Example 1 with Realm
use of com.sun.enterprise.security.auth.realm.Realm in project Payara by payara.
the class LoginContextDriver method jmacLogin.
public static Subject jmacLogin(Subject subject, X500Principal x500Principal) throws LoginException {
if (subject == null) {
subject = new Subject();
}
final Subject fs = subject;
String userName = "";
try {
final X500Name x500Name = new X500Name(x500Principal.getName(X500Principal.RFC1779));
userName = x500Name.toString();
AppservAccessController.doPrivileged(new PrivilegedAction() {
public java.lang.Object run() {
fs.getPublicCredentials().add(x500Name);
return fs;
}
});
Realm realm = Realm.getInstance(CertificateRealm.AUTH_TYPE);
CertificateRealm certRealm = (CertificateRealm) realm;
String jaasCtx = certRealm.getJAASContext();
if (jaasCtx != null) {
// The subject has the Cretificate Credential.
LoginContext lg = new LoginContext(jaasCtx, fs, dummyCallback);
lg.login();
}
certRealm.authenticate(fs, x500Name);
} catch (Exception ex) {
if (_logger.isLoggable(Level.INFO)) {
_logger.log(Level.INFO, SecurityLoggerInfo.auditAtnRefusedError, userName);
}
if (getAuditManager().isAuditOn()) {
getAuditManager().authentication(userName, CertificateRealm.AUTH_TYPE, false);
}
if (ex instanceof LoginException) {
throw (LoginException) ex;
} else {
throw (LoginException) new LoginException(ex.toString()).initCause(ex);
}
}
if (_logger.isLoggable(Level.FINE)) {
_logger.fine("jmac cert login succeeded for: " + userName);
}
if (getAuditManager().isAuditOn()) {
getAuditManager().authentication(userName, CertificateRealm.AUTH_TYPE, true);
}
return subject;
}
Also used :
LoginContext(javax.security.auth.login.LoginContext)
PrivilegedAction(java.security.PrivilegedAction)
LoginException(com.sun.enterprise.security.auth.login.common.LoginException)
X500Name(sun.security.x509.X500Name)
CertificateRealm(com.sun.enterprise.security.auth.realm.certificate.CertificateRealm)
Realm(com.sun.enterprise.security.auth.realm.Realm)
CertificateRealm(com.sun.enterprise.security.auth.realm.certificate.CertificateRealm)
Subject(javax.security.auth.Subject)
LoginException(com.sun.enterprise.security.auth.login.common.LoginException)
NoSuchRealmException(com.sun.enterprise.security.auth.realm.NoSuchRealmException)
InvalidOperationException(com.sun.enterprise.security.auth.realm.InvalidOperationException)
NoSuchUserException(com.sun.enterprise.security.auth.realm.NoSuchUserException)
Example 2 with Realm
use of com.sun.enterprise.security.auth.realm.Realm in project Payara by payara.
the class LoginContextDriver method loginPrincipal.
/**
* This method is used for logging in a run As principal. It creates
* a JAAS subject whose credential is to type GSSUPName.
* This is used primarily for runas
*/
public static void loginPrincipal(String username, String realmName) throws LoginException {
// no realm provided, assuming default
if (realmName == null || realmName.length() == 0) {
realmName = Realm.getDefaultRealm();
}
final Subject s = new Subject();
final org.glassfish.security.common.PrincipalImpl p = new org.glassfish.security.common.PrincipalImpl(username);
final GSSUPName name = new GSSUPName(username, realmName);
AppservAccessController.doPrivileged(new PrivilegedAction() {
public java.lang.Object run() {
s.getPrincipals().add(p);
s.getPublicCredentials().add(name);
return null;
}
});
try {
Realm realm = Realm.getInstance(realmName);
Enumeration en = realm.getGroupNames(username);
Set<Principal> principalSet = s.getPrincipals();
while (en.hasMoreElements()) {
principalSet.add(new Group((String) en.nextElement()));
}
} catch (InvalidOperationException ex) {
_logger.log(Level.WARNING, SecurityLoggerInfo.invalidOperationForRealmError, new Object[] { username, realmName, ex.toString() });
} catch (NoSuchUserException ex) {
_logger.log(Level.WARNING, SecurityLoggerInfo.noSuchUserInRealmError, new Object[] { username, realmName, ex.toString() });
} catch (NoSuchRealmException ex) {
LoginException lex = new LoginException(ex.toString());
lex.initCause(ex);
throw lex;
}
setSecurityContext(username, s, realmName);
}
Also used :
Group(org.glassfish.security.common.Group)
Enumeration(java.util.Enumeration)
NoSuchUserException(com.sun.enterprise.security.auth.realm.NoSuchUserException)
Subject(javax.security.auth.Subject)
NoSuchRealmException(com.sun.enterprise.security.auth.realm.NoSuchRealmException)
GSSUPName(com.sun.enterprise.common.iiop.security.GSSUPName)
PrivilegedAction(java.security.PrivilegedAction)
InvalidOperationException(com.sun.enterprise.security.auth.realm.InvalidOperationException)
LoginException(com.sun.enterprise.security.auth.login.common.LoginException)
Realm(com.sun.enterprise.security.auth.realm.Realm)
CertificateRealm(com.sun.enterprise.security.auth.realm.certificate.CertificateRealm)
X500Principal(javax.security.auth.x500.X500Principal)
Principal(java.security.Principal)
Example 3 with Realm
use of com.sun.enterprise.security.auth.realm.Realm in project Payara by payara.
the class LoginContextDriver method jmacLogin.
public static Subject jmacLogin(Subject subject, String identityAssertion, String realm) throws LoginException {
if (subject == null) {
subject = new Subject();
}
final Subject fs = subject;
String userName = identityAssertion;
try {
if (realm == null || "".equals(realm)) {
realm = Realm.getDefaultRealm();
}
Realm realmInst = Realm.getInstance(realm);
final Enumeration groups = realmInst.getGroupNames(userName);
if (groups != null && groups.hasMoreElements()) {
AppservAccessController.doPrivileged(new PrivilegedAction() {
public java.lang.Object run() {
while (groups.hasMoreElements()) {
String grp = (String) groups.nextElement();
fs.getPrincipals().add(new Group(grp));
}
return fs;
}
});
}
} catch (Exception ex) {
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, "Exception when trying to populate groups for CallerPrincipal " + identityAssertion, ex);
}
}
return subject;
}
Also used :
Group(org.glassfish.security.common.Group)
Enumeration(java.util.Enumeration)
PrivilegedAction(java.security.PrivilegedAction)
Realm(com.sun.enterprise.security.auth.realm.Realm)
CertificateRealm(com.sun.enterprise.security.auth.realm.certificate.CertificateRealm)
Subject(javax.security.auth.Subject)
LoginException(com.sun.enterprise.security.auth.login.common.LoginException)
NoSuchRealmException(com.sun.enterprise.security.auth.realm.NoSuchRealmException)
InvalidOperationException(com.sun.enterprise.security.auth.realm.InvalidOperationException)
NoSuchUserException(com.sun.enterprise.security.auth.realm.NoSuchUserException)
Example 4 with Realm
use of com.sun.enterprise.security.auth.realm.Realm in project Payara by payara.
the class GetGroupNamesCommand method getGroupNames.
private String[] getGroupNames(String realmName, String userName) throws NoSuchRealmException, BadRealmException, InvalidOperationException, NoSuchUserException {
// account for updates to file-realm contents from outside this config
// which are sharing the same keyfile
realmsManager.refreshRealm(config.getName(), realmName);
Realm realm = realmsManager.getFromLoadedRealms(config.getName(), realmName);
if (realm != null) {
return getGroupNames(realm, userName);
}
List<AuthRealm> authRealmConfigs = config.getSecurityService().getAuthRealm();
for (AuthRealm authRealm : authRealmConfigs) {
if (realmName.equals(authRealm.getName())) {
List<Property> propConfigs = authRealm.getProperty();
Properties props = new Properties();
for (Property p : propConfigs) {
String value = p.getValue();
props.setProperty(p.getName(), value);
}
realm = Realm.instantiate(authRealm.getName(), authRealm.getClassname(), props, config.getName());
return getGroupNames(realm, userName);
}
}
throw new NoSuchRealmException(_localStrings.getLocalString("NO_SUCH_REALM", "No Such Realm: {0}", realmName));
}
Also used :
AuthRealm(com.sun.enterprise.config.serverbeans.AuthRealm)
NoSuchRealmException(com.sun.enterprise.security.auth.realm.NoSuchRealmException)
Properties(java.util.Properties)
AuthRealm(com.sun.enterprise.config.serverbeans.AuthRealm)
Realm(com.sun.enterprise.security.auth.realm.Realm)
Property(org.jvnet.hk2.config.types.Property)
Example 5 with Realm
use of com.sun.enterprise.security.auth.realm.Realm in project Payara by payara.
the class RealmsImpl method removeUser.
public void removeUser(String realmName, String user) {
checkSupportsUserManagement(realmName);
try {
Realm realm = getRealm(realmName);
realm.removeUser(user);
realm.persist();
} catch (Exception e) {
throw new RuntimeException(e);
}
}Aggregations
Realm (com.sun.enterprise.security.auth.realm.Realm)15
AuthRealm (com.sun.enterprise.config.serverbeans.AuthRealm)10
NoSuchRealmException (com.sun.enterprise.security.auth.realm.NoSuchRealmException)8
LoginException (com.sun.enterprise.security.auth.login.common.LoginException)5
InvalidOperationException (com.sun.enterprise.security.auth.realm.InvalidOperationException)5
NoSuchUserException (com.sun.enterprise.security.auth.realm.NoSuchUserException)5
CertificateRealm (com.sun.enterprise.security.auth.realm.certificate.CertificateRealm)5
PrivilegedAction (java.security.PrivilegedAction)3
Subject (javax.security.auth.Subject)3
LoginContext (javax.security.auth.login.LoginContext)3
ServerLoginCallbackHandler (com.sun.enterprise.security.auth.login.common.ServerLoginCallbackHandler)2
Enumeration (java.util.Enumeration)2
Properties (java.util.Properties)2
X500Principal (javax.security.auth.x500.X500Principal)2
Group (org.glassfish.security.common.Group)2
Property (org.jvnet.hk2.config.types.Property)2
X500Name (sun.security.x509.X500Name)2
GSSUPName (com.sun.enterprise.common.iiop.security.GSSUPName)1
Config (com.sun.enterprise.config.serverbeans.Config)1
Server (com.sun.enterprise.config.serverbeans.Server)1
