storm-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bo...@apache.org
Subject [2/7] storm git commit: Refactoring SaslServerCallbackHandler and SaslClientCallbackHandler
Date Mon, 07 Mar 2016 20:29:37 GMT
Refactoring SaslServerCallbackHandler and SaslClientCallbackHandler


Project: http://git-wip-us.apache.org/repos/asf/storm/repo
Commit: http://git-wip-us.apache.org/repos/asf/storm/commit/cccb9766
Tree: http://git-wip-us.apache.org/repos/asf/storm/tree/cccb9766
Diff: http://git-wip-us.apache.org/repos/asf/storm/diff/cccb9766

Branch: refs/heads/master
Commit: cccb9766eb6b01477b44cd35e836997811464632
Parents: b1e4c94
Author: Kishor Patil <kpatil@yahoo-inc.com>
Authored: Wed Mar 2 00:12:57 2016 -0600
Committer: Kishor Patil <kpatil@yahoo-inc.com>
Committed: Wed Mar 2 00:12:57 2016 -0600

----------------------------------------------------------------------
 .../auth/AbstractSaslClientCallbackHandler.java | 76 +++++++++++++++++++
 .../auth/AbstractSaslServerCallbackHandler.java | 77 ++++++++++++++++++++
 .../auth/digest/ClientCallbackHandler.java      | 60 ++-------------
 .../auth/digest/ServerCallbackHandler.java      | 61 ++--------------
 .../auth/plain/PlainClientCallbackHandler.java  | 63 ++--------------
 .../auth/plain/PlainSaslTransportPlugin.java    | 15 +---
 .../auth/plain/PlainServerCallbackHandler.java  | 66 +----------------
 .../security/auth/plain/SaslPlainServer.java    | 13 ++--
 8 files changed, 184 insertions(+), 247 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/storm/blob/cccb9766/storm-core/src/jvm/org/apache/storm/security/auth/AbstractSaslClientCallbackHandler.java
----------------------------------------------------------------------
diff --git a/storm-core/src/jvm/org/apache/storm/security/auth/AbstractSaslClientCallbackHandler.java
b/storm-core/src/jvm/org/apache/storm/security/auth/AbstractSaslClientCallbackHandler.java
new file mode 100644
index 0000000..04710ba
--- /dev/null
+++ b/storm-core/src/jvm/org/apache/storm/security/auth/AbstractSaslClientCallbackHandler.java
@@ -0,0 +1,76 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.storm.security.auth;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.sasl.AuthorizeCallback;
+import javax.security.sasl.RealmCallback;
+import java.io.IOException;
+
+public abstract class AbstractSaslClientCallbackHandler implements CallbackHandler {
+    protected static final String USERNAME = "username";
+    protected static final String PASSWORD = "password";
+    private static final Logger LOG = LoggerFactory.getLogger(AbstractSaslClientCallbackHandler.class);
+    protected String _username = null;
+    protected String _password = null;
+
+    /**
+     * This method is invoked by SASL for authentication challenges
+     * @param callbacks a collection of challenge callbacks
+     */
+    public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException
{
+        for (Callback c : callbacks) {
+            if (c instanceof NameCallback) {
+                LOG.debug("name callback");
+                NameCallback nc = (NameCallback) c;
+                nc.setName(_username);
+            } else if (c instanceof PasswordCallback) {
+                LOG.debug("password callback");
+                PasswordCallback pc = (PasswordCallback)c;
+                if (_password != null) {
+                    pc.setPassword(_password.toCharArray());
+                }
+            } else if (c instanceof AuthorizeCallback) {
+                LOG.debug("authorization callback");
+                AuthorizeCallback ac = (AuthorizeCallback) c;
+                String authid = ac.getAuthenticationID();
+                String authzid = ac.getAuthorizationID();
+                if (authid.equals(authzid)) {
+                    ac.setAuthorized(true);
+                } else {
+                    ac.setAuthorized(false);
+                }
+                if (ac.isAuthorized()) {
+                    ac.setAuthorizedID(authzid);
+                }
+            } else if (c instanceof RealmCallback) {
+                RealmCallback rc = (RealmCallback) c;
+                ((RealmCallback) c).setText(rc.getDefaultText());
+            } else {
+                throw new UnsupportedCallbackException(c);
+            }
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/storm/blob/cccb9766/storm-core/src/jvm/org/apache/storm/security/auth/AbstractSaslServerCallbackHandler.java
----------------------------------------------------------------------
diff --git a/storm-core/src/jvm/org/apache/storm/security/auth/AbstractSaslServerCallbackHandler.java
b/storm-core/src/jvm/org/apache/storm/security/auth/AbstractSaslServerCallbackHandler.java
new file mode 100644
index 0000000..0a57f93
--- /dev/null
+++ b/storm-core/src/jvm/org/apache/storm/security/auth/AbstractSaslServerCallbackHandler.java
@@ -0,0 +1,77 @@
+package org.apache.storm.security.auth;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.sasl.AuthorizeCallback;
+import javax.security.sasl.RealmCallback;
+import java.util.HashMap;
+import java.util.Map;
+
+public abstract class AbstractSaslServerCallbackHandler implements CallbackHandler {
+    private static final Logger LOG = LoggerFactory.getLogger(AbstractSaslServerCallbackHandler.class);
+    protected final Map<String,String> credentials = new HashMap<>();
+    protected String userName;
+
+    public void handle(Callback[] callbacks) throws UnsupportedCallbackException {
+        for (Callback callback : callbacks) {
+            if (callback instanceof NameCallback) {
+                handleNameCallback((NameCallback) callback);
+            } else if (callback instanceof PasswordCallback) {
+                handlePasswordCallback((PasswordCallback) callback);
+            } else if (callback instanceof RealmCallback) {
+                handleRealmCallback((RealmCallback) callback);
+            } else if (callback instanceof AuthorizeCallback) {
+                handleAuthorizeCallback((AuthorizeCallback) callback);
+            }
+        }
+    }
+
+    private void handleNameCallback(NameCallback nc) {
+        LOG.debug("handleNameCallback");
+        userName = nc.getDefaultName();
+        nc.setName(nc.getDefaultName());
+    }
+
+    protected void handlePasswordCallback(PasswordCallback pc) {
+        LOG.debug("handlePasswordCallback");
+        if (credentials.containsKey(userName) ) {
+            pc.setPassword(credentials.get(userName).toCharArray());
+        } else {
+            LOG.warn("No password found for user: " + userName);
+        }
+    }
+
+    private void handleRealmCallback(RealmCallback rc) {
+        LOG.debug("handleRealmCallback: "+ rc.getDefaultText());
+        rc.setText(rc.getDefaultText());
+    }
+
+    private void handleAuthorizeCallback(AuthorizeCallback ac) {
+        String authenticationID = ac.getAuthenticationID();
+        LOG.info("Successfully authenticated client: authenticationID = {} authorizationID
= {}",
+            authenticationID, ac.getAuthorizationID());
+
+        //if authorizationId is not set, set it to authenticationId.
+        if(ac.getAuthorizationID() == null) {
+            ac.setAuthorizedID(authenticationID);
+        }
+
+        //When authNid and authZid are not equal , authNId is attempting to impersonate authZid,
We
+        //add the authNid as the real user in reqContext's subject which will be used during
authorization.
+        if(!authenticationID.equals(ac.getAuthorizationID())) {
+            LOG.info("Impersonation attempt  authenticationID = {} authorizationID = {}",
+                ac.getAuthenticationID(),  ac.getAuthorizationID());
+            ReqContext.context().setRealPrincipal(new SaslTransportPlugin.User(ac.getAuthenticationID()));
+        } else {
+            ReqContext.context().setRealPrincipal(null);
+        }
+
+        ac.setAuthorized(true);
+    }
+}

http://git-wip-us.apache.org/repos/asf/storm/blob/cccb9766/storm-core/src/jvm/org/apache/storm/security/auth/digest/ClientCallbackHandler.java
----------------------------------------------------------------------
diff --git a/storm-core/src/jvm/org/apache/storm/security/auth/digest/ClientCallbackHandler.java
b/storm-core/src/jvm/org/apache/storm/security/auth/digest/ClientCallbackHandler.java
index 013ce06..312e4ab 100644
--- a/storm-core/src/jvm/org/apache/storm/security/auth/digest/ClientCallbackHandler.java
+++ b/storm-core/src/jvm/org/apache/storm/security/auth/digest/ClientCallbackHandler.java
@@ -17,30 +17,17 @@
  */
 package org.apache.storm.security.auth.digest;
 
-import java.io.IOException;
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.NameCallback;
-import javax.security.auth.callback.PasswordCallback;
-import javax.security.auth.callback.UnsupportedCallbackException;
-import javax.security.sasl.AuthorizeCallback;
-import javax.security.sasl.RealmCallback;
+import org.apache.storm.security.auth.AbstractSaslClientCallbackHandler;
+import org.apache.storm.security.auth.AuthUtils;
+
 import javax.security.auth.login.AppConfigurationEntry;
 import javax.security.auth.login.Configuration;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import org.apache.storm.security.auth.AuthUtils;
+import java.io.IOException;
 
 /**
  *  client side callback handler.
  */
-public class ClientCallbackHandler implements CallbackHandler {
-    private static final String USERNAME = "username";
-    private static final String PASSWORD = "password";
-    private static final Logger LOG = LoggerFactory.getLogger(ClientCallbackHandler.class);
-    private String _username = null;
-    private String _password = null;
+public class ClientCallbackHandler extends AbstractSaslClientCallbackHandler {
 
     /**
      * Constructor based on a JAAS configuration
@@ -68,41 +55,4 @@ public class ClientCallbackHandler implements CallbackHandler {
         }
     }
 
-    /**
-     * This method is invoked by SASL for authentication challenges
-     * @param callbacks a collection of challenge callbacks 
-     */
-    public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException
{
-        for (Callback c : callbacks) {
-            if (c instanceof NameCallback) {
-                LOG.debug("name callback");
-                NameCallback nc = (NameCallback) c;
-                nc.setName(_username);
-            } else if (c instanceof PasswordCallback) {
-                LOG.debug("password callback");
-                PasswordCallback pc = (PasswordCallback)c;
-                if (_password != null) {
-                    pc.setPassword(_password.toCharArray());
-                } 
-            } else if (c instanceof AuthorizeCallback) {
-                LOG.debug("authorization callback");
-                AuthorizeCallback ac = (AuthorizeCallback) c;
-                String authid = ac.getAuthenticationID();
-                String authzid = ac.getAuthorizationID();
-                if (authid.equals(authzid)) {
-                    ac.setAuthorized(true);
-                } else {
-                    ac.setAuthorized(false);
-                }
-                if (ac.isAuthorized()) {
-                    ac.setAuthorizedID(authzid);
-                }
-            } else if (c instanceof RealmCallback) {
-                RealmCallback rc = (RealmCallback) c;
-                ((RealmCallback) c).setText(rc.getDefaultText());
-            } else {
-                throw new UnsupportedCallbackException(c);
-            }
-        }
-    }
 }

http://git-wip-us.apache.org/repos/asf/storm/blob/cccb9766/storm-core/src/jvm/org/apache/storm/security/auth/digest/ServerCallbackHandler.java
----------------------------------------------------------------------
diff --git a/storm-core/src/jvm/org/apache/storm/security/auth/digest/ServerCallbackHandler.java
b/storm-core/src/jvm/org/apache/storm/security/auth/digest/ServerCallbackHandler.java
index 4fe21c2..7c4414f 100644
--- a/storm-core/src/jvm/org/apache/storm/security/auth/digest/ServerCallbackHandler.java
+++ b/storm-core/src/jvm/org/apache/storm/security/auth/digest/ServerCallbackHandler.java
@@ -21,6 +21,7 @@ import java.io.IOException;
 import java.util.HashMap;
 import java.util.Map;
 
+import org.apache.storm.security.auth.AbstractSaslServerCallbackHandler;
 import org.apache.storm.security.auth.ReqContext;
 import org.apache.storm.security.auth.SaslTransportPlugin;
 import org.slf4j.Logger;
@@ -41,13 +42,10 @@ import org.apache.storm.security.auth.AuthUtils;
 /**
  * SASL server side callback handler
  */
-public class ServerCallbackHandler implements CallbackHandler {
-    private static final String USER_PREFIX = "user_";
+public class ServerCallbackHandler extends AbstractSaslServerCallbackHandler {
     private static final Logger LOG = LoggerFactory.getLogger(ServerCallbackHandler.class);
-    private static final String SYSPROP_SUPER_PASSWORD = "storm.SASLAuthenticationProvider.superPassword";
-
-    private String userName;
-    private final Map<String,String> credentials = new HashMap<>();
+    private static final String USER_PREFIX = "user_";
+    public static final String SYSPROP_SUPER_PASSWORD = "storm.SASLAuthenticationProvider.superPassword";
 
     public ServerCallbackHandler(Configuration configuration) throws IOException {
         if (configuration==null) return;
@@ -72,61 +70,16 @@ public class ServerCallbackHandler implements CallbackHandler {
         }
     }
 
-    public void handle(Callback[] callbacks) throws UnsupportedCallbackException {
-        for (Callback callback : callbacks) {
-            if (callback instanceof NameCallback) {
-                handleNameCallback((NameCallback) callback);
-            } else if (callback instanceof PasswordCallback) {
-                handlePasswordCallback((PasswordCallback) callback);
-            } else if (callback instanceof RealmCallback) {
-                handleRealmCallback((RealmCallback) callback);
-            } else if (callback instanceof AuthorizeCallback) {
-                handleAuthorizeCallback((AuthorizeCallback) callback);
-            }
-        }
-    }
-
-    private void handleNameCallback(NameCallback nc) {
-        LOG.debug("handleNameCallback");
-        userName = nc.getDefaultName();
-        nc.setName(nc.getDefaultName());
-    }
-
-    private void handlePasswordCallback(PasswordCallback pc) {
+    @Override
+    protected void handlePasswordCallback(PasswordCallback pc) {
         LOG.debug("handlePasswordCallback");
         if ("super".equals(this.userName) && System.getProperty(SYSPROP_SUPER_PASSWORD)
!= null) {
             // superuser: use Java system property for password, if available.
             pc.setPassword(System.getProperty(SYSPROP_SUPER_PASSWORD).toCharArray());
-        } else if (credentials.containsKey(userName) ) {
-            pc.setPassword(credentials.get(userName).toCharArray());
         } else {
-            LOG.warn("No password found for user: " + userName);
+            super.handlePasswordCallback(pc);
         }
-    }
 
-    private void handleRealmCallback(RealmCallback rc) {
-        LOG.debug("handleRealmCallback: "+ rc.getDefaultText());
-        rc.setText(rc.getDefaultText());
     }
 
-    private void handleAuthorizeCallback(AuthorizeCallback ac) {
-        String authenticationID = ac.getAuthenticationID();
-        LOG.info("Successfully authenticated client: authenticationID = " + authenticationID
+ " authorizationID = " + ac.getAuthorizationID());
-
-        //if authorizationId is not set, set it to authenticationId.
-        if(ac.getAuthorizationID() == null) {
-            ac.setAuthorizedID(authenticationID);
-        }
-
-        //When authNid and authZid are not equal , authNId is attempting to impersonate authZid,
We
-        //add the authNid as the real user in reqContext's subject which will be used during
authorization.
-        if(!authenticationID.equals(ac.getAuthorizationID())) {
-            LOG.info("Impersonation attempt  authenticationID = " + ac.getAuthenticationID()
+ " authorizationID = " + ac.getAuthorizationID());
-            ReqContext.context().setRealPrincipal(new SaslTransportPlugin.User(ac.getAuthenticationID()));
-        } else {
-            ReqContext.context().setRealPrincipal(null);
-        }
-
-        ac.setAuthorized(true);
-    }
 }

http://git-wip-us.apache.org/repos/asf/storm/blob/cccb9766/storm-core/src/jvm/org/apache/storm/security/auth/plain/PlainClientCallbackHandler.java
----------------------------------------------------------------------
diff --git a/storm-core/src/jvm/org/apache/storm/security/auth/plain/PlainClientCallbackHandler.java
b/storm-core/src/jvm/org/apache/storm/security/auth/plain/PlainClientCallbackHandler.java
index 25c7609..1350bdf 100644
--- a/storm-core/src/jvm/org/apache/storm/security/auth/plain/PlainClientCallbackHandler.java
+++ b/storm-core/src/jvm/org/apache/storm/security/auth/plain/PlainClientCallbackHandler.java
@@ -17,64 +17,15 @@
  */
 package org.apache.storm.security.auth.plain;
 
-import java.io.IOException;
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.NameCallback;
-import javax.security.auth.callback.PasswordCallback;
-import javax.security.auth.callback.UnsupportedCallbackException;
-import javax.security.sasl.AuthorizeCallback;
-import javax.security.sasl.RealmCallback;
+import org.apache.storm.security.auth.AbstractSaslClientCallbackHandler;
 
+public class PlainClientCallbackHandler extends AbstractSaslClientCallbackHandler {
 
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- *  client side callback handler.
- */
-public class PlainClientCallbackHandler implements CallbackHandler {
-    private static final String USERNAME = "username";
-    private static final String PASSWORD = "password";
-    private static final Logger LOG = LoggerFactory.getLogger(PlainClientCallbackHandler.class);
-    private String _username = "username";
-    private String _password = "password";
-
-    /**
-     * This method is invoked by SASL for authentication challenges
-     * @param callbacks a collection of challenge callbacks 
+    /*
+     * For plain, using constants for a pair of user name and password.
      */
-    public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException
{
-        for (Callback c : callbacks) {
-            if (c instanceof NameCallback) {
-                LOG.debug("name callback");
-                NameCallback nc = (NameCallback) c;
-                nc.setName(_username);
-            } else if (c instanceof PasswordCallback) {
-                LOG.debug("password callback");
-                PasswordCallback pc = (PasswordCallback)c;
-                if (_password != null) {
-                    pc.setPassword(_password.toCharArray());
-                } 
-            } else if (c instanceof AuthorizeCallback) {
-                LOG.debug("authorization callback");
-                AuthorizeCallback ac = (AuthorizeCallback) c;
-                String authid = ac.getAuthenticationID();
-                String authzid = ac.getAuthorizationID();
-                if (authid.equals(authzid)) {
-                    ac.setAuthorized(true);
-                } else {
-                    ac.setAuthorized(false);
-                }
-                if (ac.isAuthorized()) {
-                    ac.setAuthorizedID(authzid);
-                }
-            } else if (c instanceof RealmCallback) {
-                RealmCallback rc = (RealmCallback) c;
-                ((RealmCallback) c).setText(rc.getDefaultText());
-            } else {
-                throw new UnsupportedCallbackException(c);
-            }
-        }
+    public PlainClientCallbackHandler() {
+        _username = USERNAME;
+        _password = PASSWORD;
     }
 }

http://git-wip-us.apache.org/repos/asf/storm/blob/cccb9766/storm-core/src/jvm/org/apache/storm/security/auth/plain/PlainSaslTransportPlugin.java
----------------------------------------------------------------------
diff --git a/storm-core/src/jvm/org/apache/storm/security/auth/plain/PlainSaslTransportPlugin.java
b/storm-core/src/jvm/org/apache/storm/security/auth/plain/PlainSaslTransportPlugin.java
index facc352..211a4b7 100644
--- a/storm-core/src/jvm/org/apache/storm/security/auth/plain/PlainSaslTransportPlugin.java
+++ b/storm-core/src/jvm/org/apache/storm/security/auth/plain/PlainSaslTransportPlugin.java
@@ -19,14 +19,8 @@ package org.apache.storm.security.auth.plain;
 
 import org.apache.storm.security.auth.AuthUtils;
 import org.apache.storm.security.auth.SaslTransportPlugin;
-import org.apache.storm.utils.ExtendedThreadPoolExecutor;
-import org.apache.thrift.TProcessor;
-import org.apache.thrift.protocol.TBinaryProtocol;
-import org.apache.thrift.server.TServer;
-import org.apache.thrift.server.TThreadPoolServer;
 import org.apache.thrift.transport.TSaslClientTransport;
 import org.apache.thrift.transport.TSaslServerTransport;
-import org.apache.thrift.transport.TServerSocket;
 import org.apache.thrift.transport.TTransport;
 import org.apache.thrift.transport.TTransportException;
 import org.apache.thrift.transport.TTransportFactory;
@@ -36,11 +30,6 @@ import org.slf4j.LoggerFactory;
 import javax.security.auth.callback.CallbackHandler;
 import java.io.IOException;
 import java.security.Security;
-import java.util.concurrent.ArrayBlockingQueue;
-import java.util.concurrent.BlockingQueue;
-import java.util.concurrent.SynchronousQueue;
-import java.util.concurrent.ThreadPoolExecutor;
-import java.util.concurrent.TimeUnit;
 
 public class PlainSaslTransportPlugin extends SaslTransportPlugin {
     public static final String PLAIN = "PLAIN";
@@ -49,11 +38,11 @@ public class PlainSaslTransportPlugin extends SaslTransportPlugin {
     @Override
     protected TTransportFactory getServerTransportFactory() throws IOException {
         //create an authentication callback handler
-        CallbackHandler serer_callback_handler = new PlainServerCallbackHandler();
+        CallbackHandler server_callback_handler = new PlainServerCallbackHandler();
         Security.addProvider(new SaslPlainServer.SecurityProvider());
         //create a transport factory that will invoke our auth callback for digest
         TSaslServerTransport.Factory factory = new TSaslServerTransport.Factory();
-        factory.addServerDefinition(PLAIN, AuthUtils.SERVICE, "localhost", null, serer_callback_handler);
+        factory.addServerDefinition(PLAIN, AuthUtils.SERVICE, "localhost", null, server_callback_handler);
 
         LOG.info("SASL PLAIN transport factory will be used");
         return factory;

http://git-wip-us.apache.org/repos/asf/storm/blob/cccb9766/storm-core/src/jvm/org/apache/storm/security/auth/plain/PlainServerCallbackHandler.java
----------------------------------------------------------------------
diff --git a/storm-core/src/jvm/org/apache/storm/security/auth/plain/PlainServerCallbackHandler.java
b/storm-core/src/jvm/org/apache/storm/security/auth/plain/PlainServerCallbackHandler.java
index e1ae2d9..da16825 100644
--- a/storm-core/src/jvm/org/apache/storm/security/auth/plain/PlainServerCallbackHandler.java
+++ b/storm-core/src/jvm/org/apache/storm/security/auth/plain/PlainServerCallbackHandler.java
@@ -21,6 +21,7 @@ import java.io.IOException;
 import java.util.HashMap;
 import java.util.Map;
 
+import org.apache.storm.security.auth.AbstractSaslServerCallbackHandler;
 import org.apache.storm.security.auth.ReqContext;
 import org.apache.storm.security.auth.SaslTransportPlugin;
 import org.slf4j.Logger;
@@ -37,72 +38,11 @@ import javax.security.sasl.RealmCallback;
 /**
  * SASL server side callback handler
  */
-public class PlainServerCallbackHandler implements CallbackHandler {
-    private static final Logger LOG = LoggerFactory.getLogger(PlainServerCallbackHandler.class);
-    private static final String SYSPROP_SUPER_PASSWORD = "storm.SASLAuthenticationProvider.superPassword";
-
-    private String userName="username";
-    private final Map<String,String> credentials = new HashMap<>();
+public class PlainServerCallbackHandler extends AbstractSaslServerCallbackHandler {
 
     public PlainServerCallbackHandler() throws IOException {
+        userName="username";
         credentials.put("username", "password");
     }
 
-    public void handle(Callback[] callbacks) throws UnsupportedCallbackException {
-        for (Callback callback : callbacks) {
-            if (callback instanceof NameCallback) {
-                handleNameCallback((NameCallback) callback);
-            } else if (callback instanceof PasswordCallback) {
-                handlePasswordCallback((PasswordCallback) callback);
-            } else if (callback instanceof RealmCallback) {
-                handleRealmCallback((RealmCallback) callback);
-            } else if (callback instanceof AuthorizeCallback) {
-                handleAuthorizeCallback((AuthorizeCallback) callback);
-            }
-        }
-    }
-
-    private void handleNameCallback(NameCallback nc) {
-        LOG.debug("handleNameCallback");
-        userName = nc.getDefaultName();
-        nc.setName(nc.getDefaultName());
-    }
-
-    private void handlePasswordCallback(PasswordCallback pc) {
-        LOG.debug("handlePasswordCallback");
-        if ("super".equals(this.userName) && System.getProperty(SYSPROP_SUPER_PASSWORD)
!= null) {
-            // superuser: use Java system property for password, if available.
-            pc.setPassword(System.getProperty(SYSPROP_SUPER_PASSWORD).toCharArray());
-        } else if (credentials.containsKey(userName) ) {
-            pc.setPassword(credentials.get(userName).toCharArray());
-        } else {
-            LOG.warn("No password found for user: " + userName);
-        }
-    }
-
-    private void handleRealmCallback(RealmCallback rc) {
-        LOG.debug("handleRealmCallback: "+ rc.getDefaultText());
-        rc.setText(rc.getDefaultText());
-    }
-
-    private void handleAuthorizeCallback(AuthorizeCallback ac) {
-        String authenticationID = ac.getAuthenticationID();
-        LOG.info("Successfully authenticated client: authenticationID = " + authenticationID
+ " authorizationID = " + ac.getAuthorizationID());
-
-        //if authorizationId is not set, set it to authenticationId.
-        if(ac.getAuthorizationID() == null) {
-            ac.setAuthorizedID(authenticationID);
-        }
-
-        //When authNid and authZid are not equal , authNId is attempting to impersonate authZid,
We
-        //add the authNid as the real user in reqContext's subject which will be used during
authorization.
-        if(!authenticationID.equals(ac.getAuthorizationID())) {
-            LOG.info("Impersonation attempt  authenticationID = " + ac.getAuthenticationID()
+ " authorizationID = " + ac.getAuthorizationID());
-            ReqContext.context().setRealPrincipal(new SaslTransportPlugin.User(ac.getAuthenticationID()));
-        } else {
-            ReqContext.context().setRealPrincipal(null);
-        }
-
-        ac.setAuthorized(true);
-    }
 }

http://git-wip-us.apache.org/repos/asf/storm/blob/cccb9766/storm-core/src/jvm/org/apache/storm/security/auth/plain/SaslPlainServer.java
----------------------------------------------------------------------
diff --git a/storm-core/src/jvm/org/apache/storm/security/auth/plain/SaslPlainServer.java
b/storm-core/src/jvm/org/apache/storm/security/auth/plain/SaslPlainServer.java
index a76c481..dd2582c 100644
--- a/storm-core/src/jvm/org/apache/storm/security/auth/plain/SaslPlainServer.java
+++ b/storm-core/src/jvm/org/apache/storm/security/auth/plain/SaslPlainServer.java
@@ -15,18 +15,19 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
 package org.apache.storm.security.auth.plain;
 
-import java.security.Provider;
-import java.util.Map;
-
-import javax.security.auth.callback.*;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
 import javax.security.sasl.AuthorizeCallback;
 import javax.security.sasl.Sasl;
 import javax.security.sasl.SaslException;
 import javax.security.sasl.SaslServer;
 import javax.security.sasl.SaslServerFactory;
+import java.security.Provider;
+import java.util.Map;
 
 public class SaslPlainServer implements SaslServer {
   @SuppressWarnings("serial")
@@ -95,7 +96,7 @@ public class SaslPlainServer implements SaslServer {
       PasswordCallback pc = new PasswordCallback("SASL PLAIN", false);
       pc.setPassword(parts[2].toCharArray());
       AuthorizeCallback ac = new AuthorizeCallback(parts[1], parts[0]);
-      cbh.handle(new Callback[]{nc, pc, ac});      
+      cbh.handle(new Callback[]{nc, pc, ac});
       if (ac.isAuthorized()) {
         authz = ac.getAuthorizedID();
       }


Mime
View raw message