback) c).setText(rc.getDefaultText());
- } else {
- throw new UnsupportedCallbackException(c);
- }
- }
+ public PlainClientCallbackHandler() {
+ _username = USERNAME;
+ _password = PASSWORD;
}
}
http://git-wip-us.apache.org/repos/asf/storm/blob/cccb9766/storm-core/src/jvm/org/apache/storm/security/auth/plain/PlainSaslTransportPlugin.java
----------------------------------------------------------------------
diff --git a/storm-core/src/jvm/org/apache/storm/security/auth/plain/PlainSaslTransportPlugin.java b/storm-core/src/jvm/org/apache/storm/security/auth/plain/PlainSaslTransportPlugin.java
index facc352..211a4b7 100644
--- a/storm-core/src/jvm/org/apache/storm/security/auth/plain/PlainSaslTransportPlugin.java
+++ b/storm-core/src/jvm/org/apache/storm/security/auth/plain/PlainSaslTransportPlugin.java
@@ -19,14 +19,8 @@ package org.apache.storm.security.auth.plain;
import org.apache.storm.security.auth.AuthUtils;
import org.apache.storm.security.auth.SaslTransportPlugin;
-import org.apache.storm.utils.ExtendedThreadPoolExecutor;
-import org.apache.thrift.TProcessor;
-import org.apache.thrift.protocol.TBinaryProtocol;
-import org.apache.thrift.server.TServer;
-import org.apache.thrift.server.TThreadPoolServer;
import org.apache.thrift.transport.TSaslClientTransport;
import org.apache.thrift.transport.TSaslServerTransport;
-import org.apache.thrift.transport.TServerSocket;
import org.apache.thrift.transport.TTransport;
import org.apache.thrift.transport.TTransportException;
import org.apache.thrift.transport.TTransportFactory;
@@ -36,11 +30,6 @@ import org.slf4j.LoggerFactory;
import javax.security.auth.callback.CallbackHandler;
import java.io.IOException;
import java.security.Security;
-import java.util.concurrent.ArrayBlockingQueue;
-import java.util.concurrent.BlockingQueue;
-import java.util.concurrent.SynchronousQueue;
-import java.util.concurrent.ThreadPoolExecutor;
-import java.util.concurrent.TimeUnit;
public class PlainSaslTransportPlugin extends SaslTransportPlugin {
public static final String PLAIN = "PLAIN";
@@ -49,11 +38,11 @@ public class PlainSaslTransportPlugin extends SaslTransportPlugin {
@Override
protected TTransportFactory getServerTransportFactory() throws IOException {
//create an authentication callback handler
- CallbackHandler serer_callback_handler = new PlainServerCallbackHandler();
+ CallbackHandler server_callback_handler = new PlainServerCallbackHandler();
Security.addProvider(new SaslPlainServer.SecurityProvider());
//create a transport factory that will invoke our auth callback for digest
TSaslServerTransport.Factory factory = new TSaslServerTransport.Factory();
- factory.addServerDefinition(PLAIN, AuthUtils.SERVICE, "localhost", null, serer_callback_handler);
+ factory.addServerDefinition(PLAIN, AuthUtils.SERVICE, "localhost", null, server_callback_handler);
LOG.info("SASL PLAIN transport factory will be used");
return factory;
http://git-wip-us.apache.org/repos/asf/storm/blob/cccb9766/storm-core/src/jvm/org/apache/storm/security/auth/plain/PlainServerCallbackHandler.java
----------------------------------------------------------------------
diff --git a/storm-core/src/jvm/org/apache/storm/security/auth/plain/PlainServerCallbackHandler.java b/storm-core/src/jvm/org/apache/storm/security/auth/plain/PlainServerCallbackHandler.java
index e1ae2d9..da16825 100644
--- a/storm-core/src/jvm/org/apache/storm/security/auth/plain/PlainServerCallbackHandler.java
+++ b/storm-core/src/jvm/org/apache/storm/security/auth/plain/PlainServerCallbackHandler.java
@@ -21,6 +21,7 @@ import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
+import org.apache.storm.security.auth.AbstractSaslServerCallbackHandler;
import org.apache.storm.security.auth.ReqContext;
import org.apache.storm.security.auth.SaslTransportPlugin;
import org.slf4j.Logger;
@@ -37,72 +38,11 @@ import javax.security.sasl.RealmCallback;
/**
* SASL server side callback handler
*/
-public class PlainServerCallbackHandler implements CallbackHandler {
- private static final Logger LOG = LoggerFactory.getLogger(PlainServerCallbackHandler.class);
- private static final String SYSPROP_SUPER_PASSWORD = "storm.SASLAuthenticationProvider.superPassword";
-
- private String userName="username";
- private final Map<String,String> credentials = new HashMap<>();
+public class PlainServerCallbackHandler extends AbstractSaslServerCallbackHandler {
public PlainServerCallbackHandler() throws IOException {
+ userName="username";
credentials.put("username", "password");
}
- public void handle(Callback[] callbacks) throws UnsupportedCallbackException {
- for (Callback callback : callbacks) {
- if (callback instanceof NameCallback) {
- handleNameCallback((NameCallback) callback);
- } else if (callback instanceof PasswordCallback) {
- handlePasswordCallback((PasswordCallback) callback);
- } else if (callback instanceof RealmCallback) {
- handleRealmCallback((RealmCallback) callback);
- } else if (callback instanceof AuthorizeCallback) {
- handleAuthorizeCallback((AuthorizeCallback) callback);
- }
- }
- }
-
- private void handleNameCallback(NameCallback nc) {
- LOG.debug("handleNameCallback");
- userName = nc.getDefaultName();
- nc.setName(nc.getDefaultName());
- }
-
- private void handlePasswordCallback(PasswordCallback pc) {
- LOG.debug("handlePasswordCallback");
- if ("super".equals(this.userName) && System.getProperty(SYSPROP_SUPER_PASSWORD) != null) {
- // superuser: use Java system property for password, if available.
- pc.setPassword(System.getProperty(SYSPROP_SUPER_PASSWORD).toCharArray());
- } else if (credentials.containsKey(userName) ) {
- pc.setPassword(credentials.get(userName).toCharArray());
- } else {
- LOG.warn("No password found for user: " + userName);
- }
- }
-
- private void handleRealmCallback(RealmCallback rc) {
- LOG.debug("handleRealmCallback: "+ rc.getDefaultText());
- rc.setText(rc.getDefaultText());
- }
-
- private void handleAuthorizeCallback(AuthorizeCallback ac) {
- String authenticationID = ac.getAuthenticationID();
- LOG.info("Successfully authenticated client: authenticationID = " + authenticationID + " authorizationID = " + ac.getAuthorizationID());
-
- //if authorizationId is not set, set it to authenticationId.
- if(ac.getAuthorizationID() == null) {
- ac.setAuthorizedID(authenticationID);
- }
-
- //When authNid and authZid are not equal , authNId is attempting to impersonate authZid, We
- //add the authNid as the real user in reqContext's subject which will be used during authorization.
- if(!authenticationID.equals(ac.getAuthorizationID())) {
- LOG.info("Impersonation attempt authenticationID = " + ac.getAuthenticationID() + " authorizationID = " + ac.getAuthorizationID());
- ReqContext.context().setRealPrincipal(new SaslTransportPlugin.User(ac.getAuthenticationID()));
- } else {
- ReqContext.context().setRealPrincipal(null);
- }
-
- ac.setAuthorized(true);
- }
}
http://git-wip-us.apache.org/repos/asf/storm/blob/cccb9766/storm-core/src/jvm/org/apache/storm/security/auth/plain/SaslPlainServer.java
----------------------------------------------------------------------
diff --git a/storm-core/src/jvm/org/apache/storm/security/auth/plain/SaslPlainServer.java b/storm-core/src/jvm/org/apache/storm/security/auth/plain/SaslPlainServer.java
index a76c481..dd2582c 100644
--- a/storm-core/src/jvm/org/apache/storm/security/auth/plain/SaslPlainServer.java
+++ b/storm-core/src/jvm/org/apache/storm/security/auth/plain/SaslPlainServer.java
@@ -15,18 +15,19 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-
package org.apache.storm.security.auth.plain;
-import java.security.Provider;
-import java.util.Map;
-
-import javax.security.auth.callback.*;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
import javax.security.sasl.AuthorizeCallback;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import javax.security.sasl.SaslServerFactory;
+import java.security.Provider;
+import java.util.Map;
public class SaslPlainServer implements SaslServer {
@SuppressWarnings("serial")
@@ -95,7 +96,7 @@ public class SaslPlainServer implements SaslServer {
PasswordCallback pc = new PasswordCallback("SASL PLAIN", false);
pc.setPassword(parts[2].toCharArray());
AuthorizeCallback ac = new AuthorizeCallback(parts[1], parts[0]);
- cbh.handle(new Callback[]{nc, pc, ac});
+ cbh.handle(new Callback[]{nc, pc, ac});
if (ac.isAuthorized()) {
authz = ac.getAuthorizedID();
}