karaf-2.2.x/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/KarafJaasPasswordAuthenticator.java - karaf - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *   http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */
 package org.apache.karaf.shell.ssh;

 import java.io.IOException;
 import java.security.Principal;

 import javax.security.auth.Subject;
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.callback.NameCallback;
 import javax.security.auth.callback.PasswordCallback;
 import javax.security.auth.callback.UnsupportedCallbackException;
 import javax.security.auth.login.FailedLoginException;
 import javax.security.auth.login.LoginContext;

 import org.apache.sshd.common.Session;
 import org.apache.sshd.server.PasswordAuthenticator;
 import org.apache.sshd.server.session.ServerSession;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

 public class KarafJaasPasswordAuthenticator implements PasswordAuthenticator {

     public static final Session.AttributeKey<Subject> SUBJECT_ATTRIBUTE_KEY = new Session.AttributeKey<Subject>();
     private final Logger LOGGER = LoggerFactory.getLogger(KarafJaasPasswordAuthenticator.class);

     private String realm;
     private String role;

     public String getRealm() {
         return realm;
     }

     public void setRealm(String realm) {
         this.realm = realm;
     }

     public String getRole() {
         return role;
     }

     public void setRole(String role) {
         this.role = role;
     }

     public boolean authenticate(final String username, final String password, final ServerSession session) {
         try {
             Subject subject = new Subject();
             LoginContext loginContext = new LoginContext(realm, subject, new CallbackHandler() {
                 public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
                     for (Callback callback : callbacks) {
                         if (callback instanceof NameCallback) {
                             ((NameCallback) callback).setName(username);
                         } else if (callback instanceof PasswordCallback) {
                             ((PasswordCallback) callback).setPassword(password.toCharArray());
                         } else {
                             throw new UnsupportedCallbackException(callback);
                         }
                     }
                 }
             });
             loginContext.login();
             if (role != null && role.length() > 0) {
                 String clazz = "org.apache.karaf.jaas.modules.RolePrincipal";
                 String name = role;
                 int idx = role.indexOf(':');
                 if (idx > 0) {
                     clazz = role.substring(0, idx);
                     name = role.substring(idx + 1);
                 }
                 boolean found = false;
                 for (Principal p : subject.getPrincipals()) {
                     if (p.getClass().getName().equals(clazz)
                             && p.getName().equals(name)) {
                         found = true;
                         break;
                     }
                 }
                 if (!found) {
                     throw new FailedLoginException("User does not have the required role " + role);
                 }
             }
             session.setAttribute(SUBJECT_ATTRIBUTE_KEY, subject);
             return true;
         } catch (Exception e) {
             LOGGER.debug("User authentication failed with " + e.getMessage(), e);
             return false;
         }
     }

 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/
	package org.apache.karaf.shell.ssh;

	import java.io.IOException;
	import java.security.Principal;

	import javax.security.auth.Subject;
	import javax.security.auth.callback.Callback;
	import javax.security.auth.callback.CallbackHandler;
	import javax.security.auth.callback.NameCallback;
	import javax.security.auth.callback.PasswordCallback;
	import javax.security.auth.callback.UnsupportedCallbackException;
	import javax.security.auth.login.FailedLoginException;
	import javax.security.auth.login.LoginContext;

	import org.apache.sshd.common.Session;
	import org.apache.sshd.server.PasswordAuthenticator;
	import org.apache.sshd.server.session.ServerSession;
	import org.slf4j.Logger;
	import org.slf4j.LoggerFactory;

	public class KarafJaasPasswordAuthenticator implements PasswordAuthenticator {

	public static final Session.AttributeKey<Subject> SUBJECT_ATTRIBUTE_KEY = new Session.AttributeKey<Subject>();
	private final Logger LOGGER = LoggerFactory.getLogger(KarafJaasPasswordAuthenticator.class);

	private String realm;
	private String role;

	public String getRealm() {
	return realm;
	}

	public void setRealm(String realm) {
	this.realm = realm;
	}

	public String getRole() {
	return role;
	}

	public void setRole(String role) {
	this.role = role;
	}

	public boolean authenticate(final String username, final String password, final ServerSession session) {
	try {
	Subject subject = new Subject();
	LoginContext loginContext = new LoginContext(realm, subject, new CallbackHandler() {
	public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
	for (Callback callback : callbacks) {
	if (callback instanceof NameCallback) {
	((NameCallback) callback).setName(username);
	} else if (callback instanceof PasswordCallback) {
	((PasswordCallback) callback).setPassword(password.toCharArray());
	} else {
	throw new UnsupportedCallbackException(callback);
	}
	}
	}
	});
	loginContext.login();
	if (role != null && role.length() > 0) {
	String clazz = "org.apache.karaf.jaas.modules.RolePrincipal";
	String name = role;
	int idx = role.indexOf(':');
	if (idx > 0) {
	clazz = role.substring(0, idx);
	name = role.substring(idx + 1);
	}
	boolean found = false;
	for (Principal p : subject.getPrincipals()) {
	if (p.getClass().getName().equals(clazz)
	&& p.getName().equals(name)) {
	found = true;
	break;
	}
	}
	if (!found) {
	throw new FailedLoginException("User does not have the required role " + role);
	}
	}
	session.setAttribute(SUBJECT_ATTRIBUTE_KEY, subject);
	return true;
	} catch (Exception e) {
	LOGGER.debug("User authentication failed with " + e.getMessage(), e);
	return false;
	}
	}

	}