本文整理汇总了Java中javax.security.sasl.Sasl.createSaslServer方法的典型用法代码示例。如果您正苦于以下问题:Java Sasl.createSaslServer方法的具体用法?Java Sasl.createSaslServer怎么用?Java Sasl.createSaslServer使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类javax.security.sasl.Sasl的用法示例。
在下文中一共展示了Sasl.createSaslServer方法的10个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: runNegotiation
import javax.security.sasl.Sasl; //导入方法依赖的package包/类
private void runNegotiation(CallbackHandler clientCbh,
CallbackHandler serverCbh)
throws SaslException {
String mechanism = AuthMethod.PLAIN.getMechanismName();
SaslClient saslClient = Sasl.createSaslClient(
new String[]{ mechanism }, null, null, null, null, clientCbh);
assertNotNull(saslClient);
SaslServer saslServer = Sasl.createSaslServer(
mechanism, null, "localhost", null, serverCbh);
assertNotNull("failed to find PLAIN server", saslServer);
byte[] response = saslClient.evaluateChallenge(new byte[0]);
assertNotNull(response);
assertTrue(saslClient.isComplete());
response = saslServer.evaluateResponse(response);
assertNull(response);
assertTrue(saslServer.isComplete());
assertNotNull(saslServer.getAuthorizationID());
}
示例2: handleSaslStartMessage
import javax.security.sasl.Sasl; //导入方法依赖的package包/类
/**
* Performs the server side of the initial portion of the Thrift SASL protocol.
* Receives the initial response from the client, creates a SASL server using
* the mechanism requested by the client (if this server supports it), and
* sends the first challenge back to the client.
*/
@Override
protected void handleSaslStartMessage() throws TTransportException, SaslException {
SaslResponse message = receiveSaslMessage();
LOGGER.debug("Received start message with status {}", message.status);
if (message.status != NegotiationStatus.START) {
throw sendAndThrowMessage(NegotiationStatus.ERROR, "Expecting START status, received " + message.status);
}
// Get the mechanism name.
String mechanismName = new String(message.payload);
TSaslServerDefinition serverDefinition = serverDefinitionMap.get(mechanismName);
LOGGER.debug("Received mechanism name '{}'", mechanismName);
if (serverDefinition == null) {
throw sendAndThrowMessage(NegotiationStatus.BAD, "Unsupported mechanism type " + mechanismName);
}
SaslServer saslServer = Sasl.createSaslServer(serverDefinition.mechanism,
serverDefinition.protocol, serverDefinition.serverName, serverDefinition.props,
serverDefinition.cbh);
setSaslServer(saslServer);
}
示例3: Krb5SaslAuthenticator
import javax.security.sasl.Sasl; //导入方法依赖的package包/类
Krb5SaslAuthenticator() {
try {
// For sasl properties regarding GSSAPI, see:
// https://docs.oracle.com/javase/8/docs/technotes/guides/security/sasl/sasl-refguide.html#SERVER
// Rely on GSSAPI defaults for Sasl.MAX_BUFFER and Sasl.QOP. Note, however, that gremlin-driver has
// Sasl.SERVER_AUTH fixed to true (mutual authentication) and one can configure SSL for enhanced confidentiality,
// Sasl policy properties for negotiating the authenticatin mechanism are not relevant here, because
// GSSAPI is the only available mechanism for this authenticator
final Map props = new HashMap<String, Object>();
final String[] principalParts = principalName.split("/|@");
if (principalParts.length < 3) throw new IllegalArgumentException("Use principal name of format 'service/[email protected]'");
saslServer = Sasl.createSaslServer(mechanism, principalParts[0], principalParts[1], props, Krb5SaslAuthenticator.this);
} catch(Exception e) {
logger.error("Creating sasl server failed: ", e);
}
logger.debug("SaslServer created with: " + saslServer.getMechanismName());
}
示例4: main
import javax.security.sasl.Sasl; //导入方法依赖的package包/类
public static void main(String[] args) throws Exception {
if (args.length == 0) {
pwfile = "pw.properties";
namesfile = "names.properties";
auto = true;
} else {
int i = 0;
if (args[i].equals("-m")) {
i++;
auto = false;
}
if (args.length > i) {
pwfile = args[i++];
if (args.length > i) {
namesfile = args[i++];
}
} else {
pwfile = "pw.properties";
namesfile = "names.properties";
}
}
CallbackHandler clntCbh = new ClientCallbackHandler(auto);
CallbackHandler srvCbh =
new PropertiesFileCallbackHandler(pwfile, namesfile, null);
SaslClient clnt = Sasl.createSaslClient(
new String[]{MECH}, null, PROTOCOL, SERVER_FQDN, null, clntCbh);
SaslServer srv = Sasl.createSaslServer(MECH, PROTOCOL, SERVER_FQDN, null,
srvCbh);
if (clnt == null) {
throw new IllegalStateException(
"Unable to find client impl for " + MECH);
}
if (srv == null) {
throw new IllegalStateException(
"Unable to find server impl for " + MECH);
}
byte[] response = (clnt.hasInitialResponse()?
clnt.evaluateChallenge(EMPTY) : EMPTY);
byte[] challenge;
while (!clnt.isComplete() || !srv.isComplete()) {
challenge = srv.evaluateResponse(response);
if (challenge != null) {
response = clnt.evaluateChallenge(challenge);
}
}
if (clnt.isComplete() && srv.isComplete()) {
if (verbose) {
System.out.println("SUCCESS");
System.out.println("authzid is " + srv.getAuthorizationID());
}
} else {
throw new IllegalStateException("FAILURE: mismatched state:" +
" client complete? " + clnt.isComplete() +
" server complete? " + srv.isComplete());
}
}
示例5: SampleServer
import javax.security.sasl.Sasl; //导入方法依赖的package包/类
public SampleServer(String supportedQOPs) throws SaslException {
Map<String,String> properties = new HashMap<String,String>();
if (supportedQOPs != null) {
properties.put(Sasl.QOP, supportedQOPs);
}
saslServer = Sasl.createSaslServer(DIGEST_MD5, "local", "127.0.0.1",
properties, new SampleCallbackHandler());
}
示例6: createSaslServer
import javax.security.sasl.Sasl; //导入方法依赖的package包/类
private SaslServer createSaslServer(String mechanism)
throws SaslException {
Map<String, String> props = new HashMap<>();
props.put(Sasl.QOP, qop);
return Sasl.createSaslServer(mechanism, PROTOCOL, host, props,
callback);
}
示例7: main
import javax.security.sasl.Sasl; //导入方法依赖的package包/类
public static void main(String[] args) throws Exception {
Map<String, String> props = new TreeMap<String, String>();
props.put(Sasl.QOP, "auth");
// client
SaslClient client = Sasl.createSaslClient(new String[]{ DIGEST_MD5 },
"user1", "xmpp", "127.0.0.1", props, authCallbackHandler);
if (client == null) {
throw new Exception("Unable to find client implementation for: " +
DIGEST_MD5);
}
byte[] response = client.hasInitialResponse()
? client.evaluateChallenge(EMPTY) : EMPTY;
logger.info("initial: " + new String(response));
// server
byte[] challenge = null;
SaslServer server = Sasl.createSaslServer(DIGEST_MD5, "xmpp",
"127.0.0.1", props, authCallbackHandler);
if (server == null) {
throw new Exception("Unable to find server implementation for: " +
DIGEST_MD5);
}
if (!client.isComplete() || !server.isComplete()) {
challenge = server.evaluateResponse(response);
logger.info("challenge: " + new String(challenge));
if (challenge != null) {
response = client.evaluateChallenge(challenge);
}
}
String challengeString = new String(challenge, "UTF-8").toLowerCase();
if (challengeString.indexOf("\"md5-sess\"") > 0 ||
challengeString.indexOf("\"utf-8\"") > 0) {
throw new Exception("The challenge string's charset and " +
"algorithm values must not be enclosed within quotes");
}
client.dispose();
server.dispose();
}
示例8: getEncryptedStreams
import javax.security.sasl.Sasl; //导入方法依赖的package包/类
/**
* Factory method for DNs, where the nonce, keyId, and encryption key are not
* yet known. The nonce and keyId will be sent by the client, and the DN
* will then use those pieces of info and the secret key shared with the NN
* to determine the encryptionKey used for the SASL handshake/encryption.
*
* Establishes a secure connection assuming that the party on the other end
* has the same shared secret. This does a SASL connection handshake, but not
* a general-purpose one. It's specific to the MD5-DIGEST SASL mechanism with
* auth-conf enabled. In particular, it doesn't support an arbitrary number of
* challenge/response rounds, and we know that the client will never have an
* initial response, so we don't check for one.
*
* @param underlyingOut output stream to write to the other party
* @param underlyingIn input stream to read from the other party
* @param blockPoolTokenSecretManager secret manager capable of constructing
* encryption key based on keyId, blockPoolId, and nonce
* @return a pair of streams which wrap the given streams and encrypt/decrypt
* all data read/written
* @throws IOException in the event of error
*/
public static IOStreamPair getEncryptedStreams(
OutputStream underlyingOut, InputStream underlyingIn,
BlockPoolTokenSecretManager blockPoolTokenSecretManager,
String encryptionAlgorithm) throws IOException {
DataInputStream in = new DataInputStream(underlyingIn);
DataOutputStream out = new DataOutputStream(underlyingOut);
Map<String, String> saslProps = Maps.newHashMap(SASL_PROPS);
saslProps.put("com.sun.security.sasl.digest.cipher", encryptionAlgorithm);
if (LOG.isDebugEnabled()) {
LOG.debug("Server using encryption algorithm " + encryptionAlgorithm);
}
SaslParticipant sasl = new SaslParticipant(Sasl.createSaslServer(MECHANISM,
PROTOCOL, SERVER_NAME, saslProps,
new SaslServerCallbackHandler(blockPoolTokenSecretManager)));
int magicNumber = in.readInt();
if (magicNumber != ENCRYPTED_TRANSFER_MAGIC_NUMBER) {
throw new InvalidMagicNumberException(magicNumber);
}
try {
// step 1
performSaslStep1(out, in, sasl);
// step 2 (server-side only)
byte[] remoteResponse = readSaslMessage(in);
byte[] localResponse = sasl.evaluateChallengeOrResponse(remoteResponse);
sendSaslMessage(out, localResponse);
// SASL handshake is complete
checkSaslComplete(sasl);
return sasl.createEncryptedStreamPair(out, in);
} catch (IOException ioe) {
if (ioe instanceof SaslException &&
ioe.getCause() != null &&
ioe.getCause() instanceof InvalidEncryptionKeyException) {
// This could just be because the client is long-lived and hasn't gotten
// a new encryption key from the NN in a while. Upon receiving this
// error, the client will get a new encryption key from the NN and retry
// connecting to this DN.
sendInvalidKeySaslErrorMessage(out, ioe.getCause().getMessage());
} else {
sendGenericSaslErrorMessage(out, ioe.getMessage());
}
throw ioe;
}
}
示例9: getEncryptedStreams
import javax.security.sasl.Sasl; //导入方法依赖的package包/类
/**
* Factory method for DNs, where the nonce, keyId, and encryption key are not
* yet known. The nonce and keyId will be sent by the client, and the DN
* will then use those pieces of info and the secret key shared with the NN
* to determine the encryptionKey used for the SASL handshake/encryption.
* <p/>
* Establishes a secure connection assuming that the party on the other end
* has the same shared secret. This does a SASL connection handshake, but not
* a general-purpose one. It's specific to the MD5-DIGEST SASL mechanism with
* auth-conf enabled. In particular, it doesn't support an arbitrary number
* of
* challenge/response rounds, and we know that the client will never have an
* initial response, so we don't check for one.
*
* @param underlyingOut
* output stream to write to the other party
* @param underlyingIn
* input stream to read from the other party
* @param blockPoolTokenSecretManager
* secret manager capable of constructing
* encryption key based on keyId, blockPoolId, and nonce
* @return a pair of streams which wrap the given streams and encrypt/decrypt
* all data read/written
* @throws IOException
* in the event of error
*/
public static IOStreamPair getEncryptedStreams(OutputStream underlyingOut,
InputStream underlyingIn,
BlockPoolTokenSecretManager blockPoolTokenSecretManager,
String encryptionAlgorithm) throws IOException {
DataInputStream in = new DataInputStream(underlyingIn);
DataOutputStream out = new DataOutputStream(underlyingOut);
Map<String, String> saslProps = Maps.newHashMap(SASL_PROPS);
saslProps.put("com.sun.security.sasl.digest.cipher", encryptionAlgorithm);
if (LOG.isDebugEnabled()) {
LOG.debug("Server using encryption algorithm " + encryptionAlgorithm);
}
SaslParticipant sasl = new SaslParticipant(
Sasl.createSaslServer(MECHANISM, PROTOCOL, SERVER_NAME, saslProps,
new SaslServerCallbackHandler(blockPoolTokenSecretManager)));
int magicNumber = in.readInt();
if (magicNumber != ENCRYPTED_TRANSFER_MAGIC_NUMBER) {
throw new InvalidMagicNumberException(magicNumber);
}
try {
// step 1
performSaslStep1(out, in, sasl);
// step 2 (server-side only)
byte[] remoteResponse = readSaslMessage(in);
byte[] localResponse = sasl.evaluateChallengeOrResponse(remoteResponse);
sendSaslMessage(out, localResponse);
// SASL handshake is complete
checkSaslComplete(sasl);
return sasl.createEncryptedStreamPair(out, in);
} catch (IOException ioe) {
if (ioe instanceof SaslException &&
ioe.getCause() != null &&
ioe.getCause() instanceof InvalidEncryptionKeyException) {
// This could just be because the client is long-lived and hasn't gotten
// a new encryption key from the NN in a while. Upon receiving this
// error, the client will get a new encryption key from the NN and retry
// connecting to this DN.
sendInvalidKeySaslErrorMessage(out, ioe.getCause().getMessage());
} else {
sendGenericSaslErrorMessage(out, ioe.getMessage());
}
throw ioe;
}
}
示例10: createServerSaslParticipant
import javax.security.sasl.Sasl; //导入方法依赖的package包/类
/**
* Creates a SaslParticipant wrapping a SaslServer.
*
* @param saslProps properties of SASL negotiation
* @param callbackHandler for handling all SASL callbacks
* @return SaslParticipant wrapping SaslServer
* @throws SaslException for any error
*/
public static SaslParticipant createServerSaslParticipant(
Map<String, String> saslProps, CallbackHandler callbackHandler)
throws SaslException {
return new SaslParticipant(Sasl.createSaslServer(MECHANISM,
PROTOCOL, SERVER_NAME, saslProps, callbackHandler));
}