Examples with PasswordCredential com.sun.enterprise.security.auth.login.common.PasswordCredential used on opensource projects

Example 11 with PasswordCredential

use of com.sun.enterprise.security.auth.login.common.PasswordCredential in project Payara by payara.

the class HttpAuthenticator method getPassword.

/**
 * Return the password for the subject.
 */
private char[] getPassword(Subject s) {
    char[] password = null;
    if (s == null)
        return null;
    Set credentials = s.getPrivateCredentials();
    Iterator credIter = credentials.iterator();
    if (credIter.hasNext()) {
        Object o = credIter.next();
        if (o instanceof PasswordCredential) {
            PasswordCredential pc = (PasswordCredential) o;
            // CHECK REALM.
            password = pc.getPassword();
        }
    }
    return password;
}

Example 12 with PasswordCredential

use of com.sun.enterprise.security.auth.login.common.PasswordCredential in project Payara by payara.

the class J2EEKeyManager method doClientLogin.

/**
 * Perform login on the client side.
 * It just simulates the login on the client side.
 * The method uses the callback handlers and generates correct
 * credential information that will be later sent to the server
 * @param int type whether it is <i> username_password</i> or
 * <i> certificate </i> based login.
 * @param CallbackHandler the callback handler to gather user information.
 * @exception LoginException the exception thrown by the callback handler.
 */
public static Subject doClientLogin(int type, javax.security.auth.callback.CallbackHandler jaasHandler) throws LoginException {
    final javax.security.auth.callback.CallbackHandler handler = jaasHandler;
    // the subject will actually be filled in with a PasswordCredential
    // required by the csiv2 layer in the LoginModule.
    // we create the dummy credential here and call the
    // set security context. Thus, we have 2  credentials, one each for
    // the csiv2 layer and the other for the RI.
    final Subject subject = new Subject();
    // V3:Commented : TODO uncomment later for Appcontainer
    if (type == SecurityConstants.USERNAME_PASSWORD) {
        AppservAccessController.doPrivileged(new PrivilegedAction() {

            public java.lang.Object run() {
                try {
                    LoginContext lg = new LoginContext(SecurityConstants.CLIENT_JAAS_PASSWORD, subject, handler);
                    lg.login();
                } catch (javax.security.auth.login.LoginException e) {
                    throw (LoginException) new LoginException(e.toString()).initCause(e);
                }
                return null;
            }
        });
        postClientAuth(subject, PasswordCredential.class);
        return subject;
    } else if (type == SecurityConstants.CERTIFICATE) {
        AppservAccessController.doPrivileged(new PrivilegedAction() {

            public java.lang.Object run() {
                try {
                    LoginContext lg = new LoginContext(SecurityConstants.CLIENT_JAAS_CERTIFICATE, subject, handler);
                    lg.login();
                } catch (javax.security.auth.login.LoginException e) {
                    throw (LoginException) new LoginException(e.toString()).initCause(e);
                }
                return null;
            }
        });
        postClientAuth(subject, X509CertificateCredential.class);
        return subject;
    } else if (type == SecurityConstants.ALL) {
        AppservAccessController.doPrivileged(new PrivilegedAction() {

            public java.lang.Object run() {
                try {
                    LoginContext lgup = new LoginContext(SecurityConstants.CLIENT_JAAS_PASSWORD, subject, handler);
                    LoginContext lgc = new LoginContext(SecurityConstants.CLIENT_JAAS_CERTIFICATE, subject, handler);
                    lgup.login();
                    postClientAuth(subject, PasswordCredential.class);
                    lgc.login();
                    postClientAuth(subject, X509CertificateCredential.class);
                } catch (javax.security.auth.login.LoginException e) {
                    throw (LoginException) new LoginException(e.toString()).initCause(e);
                }
                return null;
            }
        });
        return subject;
    } else {
        AppservAccessController.doPrivileged(new PrivilegedAction() {

            public java.lang.Object run() {
                try {
                    LoginContext lg = new LoginContext(SecurityConstants.CLIENT_JAAS_PASSWORD, subject, handler);
                    lg.login();
                    postClientAuth(subject, PasswordCredential.class);
                } catch (javax.security.auth.login.LoginException e) {
                    throw (LoginException) new LoginException(e.toString()).initCause(e);
                }
                return null;
            }
        });
        return subject;
    }
}

Example 13 with PasswordCredential

use of com.sun.enterprise.security.auth.login.common.PasswordCredential in project Payara by payara.

the class J2EEKeyManager method postClientAuth.

/**
 * Extract the relevant username and realm information from the
 * subject and sets the correct state in the security context. The
 * relevant information is set into the Thread Local Storage from
 * which then is extracted to send over the wire.
 *
 * @param Subject the subject returned by the JAAS login.
 * @param Class the class of the credential object stored in the subject
 */
private static void postClientAuth(Subject subject, Class<?> clazz) {
    final Class<?> clas = clazz;
    final Subject fs = subject;
    Set credset = (Set) AppservAccessController.doPrivileged(new PrivilegedAction<Set>() {

        public Set run() {
            if (_logger.isLoggable(Level.FINEST)) {
                _logger.log(Level.FINEST, "LCD post login subject :{0}", fs);
            }
            return fs.getPrivateCredentials(clas);
        }
    });
    final Iterator iter = credset.iterator();
    while (iter.hasNext()) {
        Object obj = null;
        try {
            obj = AppservAccessController.doPrivileged(new PrivilegedAction() {

                public java.lang.Object run() {
                    return iter.next();
                }
            });
        } catch (Exception e) {
            // should never come here
            _logger.log(Level.SEVERE, SecurityLoggerInfo.securityAccessControllerActionError, e);
        }
        if (obj instanceof PasswordCredential) {
            PasswordCredential p = (PasswordCredential) obj;
            String user = p.getUser();
            if (_logger.isLoggable(Level.FINEST)) {
                String realm = p.getRealm();
                _logger.log(Level.FINEST, "In LCD user-pass login:{0} realm :{1}", new Object[] { user, realm });
            }
            setClientSecurityContext(user, fs);
            return;
        } else if (obj instanceof X509CertificateCredential) {
            X509CertificateCredential p = (X509CertificateCredential) obj;
            String user = p.getAlias();
            if (_logger.isLoggable(Level.FINEST)) {
                String realm = p.getRealm();
                _logger.log(Level.FINEST, "In LCD cert-login::{0} realm :{1}", new Object[] { user, realm });
            }
            setClientSecurityContext(user, fs);
            return;
        }
    }
}

Example 14 with PasswordCredential

use of com.sun.enterprise.security.auth.login.common.PasswordCredential in project Payara by payara.

the class LoginContextDriver method login.

/**
 * This method is  just a convenience wrapper for
 * <i>login(Subject, Class)</i> method. It will construct a
 * PasswordCredential class.
 *
 * @param String username
 * @param String password
 * @param String realmName the name of the realm to login into, if realmName
 * is null, we login into the default realm
 */
public static void login(String username, char[] password, String realmName) {
    if (realmName == null || !(Realm.isValidRealm(realmName))) {
        realmName = Realm.getDefaultRealm();
    }
    final Subject fs = new Subject();
    final PasswordCredential pc = new PasswordCredential(username, password, realmName);
    AppservAccessController.doPrivileged(new PrivilegedAction() {

        public java.lang.Object run() {
            fs.getPrivateCredentials().add(pc);
            return fs;
        }
    });
    LoginContextDriver.login(fs, PasswordCredential.class);
}

Example 15 with PasswordCredential

use of com.sun.enterprise.security.auth.login.common.PasswordCredential in project Payara by payara.

the class LoginContextDriver method jmacLogin.

/**
 * Performs login for JMAC security. The difference between this
 * method and others is that it just verifies whether the login will succeed
 * in the given realm.
 * It does not set the result of the authentication in the appserver runtime
 * environment
 * A silent return from this method means that the given user succeeding in
 * authenticating with the given password in the given realm
 * @param subject
 * @param username
 * @param password
 * @param realmName the realm to authenticate under
 * @returns Subject on successful authentication
 * @throws LoginException
 */
public static Subject jmacLogin(Subject subject, String username, char[] password, String realmName) throws LoginException {
    if (realmName == null || !(Realm.isValidRealm(realmName))) {
        realmName = Realm.getDefaultRealm();
    }
    if (subject == null) {
        subject = new Subject();
    }
    final Subject fs = subject;
    final PasswordCredential pc = new PasswordCredential(username, password, realmName);
    AppservAccessController.doPrivileged(new PrivilegedAction() {

        public java.lang.Object run() {
            fs.getPrivateCredentials().add(pc);
            return fs;
        }
    });
    String jaasCtx = null;
    try {
        jaasCtx = Realm.getInstance(realmName).getJAASContext();
    } catch (Exception ex) {
        if (ex instanceof LoginException)
            throw (LoginException) ex;
        else
            throw (LoginException) new LoginException(ex.toString()).initCause(ex);
    }
    if (_logger.isLoggable(Level.FINE)) {
        _logger.fine("jmac login user [" + username + "] into realm: " + realmName + " using JAAS module: " + jaasCtx);
    }
    try {
        // A dummyCallback is used to satisfy JAAS but it is never used.
        // name/pwd info is already contained in Subject's Credential
        LoginContext lg = new LoginContext(jaasCtx, fs, dummyCallback);
        lg.login();
    } catch (Exception e) {
        if (_logger.isLoggable(Level.INFO)) {
            _logger.log(Level.INFO, SecurityLoggerInfo.auditAtnRefusedError, username);
        }
        if (getAuditManager().isAuditOn()) {
            getAuditManager().authentication(username, realmName, false);
        }
        if (e instanceof LoginException)
            throw (LoginException) e;
        else
            throw (LoginException) new LoginException("Login failed: " + e.getMessage()).initCause(e);
    }
    if (getAuditManager().isAuditOn()) {
        getAuditManager().authentication(username, realmName, true);
    }
    if (_logger.isLoggable(Level.FINE)) {
        _logger.fine("jmac Password login succeeded for : " + username);
    }
    return subject;
// do not set the security Context
}