Example 1 with ClientSecurityContext
use of com.sun.enterprise.security.common.ClientSecurityContext in project Payara by payara.
the class LoginContextDriver method setClientSecurityContext.
/**
* Sets the security context on the appclient side.
* It sets the relevant information into the TLS
* @param String username is the user who authenticated
* @param Subject is the subject representation of the user
* @param Credentials the credentials that the server associated with it
*/
private static void setClientSecurityContext(String username, Subject subject) {
ClientSecurityContext securityContext = new ClientSecurityContext(username, subject);
ClientSecurityContext.setCurrent(securityContext);
}
Also used :
ClientSecurityContext(com.sun.enterprise.security.common.ClientSecurityContext)
Example 2 with ClientSecurityContext
use of com.sun.enterprise.security.common.ClientSecurityContext in project Payara by payara.
the class WebServiceSecurity method secureRequest.
private static void secureRequest(SOAPMessage request, HashMap sharedState, ClientAuthContext cAC, boolean isAppClient) throws AuthException {
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, "Container Auth: ClientAuthContext.secureRequest");
}
SOAPAuthParam param = new SOAPAuthParam(request, null);
Subject subject = null;
if (isAppClient) {
ClientSecurityContext sc = ClientSecurityContext.getCurrent();
if (sc != null) {
subject = sc.getSubject();
}
} else {
SecurityContext sc = SecurityContext.getCurrent();
if (sc != null && !sc.didServerGenerateCredentials()) {
// make sure we don't use default unauthenticated subject,
// so that module cannot change this important (constant)
// subject.
subject = sc.getSubject();
}
}
if (subject == null)
subject = new Subject();
cAC.secureRequest(param, subject, sharedState);
}
Also used :
SOAPAuthParam(com.sun.enterprise.security.jauth.jaspic.provider.SOAPAuthParam)
ClientSecurityContext(com.sun.enterprise.security.common.ClientSecurityContext)
ClientSecurityContext(com.sun.enterprise.security.common.ClientSecurityContext)
SecurityContext(com.sun.enterprise.security.SecurityContext)
Subject(javax.security.auth.Subject)
Example 3 with ClientSecurityContext
use of com.sun.enterprise.security.common.ClientSecurityContext in project Payara by payara.
the class J2EEKeyManager method chooseClientAlias.
/**
* Choose the client alias that will be used to select the client certificate for SSL client auth.
*
* @param the keytype
* @param the certificate issuers.
* @param the socket used for this connection. This parameter can be null, in which case the method will return the most
* generic alias to use.
* @return the alias.
*/
@Override
public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) {
String clientAlias = null;
if (this.alias == null) {
// if (im == null) {
if (Util.getInstance().isNotServerOrACC()) {
// standalone client
clientAlias = x509KeyManager.chooseClientAlias(keyType, issuers, socket);
} else {
if (Util.getInstance().isACC()) {
ClientSecurityContext ctx = ClientSecurityContext.getCurrent();
Subject s = ctx.getSubject();
if (s == null) {
// pass the handler and do the login
// TODO V3: Use LoginContextDriver? -> LoginContextDriver.doClientLogin(AppContainer.CERTIFICATE,
// AppContainer.getCallbackHandler());
doClientLogin(SecurityConstants.CERTIFICATE, Util.getInstance().getCallbackHandler());
s = ctx.getSubject();
}
Iterator itr = s.getPrivateCredentials().iterator();
while (itr.hasNext()) {
Object o = itr.next();
if (o instanceof X509CertificateCredential) {
X509CertificateCredential crt = (X509CertificateCredential) o;
clientAlias = crt.getAlias();
break;
}
}
}
}
} else {
clientAlias = this.alias;
}
LOGGER.log(FINE, "Choose client Alias :{0}", clientAlias);
return clientAlias;
}
Also used :
X509CertificateCredential(com.sun.enterprise.security.auth.login.common.X509CertificateCredential)
ClientSecurityContext(com.sun.enterprise.security.common.ClientSecurityContext)
Iterator(java.util.Iterator)
Subject(javax.security.auth.Subject)
Example 4 with ClientSecurityContext
use of com.sun.enterprise.security.common.ClientSecurityContext in project Payara by payara.
the class SecurityMechanismSelector method getUsernameAndPassword.
/**
* Get the username and password either from the JAAS subject or from thread local storage. For
* appclients if login has'nt happened this method would trigger login and popup a user interface to
* gather authentication information.
*
* @return the security context.
*/
private SecurityContext getUsernameAndPassword(ComponentInvocation ci, CompoundSecMech mechanism) throws SecurityMechanismException {
try {
Subject s = null;
if (isNotServerOrACC()) {
// Standalone client ... Changed the security context
// from which to fetch the subject
ClientSecurityContext sc = ClientSecurityContext.getCurrent();
if (sc == null) {
return null;
}
s = sc.getSubject();
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, "SUBJECT:" + s);
}
} else {
if (isACC()) {
// get the subject
ClientSecurityContext sc = ClientSecurityContext.getCurrent();
if (sc == null) {
s = LoginContextDriver.doClientLogin(USERNAME_PASSWORD, SecurityServicesUtil.getInstance().getCallbackHandler());
} else {
s = sc.getSubject();
}
} else {
// web/ejb
s = getSubjectFromSecurityCurrent();
// TODO check if username/password is available
// if not throw exception
}
}
SecurityContext ctx = new SecurityContext();
final Subject sub = s;
ctx.subject = s;
// determining if run-as has been used
Set<PasswordCredential> privateCredSet = AccessController.doPrivileged(new PrivilegedAction<Set>() {
@Override
public Set run() {
return sub.getPrivateCredentials(PasswordCredential.class);
}
});
if (privateCredSet.isEmpty()) {
// this is runas case dont set
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, "no private credential run as mode");
}
// the auth class
ctx.authcls = null;
ctx.identcls = GSSUPName.class;
} else {
/**
* lookup the realm name that is required by the server and set it up in the PasswordCredential
* class.
*/
AS_ContextSec asContext = mechanism.as_context_mech;
final byte[] target_name = asContext.target_name;
byte[] _realm = null;
if (target_name == null || target_name.length == 0) {
_realm = Realm.getDefaultRealm().getBytes();
} else {
_realm = GSSUtils.importName(GSSUtils.GSSUP_MECH_OID, target_name);
}
final String realm_name = new String(_realm);
final Iterator it = privateCredSet.iterator();
for (; it.hasNext(); ) {
AccessController.doPrivileged(new PrivilegedAction<Object>() {
@Override
public java.lang.Object run() {
PasswordCredential pc = (PasswordCredential) it.next();
pc.setRealm(realm_name);
return null;
}
});
}
ctx.authcls = PasswordCredential.class;
}
return ctx;
} catch (LoginException le) {
throw le;
} catch (Exception e) {
_logger.log(Level.SEVERE, "iiop.user_password_exception", e);
return null;
}
}
Also used :
ClientSecurityContext(com.sun.enterprise.security.common.ClientSecurityContext)
PasswordCredential(com.sun.enterprise.security.auth.login.common.PasswordCredential)
Subject(javax.security.auth.Subject)
LoginException(com.sun.enterprise.security.auth.login.common.LoginException)
ClientSecurityContext(com.sun.enterprise.security.common.ClientSecurityContext)
SecurityContext(com.sun.enterprise.common.iiop.security.SecurityContext)
LoginException(com.sun.enterprise.security.auth.login.common.LoginException)
Example 5 with ClientSecurityContext
use of com.sun.enterprise.security.common.ClientSecurityContext in project javaee7-samples by javaee-samples.
the class PayaraEJBContextProvider method getContextWithCredentialsSet.
@Override
public Context getContextWithCredentialsSet(String username, String password) {
// Create a new subject with a password credential
Subject subject = new Subject();
subject.getPrivateCredentials().add(new PasswordCredential(username, password.toCharArray(), "default"));
// Store this subject into a global variable where the CORBA/IIOP code will pick it up.
ClientSecurityContext.setCurrent(new ClientSecurityContext(username, subject));
// by jndi.properties in the glassfish-naming.jar on the classpath.
try {
return new InitialContext();
} catch (NamingException e) {
throw new IllegalStateException(e);
}
}
Also used :
PasswordCredential(com.sun.enterprise.security.auth.login.common.PasswordCredential)
ClientSecurityContext(com.sun.enterprise.security.common.ClientSecurityContext)
NamingException(javax.naming.NamingException)
Subject(javax.security.auth.Subject)
InitialContext(javax.naming.InitialContext)
Aggregations
ClientSecurityContext (com.sun.enterprise.security.common.ClientSecurityContext)7
Subject (javax.security.auth.Subject)5
PasswordCredential (com.sun.enterprise.security.auth.login.common.PasswordCredential)2
SecurityContext (com.sun.enterprise.common.iiop.security.SecurityContext)1
SecurityContext (com.sun.enterprise.security.SecurityContext)1
LoginException (com.sun.enterprise.security.auth.login.common.LoginException)1
X509CertificateCredential (com.sun.enterprise.security.auth.login.common.X509CertificateCredential)1
SOAPAuthParam (com.sun.enterprise.security.jauth.jaspic.provider.SOAPAuthParam)1
PasswordAuthentication (java.net.PasswordAuthentication)1
Iterator (java.util.Iterator)1
InitialContext (javax.naming.InitialContext)1
NamingException (javax.naming.NamingException)1
