Examples with LoginException com.sun.enterprise.security.auth.login.common.LoginException used on opensource projects

Example 1 with LoginException

use of com.sun.enterprise.security.auth.login.common.LoginException in project Payara by payara.

the class JDBCLoginModule method authenticate.

/**
 * Perform JDBC authentication. Delegates to JDBCRealm.
 *
 * @throws LoginException If login fails (JAAS login() behavior).
 */
protected void authenticate() throws LoginException {
    if (!(_currentRealm instanceof JDBCRealm)) {
        String msg = sm.getString("jdbclm.badrealm");
        throw new LoginException(msg);
    }
    final JDBCRealm jdbcRealm = (JDBCRealm) _currentRealm;
    // A JDBC user must have a name not null and non-empty.
    if ((_username == null) || (_username.length() == 0)) {
        String msg = sm.getString("jdbclm.nulluser");
        throw new LoginException(msg);
    }
    String[] grpList = jdbcRealm.authenticate(_username, getPasswordChar());
    if (grpList == null) {
        // JAAS behavior
        String msg = sm.getString("jdbclm.loginfail", _username);
        throw new LoginException(msg);
    }
    if (_logger.isLoggable(Level.FINEST)) {
        _logger.finest("JDBC login succeeded for: " + _username + " groups:" + Arrays.toString(grpList));
    }
    commitAuthentication(_username, getPasswordChar(), _currentRealm, grpList);
}

Example 2 with LoginException

use of com.sun.enterprise.security.auth.login.common.LoginException in project Payara by payara.

the class BaseContainerCallbackHandler method processPasswordValidation.

private void processPasswordValidation(PasswordValidationCallback pwdCallback) {
    // if (Switch.getSwitch().getContainerType() == Switch.APPCLIENT_CONTAINER) {
    if (SecurityServicesUtil.getInstance().isACC()) {
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, "JMAC: In PasswordValidationCallback Processor for appclient - will do nothing");
        }
        pwdCallback.setResult(true);
        return;
    }
    String username = pwdCallback.getUsername();
    char[] passwd = pwdCallback.getPassword();
    if (_logger.isLoggable(Level.FINE)) {
        _logger.log(Level.FINE, "JMAC: In PasswordValidationCallback Processor");
    }
    try {
        String realmName = null;
        if (handlerContext != null) {
            realmName = handlerContext.getRealmName();
        }
        Subject s = LoginContextDriver.jmacLogin(pwdCallback.getSubject(), username, passwd, realmName);
        GFServerConfigProvider.setValidateRequestSubject(s);
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, "JMAC: authentication succeeded for user = ", username);
        }
        // explicitly ditch the password
        if (passwd != null) {
            for (int i = 0; i < passwd.length; i++) passwd[i] = ' ';
        }
        pwdCallback.setResult(true);
    } catch (LoginException le) {
        // login failed
        if (_logger.isLoggable(Level.INFO)) {
            _logger.log(Level.INFO, "jmac.loginfail", username);
        }
        pwdCallback.setResult(false);
    }
}

Example 3 with LoginException

use of com.sun.enterprise.security.auth.login.common.LoginException in project Payara by payara.

the class SecurityMechanismSelector method getUsernameAndPassword.

/**
 * Return whether the server is trusted or not based on configuration information.
 *
 * @return true if the server is trusted.
 */
/*
     * private boolean isServerTrusted() { String star = "*"; // first check if "*" in trusted - then
     * why bother // doing all the processing . We trust everything // System.out.println
     * (" In server trusted ??"); for (int i = 0; i < serverTrustedHosts.length; i++){ if
     * (serverTrustedHosts[i].length () == 1) { if (serverTrustedHosts[i].equals (star)) return true; }
     * } ConnectionContext scc = getClientConnectionContext (); if (scc != null){ Socket skt =
     * scc.getSocket (); InetAddress adr = skt.getInetAddress (); // System.out.println
     * (" Calling isServerTrusted"); // System.out.println (" addres "+ adr.toString ()); return
     * isDomainInTrustedList (adr, serverTrustedHosts); } return false; }
     */
/**
 * Checks if a given domain is trusted. e.g. domain = 123.203.1.1 is an IP address trusted list =
 * *.com, *.eng should say that the given domain is trusted.
 *
 * @param the InetAddress of the domain to be checked for
 * @param the array of trusted domains
 * @return true - if the given domain is trusted
 */
/*
     * private boolean isDomainInTrustedList (InetAddress inetAddress, String[] trusted) throws
     * SecurityException { boolean isTrusted = false; String domain = null; String star = "*"; String
     * dot = "."; // lookup and get domain name try{ domain = inetAddress.getHostName (); } catch
     * (Exception e){ _logger.log(Level.SEVERE,"iiop.domain_lookup_failed",inetAddress.getHostAddress
     * ()); return false; } if (_logger.isLoggable(Level.FINE)) { _logger.log(Level.FINE,
     * " Verifying if domain address ="+ inetAddress.toString () + " is in the Trusted list ");
     * _logger.log(Level.FINE, " the domain name is = "+ domain); } String[] domainTok =
     * TypeUtil.stringToArray (domain, dot); // now lets go through the list of trusted domains // one
     * at a time for (int i=0; i< trusted.length; i++){ // String to compare with String[] toksList =
     * TypeUtil.stringToArray (trusted[i], dot); // cannot compare *.eng to *.eng.sun if
     * (toksList.length != domainTok.length){ isTrusted = false; continue; } else{ for (int
     * j=toksList.length-1; j>=0 ; j--){ // compare com in *.eng.com and abc.eng.com // compare in the
     * reverse order if (toksList[j].equals (domainTok[j])){ isTrusted = true; } else { // compare * in
     * abc.*.com and abc.eng.com if (toksList[j].equals (star)){ isTrusted = true; } else { // get out
     * and try the next domain isTrusted = false; break; } } } // We went through one domain and found a
     * match // no need to compare further if (isTrusted) return isTrusted; } } return isTrusted; }
     */
/**
 * Get the username and password either from the JAAS subject or from thread local storage. For
 * appclients if login has'nt happened this method would trigger login and popup a user interface to
 * gather authentication information.
 *
 * @return the security context.
 */
private SecurityContext getUsernameAndPassword(ComponentInvocation ci, CompoundSecMech mechanism) throws SecurityMechanismException {
    try {
        Subject s = null;
        // if(ci == null) {
        if (isNotServerOrACC()) {
            // Standalone client ... Changed the security context
            // from which to fetch the subject
            ClientSecurityContext sc = ClientSecurityContext.getCurrent();
            if (sc == null) {
                return null;
            }
            s = sc.getSubject();
            if (_logger.isLoggable(Level.FINE)) {
                _logger.log(Level.FINE, "SUBJECT:" + s);
            }
        } else {
            // if(obj instanceof AppContainer) {
            if (isACC()) {
                // get the subject
                ClientSecurityContext sc = ClientSecurityContext.getCurrent();
                if (sc == null) {
                    s = LoginContextDriver.doClientLogin(SecurityConstants.USERNAME_PASSWORD, SecurityServicesUtil.getInstance().getCallbackHandler());
                } else {
                    s = sc.getSubject();
                }
            } else {
                // web/ejb
                s = getSubjectFromSecurityCurrent();
            // TODO check if username/password is available
            // if not throw exception
            }
        }
        SecurityContext ctx = new SecurityContext();
        final Subject sub = s;
        ctx.subject = s;
        // determining if run-as has been used
        Set<PasswordCredential> privateCredSet = AccessController.doPrivileged(new PrivilegedAction<Set>() {

            @Override
            public Set run() {
                return sub.getPrivateCredentials(PasswordCredential.class);
            }
        });
        if (privateCredSet.isEmpty()) {
            // this is runas case dont set
            if (_logger.isLoggable(Level.FINE)) {
                _logger.log(Level.FINE, "no private credential run as mode");
            }
            // the auth class
            ctx.authcls = null;
            ctx.identcls = GSSUPName.class;
        } else {
            /**
             * lookup the realm name that is required by the server and set it up in the PasswordCredential
             * class.
             */
            AS_ContextSec asContext = mechanism.as_context_mech;
            final byte[] target_name = asContext.target_name;
            byte[] _realm = null;
            if (target_name == null || target_name.length == 0) {
                _realm = Realm.getDefaultRealm().getBytes();
            } else {
                _realm = GSSUtils.importName(GSSUtils.GSSUP_MECH_OID, target_name);
            }
            final String realm_name = new String(_realm);
            final Iterator it = privateCredSet.iterator();
            for (; it.hasNext(); ) {
                AccessController.doPrivileged(new PrivilegedAction<Object>() {

                    @Override
                    public java.lang.Object run() {
                        PasswordCredential pc = (PasswordCredential) it.next();
                        pc.setRealm(realm_name);
                        return null;
                    }
                });
            }
            ctx.authcls = PasswordCredential.class;
        }
        return ctx;
    } catch (LoginException le) {
        throw le;
    } catch (Exception e) {
        _logger.log(Level.SEVERE, "iiop.user_password_exception", e);
        return null;
    }
}

Example 4 with LoginException

use of com.sun.enterprise.security.auth.login.common.LoginException in project Payara by payara.

the class LoginContextDriver method jmacLogin.

public static Subject jmacLogin(Subject subject, X500Principal x500Principal) throws LoginException {
    if (subject == null) {
        subject = new Subject();
    }
    final Subject fs = subject;
    String userName = "";
    try {
        final X500Name x500Name = new X500Name(x500Principal.getName(X500Principal.RFC1779));
        userName = x500Name.toString();
        AppservAccessController.doPrivileged(new PrivilegedAction() {

            public java.lang.Object run() {
                fs.getPublicCredentials().add(x500Name);
                return fs;
            }
        });
        Realm realm = Realm.getInstance(CertificateRealm.AUTH_TYPE);
        CertificateRealm certRealm = (CertificateRealm) realm;
        String jaasCtx = certRealm.getJAASContext();
        if (jaasCtx != null) {
            // The subject has the Cretificate Credential.
            LoginContext lg = new LoginContext(jaasCtx, fs, dummyCallback);
            lg.login();
        }
        certRealm.authenticate(fs, x500Name);
    } catch (Exception ex) {
        if (_logger.isLoggable(Level.INFO)) {
            _logger.log(Level.INFO, SecurityLoggerInfo.auditAtnRefusedError, userName);
        }
        if (getAuditManager().isAuditOn()) {
            getAuditManager().authentication(userName, CertificateRealm.AUTH_TYPE, false);
        }
        if (ex instanceof LoginException) {
            throw (LoginException) ex;
        } else {
            throw (LoginException) new LoginException(ex.toString()).initCause(ex);
        }
    }
    if (_logger.isLoggable(Level.FINE)) {
        _logger.fine("jmac cert login succeeded for: " + userName);
    }
    if (getAuditManager().isAuditOn()) {
        getAuditManager().authentication(userName, CertificateRealm.AUTH_TYPE, true);
    }
    return subject;
}

Example 5 with LoginException

use of com.sun.enterprise.security.auth.login.common.LoginException in project Payara by payara.

the class LoginContextDriver method login.

/**
 * Performs Digest authentication based on RFC 2617. It
 *
 * @param digestCred DigestCredentials
 */
public static void login(DigestCredentials digestCred) throws javax.security.auth.login.LoginException {
    Subject subject = new Subject();
    subject.getPrivateCredentials().add(digestCred);
    String jaasCtx = null;
    try {
        jaasCtx = Realm.getInstance(digestCred.getRealmName()).getJAASContext();
    } catch (Exception ex) {
        if (ex instanceof LoginException) {
            throw (LoginException) ex;
        } else {
            throw (LoginException) new LoginException(ex.toString()).initCause(ex);
        }
    }
    try {
        // A dummyCallback is used to satisfy JAAS but it is never used.
        // name/pwd info is already contained in Subject's Credential
        LoginContext lg = new LoginContext(jaasCtx, subject, dummyCallback);
        lg.login();
    } catch (Exception e) {
        if (_logger.isLoggable(Level.INFO)) {
            _logger.log(Level.INFO, SecurityLoggerInfo.auditAtnRefusedError, digestCred.getUserName());
        }
        if (_logger.isLoggable(Level.FINEST)) {
            _logger.log(Level.FINEST, "doPasswordLogin fails", e);
        }
        if (getAuditManager().isAuditOn()) {
            getAuditManager().authentication(digestCred.getUserName(), digestCred.getRealmName(), false);
        }
        if (e instanceof LoginException) {
            throw (LoginException) e;
        } else {
            throw (LoginException) new LoginException("Login failed: " + e.getMessage()).initCause(e);
        }
    }
    setSecurityContext(digestCred.getUserName(), subject, digestCred.getRealmName());
}