private void authenticateToKDC( GSSAPICallbackHandler callbackHandler, UserDomainInfo userDomainInfo) throws EngineDirectoryServiceException { try { loginContext = new LoginContext(LOGIN_MODULE_POLICY_NAME, callbackHandler); loginContext.login(); userDomainInfo.setLoginContext(loginContext); if (log.isDebugEnabled()) { log.debug("Successful login for user " + userName); } } catch (LoginException ex) { // JAAS throws login exception due to various reasons. // We check if the login exception matches a case where the user // provided wrong authentication details, or // if there was another error - in case the user provided wrong // authentication details, we will abort the kdc search loginContext = null; KerberosReturnCodeParser parser = new KerberosReturnCodeParser(); AuthenticationResult result = parser.parse(ex.getMessage()); if (result == AuthenticationResult.OTHER || result == null) { // An error our error parser does not recognize log.error("Error from Kerberos: " + ex.getMessage()); } else { StringBuilder error = new StringBuilder(); error.append(result.getDetailedMessage()); log.error(error.toString()); } throw new EngineDirectoryServiceException(result); } }
/** * Returns true if user with given username exists in kerberos database * * @param username username without Kerberos realm attached or with correct realm attached * @return true if user available */ public boolean isUserAvailable(String username) { logger.debug("Checking existence of user: "******"does-not-matter", null, createJaasCallbackHandler(principal, "fake-password-which-nobody-has"), createJaasConfiguration()); loginContext.login(); throw new IllegalStateException("Didn't expect to end here"); } catch (LoginException le) { String message = le.getMessage(); logger.debug("Message from kerberos: " + message); checkKerberosServerAvailable(le); // Bit cumbersome, but seems to work with tested kerberos servers boolean exists = (!message.contains("Client not found")); return exists; } }
public void authenticate() throws FailedLoginException { mappedGroups=null; contextLoop : for (Iterator it=this.mappedLoginContextNames.keySet().iterator(); it.hasNext();) { loginContextKey = it.next(); try { lc = new LoginContext(mappedLoginContextNames.get(loginContextKey).toString(), new CallbackHandler() { public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { Callback[] mono=new Callback[1]; for (int i = 0; i < callbacks.length; i++) { mono[0]=callbacks[i]; if (mono[0] instanceof NameCallback) { ((NameCallback)mono[0]).setName(getUsername()); } else if (mono[0] instanceof PasswordCallback) { ((PasswordCallback)mono[0]).setPassword(getPassword()); } else { getCallbackHandler().handle(mono); } } } }); lc.login(); break contextLoop; } catch (LoginException e) { if (!it.hasNext()) throw new FailedLoginException("mapped LoginContext exception : "+e.getMessage()); } } }
private Subject login() throws AuthenticationException { try { LoginContext lc = new LoginContext( KerberosLdapContextSource.class.getSimpleName(), null, null, this.loginConfig); lc.login(); return lc.getSubject(); } catch (LoginException e) { AuthenticationException ae = new AuthenticationException(e.getMessage()); ae.initCause(e); throw ae; } }
/** * Log a user into the site and create the user's session. * * @param username User's login name. * @param password User's unencrypted password. * @param request HttpServletRequest for this action. * @param response HttpServletResponse for this action. * @return Any action error messages that may have occurred. */ private User loginUser( String username, String password, HttpServletRequest request, HttpServletResponse response, ActionErrors e) { User user = null; try { user = UserManager.loginUser(username, password); } catch (LoginException ex) { e.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage(ex.getMessage())); } return user; }
public void shutdown() { for (ClientEndpoint endpoint : endpoints.values()) { try { endpoint.destroy(); } catch (LoginException e) { logger.finest(e.getMessage()); } try { final Connection conn = endpoint.getConnection(); if (conn.live()) { conn.close(); } } catch (Exception e) { logger.finest(e); } } endpoints.clear(); }
/** Call the login method on the Jaas Login Module */ public boolean login() { try { context.login(); // load the user profile and save it in a User object and keep this object in the session usuarioLogged = loadUserProfile(); return true; } catch (FailedLoginException fle) { error(fle.getMessage()); return false; } catch (LoginException le) { error(le.getMessage()); return false; } catch (Exception e) { log("SessionBean1::Exception occured while logging in" + e.getMessage()); error("Error Loggin In"); return false; } }
public boolean initLoginContext(String username, String password) { try { // Create a new instace of the callback handler to be passed to the context CallbackHandler cbh = new SipCallbackHandler(username, password); context = new LoginContext(login_config, cbh); log("SessionBean1::Login context created successfully"); return true; } catch (LoginException le) { error("LoginException: " + le.getMessage()); return false; } catch (Exception e) { error( "Error Creating LoginContext, \n Please make sure your application has been configured properly."); log("SessionBean1::Exception Occured:" + e.getMessage()); return false; } }
@Override public void shutdown(boolean terminate) { for (ClientEndpoint ce : endpointManager.getEndpoints()) { ClientEndpointImpl endpoint = (ClientEndpointImpl) ce; try { endpoint.destroy(); } catch (LoginException e) { logger.finest(e.getMessage()); } try { final Connection conn = endpoint.getConnection(); if (conn.isAlive()) { conn.close("Shutdown of ClientEngine", null); } } catch (Exception e) { logger.finest(e); } } endpointManager.clear(); ownershipMappings.clear(); }
@Override protected List<ConnectorError> validateValues() { final List<ConnectorError> errors = new ArrayList<ConnectorError>(); testEmptyVar(sugarSoapPort, "sugarSoapPort", errors); testEmptyVar(applicationName, "applicationName", errors); testEmptyVar(user, "user", errors); testEmptyVar(module, "module", errors); try { this.initSugarCrmSoapClient(sugarSoapPort, user, password, applicationName); } catch (MalformedURLException e) { errors.add( new ConnectorError( "sugarSoapPort", new MalformedURLException("URL not valid! " + e.getMessage()))); } catch (LoginException e) { errors.add( new ConnectorError( "user", new LoginException("Wrong user or password! " + e.getMessage()))); } catch (RemoteException e) { errors.add( new ConnectorError( "sugarSoapPort", new RemoteException("Error accessing Sugar services! " + e.getMessage()))); } catch (ServiceException e) { errors.add( new ConnectorError( "sugarSoapPort", new ServiceException("Error accessing Sugar services! " + e.getMessage()))); } catch (Exception e) { errors.add( new ConnectorError( "sugarSoapPort", new Exception("Exception occurred! " + e.getMessage()))); } return errors; }
/** * Perform the JAAS login and run the command within a privileged scope. * * @param privilegedSendMessage the PrivilegedSendMessage * @return The result Document */ private Document runPrivileged(final PrivilegedSendMessage privilegedSendMessage) { final CallbackHandler handler = new ProvidedAuthCallback(username, password); Document result; try { final LoginContext lc = new LoginContext("", null, handler, new KerberosJaasConfiguration(kerberosDebug)); lc.login(); result = Subject.doAs(lc.getSubject(), privilegedSendMessage); } catch (LoginException e) { throw new WinRMRuntimeIOException( "Login failure sending message on " + getTargetURL() + " error: " + e.getMessage(), privilegedSendMessage.getRequestDocument(), null, e); } catch (PrivilegedActionException e) { throw new WinRMRuntimeIOException( "Failure sending message on " + getTargetURL() + " error: " + e.getMessage(), privilegedSendMessage.getRequestDocument(), null, e.getException()); } return result; }
protected void checkKerberosServerAvailable(LoginException le) { if (le.getMessage().contains("Port Unreachable")) { throw new ModelException("Kerberos unreachable", le); } }
void handleJoinRequest(JoinRequest joinRequest) { final long now = Clock.currentTimeMillis(); String msg = "Handling join from " + joinRequest.address + ", inProgress: " + joinInProgress + (timeToStartJoin > 0 ? ", timeToStart: " + (timeToStartJoin - now) : ""); logger.log(Level.FINEST, msg); boolean validJoinRequest; try { validJoinRequest = node.validateJoinRequest(joinRequest); } catch (Exception e) { validJoinRequest = false; } final Connection conn = joinRequest.getConnection(); if (validJoinRequest) { final MemberImpl member = getMember(joinRequest.address); if (member != null) { if (joinRequest.getUuid().equals(member.getUuid())) { String message = "Ignoring join request, member already exists.. => " + joinRequest; logger.log(Level.FINEST, message); // send members update back to node trying to join again... final long clusterTime = node.getClusterImpl().getClusterTime(); sendProcessableTo(new MembersUpdateCall(lsMembers, clusterTime), conn); sendProcessableTo(new SyncProcess(), conn); return; } // If this node is master then remove old member and process join request. // If requesting address is equal to master node's address, that means master node // somehow disconnected and wants to join back. // So drop old member and process join request if this node becomes master. if (isMaster() || member.getAddress().equals(getMasterAddress())) { logger.log( Level.WARNING, "New join request has been received from an existing endpoint! => " + member + " Removing old member and processing join request..."); // If existing connection of endpoint is different from current connection // destroy it, otherwise keep it. // final Connection existingConnection = // node.connectionManager.getConnection(joinRequest.address); // final boolean destroyExistingConnection = existingConnection != // conn; doRemoveAddress(member.getAddress(), false); } } if (!node.getConfig().getNetworkConfig().getJoin().getMulticastConfig().isEnabled()) { if (node.isActive() && node.joined() && node.getMasterAddress() != null && !isMaster()) { sendProcessableTo(new Master(node.getMasterAddress()), conn); } } if (isMaster() && node.joined() && node.isActive()) { final MemberInfo newMemberInfo = new MemberInfo(joinRequest.address, joinRequest.nodeType, joinRequest.getUuid()); if (node.securityContext != null && !setJoins.contains(newMemberInfo)) { final ILogger securityLogger = node.loggingService.getLogger("com.hazelcast.security"); final Credentials cr = joinRequest.getCredentials(); if (cr == null) { securityLogger.log( Level.SEVERE, "Expecting security credentials " + "but credentials could not be found in JoinRequest!"); sendAuthFail(conn); return; } else { try { LoginContext lc = node.securityContext.createMemberLoginContext(cr); lc.login(); } catch (LoginException e) { securityLogger.log( Level.SEVERE, "Authentication has failed for " + cr.getPrincipal() + '@' + cr.getEndpoint() + " => (" + e.getMessage() + ")"); securityLogger.log(Level.FINEST, e.getMessage(), e); sendAuthFail(conn); return; } } } if (joinRequest.to != null && !joinRequest.to.equals(thisAddress)) { sendProcessableTo(new Master(node.getMasterAddress()), conn); return; } if (!joinInProgress) { if (firstJoinRequest != 0 && now - firstJoinRequest >= MAX_WAIT_SECONDS_BEFORE_JOIN * 1000) { startJoin(); } else { if (setJoins.add(newMemberInfo)) { sendProcessableTo(new Master(node.getMasterAddress()), conn); if (firstJoinRequest == 0) { firstJoinRequest = now; } if (now - firstJoinRequest < MAX_WAIT_SECONDS_BEFORE_JOIN * 1000) { timeToStartJoin = now + WAIT_MILLIS_BEFORE_JOIN; } } if (now > timeToStartJoin) { startJoin(); } } } } } else { conn.close(); } }