org.apache.catalina.realm.JAASCallbackHandler Maven / Gradle / Ivy

Show more of this group Show more artifacts with this name
Show all versions of tomcat-catalina
Tomcat Servlet Engine Core Classes and Standard implementations
There is a newer version: 11.0.0-M20
/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.catalina.realm;


import java.io.IOException;

import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.TextInputCallback;
import javax.security.auth.callback.UnsupportedCallbackException;

import org.apache.tomcat.util.res.StringManager;

/**
 * 
 * Implementation of the JAAS CallbackHandler interface, used to negotiate delivery of the username and
 * credentials that were specified to our constructor. No interaction with the user is required (or possible).
 * 
 * 
 * This CallbackHandler will pre-digest the supplied password, if required by the
 * <Realm> element in server.xml.
 * 
 * 
 * At present, JAASCallbackHandler knows how to handle callbacks of type
 * javax.security.auth.callback.NameCallback and
 * javax.security.auth.callback.PasswordCallback.
 * 
 *
 * @author Craig R. McClanahan
 * @author Andrew R. Jaquith
 */
public class JAASCallbackHandler implements CallbackHandler {

    // ------------------------------------------------------------ Constructor


    /**
     * Construct a callback handler configured with the specified values. Note that if the JAASRealm
     * instance specifies digested passwords, the password parameter will be pre-digested here.
     *
     * @param realm    Our associated JAASRealm instance
     * @param username Username to be authenticated with
     * @param password Password to be authenticated with
     */
    public JAASCallbackHandler(JAASRealm realm, String username, String password) {

        this(realm, username, password, null, null, null, null, null, null, null, null);
    }


    /**
     * Construct a callback handler for DIGEST authentication.
     *
     * @param realm      Our associated JAASRealm instance
     * @param username   Username to be authenticated with
     * @param password   Password to be authenticated with
     * @param nonce      Server generated nonce
     * @param nc         Nonce count
     * @param cnonce     Client generated nonce
     * @param qop        Quality of protection applied to the message
     * @param realmName  Realm name
     * @param digestA2   Second digest calculated as digest(Method + ":" + uri)
     * @param algorithm  The digest algorithm to use
     * @param authMethod The authentication method in use
     */
    public JAASCallbackHandler(JAASRealm realm, String username, String password, String nonce, String nc,
            String cnonce, String qop, String realmName, String digestA2, String algorithm, String authMethod) {
        this.realm = realm;
        this.username = username;

        if (password != null && realm.hasMessageDigest(algorithm)) {
            this.password = realm.getCredentialHandler().mutate(password);
        } else {
            this.password = password;
        }
        this.nonce = nonce;
        this.nc = nc;
        this.cnonce = cnonce;
        this.qop = qop;
        this.realmName = realmName;
        this.digestA2 = digestA2;
        this.authMethod = authMethod;
    }

    // ----------------------------------------------------- Instance Variables

    /**
     * The string manager for this package.
     */
    protected static final StringManager sm = StringManager.getManager(JAASCallbackHandler.class);

    /**
     * The password to be authenticated with.
     */
    protected final String password;


    /**
     * The associated JAASRealm instance.
     */
    protected final JAASRealm realm;

    /**
     * The username to be authenticated with.
     */
    protected final String username;

    /**
     * Server generated nonce.
     */
    protected final String nonce;

    /**
     * Nonce count.
     */
    protected final String nc;

    /**
     * Client generated nonce.
     */
    protected final String cnonce;

    /**
     * Quality of protection applied to the message.
     */
    protected final String qop;

    /**
     * Realm name.
     */
    protected final String realmName;

    /**
     * Second digest.
     */
    protected final String digestA2;

    /**
     * The authentication method to be used. If null, assume BASIC/FORM.
     */
    protected final String authMethod;

    // --------------------------------------------------------- Public Methods


    /**
     * Retrieve the information requested in the provided Callbacks. This implementation only recognizes
     * {@link NameCallback}, {@link PasswordCallback} and {@link TextInputCallback}. {@link TextInputCallback} is used
     * to pass the various additional parameters required for DIGEST authentication.
     *
     * @param callbacks The set of Callbacks to be processed
     *
     * @exception IOException                  if an input/output error occurs
     * @exception UnsupportedCallbackException if the login method requests an unsupported callback type
     */
    @Override
    public void handle(Callback callbacks[]) throws IOException, UnsupportedCallbackException {

        for (Callback callback : callbacks) {

            if (callback instanceof NameCallback) {
                if (realm.getContainer().getLogger().isTraceEnabled()) {
                    realm.getContainer().getLogger().trace(sm.getString("jaasCallback.username", username));
                }
                ((NameCallback) callback).setName(username);
            } else if (callback instanceof PasswordCallback) {
                final char[] passwordcontents;
                if (password != null) {
                    passwordcontents = password.toCharArray();
                } else {
                    passwordcontents = new char[0];
                }
                ((PasswordCallback) callback).setPassword(passwordcontents);
            } else if (callback instanceof TextInputCallback) {
                TextInputCallback cb = ((TextInputCallback) callback);
                if (cb.getPrompt().equals("nonce")) {
                    cb.setText(nonce);
                } else if (cb.getPrompt().equals("nc")) {
                    cb.setText(nc);
                } else if (cb.getPrompt().equals("cnonce")) {
                    cb.setText(cnonce);
                } else if (cb.getPrompt().equals("qop")) {
                    cb.setText(qop);
                } else if (cb.getPrompt().equals("realmName")) {
                    cb.setText(realmName);
                } else if (cb.getPrompt().equals("digestA2")) {
                    cb.setText(digestA2);
                } else if (cb.getPrompt().equals("authMethod")) {
                    cb.setText(authMethod);
                } else if (cb.getPrompt().equals("catalinaBase")) {
                    cb.setText(realm.getContainer().getCatalinaBase().getAbsolutePath());
                } else {
                    throw new UnsupportedCallbackException(callback);
                }
            } else {
                throw new UnsupportedCallbackException(callback);
            }
        }
    }
}