Example 6 with PasswordCredential
use of com.sun.enterprise.security.auth.login.common.PasswordCredential in project Payara by payara.
the class ClientPasswordLoginModule method commit.
/**
* <p> This method is called if the LoginContext's
* overall authentication succeeded
* (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules
* succeeded).
*
* <p> If this LoginModule's own authentication attempt
* succeeded (checked by retrieving the private state saved by the
* <code>login</code> method), then this method associates a
* <code>PrincipalImpl</code>
* with the <code>Subject</code> located in the
* <code>LoginModule</code>. If this LoginModule's own
* authentication attempted failed, then this method removes
* any state that was originally saved.
*
* <p>
*
* @exception LoginException if the commit fails.
*
* @return true if this LoginModule's own login and commit
* attempts succeeded, or false otherwise.
*/
public boolean commit() throws LoginException {
if (succeeded == false) {
return false;
} else {
// add a Principal (authenticated identity)
// to the Subject
// assume the user we authenticated is the PrincipalImpl
userPrincipal = new PrincipalImpl(username);
if (!subject.getPrincipals().contains(userPrincipal)) {
subject.getPrincipals().add(userPrincipal);
}
_logger.log(Level.FINE, "\t\t[ClientPasswordLoginModule] " + "added PrincipalImpl to Subject");
String realm = DEFAULT_REALMNAME;
PasswordCredential pc = new PasswordCredential(username, password, realm);
if (!subject.getPrivateCredentials().contains(pc)) {
subject.getPrivateCredentials().add(pc);
}
// in any case, clean out state
username = null;
for (int i = 0; i < password.length; i++) {
password[i] = ' ';
}
password = null;
commitSucceeded = true;
return true;
}
}
Also used :
PasswordCredential(com.sun.enterprise.security.auth.login.common.PasswordCredential)
PrincipalImpl(org.glassfish.security.common.PrincipalImpl)
Example 7 with PasswordCredential
use of com.sun.enterprise.security.auth.login.common.PasswordCredential in project Payara by payara.
the class LoginContextDriver method doClientLogin.
/**
* Perform login on the client side.
* It just simulates the login on the client side.
* The method uses the callback handlers and generates correct
* credential information that will be later sent to the server
* @param int type whether it is <i> username_password</i> or
* <i> certificate </i> based login.
* @param CallbackHandler the callback handler to gather user information.
* @exception LoginException the exception thrown by the callback handler.
*/
public static Subject doClientLogin(int type, javax.security.auth.callback.CallbackHandler jaasHandler) throws LoginException {
final javax.security.auth.callback.CallbackHandler handler = jaasHandler;
// the subject will actually be filled in with a PasswordCredential
// required by the csiv2 layer in the LoginModule.
// we create the dummy credential here and call the
// set security context. Thus, we have 2 credentials, one each for
// the csiv2 layer and the other for the RI.
final Subject subject = new Subject();
if (type == SecurityConstants.USERNAME_PASSWORD) {
AppservAccessController.doPrivileged(new PrivilegedAction() {
public java.lang.Object run() {
try {
LoginContext lg = new LoginContext(SecurityConstants.CLIENT_JAAS_PASSWORD, subject, handler);
lg.login();
} catch (javax.security.auth.login.LoginException e) {
throw (LoginException) new LoginException(e.toString()).initCause(e);
}
return null;
}
});
postClientAuth(subject, PasswordCredential.class);
return subject;
} else if (type == SecurityConstants.CERTIFICATE) {
AppservAccessController.doPrivileged(new PrivilegedAction() {
public java.lang.Object run() {
try {
LoginContext lg = new LoginContext(SecurityConstants.CLIENT_JAAS_CERTIFICATE, subject, handler);
lg.login();
} catch (javax.security.auth.login.LoginException e) {
throw (LoginException) new LoginException(e.toString()).initCause(e);
}
return null;
}
});
postClientAuth(subject, X509CertificateCredential.class);
return subject;
} else if (type == SecurityConstants.ALL) {
AppservAccessController.doPrivileged(new PrivilegedAction() {
public java.lang.Object run() {
try {
LoginContext lgup = new LoginContext(SecurityConstants.CLIENT_JAAS_PASSWORD, subject, handler);
LoginContext lgc = new LoginContext(SecurityConstants.CLIENT_JAAS_CERTIFICATE, subject, handler);
lgup.login();
postClientAuth(subject, PasswordCredential.class);
lgc.login();
postClientAuth(subject, X509CertificateCredential.class);
} catch (javax.security.auth.login.LoginException e) {
throw (LoginException) new LoginException(e.toString()).initCause(e);
}
return null;
}
});
return subject;
} else {
AppservAccessController.doPrivileged(new PrivilegedAction() {
public java.lang.Object run() {
try {
LoginContext lg = new LoginContext(SecurityConstants.CLIENT_JAAS_PASSWORD, subject, handler);
lg.login();
postClientAuth(subject, PasswordCredential.class);
} catch (javax.security.auth.login.LoginException e) {
throw (LoginException) new LoginException(e.toString()).initCause(e);
}
return null;
}
});
return subject;
}
}
Also used :
PasswordCredential(com.sun.enterprise.security.auth.login.common.PasswordCredential)
Subject(javax.security.auth.Subject)
LoginContext(javax.security.auth.login.LoginContext)
PrivilegedAction(java.security.PrivilegedAction)
X509CertificateCredential(com.sun.enterprise.security.auth.login.common.X509CertificateCredential)
LoginException(com.sun.enterprise.security.auth.login.common.LoginException)
Example 8 with PasswordCredential
use of com.sun.enterprise.security.auth.login.common.PasswordCredential in project Payara by payara.
the class LoginContextDriver method postClientAuth.
/**
* Extract the relevant username and realm information from the
* subject and sets the correct state in the security context. The
* relevant information is set into the Thread Local Storage from
* which then is extracted to send over the wire.
*
* @param Subject the subject returned by the JAAS login.
* @param Class the class of the credential object stored in the subject
*/
private static void postClientAuth(Subject subject, Class<?> clazz) {
final Class<?> clas = clazz;
final Subject fs = subject;
Set credset = (Set) AppservAccessController.doPrivileged(new PrivilegedAction() {
public java.lang.Object run() {
if (_logger.isLoggable(Level.FINEST)) {
_logger.log(Level.FINEST, "LCD post login subject :" + fs);
}
return fs.getPrivateCredentials(clas);
}
});
final Iterator iter = credset.iterator();
while (iter.hasNext()) {
Object obj = null;
try {
obj = AppservAccessController.doPrivileged(new PrivilegedAction() {
public java.lang.Object run() {
return iter.next();
}
});
} catch (Exception e) {
// should never come here
_logger.log(Level.SEVERE, SecurityLoggerInfo.securityAccessControllerActionError, e);
}
if (obj instanceof PasswordCredential) {
PasswordCredential p = (PasswordCredential) obj;
String user = p.getUser();
if (_logger.isLoggable(Level.FINEST)) {
String realm = p.getRealm();
_logger.log(Level.FINEST, "In LCD user-pass login:" + user + " realm :" + realm);
}
setClientSecurityContext(user, fs);
return;
} else if (obj instanceof X509CertificateCredential) {
X509CertificateCredential p = (X509CertificateCredential) obj;
String user = p.getAlias();
if (_logger.isLoggable(Level.FINEST)) {
String realm = p.getRealm();
_logger.log(Level.FINEST, "In LCD cert-login::" + user + " realm :" + realm);
}
setClientSecurityContext(user, fs);
return;
}
}
}
Also used :
Set(java.util.Set)
PrivilegedAction(java.security.PrivilegedAction)
X509CertificateCredential(com.sun.enterprise.security.auth.login.common.X509CertificateCredential)
Iterator(java.util.Iterator)
PasswordCredential(com.sun.enterprise.security.auth.login.common.PasswordCredential)
Subject(javax.security.auth.Subject)
LoginException(com.sun.enterprise.security.auth.login.common.LoginException)
NoSuchRealmException(com.sun.enterprise.security.auth.realm.NoSuchRealmException)
InvalidOperationException(com.sun.enterprise.security.auth.realm.InvalidOperationException)
NoSuchUserException(com.sun.enterprise.security.auth.realm.NoSuchUserException)
Example 9 with PasswordCredential
use of com.sun.enterprise.security.auth.login.common.PasswordCredential in project Payara by payara.
the class SecClientRequestInterceptor method createAuthToken.
/**
* Returns a client authentication token for the PasswordCredential in the subject. The client
* authentication token is cdr encoded.
*/
private byte[] createAuthToken(java.lang.Object cred, Class cls, ORB orb, CompoundSecMech mech) throws Exception {
// GSS token
byte[] gsstoken = {};
if (PasswordCredential.class.isAssignableFrom(cls)) {
_logger.log(Level.FINE, "Constructing a PasswordCredential client auth token");
/* Generate mechanism specific GSS token for the GSSUP mechanism */
PasswordCredential pwdcred = (PasswordCredential) cred;
GSSUPToken tok = GSSUPToken.getClientSideInstance(orb, codec, pwdcred, mech);
gsstoken = tok.getGSSToken();
}
return gsstoken;
}
Also used :
PasswordCredential(com.sun.enterprise.security.auth.login.common.PasswordCredential)
Example 10 with PasswordCredential
use of com.sun.enterprise.security.auth.login.common.PasswordCredential in project Payara by payara.
the class Counter method createAuthCredential.
/**
* Create an auth credential from authentication token and store it as a private credential in the
* JAAS subject in the security context.
*
* Set the authcls field in the security context.
*
* This method currently only works for PasswordCredential tokens.
*/
private void createAuthCredential(SecurityContext securityContext, byte[] authToken, ORB orb) throws Exception {
logger.log(FINE, "Constructing a PasswordCredential from client authentication token");
// Create a GSSUPToken from the authentication token
PasswordCredential passwordCredential = GSSUPToken.getServerSideInstance(orb, codec, authToken).getPwdcred();
if (logger.isLoggable(FINE)) {
logger.log(FINE, "Password credential = " + passwordCredential.toString());
logger.log(FINE, "Adding PasswordCredential to subject's PrivateCredentials");
}
doPrivileged(new PrivilegedAction<java.lang.Object>() {
@Override
public java.lang.Object run() {
securityContext.subject.getPrivateCredentials().add(passwordCredential);
return null;
}
});
securityContext.authcls = PasswordCredential.class;
}
Also used :
PasswordCredential(com.sun.enterprise.security.auth.login.common.PasswordCredential)
Aggregations
PasswordCredential (com.sun.enterprise.security.auth.login.common.PasswordCredential)16
Subject (javax.security.auth.Subject)11
LoginException (com.sun.enterprise.security.auth.login.common.LoginException)7
PrivilegedAction (java.security.PrivilegedAction)7
Set (java.util.Set)6
X509CertificateCredential (com.sun.enterprise.security.auth.login.common.X509CertificateCredential)5
Iterator (java.util.Iterator)5
LoginContext (javax.security.auth.login.LoginContext)4
InvalidOperationException (com.sun.enterprise.security.auth.realm.InvalidOperationException)3
NoSuchRealmException (com.sun.enterprise.security.auth.realm.NoSuchRealmException)3
NoSuchUserException (com.sun.enterprise.security.auth.realm.NoSuchUserException)3
HashSet (java.util.HashSet)3
SecurityContext (com.sun.enterprise.common.iiop.security.SecurityContext)2
ClientSecurityContext (com.sun.enterprise.security.common.ClientSecurityContext)2
AnonCredential (com.sun.enterprise.common.iiop.security.AnonCredential)1
GSSUPName (com.sun.enterprise.common.iiop.security.GSSUPName)1
IOException (java.io.IOException)1
Callback (javax.security.auth.callback.Callback)1
NameCallback (javax.security.auth.callback.NameCallback)1
PasswordCallback (javax.security.auth.callback.PasswordCallback)1
