Examples with PasswordCredential com.sun.enterprise.security.auth.login.common.PasswordCredential used on opensource projects

Example 1 with PasswordCredential

use of com.sun.enterprise.security.auth.login.common.PasswordCredential in project Payara by payara.

the class LoginContextDriver method doClientLogin.

/**
 * Perform login on the client side.
 * It just simulates the login on the client side.
 * The method uses the callback handlers and generates correct
 * credential information that will be later sent to the server
 * @param int type whether it is <i> username_password</i> or
 * <i> certificate </i> based login.
 * @param CallbackHandler the callback handler to gather user information.
 * @exception LoginException the exception thrown by the callback handler.
 */
public static Subject doClientLogin(int type, javax.security.auth.callback.CallbackHandler jaasHandler) throws LoginException {
    final javax.security.auth.callback.CallbackHandler handler = jaasHandler;
    // the subject will actually be filled in with a PasswordCredential
    // required by the csiv2 layer in the LoginModule.
    // we create the dummy credential here and call the
    // set security context. Thus, we have 2  credentials, one each for
    // the csiv2 layer and the other for the RI.
    final Subject subject = new Subject();
    if (type == SecurityConstants.USERNAME_PASSWORD) {
        AppservAccessController.doPrivileged(new PrivilegedAction() {

            public java.lang.Object run() {
                try {
                    LoginContext lg = new LoginContext(SecurityConstants.CLIENT_JAAS_PASSWORD, subject, handler);
                    lg.login();
                } catch (javax.security.auth.login.LoginException e) {
                    throw (LoginException) new LoginException(e.toString()).initCause(e);
                }
                return null;
            }
        });
        postClientAuth(subject, PasswordCredential.class);
        return subject;
    } else if (type == SecurityConstants.CERTIFICATE) {
        AppservAccessController.doPrivileged(new PrivilegedAction() {

            public java.lang.Object run() {
                try {
                    LoginContext lg = new LoginContext(SecurityConstants.CLIENT_JAAS_CERTIFICATE, subject, handler);
                    lg.login();
                } catch (javax.security.auth.login.LoginException e) {
                    throw (LoginException) new LoginException(e.toString()).initCause(e);
                }
                return null;
            }
        });
        postClientAuth(subject, X509CertificateCredential.class);
        return subject;
    } else if (type == SecurityConstants.ALL) {
        AppservAccessController.doPrivileged(new PrivilegedAction() {

            public java.lang.Object run() {
                try {
                    LoginContext lgup = new LoginContext(SecurityConstants.CLIENT_JAAS_PASSWORD, subject, handler);
                    LoginContext lgc = new LoginContext(SecurityConstants.CLIENT_JAAS_CERTIFICATE, subject, handler);
                    lgup.login();
                    postClientAuth(subject, PasswordCredential.class);
                    lgc.login();
                    postClientAuth(subject, X509CertificateCredential.class);
                } catch (javax.security.auth.login.LoginException e) {
                    throw (LoginException) new LoginException(e.toString()).initCause(e);
                }
                return null;
            }
        });
        return subject;
    } else {
        AppservAccessController.doPrivileged(new PrivilegedAction() {

            public java.lang.Object run() {
                try {
                    LoginContext lg = new LoginContext(SecurityConstants.CLIENT_JAAS_PASSWORD, subject, handler);
                    lg.login();
                    postClientAuth(subject, PasswordCredential.class);
                } catch (javax.security.auth.login.LoginException e) {
                    throw (LoginException) new LoginException(e.toString()).initCause(e);
                }
                return null;
            }
        });
        return subject;
    }
}

Example 2 with PasswordCredential

use of com.sun.enterprise.security.auth.login.common.PasswordCredential in project Payara by payara.

the class AuthenticationServiceImpl method setupPasswordCredential.

/**
 * A PasswordCredential object is needed when using the existing Realm LoginModules.
 *
 * Unless the CallbackHandler is from the AuthenticationService obtain the name
 * and password from the supplied JAAS CallbackHandler directly. Establishing the
 * PasswordCredential in the Subject is determined by service configuration.
 *
 * @throws LoginException when unable to obtain data from the CallbackHandler
 */
private void setupPasswordCredential(Subject subject, CallbackHandler callbackHandler) throws LoginException {
    String username = null;
    char[] password = null;
    // Obtain the username and password for the PasswordCredential
    if (callbackHandler instanceof AuthenticationCallbackHandler) {
        username = ((AuthenticationCallbackHandler) callbackHandler).getUsername();
        password = ((AuthenticationCallbackHandler) callbackHandler).getPassword();
    } else {
        // Use the supplied callback handler to obtain the PasswordCredential information
        // TODO - How does this impact Audit ability to get name?
        Callback[] callbacks = new Callback[2];
        callbacks[0] = new NameCallback("username: ");
        callbacks[1] = new PasswordCallback("password: ", false);
        try {
            callbackHandler.handle(callbacks);
            username = ((NameCallback) callbacks[0]).getName();
            password = ((PasswordCallback) callbacks[1]).getPassword();
        } catch (IOException ioe) {
            throw (LoginException) new LoginException("AuthenticationService unable to create PasswordCredential: " + ioe.getMessage()).initCause(ioe);
        } catch (UnsupportedCallbackException uce) {
            throw (LoginException) new LoginException("AuthenticationService unable to create PasswordCredential: " + uce.getMessage()).initCause(uce);
        }
    }
    // Add the PasswordCredential to the Subject
    final Subject s = subject;
    final PasswordCredential pc = new PasswordCredential(username, password, realmName);
    AppservAccessController.doPrivileged(new PrivilegedAction<Object>() {

        public Object run() {
            s.getPrivateCredentials().add(pc);
            return null;
        }
    });
}

Example 3 with PasswordCredential

use of com.sun.enterprise.security.auth.login.common.PasswordCredential in project Payara by payara.

the class BasePasswordLoginModule method extractCredentials.

/**
 * Method to extract container-provided username and password
 *
 * @throws javax.security.auth.login.LoginException
 */
public final void extractCredentials() throws LoginException {
    if (_subject == null) {
        String msg = sm.getString("pwdlm.noinfo");
        LOGGER.log(SEVERE, msg);
        throw new LoginException(msg);
    }
    PasswordCredential passwordCredential = null;
    try {
        Iterator<Object> privateCredentials = _subject.getPrivateCredentials().iterator();
        while (privateCredentials.hasNext() && passwordCredential == null) {
            Object privateCredential = privateCredentials.next();
            if (privateCredential instanceof PasswordCredential) {
                passwordCredential = (PasswordCredential) privateCredential;
            }
        }
    } catch (Exception e) {
        LOGGER.log(WARNING, privateSubjectCredentialsError, e.toString());
    }
    if (passwordCredential == null) {
        LOGGER.log(SEVERE, noPwdCredentialProvidedError);
        throw new LoginException(sm.getString("pwdlm.nocreds"));
    }
    // Need to obtain the requested realm to get parameters.
    String realm = null;
    try {
        realm = passwordCredential.getRealm();
        _currentRealm = Realm.getInstance(realm);
    } catch (Exception e) {
        String msg = sm.getString("pwdlm.norealm", realm);
        LOGGER.log(Level.SEVERE, msg);
        throw new LoginException(msg);
    }
    // Get username and password data from credential (ignore callback)
    setUsername(passwordCredential.getUser());
    setPasswordChar(passwordCredential.getPassword());
    setPassword(new String(passwordCredential.getPassword()));
}

Example 4 with PasswordCredential

use of com.sun.enterprise.security.auth.login.common.PasswordCredential in project Payara by payara.

the class WebAndEjbToJaasBridge method login.

/**
 * This method is just a convenience wrapper for <i>login(Subject, Class)</i> method. It will
 * construct a PasswordCredential class.
 *
 * @param username
 * @param password
 * @param realmName the name of the realm to login into, if realmName is null, we login into
 *            the default realm
 */
public static void login(String username, char[] password, String realmName) {
    Subject subject = new Subject();
    privileged(() -> subject.getPrivateCredentials().add(new PasswordCredential(username, password, getValidRealm(realmName))));
    login(subject, PasswordCredential.class);
}

Example 5 with PasswordCredential

use of com.sun.enterprise.security.auth.login.common.PasswordCredential in project Payara by payara.

the class ClientPasswordLoginModule method commit.

/**
 * <p>
 * This method is called if the LoginContext's overall authentication succeeded (the relevant
 * REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules succeeded).
 *
 * <p>
 * If this LoginModule's own authentication attempt succeeded (checked by retrieving the private
 * state saved by the <code>login</code> method), then this method associates a
 * <code>PrincipalImpl</code> with the <code>Subject</code> located in the <code>LoginModule</code>.
 * If this LoginModule's own authentication attempted failed, then this method removes any state
 * that was originally saved.
 *
 * <p>
 *
 * @exception LoginException if the commit fails.
 *
 * @return true if this LoginModule's own login and commit attempts succeeded, or false otherwise.
 */
@Override
public boolean commit() throws LoginException {
    if (succeeded == false) {
        return false;
    }
    // 1. Add a Principal (authenticated identity) to the Subject
    // Assume the user we authenticated is the PrincipalImpl
    userPrincipal = new PrincipalImpl(username);
    if (!subject.getPrincipals().contains(userPrincipal)) {
        subject.getPrincipals().add(userPrincipal);
    }
    _logger.log(FINE, "\t\t[ClientPasswordLoginModule] " + "added PrincipalImpl to Subject");
    String realm = DEFAULT_REALMNAME;
    // 2. Add a PasswordCredential (containing the same username as the Principal) to the Subject
    PasswordCredential passwordCredential = new PasswordCredential(username, password, realm);
    if (!subject.getPrivateCredentials().contains(passwordCredential)) {
        subject.getPrivateCredentials().add(passwordCredential);
    }
    // 3. In any case, clean out state
    username = null;
    for (int i = 0; i < password.length; i++) {
        password[i] = ' ';
    }
    password = null;
    commitSucceeded = true;
    return true;
}