XMPPCallbackHandler.java 3.9 KB
Newer Older
1
/**
Matt Tucker's avatar
Matt Tucker committed
2 3
 * $Revision$
 * $Date$
4 5 6 7 8 9 10 11 12
 *
 * Copyright (C) 2005 Jive Software. All rights reserved.
 *
 * This software is published under the terms of the GNU Public License (GPL),
 * a copy of which is included in this distribution.
 */

package org.jivesoftware.wildfire.net;

13
import org.jivesoftware.util.Log;
14
import org.jivesoftware.wildfire.auth.AuthFactory;
15
import org.jivesoftware.wildfire.sasl.AuthorizationManager;
16 17 18 19 20 21 22 23
import org.jivesoftware.wildfire.user.UserNotFoundException;

import javax.security.auth.callback.*;
import javax.security.sasl.AuthorizeCallback;
import javax.security.sasl.RealmCallback;
import java.io.IOException;

/**
Matt Tucker's avatar
Matt Tucker committed
24
 * Callback handler that may be used when doing SASL authentication. A CallbackHandler
25
 * may be required depending on the SASL mechanism being used.<p>
26
 *
Matt Tucker's avatar
Matt Tucker committed
27 28 29 30 31
 * Mechanisms that use a digest don't include a password so the server needs to use the
 * stored password of the user to compare it (somehow) with the specified digest. This
 * operation requires that the UserProvider being used supports passwords retrival.
 * {@link SASLAuthentication} should not offer these kind of SASL mechanisms if the user
 * provider being in use does not support passwords retrieval.
32 33 34 35 36
 *
 * @author Hao Chen
 */
public class XMPPCallbackHandler implements CallbackHandler {

Matt Tucker's avatar
Matt Tucker committed
37 38
    public XMPPCallbackHandler() {
    }
39

Matt Tucker's avatar
Matt Tucker committed
40 41
    public void handle(final Callback[] callbacks)
            throws IOException, UnsupportedCallbackException {
42

43
        String realm;
Matt Tucker's avatar
Matt Tucker committed
44
        String name = null;
45

Matt Tucker's avatar
Matt Tucker committed
46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63
        for (int i = 0; i < callbacks.length; i++) {
            // Log.info("Callback: " + callbacks[i].getClass().getSimpleName());
            if (callbacks[i] instanceof RealmCallback) {
                realm = ((RealmCallback) callbacks[i]).getText();
                if (realm == null) {
                    realm = ((RealmCallback) callbacks[i]).getDefaultText();
                }
                //Log.info("RealmCallback: " + realm);
            }
            else if (callbacks[i] instanceof NameCallback) {
                name = ((NameCallback) callbacks[i]).getName();
                if (name == null) {
                    name = ((NameCallback) callbacks[i]).getDefaultName();
                }
                //Log.info("NameCallback: " + name);
            }
            else if (callbacks[i] instanceof PasswordCallback) {
                try {
64 65 66 67 68 69
                    // Get the password from the UserProvider. Some UserProviders may not support
                    // this operation
                    ((PasswordCallback) callbacks[i])
                            .setPassword(AuthFactory.getPassword(name).toCharArray());

                    //Log.info("PasswordCallback: "
Matt Tucker's avatar
Matt Tucker committed
70 71 72 73 74 75 76 77
                    //+ new String(((PasswordCallback) callbacks[i]).getPassword()));
                }
                catch (UserNotFoundException e) {
                    throw new IOException(e.toString());
                }
            }
            else if (callbacks[i] instanceof AuthorizeCallback) {
                AuthorizeCallback authCallback = ((AuthorizeCallback) callbacks[i]);
78 79 80 81 82
                String authenId =
                        authCallback.getAuthenticationID(); // Principal that authenticated
                String authorId =
                        authCallback.getAuthorizationID();  // Username requested (not full JID)
                if (AuthorizationManager.authorize(authorId, authenId)) {
Matt Tucker's avatar
Matt Tucker committed
83 84
                    authCallback.setAuthorized(true);
                    authCallback.setAuthorizedID(authorId);
85 86 87 88
                    Log.debug(authenId + " authorized to " + authorId);
                }
                else {
                    Log.debug(authenId + " not authorized to " + authorId);
Matt Tucker's avatar
Matt Tucker committed
89 90 91 92 93 94 95 96
                }
            }
            else {
                throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
            }
        }
    }
}