use of com.sun.enterprise.security.auth.realm.Realm in project Payara by payara.
the class LoginContextDriver method jmacLogin.
public static Subject jmacLogin(Subject subject, X500Principal x500Principal) throws LoginException {
if (subject == null) {
subject = new Subject();
}
final Subject fs = subject;
String userName = "";
try {
final X500Name x500Name = new X500Name(x500Principal.getName(X500Principal.RFC1779));
userName = x500Name.toString();
AppservAccessController.doPrivileged(new PrivilegedAction() {
public java.lang.Object run() {
fs.getPublicCredentials().add(x500Name);
return fs;
}
});
Realm realm = Realm.getInstance(CertificateRealm.AUTH_TYPE);
CertificateRealm certRealm = (CertificateRealm) realm;
String jaasCtx = certRealm.getJAASContext();
if (jaasCtx != null) {
// The subject has the Cretificate Credential.
LoginContext lg = new LoginContext(jaasCtx, fs, dummyCallback);
lg.login();
}
certRealm.authenticate(fs, x500Name);
} catch (Exception ex) {
if (_logger.isLoggable(Level.INFO)) {
_logger.log(Level.INFO, SecurityLoggerInfo.auditAtnRefusedError, userName);
}
if (getAuditManager().isAuditOn()) {
getAuditManager().authentication(userName, CertificateRealm.AUTH_TYPE, false);
}
if (ex instanceof LoginException) {
throw (LoginException) ex;
} else {
throw (LoginException) new LoginException(ex.toString()).initCause(ex);
}
}
if (_logger.isLoggable(Level.FINE)) {
_logger.fine("jmac cert login succeeded for: " + userName);
}
if (getAuditManager().isAuditOn()) {
getAuditManager().authentication(userName, CertificateRealm.AUTH_TYPE, true);
}
return subject;
}
use of com.sun.enterprise.security.auth.realm.Realm in project Payara by payara.
the class LoginContextDriver method loginPrincipal.
/**
* This method is used for logging in a run As principal. It creates
* a JAAS subject whose credential is to type GSSUPName.
* This is used primarily for runas
*/
public static void loginPrincipal(String username, String realmName) throws LoginException {
// no realm provided, assuming default
if (realmName == null || realmName.length() == 0) {
realmName = Realm.getDefaultRealm();
}
final Subject s = new Subject();
final org.glassfish.security.common.PrincipalImpl p = new org.glassfish.security.common.PrincipalImpl(username);
final GSSUPName name = new GSSUPName(username, realmName);
AppservAccessController.doPrivileged(new PrivilegedAction() {
public java.lang.Object run() {
s.getPrincipals().add(p);
s.getPublicCredentials().add(name);
return null;
}
});
try {
Realm realm = Realm.getInstance(realmName);
Enumeration en = realm.getGroupNames(username);
Set<Principal> principalSet = s.getPrincipals();
while (en.hasMoreElements()) {
principalSet.add(new Group((String) en.nextElement()));
}
} catch (InvalidOperationException ex) {
_logger.log(Level.WARNING, SecurityLoggerInfo.invalidOperationForRealmError, new Object[] { username, realmName, ex.toString() });
} catch (NoSuchUserException ex) {
_logger.log(Level.WARNING, SecurityLoggerInfo.noSuchUserInRealmError, new Object[] { username, realmName, ex.toString() });
} catch (NoSuchRealmException ex) {
LoginException lex = new LoginException(ex.toString());
lex.initCause(ex);
throw lex;
}
setSecurityContext(username, s, realmName);
}
use of com.sun.enterprise.security.auth.realm.Realm in project Payara by payara.
the class LoginContextDriver method jmacLogin.
public static Subject jmacLogin(Subject subject, String identityAssertion, String realm) throws LoginException {
if (subject == null) {
subject = new Subject();
}
final Subject fs = subject;
String userName = identityAssertion;
try {
if (realm == null || "".equals(realm)) {
realm = Realm.getDefaultRealm();
}
Realm realmInst = Realm.getInstance(realm);
final Enumeration groups = realmInst.getGroupNames(userName);
if (groups != null && groups.hasMoreElements()) {
AppservAccessController.doPrivileged(new PrivilegedAction() {
public java.lang.Object run() {
while (groups.hasMoreElements()) {
String grp = (String) groups.nextElement();
fs.getPrincipals().add(new Group(grp));
}
return fs;
}
});
}
} catch (Exception ex) {
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, "Exception when trying to populate groups for CallerPrincipal " + identityAssertion, ex);
}
}
return subject;
}
use of com.sun.enterprise.security.auth.realm.Realm in project Payara by payara.
the class GetGroupNamesCommand method getGroupNames.
private String[] getGroupNames(String realmName, String userName) throws NoSuchRealmException, BadRealmException, InvalidOperationException, NoSuchUserException {
// account for updates to file-realm contents from outside this config
// which are sharing the same keyfile
realmsManager.refreshRealm(config.getName(), realmName);
Realm realm = realmsManager.getFromLoadedRealms(config.getName(), realmName);
if (realm != null) {
return getGroupNames(realm, userName);
}
List<AuthRealm> authRealmConfigs = config.getSecurityService().getAuthRealm();
for (AuthRealm authRealm : authRealmConfigs) {
if (realmName.equals(authRealm.getName())) {
List<Property> propConfigs = authRealm.getProperty();
Properties props = new Properties();
for (Property p : propConfigs) {
String value = p.getValue();
props.setProperty(p.getName(), value);
}
realm = Realm.instantiate(authRealm.getName(), authRealm.getClassname(), props, config.getName());
return getGroupNames(realm, userName);
}
}
throw new NoSuchRealmException(_localStrings.getLocalString("NO_SUCH_REALM", "No Such Realm: {0}", realmName));
}
use of com.sun.enterprise.security.auth.realm.Realm in project Payara by payara.
the class RealmsImpl method removeUser.
public void removeUser(String realmName, String user) {
checkSupportsUserManagement(realmName);
try {
Realm realm = getRealm(realmName);
realm.removeUser(user);
realm.persist();
} catch (Exception e) {
throw new RuntimeException(e);
}
}
Aggregations