Example 1 with MQUser
use of com.sun.messaging.jmq.auth.jaas.MQUser in project openmq by eclipse-ee4j.
the class JMQDigestAuthenticationHandler method handleResponse.
/**
* @param authResponse the authentication response data. This is the AUTHENCATE packet body.
* @param sequence packet sequence number
*
* @return next request data if any; null if no more request. The request data will be sent as packet body in
* AUTHENTICATE_REQUEST
*/
@Override
public byte[] handleResponse(byte[] authResponse, int sequence) throws LoginException {
Subject subject = null;
ByteArrayInputStream bis = new ByteArrayInputStream(authResponse);
DataInputStream dis = new DataInputStream(bis);
try {
String username = dis.readUTF();
String credential = dis.readUTF();
dis.close();
String rep = authProps.getProperty(AccessController.PROP_AUTHENTICATION_PREFIX + getType() + AccessController.PROP_USER_REPOSITORY_SUFFIX);
if (rep == null || rep.trim().equals("")) {
throw new LoginException(Globals.getBrokerResources().getKString(BrokerResources.X_USER_REPOSITORY_NOT_DEFINED, getType()));
}
String cn = authProps.getProperty(AccessController.PROP_USER_REPOSITORY_PREFIX + rep + ".class");
if (cn == null) {
throw new LoginException(Globals.getBrokerResources().getKString(BrokerResources.X_USER_REPOSITORY_CLASS_NOT_DEFINED, rep, getType()));
}
UserRepository repository = (UserRepository) Class.forName(cn).getDeclaredConstructor().newInstance();
repository.open(getType(), authProps, cacheData);
subject = repository.findMatch(username, credential, nonce, getMatchType());
cacheData = repository.getCacheData();
repository.close();
if (subject == null) {
FailedLoginException ex = new FailedLoginException(Globals.getBrokerResources().getKString(BrokerResources.X_FORBIDDEN, username));
ex.setUser(username);
throw ex;
}
acc = new JMQAccessControlContext(new MQUser(username), subject, authProps);
return null;
} catch (ClassNotFoundException e) {
throw new LoginException(Globals.getBrokerResources().getString(BrokerResources.X_INTERNAL_EXCEPTION, "ClassNotFoundException: " + e.getMessage()));
} catch (IOException e) {
throw new LoginException(Globals.getBrokerResources().getString(BrokerResources.X_INTERNAL_EXCEPTION, "IOException: " + e.getMessage()));
} catch (InstantiationException e) {
throw new LoginException(Globals.getBrokerResources().getString(BrokerResources.X_INTERNAL_EXCEPTION, "InstantiationException: " + e.getMessage()));
} catch (IllegalAccessException e) {
throw new LoginException(Globals.getBrokerResources().getString(BrokerResources.X_INTERNAL_EXCEPTION, "IllegalAccessException: " + e.getMessage()));
} catch (ClassCastException e) {
throw new LoginException(Globals.getBrokerResources().getString(BrokerResources.X_INTERNAL_EXCEPTION, "cLassCastException: " + e.getMessage()));
} catch (NoSuchMethodException e) {
throw new LoginException(Globals.getBrokerResources().getString(BrokerResources.X_INTERNAL_EXCEPTION, "NoSuchMethodException: " + e.getMessage()));
} catch (InvocationTargetException e) {
throw new LoginException(Globals.getBrokerResources().getString(BrokerResources.X_INTERNAL_EXCEPTION, "InvocationTargetException: " + e.getMessage()));
}
}
Also used :
MQUser(com.sun.messaging.jmq.auth.jaas.MQUser)
Subject(javax.security.auth.Subject)
InvocationTargetException(java.lang.reflect.InvocationTargetException)
UserRepository(com.sun.messaging.jmq.auth.api.server.model.UserRepository)
FailedLoginException(com.sun.messaging.jmq.auth.api.FailedLoginException)
LoginException(javax.security.auth.login.LoginException)
FailedLoginException(com.sun.messaging.jmq.auth.api.FailedLoginException)
Example 2 with MQUser
use of com.sun.messaging.jmq.auth.jaas.MQUser in project openmq by eclipse-ee4j.
the class LdapUserRepository method jmqbasicFindMatch.
private Subject jmqbasicFindMatch(String user, String userpwd) throws LoginException {
if (DEBUG) {
logger.log(Logger.INFO, "Authenticate[basic] " + user + ":" + userpwd + ((usrformat == null) ? ":" : ":usrformat=" + usrformat));
}
/*
* LDAP requires the password to be nonempty for simple authentication. otherwise it automatically converts the
* authentication to "none"
*/
if (userpwd == null || userpwd.trim().equals("")) {
throw new LoginException(Globals.getBrokerResources().getKString(BrokerResources.X_PASSWORD_NOT_PROVIDED, user));
}
if (user == null || user.trim().equals("")) {
throw new LoginException(Globals.getBrokerResources().getKString(BrokerResources.X_USERNAME_NOT_PROVIDED, user));
}
String url = server;
if (DEBUG) {
logger.log(Logger.INFO, "LDAP server: " + url);
}
Hashtable env = new Hashtable(11);
env.put(Context.INITIAL_CONTEXT_FACTORY, INITIAL_CONTEXT_FACTORY);
env.put(Context.PROVIDER_URL, url);
// see JNDI doc
env.put(Context.REFERRAL, "follow");
if (sslprotocol) {
env.put(Context.SECURITY_PROTOCOL, "ssl");
if (sslfactory != null) {
env.put("java.naming.ldap.factory.socket", sslfactory);
}
}
String dnName = null;
boolean dnformat = false;
if (usrformat != null && usrformat.equals(DN_USRFORMAT)) {
dnformat = true;
dnName = user;
user = handleDNusrformat(user);
} else {
dnName = searchDN(user, env);
}
DirContext ctx = null;
try {
if (!dnformat) {
logger.log(Logger.INFO, br.getKString(BrokerResources.I_AUTHENTICATE_USER_AS, user, dnName));
} else {
logger.log(Logger.INFO, br.getKString(BrokerResources.I_AUTHENTICATE_AS_USER, dnName, user));
}
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, dnName);
env.put(Context.SECURITY_CREDENTIALS, userpwd);
try {
ctx = new InitialDirContext(env);
ctx.close();
Subject subject = new Subject();
subject.getPrincipals().add(new MQUser(user));
try {
findGroups(dnName, subject);
} catch (NamingException e) {
String emsg = Globals.getBrokerResources().getKString(BrokerResources.X_LDAP_GROUP_SEARCH_ERROR, user + " [" + dnName + "]");
logger.logStack(Logger.ERROR, emsg, e);
throw new LoginException(emsg + ":" + e.getMessage());
}
return subject;
} catch (javax.naming.AuthenticationException e) {
if (DEBUG) {
logger.log(Logger.INFO, e.getMessage(), e);
}
throw new FailedLoginException(e.getMessage());
}
} catch (Exception e) {
if (e instanceof FailedLoginException) {
throw (FailedLoginException) e;
}
if (e instanceof LoginException) {
throw (LoginException) e;
}
String emsg = null;
if (e instanceof NamingException) {
emsg = ((NamingException) e).toString(true);
} else {
emsg = e.toString();
}
logger.logStack(Logger.ERROR, emsg, e);
throw new LoginException(emsg);
} finally {
try {
if (ctx != null) {
ctx.close();
}
} catch (NamingException ne) {
/* ignore */
}
}
}
Also used :
InitialDirContext(javax.naming.directory.InitialDirContext)
DirContext(javax.naming.directory.DirContext)
InitialDirContext(javax.naming.directory.InitialDirContext)
MQUser(com.sun.messaging.jmq.auth.jaas.MQUser)
Subject(javax.security.auth.Subject)
LoginException(javax.security.auth.login.LoginException)
NamingException(javax.naming.NamingException)
FailedLoginException(com.sun.messaging.jmq.auth.api.FailedLoginException)
FailedLoginException(com.sun.messaging.jmq.auth.api.FailedLoginException)
LoginException(javax.security.auth.login.LoginException)
FailedLoginException(com.sun.messaging.jmq.auth.api.FailedLoginException)
NamingException(javax.naming.NamingException)
Example 3 with MQUser
use of com.sun.messaging.jmq.auth.jaas.MQUser in project openmq by eclipse-ee4j.
the class JMQBasicAuthenticationHandler method handleResponse.
/**
* @param authResponse the authentication response data. This is the AUTHENCATE_RESPONSE packet body.
* @param sequence packet sequence number
*
* @return next request data if any; null if no more request. The request data will be sent as packet body in
* AUTHENTICATE_REQUEST
*/
@Override
public synchronized byte[] handleResponse(byte[] authResponse, int sequence) throws LoginException {
if (repository == null && logout) {
throw new LoginException(Globals.getBrokerResources().getKString(BrokerResources.X_CONNECTION_LOGGEDOUT));
}
if (repository != null) {
repository.close();
}
Subject subject = null;
acc = null;
try {
ByteArrayInputStream bis = new ByteArrayInputStream(authResponse);
DataInputStream dis = new DataInputStream(bis);
String username = dis.readUTF();
BASE64Decoder decoder = new BASE64Decoder();
String pass = dis.readUTF();
String password = new String(decoder.decodeBuffer(pass), "UTF8");
dis.close();
String rep = authProps.getProperty(AccessController.PROP_AUTHENTICATION_PREFIX + getType() + AccessController.PROP_USER_REPOSITORY_SUFFIX);
if (rep == null || rep.trim().equals("")) {
throw new LoginException(Globals.getBrokerResources().getKString(BrokerResources.X_USER_REPOSITORY_NOT_DEFINED, getType()));
}
String className = authProps.getProperty(AccessController.PROP_USER_REPOSITORY_PREFIX + rep + ".class");
if (className == null) {
throw new LoginException(Globals.getBrokerResources().getKString(BrokerResources.X_USER_REPOSITORY_CLASS_NOT_DEFINED, rep, getType()));
}
repository = (UserRepository) Class.forName(className).getDeclaredConstructor().newInstance();
repository.open(getType(), authProps, cacheData);
subject = repository.findMatch(username, password, null, getMatchType());
cacheData = repository.getCacheData();
if (subject == null) {
FailedLoginException ex = new FailedLoginException(Globals.getBrokerResources().getKString(BrokerResources.X_FORBIDDEN, username));
ex.setUser(username);
throw ex;
}
acc = new JMQAccessControlContext(new MQUser(username), subject, authProps);
return null;
} catch (ClassNotFoundException e) {
throw new LoginException(Globals.getBrokerResources().getString(BrokerResources.X_INTERNAL_EXCEPTION, "ClassNotFoundException: " + e.getMessage()));
} catch (IOException e) {
throw new LoginException(Globals.getBrokerResources().getString(BrokerResources.X_INTERNAL_EXCEPTION, "IOException: " + e.getMessage()));
} catch (InstantiationException e) {
throw new LoginException(Globals.getBrokerResources().getString(BrokerResources.X_INTERNAL_EXCEPTION, "InstantiationException: " + e.getMessage()));
} catch (IllegalAccessException e) {
throw new LoginException(Globals.getBrokerResources().getString(BrokerResources.X_INTERNAL_EXCEPTION, "IllegalAccessException: " + e.getMessage()));
} catch (ClassCastException e) {
throw new LoginException(Globals.getBrokerResources().getString(BrokerResources.X_INTERNAL_EXCEPTION, "ClassCastException: " + e.getMessage()));
} catch (NoSuchMethodException e) {
throw new LoginException(Globals.getBrokerResources().getString(BrokerResources.X_INTERNAL_EXCEPTION, "NoSuchMethodException: " + e.getMessage()));
} catch (InvocationTargetException e) {
throw new LoginException(Globals.getBrokerResources().getString(BrokerResources.X_INTERNAL_EXCEPTION, "InvocationTargetException: " + e.getMessage()));
}
}
Also used :
MQUser(com.sun.messaging.jmq.auth.jaas.MQUser)
Subject(javax.security.auth.Subject)
InvocationTargetException(java.lang.reflect.InvocationTargetException)
FailedLoginException(com.sun.messaging.jmq.auth.api.FailedLoginException)
LoginException(javax.security.auth.login.LoginException)
FailedLoginException(com.sun.messaging.jmq.auth.api.FailedLoginException)
BASE64Decoder(com.sun.messaging.jmq.util.BASE64Decoder)
Example 4 with MQUser
use of com.sun.messaging.jmq.auth.jaas.MQUser in project openmq by eclipse-ee4j.
the class JMQFileUserRepository method getSubject.
private Subject getSubject(String user, HashMap userRTable) {
Subject subject = null;
final String rolestr = (String) userRTable.get(user);
final String tempUser = user;
subject = (Subject) java.security.AccessController.doPrivileged(new PrivilegedAction<Object>() {
@Override
public Object run() {
Subject tempSubject = new Subject();
tempSubject.getPrincipals().add(new MQUser(tempUser));
if (rolestr != null && !rolestr.trim().equals("")) {
tempSubject.getPrincipals().add(new MQGroup(rolestr));
}
if (rolestr != null && rolestr.equals(ADMINGROUP)) {
tempSubject.getPrincipals().add(new MQAdminGroup(ADMINGROUP));
}
return tempSubject;
}
});
return subject;
}
Also used :
MQAdminGroup(com.sun.messaging.jmq.auth.jaas.MQAdminGroup)
MQUser(com.sun.messaging.jmq.auth.jaas.MQUser)
MQGroup(com.sun.messaging.jmq.auth.jaas.MQGroup)
Subject(javax.security.auth.Subject)
Example 5 with MQUser
use of com.sun.messaging.jmq.auth.jaas.MQUser in project openmq by eclipse-ee4j.
the class JMQAdminKeyAuthenticationHandler method handleResponse.
/**
* @param authResponse the authentication response data. This is the AUTHENCATE_RESPONSE packet body.
* @param sequence packet sequence number
*
* @return next request data if any; null if no more request. The request data will be sent as packet body in
* AUTHENTICATE_REQUEST
*/
@Override
public byte[] handleResponse(byte[] authResponse, int sequence) throws LoginException {
Subject subject = null;
acc = null;
if (authProps == null) {
throw new LoginException(Globals.getBrokerResources().getKString(BrokerResources.X_ILLEGAL_AUTHSTATE, getType()));
}
try {
ByteArrayInputStream bis = new ByteArrayInputStream(authResponse);
DataInputStream dis = new DataInputStream(bis);
String username = dis.readUTF();
BASE64Decoder decoder = new BASE64Decoder();
String pass = dis.readUTF();
String password = new String(decoder.decodeBuffer(pass), "UTF8");
dis.close();
String adminkey = authProps.getProperty(AccessController.PROP_ADMINKEY);
if (DEBUG) {
logger.log(Logger.DEBUG, AccessController.PROP_ADMINKEY + ":" + adminkey + ":" + " password:" + password + ":");
}
if (adminkey != null) {
if (username.equals(ADMINKEYNAME) && password.equals(adminkey)) {
final String tempUserName = username;
subject = (Subject) java.security.AccessController.doPrivileged(new PrivilegedAction<Object>() {
@Override
public Object run() {
Subject tempSubject = new Subject();
tempSubject.getPrincipals().add(new MQUser(tempUserName));
tempSubject.getPrincipals().add(new MQAdminGroup(ADMINKEYNAME));
return tempSubject;
}
});
/*
* // subject = new Subject(); // subject.getPrincipals().add(new MQUser(username)); // subject.getPrincipals().add(new
* MQAdminGroup(ADMINKEYNAME));
*/
acc = new JMQAccessControlContext(new MQUser(username), subject, authProps);
return null;
}
FailedLoginException ex = new FailedLoginException(Globals.getBrokerResources().getKString(BrokerResources.X_FORBIDDEN, username));
ex.setUser(username);
throw ex;
}
throw new LoginException(Globals.getBrokerResources().getKString(BrokerResources.X_ADMINKEY_NOT_EXIST));
} catch (IOException e) {
throw new LoginException(Globals.getBrokerResources().getString(BrokerResources.X_INTERNAL_EXCEPTION, "IOException: " + e.getMessage()));
}
}
Also used :
MQUser(com.sun.messaging.jmq.auth.jaas.MQUser)
Subject(javax.security.auth.Subject)
FailedLoginException(com.sun.messaging.jmq.auth.api.FailedLoginException)
LoginException(javax.security.auth.login.LoginException)
FailedLoginException(com.sun.messaging.jmq.auth.api.FailedLoginException)
MQAdminGroup(com.sun.messaging.jmq.auth.jaas.MQAdminGroup)
BASE64Decoder(com.sun.messaging.jmq.util.BASE64Decoder)
Aggregations
MQUser (com.sun.messaging.jmq.auth.jaas.MQUser)5
Subject (javax.security.auth.Subject)5
FailedLoginException (com.sun.messaging.jmq.auth.api.FailedLoginException)4
LoginException (javax.security.auth.login.LoginException)4
MQAdminGroup (com.sun.messaging.jmq.auth.jaas.MQAdminGroup)2
BASE64Decoder (com.sun.messaging.jmq.util.BASE64Decoder)2
InvocationTargetException (java.lang.reflect.InvocationTargetException)2
UserRepository (com.sun.messaging.jmq.auth.api.server.model.UserRepository)1
MQGroup (com.sun.messaging.jmq.auth.jaas.MQGroup)1
NamingException (javax.naming.NamingException)1
DirContext (javax.naming.directory.DirContext)1
InitialDirContext (javax.naming.directory.InitialDirContext)1
