Examples with CertificateRealm com.sun.enterprise.security.auth.realm.certificate.CertificateRealm used on opensource projects

Search in sources :

Example 1 with CertificateRealm

use of com.sun.enterprise.security.auth.realm.certificate.CertificateRealm in project Payara by payara.

the class LoginContextDriver method jmacLogin.

public static Subject jmacLogin(Subject subject, X500Principal x500Principal) throws LoginException {
    if (subject == null) {
        subject = new Subject();
    }
    final Subject fs = subject;
    String userName = "";
    try {
        final X500Name x500Name = new X500Name(x500Principal.getName(X500Principal.RFC1779));
        userName = x500Name.toString();
        AppservAccessController.doPrivileged(new PrivilegedAction() {

            public java.lang.Object run() {
                fs.getPublicCredentials().add(x500Name);
                return fs;
            }
        });
        Realm realm = Realm.getInstance(CertificateRealm.AUTH_TYPE);
        CertificateRealm certRealm = (CertificateRealm) realm;
        String jaasCtx = certRealm.getJAASContext();
        if (jaasCtx != null) {
            // The subject has the Cretificate Credential.
            LoginContext lg = new LoginContext(jaasCtx, fs, dummyCallback);
            lg.login();
        }
        certRealm.authenticate(fs, x500Name);
    } catch (Exception ex) {
        if (_logger.isLoggable(Level.INFO)) {
            _logger.log(Level.INFO, SecurityLoggerInfo.auditAtnRefusedError, userName);
        }
        if (getAuditManager().isAuditOn()) {
            getAuditManager().authentication(userName, CertificateRealm.AUTH_TYPE, false);
        }
        if (ex instanceof LoginException) {
            throw (LoginException) ex;
        } else {
            throw (LoginException) new LoginException(ex.toString()).initCause(ex);
        }
    }
    if (_logger.isLoggable(Level.FINE)) {
        _logger.fine("jmac cert login succeeded for: " + userName);
    }
    if (getAuditManager().isAuditOn()) {
        getAuditManager().authentication(userName, CertificateRealm.AUTH_TYPE, true);
    }
    return subject;
}
Also used : LoginContext(javax.security.auth.login.LoginContext) PrivilegedAction(java.security.PrivilegedAction) LoginException(com.sun.enterprise.security.auth.login.common.LoginException) X500Name(sun.security.x509.X500Name) CertificateRealm(com.sun.enterprise.security.auth.realm.certificate.CertificateRealm) Realm(com.sun.enterprise.security.auth.realm.Realm) CertificateRealm(com.sun.enterprise.security.auth.realm.certificate.CertificateRealm) Subject(javax.security.auth.Subject) LoginException(com.sun.enterprise.security.auth.login.common.LoginException) NoSuchRealmException(com.sun.enterprise.security.auth.realm.NoSuchRealmException) InvalidOperationException(com.sun.enterprise.security.auth.realm.InvalidOperationException) NoSuchUserException(com.sun.enterprise.security.auth.realm.NoSuchUserException)

Example 2 with CertificateRealm

use of com.sun.enterprise.security.auth.realm.certificate.CertificateRealm in project Payara by payara.

the class LoginContextDriver method doX500Login.

/**
 * A special case login for X500Name credentials.
 * This is invoked for certificate login because the containers
 * extract the X.500 name from the X.509 certificate before calling
 * into this class.
 */
public static void doX500Login(Subject s, String appModuleID) throws LoginException {
    if (_logger.isLoggable(Level.FINE)) {
        _logger.fine("Processing X.500 name login.");
    }
    String user = null;
    String realm_name = null;
    try {
        X500Name x500name = (X500Name) getPublicCredentials(s, X500Name.class);
        user = x500name.getName();
        // In the RI-inherited implementation this directly creates
        // some credentials and sets the security context. This means
        // that the certificate realm does not get an opportunity to
        // process the request. While the realm will not do any
        // authentication (already done by this point) it can choose
        // to adjust the groups or principal name or other variables
        // of the security context. Of course, bug 4646134 needs to be
        // kept in mind at all times.
        Realm realm = Realm.getInstance(CertificateRealm.AUTH_TYPE);
        if (realm instanceof CertificateRealm) {
            // should always be true
            CertificateRealm certRealm = (CertificateRealm) realm;
            String jaasCtx = certRealm.getJAASContext();
            if (jaasCtx != null) {
                // The subject has the Cretificate Credential.
                LoginContext lg = new LoginContext(jaasCtx, s, new ServerLoginCallbackHandler(user, null, appModuleID));
                lg.login();
            }
            certRealm.authenticate(s, x500name);
            realm_name = CertificateRealm.AUTH_TYPE;
            if (getAuditManager().isAuditOn()) {
                getAuditManager().authentication(user, realm_name, true);
            }
        } else {
            _logger.warning(SecurityLoggerInfo.certLoginBadRealmError);
            realm_name = realm.getName();
            setSecurityContext(user, s, realm_name);
        }
        if (_logger.isLoggable(Level.FINE)) {
            _logger.fine("X.500 name login succeeded for : " + user);
        }
    } catch (LoginException le) {
        if (getAuditManager().isAuditOn()) {
            getAuditManager().authentication(user, realm_name, false);
        }
        throw le;
    } catch (Exception ex) {
        throw (LoginException) new LoginException(ex.toString()).initCause(ex);
    }
}
Also used : LoginContext(javax.security.auth.login.LoginContext) LoginException(com.sun.enterprise.security.auth.login.common.LoginException) X500Name(sun.security.x509.X500Name) CertificateRealm(com.sun.enterprise.security.auth.realm.certificate.CertificateRealm) Realm(com.sun.enterprise.security.auth.realm.Realm) CertificateRealm(com.sun.enterprise.security.auth.realm.certificate.CertificateRealm) ServerLoginCallbackHandler(com.sun.enterprise.security.auth.login.common.ServerLoginCallbackHandler) LoginException(com.sun.enterprise.security.auth.login.common.LoginException) NoSuchRealmException(com.sun.enterprise.security.auth.realm.NoSuchRealmException) InvalidOperationException(com.sun.enterprise.security.auth.realm.InvalidOperationException) NoSuchUserException(com.sun.enterprise.security.auth.realm.NoSuchUserException)

Aggregations

LoginException (com.sun.enterprise.security.auth.login.common.LoginException)2 InvalidOperationException (com.sun.enterprise.security.auth.realm.InvalidOperationException)2 NoSuchRealmException (com.sun.enterprise.security.auth.realm.NoSuchRealmException)2 NoSuchUserException (com.sun.enterprise.security.auth.realm.NoSuchUserException)2 Realm (com.sun.enterprise.security.auth.realm.Realm)2 CertificateRealm (com.sun.enterprise.security.auth.realm.certificate.CertificateRealm)2 LoginContext (javax.security.auth.login.LoginContext)2 X500Name (sun.security.x509.X500Name)2 ServerLoginCallbackHandler (com.sun.enterprise.security.auth.login.common.ServerLoginCallbackHandler)1 PrivilegedAction (java.security.PrivilegedAction)1 Subject (javax.security.auth.Subject)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial