Search in sources :

Example 31 with SecurityContext

use of com.sun.enterprise.security.SecurityContext in project Payara by payara.

the class CertificateRealm method authenticate.

/**
 * @param subject The Subject object for the authentication request.
 * @param principal The Principal object from the user certificate.
 * @return principal's name
 */
public String authenticate(Subject subject, X500Principal principal) {
    validateSubjectViaAPI(subject, principal);
    _logger.finest(() -> String.format("authenticate(subject=%s, principal=%s)", subject, principal));
    final LdapName dn = getLdapName(principal);
    _logger.log(Level.FINE, "dn={0}", dn);
    final String principalName = getPrincipalName(dn);
    _logger.log(Level.FINE, "Certificate realm is setting up security context for principal: {0}", principalName);
    final Enumeration<String> defaultGroups = getGroupNames(principalName);
    final Set<Principal> principalSet = subject.getPrincipals();
    while (defaultGroups.hasMoreElements()) {
        principalSet.add(new Group(defaultGroups.nextElement()));
    }
    final Set<Group> groupsFromDN = getGroupNamesFromDN(dn);
    principalSet.addAll(groupsFromDN);
    _logger.log(Level.FINE, "principalSet: {0}", principalSet);
    if (!subject.getPrincipals().isEmpty()) {
        subject.getPublicCredentials().add(new DistinguishedPrincipalCredential(principal));
    }
    // Making authentication final - setting the authenticated caller name
    // in the security context
    SecurityContext.setCurrent(new SecurityContext(principalName, subject));
    return principalName;
}
Also used : Group(org.glassfish.security.common.Group) SecurityContext(com.sun.enterprise.security.SecurityContext) DistinguishedPrincipalCredential(com.sun.enterprise.security.auth.login.DistinguishedPrincipalCredential) X500Principal(javax.security.auth.x500.X500Principal) Principal(java.security.Principal) LdapName(javax.naming.ldap.LdapName)

Example 32 with SecurityContext

use of com.sun.enterprise.security.SecurityContext in project Payara by payara.

the class GenericAdminAuthenticator method ensureGroupMembership.

private boolean ensureGroupMembership(String user, String realm) {
    try {
        SecurityContext secContext = SecurityContext.getCurrent();
        // before generics
        Set ps = secContext.getPrincipalSet();
        for (Object principal : ps) {
            if (principal instanceof Group) {
                Group group = (Group) principal;
                if (group.getName().equals(AdminConstants.DOMAIN_ADMIN_GROUP_NAME))
                    return true;
            }
        }
        ADMSEC_LOGGER.fine("User is not a member of the special admin group");
        return false;
    } catch (Exception e) {
        ADMSEC_LOGGER.log(Level.FINE, "User is not a member of the special admin group: {0}", e);
        return false;
    }
}
Also used : Group(org.glassfish.security.common.Group) Set(java.util.Set) SecurityContext(com.sun.enterprise.security.SecurityContext) LoginException(javax.security.auth.login.LoginException) ServerNotActiveException(java.rmi.server.ServerNotActiveException) RemoteAdminAccessException(org.glassfish.internal.api.RemoteAdminAccessException) IOException(java.io.IOException)

Example 33 with SecurityContext

use of com.sun.enterprise.security.SecurityContext in project Payara by payara.

the class ConnectorCallbackHandler method processResults.

private void processResults(Callback[] mappedCallbacks, boolean hasCallerPrincipalCallback) {
    if (mappedCallbacks != null) {
        Subject s = new Subject();
        // Handle Single Principal as the caller identity
        if (!hasCallerPrincipalCallback) {
            Set<Principal> principals = executionSubject.getPrincipals();
            if (principals != null && principals.size() == 1) {
                // process if there is only one principal
                for (Principal p : principals) {
                    Principal mappedPrincipal = null;
                    if (needMapping) {
                        mappedPrincipal = getMappedPrincipal(p, null);
                    } else {
                        mappedPrincipal = p;
                    }
                    if (mappedPrincipal != null) {
                        s.getPrincipals().add(mappedPrincipal);
                    }
                }
                s.getPublicCredentials().addAll(executionSubject.getPublicCredentials());
                s.getPrivateCredentials().addAll(executionSubject.getPrivateCredentials());
            }
        }
        // TODO V3 what happens for Public/Private Credentials of Mapped case (Case II)
        for (Callback callback : mappedCallbacks) {
            if (callback instanceof CallerPrincipalCallback) {
                CallerPrincipalCallback cpc = (CallerPrincipalCallback) callback;
                s.getPrincipals().addAll(cpc.getSubject().getPrincipals());
                s.getPublicCredentials().addAll(cpc.getSubject().getPublicCredentials());
                s.getPrivateCredentials().addAll(cpc.getSubject().getPrivateCredentials());
            } else if (callback instanceof GroupPrincipalCallback) {
                GroupPrincipalCallback gpc = (GroupPrincipalCallback) callback;
                s.getPrincipals().addAll(gpc.getSubject().getPrincipals());
                s.getPublicCredentials().addAll(gpc.getSubject().getPublicCredentials());
                s.getPrivateCredentials().addAll(gpc.getSubject().getPrivateCredentials());
            } else if (callback instanceof PasswordValidationCallback) {
                PasswordValidationCallback pvc = (PasswordValidationCallback) callback;
                s.getPrincipals().addAll(pvc.getSubject().getPrincipals());
                s.getPublicCredentials().addAll(pvc.getSubject().getPublicCredentials());
                s.getPrivateCredentials().addAll(pvc.getSubject().getPrivateCredentials());
            }
        }
        SecurityContext.setCurrent(new SecurityContext(s));
    }
}
Also used : CallerPrincipalCallback(javax.security.auth.message.callback.CallerPrincipalCallback) GroupPrincipalCallback(javax.security.auth.message.callback.GroupPrincipalCallback) GroupPrincipalCallback(javax.security.auth.message.callback.GroupPrincipalCallback) PasswordValidationCallback(javax.security.auth.message.callback.PasswordValidationCallback) CallerPrincipalCallback(javax.security.auth.message.callback.CallerPrincipalCallback) Callback(javax.security.auth.callback.Callback) SecurityContext(com.sun.enterprise.security.SecurityContext) PasswordValidationCallback(javax.security.auth.message.callback.PasswordValidationCallback) Subject(javax.security.auth.Subject) Principal(java.security.Principal)

Example 34 with SecurityContext

use of com.sun.enterprise.security.SecurityContext in project Payara by payara.

the class ContextSetupProviderImpl method saveContext.

@Override
public ContextHandle saveContext(ContextService contextService, Map<String, String> contextObjectProperties) {
    // Capture the current thread context
    ClassLoader contextClassloader = null;
    SecurityContext currentSecurityContext = null;
    ComponentInvocation savedInvocation = null;
    if (classloading) {
        contextClassloader = Utility.getClassLoader();
    }
    if (security) {
        currentSecurityContext = SecurityContext.getCurrent();
    }
    ComponentInvocation currentInvocation = invocationManager.getCurrentInvocation();
    if (currentInvocation != null) {
        savedInvocation = createComponentInvocation(currentInvocation);
    }
    boolean useTransactionOfExecutionThread = transactionManager == null && useTransactionOfExecutionThread(contextObjectProperties);
    // TODO - support workarea propagation
    return new InvocationContext(savedInvocation, contextClassloader, currentSecurityContext, useTransactionOfExecutionThread);
}
Also used : ComponentInvocation(org.glassfish.api.invocation.ComponentInvocation) SecurityContext(com.sun.enterprise.security.SecurityContext)

Aggregations

SecurityContext (com.sun.enterprise.security.SecurityContext)34 Subject (javax.security.auth.Subject)15 Principal (java.security.Principal)11 WebPrincipal (com.sun.enterprise.security.web.integration.WebPrincipal)10 DistinguishedPrincipalCredential (com.sun.enterprise.security.auth.login.DistinguishedPrincipalCredential)6 ClientSecurityContext (com.sun.enterprise.security.common.ClientSecurityContext)6 ComponentInvocation (org.glassfish.api.invocation.ComponentInvocation)6 PrivilegedAction (java.security.PrivilegedAction)5 X500Principal (javax.security.auth.x500.X500Principal)5 Iterator (java.util.Iterator)3 Set (java.util.Set)3 AuthException (javax.security.auth.message.AuthException)3 HttpServletRequest (javax.servlet.http.HttpServletRequest)3 Group (org.glassfish.security.common.Group)3 EjbDescriptor (com.sun.enterprise.deployment.EjbDescriptor)2 WebServiceEndpoint (com.sun.enterprise.deployment.WebServiceEndpoint)2 SecurityContext.getDefaultCallerPrincipal (com.sun.enterprise.security.SecurityContext.getDefaultCallerPrincipal)2 SOAPAuthParam (com.sun.enterprise.security.jauth.jaspic.provider.SOAPAuthParam)2 JavaMethod (com.sun.xml.ws.api.model.JavaMethod)2 Method (java.lang.reflect.Method)2