Search in sources :

Example 1 with MQAdminGroup

use of com.sun.messaging.jmq.auth.jaas.MQAdminGroup in project openmq by eclipse-ee4j.

the class JMQFileUserRepository method getSubject.

private Subject getSubject(String user, HashMap userRTable) {
    Subject subject = null;
    final String rolestr = (String) userRTable.get(user);
    final String tempUser = user;
    subject = (Subject) java.security.AccessController.doPrivileged(new PrivilegedAction<Object>() {

        @Override
        public Object run() {
            Subject tempSubject = new Subject();
            tempSubject.getPrincipals().add(new MQUser(tempUser));
            if (rolestr != null && !rolestr.trim().equals("")) {
                tempSubject.getPrincipals().add(new MQGroup(rolestr));
            }
            if (rolestr != null && rolestr.equals(ADMINGROUP)) {
                tempSubject.getPrincipals().add(new MQAdminGroup(ADMINGROUP));
            }
            return tempSubject;
        }
    });
    return subject;
}
Also used : MQAdminGroup(com.sun.messaging.jmq.auth.jaas.MQAdminGroup) MQUser(com.sun.messaging.jmq.auth.jaas.MQUser) MQGroup(com.sun.messaging.jmq.auth.jaas.MQGroup) Subject(javax.security.auth.Subject)

Example 2 with MQAdminGroup

use of com.sun.messaging.jmq.auth.jaas.MQAdminGroup in project openmq by eclipse-ee4j.

the class JMQAdminKeyAuthenticationHandler method handleResponse.

/**
 * @param authResponse the authentication response data. This is the AUTHENCATE_RESPONSE packet body.
 * @param sequence packet sequence number
 *
 * @return next request data if any; null if no more request. The request data will be sent as packet body in
 * AUTHENTICATE_REQUEST
 */
@Override
public byte[] handleResponse(byte[] authResponse, int sequence) throws LoginException {
    Subject subject = null;
    acc = null;
    if (authProps == null) {
        throw new LoginException(Globals.getBrokerResources().getKString(BrokerResources.X_ILLEGAL_AUTHSTATE, getType()));
    }
    try {
        ByteArrayInputStream bis = new ByteArrayInputStream(authResponse);
        DataInputStream dis = new DataInputStream(bis);
        String username = dis.readUTF();
        BASE64Decoder decoder = new BASE64Decoder();
        String pass = dis.readUTF();
        String password = new String(decoder.decodeBuffer(pass), "UTF8");
        dis.close();
        String adminkey = authProps.getProperty(AccessController.PROP_ADMINKEY);
        if (DEBUG) {
            logger.log(Logger.DEBUG, AccessController.PROP_ADMINKEY + ":" + adminkey + ":" + " password:" + password + ":");
        }
        if (adminkey != null) {
            if (username.equals(ADMINKEYNAME) && password.equals(adminkey)) {
                final String tempUserName = username;
                subject = (Subject) java.security.AccessController.doPrivileged(new PrivilegedAction<Object>() {

                    @Override
                    public Object run() {
                        Subject tempSubject = new Subject();
                        tempSubject.getPrincipals().add(new MQUser(tempUserName));
                        tempSubject.getPrincipals().add(new MQAdminGroup(ADMINKEYNAME));
                        return tempSubject;
                    }
                });
                /*
                     * // subject = new Subject(); // subject.getPrincipals().add(new MQUser(username)); // subject.getPrincipals().add(new
                     * MQAdminGroup(ADMINKEYNAME));
                     */
                acc = new JMQAccessControlContext(new MQUser(username), subject, authProps);
                return null;
            }
            FailedLoginException ex = new FailedLoginException(Globals.getBrokerResources().getKString(BrokerResources.X_FORBIDDEN, username));
            ex.setUser(username);
            throw ex;
        }
        throw new LoginException(Globals.getBrokerResources().getKString(BrokerResources.X_ADMINKEY_NOT_EXIST));
    } catch (IOException e) {
        throw new LoginException(Globals.getBrokerResources().getString(BrokerResources.X_INTERNAL_EXCEPTION, "IOException: " + e.getMessage()));
    }
}
Also used : MQUser(com.sun.messaging.jmq.auth.jaas.MQUser) Subject(javax.security.auth.Subject) FailedLoginException(com.sun.messaging.jmq.auth.api.FailedLoginException) LoginException(javax.security.auth.login.LoginException) FailedLoginException(com.sun.messaging.jmq.auth.api.FailedLoginException) MQAdminGroup(com.sun.messaging.jmq.auth.jaas.MQAdminGroup) BASE64Decoder(com.sun.messaging.jmq.util.BASE64Decoder)

Aggregations

MQAdminGroup (com.sun.messaging.jmq.auth.jaas.MQAdminGroup)2 MQUser (com.sun.messaging.jmq.auth.jaas.MQUser)2 Subject (javax.security.auth.Subject)2 FailedLoginException (com.sun.messaging.jmq.auth.api.FailedLoginException)1 MQGroup (com.sun.messaging.jmq.auth.jaas.MQGroup)1 BASE64Decoder (com.sun.messaging.jmq.util.BASE64Decoder)1 LoginException (javax.security.auth.login.LoginException)1