Example 6 with LoginException
use of com.sun.enterprise.security.auth.login.common.LoginException in project Payara by payara.
the class LoginContextDriver method doClientLogin.
/**
* Perform login on the client side.
* It just simulates the login on the client side.
* The method uses the callback handlers and generates correct
* credential information that will be later sent to the server
* @param int type whether it is <i> username_password</i> or
* <i> certificate </i> based login.
* @param CallbackHandler the callback handler to gather user information.
* @exception LoginException the exception thrown by the callback handler.
*/
public static Subject doClientLogin(int type, javax.security.auth.callback.CallbackHandler jaasHandler) throws LoginException {
final javax.security.auth.callback.CallbackHandler handler = jaasHandler;
// the subject will actually be filled in with a PasswordCredential
// required by the csiv2 layer in the LoginModule.
// we create the dummy credential here and call the
// set security context. Thus, we have 2 credentials, one each for
// the csiv2 layer and the other for the RI.
final Subject subject = new Subject();
if (type == SecurityConstants.USERNAME_PASSWORD) {
AppservAccessController.doPrivileged(new PrivilegedAction() {
public java.lang.Object run() {
try {
LoginContext lg = new LoginContext(SecurityConstants.CLIENT_JAAS_PASSWORD, subject, handler);
lg.login();
} catch (javax.security.auth.login.LoginException e) {
throw (LoginException) new LoginException(e.toString()).initCause(e);
}
return null;
}
});
postClientAuth(subject, PasswordCredential.class);
return subject;
} else if (type == SecurityConstants.CERTIFICATE) {
AppservAccessController.doPrivileged(new PrivilegedAction() {
public java.lang.Object run() {
try {
LoginContext lg = new LoginContext(SecurityConstants.CLIENT_JAAS_CERTIFICATE, subject, handler);
lg.login();
} catch (javax.security.auth.login.LoginException e) {
throw (LoginException) new LoginException(e.toString()).initCause(e);
}
return null;
}
});
postClientAuth(subject, X509CertificateCredential.class);
return subject;
} else if (type == SecurityConstants.ALL) {
AppservAccessController.doPrivileged(new PrivilegedAction() {
public java.lang.Object run() {
try {
LoginContext lgup = new LoginContext(SecurityConstants.CLIENT_JAAS_PASSWORD, subject, handler);
LoginContext lgc = new LoginContext(SecurityConstants.CLIENT_JAAS_CERTIFICATE, subject, handler);
lgup.login();
postClientAuth(subject, PasswordCredential.class);
lgc.login();
postClientAuth(subject, X509CertificateCredential.class);
} catch (javax.security.auth.login.LoginException e) {
throw (LoginException) new LoginException(e.toString()).initCause(e);
}
return null;
}
});
return subject;
} else {
AppservAccessController.doPrivileged(new PrivilegedAction() {
public java.lang.Object run() {
try {
LoginContext lg = new LoginContext(SecurityConstants.CLIENT_JAAS_PASSWORD, subject, handler);
lg.login();
postClientAuth(subject, PasswordCredential.class);
} catch (javax.security.auth.login.LoginException e) {
throw (LoginException) new LoginException(e.toString()).initCause(e);
}
return null;
}
});
return subject;
}
}
Also used :
PasswordCredential(com.sun.enterprise.security.auth.login.common.PasswordCredential)
Subject(javax.security.auth.Subject)
LoginContext(javax.security.auth.login.LoginContext)
PrivilegedAction(java.security.PrivilegedAction)
X509CertificateCredential(com.sun.enterprise.security.auth.login.common.X509CertificateCredential)
LoginException(com.sun.enterprise.security.auth.login.common.LoginException)
Example 7 with LoginException
use of com.sun.enterprise.security.auth.login.common.LoginException in project Payara by payara.
the class LoginContextDriver method doCertificateLogin.
/**
* A special case login for handling X509CertificateCredential.
* This does not get triggered based on current RI code. See X500Login.
*/
private static void doCertificateLogin(Subject s) throws LoginException {
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, "Processing X509 certificate login.");
}
String realm = CertificateRealm.AUTH_TYPE;
String user = null;
try {
Object obj = getPublicCredentials(s, X509CertificateCredential.class);
X509CertificateCredential xp = (X509CertificateCredential) obj;
user = xp.getAlias();
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, "Set security context as user: " + user);
}
setSecurityContext(user, s, realm);
if (getAuditManager().isAuditOn()) {
getAuditManager().authentication(user, realm, true);
}
} catch (LoginException le) {
if (getAuditManager().isAuditOn()) {
getAuditManager().authentication(user, realm, false);
}
throw le;
}
}
Also used :
X509CertificateCredential(com.sun.enterprise.security.auth.login.common.X509CertificateCredential)
LoginException(com.sun.enterprise.security.auth.login.common.LoginException)
Example 8 with LoginException
use of com.sun.enterprise.security.auth.login.common.LoginException in project Payara by payara.
the class LoginContextDriver method loginPrincipal.
/**
* This method is used for logging in a run As principal. It creates
* a JAAS subject whose credential is to type GSSUPName.
* This is used primarily for runas
*/
public static void loginPrincipal(String username, String realmName) throws LoginException {
// no realm provided, assuming default
if (realmName == null || realmName.length() == 0) {
realmName = Realm.getDefaultRealm();
}
final Subject s = new Subject();
final org.glassfish.security.common.PrincipalImpl p = new org.glassfish.security.common.PrincipalImpl(username);
final GSSUPName name = new GSSUPName(username, realmName);
AppservAccessController.doPrivileged(new PrivilegedAction() {
public java.lang.Object run() {
s.getPrincipals().add(p);
s.getPublicCredentials().add(name);
return null;
}
});
try {
Realm realm = Realm.getInstance(realmName);
Enumeration en = realm.getGroupNames(username);
Set<Principal> principalSet = s.getPrincipals();
while (en.hasMoreElements()) {
principalSet.add(new Group((String) en.nextElement()));
}
} catch (InvalidOperationException ex) {
_logger.log(Level.WARNING, SecurityLoggerInfo.invalidOperationForRealmError, new Object[] { username, realmName, ex.toString() });
} catch (NoSuchUserException ex) {
_logger.log(Level.WARNING, SecurityLoggerInfo.noSuchUserInRealmError, new Object[] { username, realmName, ex.toString() });
} catch (NoSuchRealmException ex) {
LoginException lex = new LoginException(ex.toString());
lex.initCause(ex);
throw lex;
}
setSecurityContext(username, s, realmName);
}
Also used :
Group(org.glassfish.security.common.Group)
Enumeration(java.util.Enumeration)
NoSuchUserException(com.sun.enterprise.security.auth.realm.NoSuchUserException)
Subject(javax.security.auth.Subject)
NoSuchRealmException(com.sun.enterprise.security.auth.realm.NoSuchRealmException)
GSSUPName(com.sun.enterprise.common.iiop.security.GSSUPName)
PrivilegedAction(java.security.PrivilegedAction)
InvalidOperationException(com.sun.enterprise.security.auth.realm.InvalidOperationException)
LoginException(com.sun.enterprise.security.auth.login.common.LoginException)
Realm(com.sun.enterprise.security.auth.realm.Realm)
CertificateRealm(com.sun.enterprise.security.auth.realm.certificate.CertificateRealm)
X500Principal(javax.security.auth.x500.X500Principal)
Principal(java.security.Principal)
Example 9 with LoginException
use of com.sun.enterprise.security.auth.login.common.LoginException in project Payara by payara.
the class LoginContextDriver method jmacLogin.
public static Subject jmacLogin(Subject subject, String identityAssertion, String realm) throws LoginException {
if (subject == null) {
subject = new Subject();
}
final Subject fs = subject;
String userName = identityAssertion;
try {
if (realm == null || "".equals(realm)) {
realm = Realm.getDefaultRealm();
}
Realm realmInst = Realm.getInstance(realm);
final Enumeration groups = realmInst.getGroupNames(userName);
if (groups != null && groups.hasMoreElements()) {
AppservAccessController.doPrivileged(new PrivilegedAction() {
public java.lang.Object run() {
while (groups.hasMoreElements()) {
String grp = (String) groups.nextElement();
fs.getPrincipals().add(new Group(grp));
}
return fs;
}
});
}
} catch (Exception ex) {
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, "Exception when trying to populate groups for CallerPrincipal " + identityAssertion, ex);
}
}
return subject;
}
Also used :
Group(org.glassfish.security.common.Group)
Enumeration(java.util.Enumeration)
PrivilegedAction(java.security.PrivilegedAction)
Realm(com.sun.enterprise.security.auth.realm.Realm)
CertificateRealm(com.sun.enterprise.security.auth.realm.certificate.CertificateRealm)
Subject(javax.security.auth.Subject)
LoginException(com.sun.enterprise.security.auth.login.common.LoginException)
NoSuchRealmException(com.sun.enterprise.security.auth.realm.NoSuchRealmException)
InvalidOperationException(com.sun.enterprise.security.auth.realm.InvalidOperationException)
NoSuchUserException(com.sun.enterprise.security.auth.realm.NoSuchUserException)
Example 10 with LoginException
use of com.sun.enterprise.security.auth.login.common.LoginException in project Payara by payara.
the class J2EEKeyManager method doClientLogin.
/**
* Perform login on the client side.
* It just simulates the login on the client side.
* The method uses the callback handlers and generates correct
* credential information that will be later sent to the server
* @param int type whether it is <i> username_password</i> or
* <i> certificate </i> based login.
* @param CallbackHandler the callback handler to gather user information.
* @exception LoginException the exception thrown by the callback handler.
*/
public static Subject doClientLogin(int type, javax.security.auth.callback.CallbackHandler jaasHandler) throws LoginException {
final javax.security.auth.callback.CallbackHandler handler = jaasHandler;
// the subject will actually be filled in with a PasswordCredential
// required by the csiv2 layer in the LoginModule.
// we create the dummy credential here and call the
// set security context. Thus, we have 2 credentials, one each for
// the csiv2 layer and the other for the RI.
final Subject subject = new Subject();
// V3:Commented : TODO uncomment later for Appcontainer
if (type == SecurityConstants.USERNAME_PASSWORD) {
AppservAccessController.doPrivileged(new PrivilegedAction() {
public java.lang.Object run() {
try {
LoginContext lg = new LoginContext(SecurityConstants.CLIENT_JAAS_PASSWORD, subject, handler);
lg.login();
} catch (javax.security.auth.login.LoginException e) {
throw (LoginException) new LoginException(e.toString()).initCause(e);
}
return null;
}
});
postClientAuth(subject, PasswordCredential.class);
return subject;
} else if (type == SecurityConstants.CERTIFICATE) {
AppservAccessController.doPrivileged(new PrivilegedAction() {
public java.lang.Object run() {
try {
LoginContext lg = new LoginContext(SecurityConstants.CLIENT_JAAS_CERTIFICATE, subject, handler);
lg.login();
} catch (javax.security.auth.login.LoginException e) {
throw (LoginException) new LoginException(e.toString()).initCause(e);
}
return null;
}
});
postClientAuth(subject, X509CertificateCredential.class);
return subject;
} else if (type == SecurityConstants.ALL) {
AppservAccessController.doPrivileged(new PrivilegedAction() {
public java.lang.Object run() {
try {
LoginContext lgup = new LoginContext(SecurityConstants.CLIENT_JAAS_PASSWORD, subject, handler);
LoginContext lgc = new LoginContext(SecurityConstants.CLIENT_JAAS_CERTIFICATE, subject, handler);
lgup.login();
postClientAuth(subject, PasswordCredential.class);
lgc.login();
postClientAuth(subject, X509CertificateCredential.class);
} catch (javax.security.auth.login.LoginException e) {
throw (LoginException) new LoginException(e.toString()).initCause(e);
}
return null;
}
});
return subject;
} else {
AppservAccessController.doPrivileged(new PrivilegedAction() {
public java.lang.Object run() {
try {
LoginContext lg = new LoginContext(SecurityConstants.CLIENT_JAAS_PASSWORD, subject, handler);
lg.login();
postClientAuth(subject, PasswordCredential.class);
} catch (javax.security.auth.login.LoginException e) {
throw (LoginException) new LoginException(e.toString()).initCause(e);
}
return null;
}
});
return subject;
}
}
Also used :
PasswordCredential(com.sun.enterprise.security.auth.login.common.PasswordCredential)
Subject(javax.security.auth.Subject)
LoginContext(javax.security.auth.login.LoginContext)
PrivilegedAction(java.security.PrivilegedAction)
X509CertificateCredential(com.sun.enterprise.security.auth.login.common.X509CertificateCredential)
LoginException(com.sun.enterprise.security.auth.login.common.LoginException)
Aggregations
LoginException (com.sun.enterprise.security.auth.login.common.LoginException)16
Subject (javax.security.auth.Subject)12
InvalidOperationException (com.sun.enterprise.security.auth.realm.InvalidOperationException)10
NoSuchRealmException (com.sun.enterprise.security.auth.realm.NoSuchRealmException)10
NoSuchUserException (com.sun.enterprise.security.auth.realm.NoSuchUserException)10
PrivilegedAction (java.security.PrivilegedAction)8
LoginContext (javax.security.auth.login.LoginContext)8
PasswordCredential (com.sun.enterprise.security.auth.login.common.PasswordCredential)5
Realm (com.sun.enterprise.security.auth.realm.Realm)4
CertificateRealm (com.sun.enterprise.security.auth.realm.certificate.CertificateRealm)4
X509CertificateCredential (com.sun.enterprise.security.auth.login.common.X509CertificateCredential)3
Iterator (java.util.Iterator)3
Set (java.util.Set)3
Enumeration (java.util.Enumeration)2
Group (org.glassfish.security.common.Group)2
X500Name (sun.security.x509.X500Name)2
GSSUPName (com.sun.enterprise.common.iiop.security.GSSUPName)1
SecurityContext (com.sun.enterprise.common.iiop.security.SecurityContext)1
ServerLoginCallbackHandler (com.sun.enterprise.security.auth.login.common.ServerLoginCallbackHandler)1
JDBCRealm (com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm)1
