Examples with LoginException com.sun.enterprise.security.auth.login.common.LoginException used on opensource projects

Example 11 with LoginException

use of com.sun.enterprise.security.auth.login.common.LoginException in project Payara by payara.

the class LoginContextDriver method doX500Login.

/**
 * A special case login for X500Name credentials.
 * This is invoked for certificate login because the containers
 * extract the X.500 name from the X.509 certificate before calling
 * into this class.
 */
public static void doX500Login(Subject s, String appModuleID) throws LoginException {
    if (_logger.isLoggable(Level.FINE)) {
        _logger.fine("Processing X.500 name login.");
    }
    String user = null;
    String realm_name = null;
    try {
        X500Name x500name = (X500Name) getPublicCredentials(s, X500Name.class);
        user = x500name.getName();
        // In the RI-inherited implementation this directly creates
        // some credentials and sets the security context. This means
        // that the certificate realm does not get an opportunity to
        // process the request. While the realm will not do any
        // authentication (already done by this point) it can choose
        // to adjust the groups or principal name or other variables
        // of the security context. Of course, bug 4646134 needs to be
        // kept in mind at all times.
        Realm realm = Realm.getInstance(CertificateRealm.AUTH_TYPE);
        if (realm instanceof CertificateRealm) {
            // should always be true
            CertificateRealm certRealm = (CertificateRealm) realm;
            String jaasCtx = certRealm.getJAASContext();
            if (jaasCtx != null) {
                // The subject has the Cretificate Credential.
                LoginContext lg = new LoginContext(jaasCtx, s, new ServerLoginCallbackHandler(user, null, appModuleID));
                lg.login();
            }
            certRealm.authenticate(s, x500name);
            realm_name = CertificateRealm.AUTH_TYPE;
            if (getAuditManager().isAuditOn()) {
                getAuditManager().authentication(user, realm_name, true);
            }
        } else {
            _logger.warning(SecurityLoggerInfo.certLoginBadRealmError);
            realm_name = realm.getName();
            setSecurityContext(user, s, realm_name);
        }
        if (_logger.isLoggable(Level.FINE)) {
            _logger.fine("X.500 name login succeeded for : " + user);
        }
    } catch (LoginException le) {
        if (getAuditManager().isAuditOn()) {
            getAuditManager().authentication(user, realm_name, false);
        }
        throw le;
    } catch (Exception ex) {
        throw (LoginException) new LoginException(ex.toString()).initCause(ex);
    }
}

Example 12 with LoginException

use of com.sun.enterprise.security.auth.login.common.LoginException in project Payara by payara.

the class LoginContextDriver method getPrivateCredentials.

/**
 * Retrieve a private credential of the given type (java class) from the
 * subject.
 *
 * <P>This method retains the RI assumption that only the first
 * credential of the given type is used.
 */
private static Object getPrivateCredentials(Subject subject, Class<?> cls) throws LoginException {
    final Subject s = subject;
    final Class<?> cl = cls;
    final Set credset = (Set) AppservAccessController.doPrivileged(new PrivilegedAction() {

        public java.lang.Object run() {
            return s.getPrivateCredentials(cl);
        }
    });
    final Iterator iter = credset.iterator();
    if (!iter.hasNext()) {
        String credmsg = cls.toString();
        if (_logger.isLoggable(Level.FINER)) {
            _logger.finer("Expected private credential of type: " + credmsg + " but none found.");
        }
        throw new LoginException("Expected private credential of type: " + credmsg + " but none found.");
    }
    // retrieve only first credential of give type
    Object obj = null;
    try {
        obj = AppservAccessController.doPrivileged(new PrivilegedAction() {

            public java.lang.Object run() {
                return iter.next();
            }
        });
    } catch (Exception e) {
        // should never come here
        if (e instanceof LoginException)
            throw (LoginException) e;
        else
            throw (LoginException) new LoginException("Failed to retrieve private credential: " + e.getMessage()).initCause(e);
    }
    return obj;
}

Example 13 with LoginException

use of com.sun.enterprise.security.auth.login.common.LoginException in project Payara by payara.

the class LoginContextDriver method getPublicCredentials.

/**
 * Retrieve a public credential of the given type (java class) from the
 * subject.
 *
 * <P>This method retains the RI assumption that only the first
 * credential of the given type is used.
 */
private static Object getPublicCredentials(Subject s, Class<?> cls) throws LoginException {
    Set credset = s.getPublicCredentials(cls);
    final Iterator iter = credset.iterator();
    if (!iter.hasNext()) {
        String credmsg = cls.toString();
        if (_logger.isLoggable(Level.FINER)) {
            _logger.finer("Expected public credentials of type : " + credmsg + " but none found.");
        }
        throw new LoginException("Expected public credential of type: " + credmsg + " but none found.");
    }
    Object obj = null;
    try {
        obj = AppservAccessController.doPrivileged(new PrivilegedAction() {

            public java.lang.Object run() {
                return iter.next();
            }
        });
    } catch (Exception e) {
        // should never come here
        if (e instanceof LoginException)
            throw (LoginException) e;
        else
            throw (LoginException) new LoginException("Failed to retrieve public credential: " + e.getMessage()).initCause(e);
    }
    return obj;
}

Example 14 with LoginException

use of com.sun.enterprise.security.auth.login.common.LoginException in project Payara by payara.

the class LoginContextDriver method jmacLogin.

/**
 * Performs login for JMAC security. The difference between this
 * method and others is that it just verifies whether the login will succeed
 * in the given realm.
 * It does not set the result of the authentication in the appserver runtime
 * environment
 * A silent return from this method means that the given user succeeding in
 * authenticating with the given password in the given realm
 * @param subject
 * @param username
 * @param password
 * @param realmName the realm to authenticate under
 * @returns Subject on successful authentication
 * @throws LoginException
 */
public static Subject jmacLogin(Subject subject, String username, char[] password, String realmName) throws LoginException {
    if (realmName == null || !(Realm.isValidRealm(realmName))) {
        realmName = Realm.getDefaultRealm();
    }
    if (subject == null) {
        subject = new Subject();
    }
    final Subject fs = subject;
    final PasswordCredential pc = new PasswordCredential(username, password, realmName);
    AppservAccessController.doPrivileged(new PrivilegedAction() {

        public java.lang.Object run() {
            fs.getPrivateCredentials().add(pc);
            return fs;
        }
    });
    String jaasCtx = null;
    try {
        jaasCtx = Realm.getInstance(realmName).getJAASContext();
    } catch (Exception ex) {
        if (ex instanceof LoginException)
            throw (LoginException) ex;
        else
            throw (LoginException) new LoginException(ex.toString()).initCause(ex);
    }
    if (_logger.isLoggable(Level.FINE)) {
        _logger.fine("jmac login user [" + username + "] into realm: " + realmName + " using JAAS module: " + jaasCtx);
    }
    try {
        // A dummyCallback is used to satisfy JAAS but it is never used.
        // name/pwd info is already contained in Subject's Credential
        LoginContext lg = new LoginContext(jaasCtx, fs, dummyCallback);
        lg.login();
    } catch (Exception e) {
        if (_logger.isLoggable(Level.INFO)) {
            _logger.log(Level.INFO, SecurityLoggerInfo.auditAtnRefusedError, username);
        }
        if (getAuditManager().isAuditOn()) {
            getAuditManager().authentication(username, realmName, false);
        }
        if (e instanceof LoginException)
            throw (LoginException) e;
        else
            throw (LoginException) new LoginException("Login failed: " + e.getMessage()).initCause(e);
    }
    if (getAuditManager().isAuditOn()) {
        getAuditManager().authentication(username, realmName, true);
    }
    if (_logger.isLoggable(Level.FINE)) {
        _logger.fine("jmac Password login succeeded for : " + username);
    }
    return subject;
// do not set the security Context
}

Example 15 with LoginException

use of com.sun.enterprise.security.auth.login.common.LoginException in project Payara by payara.

the class LoginContextDriver method doPasswordLogin.

/**
 * Log in subject with PasswordCredential. This is a generic login
 * which applies to all login mechanisms which process PasswordCredential.
 * In other words, any mechanism which receives an actual username, realm
 * and password set from the client.
 *
 * <P>The realm contained in the credential is checked, and a JAAS
 * LoginContext is created using a context name obtained from the
 * appropriate Realm instance. The applicable JAAS LoginModule
 * is initialized (based on the jaas login configuration) and login()
 * is invoked on it.
 *
 * <P>RI code makes several assumptions which are retained here:
 * <ul>
 *  <li>The PasswordCredential is stored as a private credential of
 *      the subject.
 *  <li>There is only one such credential present (actually, only
 *      the first one is relevant if more are present).
 * </ui>
 *
 * @param s Subject to be authenticated.
 * @throws LoginException Thrown if the login fails.
 */
private static void doPasswordLogin(Subject subject) throws LoginException {
    final Subject s = subject;
    Object obj = getPrivateCredentials(s, PasswordCredential.class);
    assert obj != null;
    PasswordCredential p = (PasswordCredential) obj;
    String user = p.getUser();
    char[] pwd = p.getPassword();
    String realm = p.getRealm();
    String jaasCtx = null;
    try {
        jaasCtx = Realm.getInstance(realm).getJAASContext();
    } catch (Exception ex) {
        if (ex instanceof LoginException)
            throw (LoginException) ex;
        else
            throw (LoginException) new LoginException(ex.toString()).initCause(ex);
    }
    assert user != null;
    assert pwd != null;
    assert realm != null;
    assert jaasCtx != null;
    if (_logger.isLoggable(Level.FINE)) {
        _logger.fine("Logging in user [" + user + "] into realm: " + realm + " using JAAS module: " + jaasCtx);
    }
    try {
        // A dummyCallback is used to satisfy JAAS but it is never used.
        // name/pwd info is already contained in Subject's Credential
        LoginContext lg = new LoginContext(jaasCtx, s, dummyCallback);
        lg.login();
    } catch (Exception e) {
        if (_logger.isLoggable(Level.FINEST)) {
            _logger.log(Level.FINEST, "doPasswordLogin fails", e);
        }
        if (getAuditManager() != null && getAuditManager().isAuditOn()) {
            getAuditManager().authentication(user, realm, false);
        }
        if (e instanceof LoginException)
            throw (LoginException) e;
        else
            throw (LoginException) new LoginException("Login failed: " + e.getMessage()).initCause(e);
    }
    if (getAuditManager() != null && getAuditManager().isAuditOn()) {
        getAuditManager().authentication(user, realm, true);
    }
    if (_logger.isLoggable(Level.FINE)) {
        _logger.fine("Password login succeeded for : " + user);
    }
    setSecurityContext(user, s, realm);
    if (_logger.isLoggable(Level.FINE)) {
        _logger.log(Level.FINE, "Set security context as user: " + user);
    }
}