Search in sources :

Example 71 with Principal

use of java.security.Principal in project camel by apache.

the class NettyEndpoint method enrichWithClientCertInformation.

/**
     * Enriches the message with client certificate details such as subject name, serial number etc.
     * <p/>
     * If the certificate is unverified then the headers is not enriched.
     *
     * @param sslSession  the SSL session
     * @param message     the message to enrich
     */
protected void enrichWithClientCertInformation(SSLSession sslSession, Message message) {
    try {
        X509Certificate[] certificates = sslSession.getPeerCertificateChain();
        if (certificates != null && certificates.length > 0) {
            X509Certificate cert = certificates[0];
            Principal subject = cert.getSubjectDN();
            if (subject != null) {
                message.setHeader(NettyConstants.NETTY_SSL_CLIENT_CERT_SUBJECT_NAME, subject.getName());
            }
            Principal issuer = cert.getIssuerDN();
            if (issuer != null) {
                message.setHeader(NettyConstants.NETTY_SSL_CLIENT_CERT_ISSUER_NAME, issuer.getName());
            }
            BigInteger serial = cert.getSerialNumber();
            if (serial != null) {
                message.setHeader(NettyConstants.NETTY_SSL_CLIENT_CERT_SERIAL_NO, serial.toString());
            }
            message.setHeader(NettyConstants.NETTY_SSL_CLIENT_CERT_NOT_BEFORE, cert.getNotBefore());
            message.setHeader(NettyConstants.NETTY_SSL_CLIENT_CERT_NOT_AFTER, cert.getNotAfter());
        }
    } catch (SSLPeerUnverifiedException e) {
    // ignore
    }
}
Also used : SSLPeerUnverifiedException(javax.net.ssl.SSLPeerUnverifiedException) BigInteger(java.math.BigInteger) X509Certificate(javax.security.cert.X509Certificate) Principal(java.security.Principal)

Example 72 with Principal

use of java.security.Principal in project camel by apache.

the class JAASSecurityAuthenticator method login.

@Override
public Subject login(HttpPrincipal principal) throws LoginException {
    if (ObjectHelper.isEmpty(getName())) {
        throw new IllegalArgumentException("Realm has not been configured on this SecurityAuthenticator: " + this);
    }
    LOG.trace("Login username: {} using realm: {}", principal.getName(), getName());
    LoginContext context = new LoginContext(getName(), new HttpPrincipalCallbackHandler(principal));
    context.login();
    Subject subject = context.getSubject();
    LOG.debug("Login username: {} successful returning Subject: {}", principal.getName(), subject);
    if (LOG.isTraceEnabled()) {
        for (Principal p : subject.getPrincipals()) {
            LOG.trace("Principal on subject {} -> {}", p.getClass().getName(), p.getName());
        }
    }
    return subject;
}
Also used : LoginContext(javax.security.auth.login.LoginContext) Subject(javax.security.auth.Subject) Principal(java.security.Principal)

Example 73 with Principal

use of java.security.Principal in project camel by apache.

the class NettySSLTest method testSSLInOutWithNettyConsumer.

@Test
public void testSSLInOutWithNettyConsumer() throws Exception {
    // ibm jdks dont have sun security algorithms
    if (isJavaVendor("ibm")) {
        return;
    }
    context.addRoutes(new RouteBuilder() {

        public void configure() {
            // needClientAuth=true so we can get the client certificate details
            from("netty4:tcp://localhost:{{port}}?sync=true&ssl=true&passphrase=changeit&keyStoreFile=#ksf&trustStoreFile=#tsf&needClientAuth=true").process(new Processor() {

                public void process(Exchange exchange) throws Exception {
                    SSLSession session = exchange.getIn().getHeader(NettyConstants.NETTY_SSL_SESSION, SSLSession.class);
                    if (session != null) {
                        javax.security.cert.X509Certificate cert = session.getPeerCertificateChain()[0];
                        Principal principal = cert.getSubjectDN();
                        log.info("Client Cert SubjectDN: {}", principal.getName());
                        exchange.getOut().setBody("When You Go Home, Tell Them Of Us And Say, For Your Tomorrow, We Gave Our Today.");
                    } else {
                        exchange.getOut().setBody("Cannot start conversion without SSLSession");
                    }
                }
            });
        }
    });
    context.start();
    String response = template.requestBody("netty4:tcp://localhost:{{port}}?sync=true&ssl=true&passphrase=changeit&keyStoreFile=#ksf&trustStoreFile=#tsf", "Epitaph in Kohima, India marking the WWII Battle of Kohima and Imphal, Burma Campaign - Attributed to John Maxwell Edmonds", String.class);
    assertEquals("When You Go Home, Tell Them Of Us And Say, For Your Tomorrow, We Gave Our Today.", response);
}
Also used : Exchange(org.apache.camel.Exchange) Processor(org.apache.camel.Processor) RouteBuilder(org.apache.camel.builder.RouteBuilder) SSLSession(javax.net.ssl.SSLSession) Principal(java.security.Principal) Test(org.junit.Test)

Example 74 with Principal

use of java.security.Principal in project spring-security by spring-projects.

the class AbstractJaasAuthenticationProvider method authenticate.

/**
	 * Attempts to login the user given the Authentication objects principal and
	 * credential
	 *
	 * @param auth The Authentication object to be authenticated.
	 *
	 * @return The authenticated Authentication object, with it's grantedAuthorities set.
	 *
	 * @throws AuthenticationException This implementation does not handle 'locked' or
	 * 'disabled' accounts. This method only throws a AuthenticationServiceException, with
	 * the message of the LoginException that will be thrown, should the
	 * loginContext.login() method fail.
	 */
public Authentication authenticate(Authentication auth) throws AuthenticationException {
    if (!(auth instanceof UsernamePasswordAuthenticationToken)) {
        return null;
    }
    UsernamePasswordAuthenticationToken request = (UsernamePasswordAuthenticationToken) auth;
    Set<GrantedAuthority> authorities;
    try {
        // Create the LoginContext object, and pass our InternallCallbackHandler
        LoginContext loginContext = createLoginContext(new InternalCallbackHandler(auth));
        // Attempt to login the user, the LoginContext will call our
        // InternalCallbackHandler at this point.
        loginContext.login();
        // Create a set to hold the authorities, and add any that have already been
        // applied.
        authorities = new HashSet<GrantedAuthority>();
        // Get the subject principals and pass them to each of the AuthorityGranters
        Set<Principal> principals = loginContext.getSubject().getPrincipals();
        for (Principal principal : principals) {
            for (AuthorityGranter granter : this.authorityGranters) {
                Set<String> roles = granter.grant(principal);
                // return null.
                if ((roles != null) && !roles.isEmpty()) {
                    for (String role : roles) {
                        authorities.add(new JaasGrantedAuthority(role, principal));
                    }
                }
            }
        }
        // Convert the authorities set back to an array and apply it to the token.
        JaasAuthenticationToken result = new JaasAuthenticationToken(request.getPrincipal(), request.getCredentials(), new ArrayList<GrantedAuthority>(authorities), loginContext);
        // Publish the success event
        publishSuccessEvent(result);
        // we're done, return the token.
        return result;
    } catch (LoginException loginException) {
        AuthenticationException ase = this.loginExceptionResolver.resolveException(loginException);
        publishFailureEvent(request, ase);
        throw ase;
    }
}
Also used : AuthenticationException(org.springframework.security.core.AuthenticationException) GrantedAuthority(org.springframework.security.core.GrantedAuthority) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) LoginContext(javax.security.auth.login.LoginContext) LoginException(javax.security.auth.login.LoginException) Principal(java.security.Principal)

Example 75 with Principal

use of java.security.Principal in project spring-security by spring-projects.

the class JaasApiIntegrationFilterTests method onBeforeTests.

// ~ Methods
// ========================================================================================================
@Before
public void onBeforeTests() throws Exception {
    this.filter = new JaasApiIntegrationFilter();
    this.request = new MockHttpServletRequest();
    this.response = new MockHttpServletResponse();
    authenticatedSubject = new Subject();
    authenticatedSubject.getPrincipals().add(new Principal() {

        public String getName() {
            return "principal";
        }
    });
    authenticatedSubject.getPrivateCredentials().add("password");
    authenticatedSubject.getPublicCredentials().add("username");
    callbackHandler = new CallbackHandler() {

        public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
            for (Callback callback : callbacks) {
                if (callback instanceof NameCallback) {
                    ((NameCallback) callback).setName("user");
                } else if (callback instanceof PasswordCallback) {
                    ((PasswordCallback) callback).setPassword("password".toCharArray());
                } else if (callback instanceof TextInputCallback) {
                // ignore
                } else {
                    throw new UnsupportedCallbackException(callback, "Unrecognized Callback " + callback);
                }
            }
        }
    };
    testConfiguration = new Configuration() {

        public void refresh() {
        }

        public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
            return new AppConfigurationEntry[] { new AppConfigurationEntry(TestLoginModule.class.getName(), LoginModuleControlFlag.REQUIRED, new HashMap<String, String>()) };
        }
    };
    LoginContext ctx = new LoginContext("SubjectDoAsFilterTest", authenticatedSubject, callbackHandler, testConfiguration);
    ctx.login();
    token = new JaasAuthenticationToken("username", "password", AuthorityUtils.createAuthorityList("ROLE_ADMIN"), ctx);
    // just in case someone forgot to clear the context
    SecurityContextHolder.clearContext();
}
Also used : CallbackHandler(javax.security.auth.callback.CallbackHandler) Configuration(javax.security.auth.login.Configuration) HashMap(java.util.HashMap) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) IOException(java.io.IOException) Subject(javax.security.auth.Subject) TextInputCallback(javax.security.auth.callback.TextInputCallback) AppConfigurationEntry(javax.security.auth.login.AppConfigurationEntry) TextInputCallback(javax.security.auth.callback.TextInputCallback) PasswordCallback(javax.security.auth.callback.PasswordCallback) NameCallback(javax.security.auth.callback.NameCallback) Callback(javax.security.auth.callback.Callback) NameCallback(javax.security.auth.callback.NameCallback) LoginContext(javax.security.auth.login.LoginContext) JaasAuthenticationToken(org.springframework.security.authentication.jaas.JaasAuthenticationToken) PasswordCallback(javax.security.auth.callback.PasswordCallback) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Principal(java.security.Principal) Before(org.junit.Before)

Aggregations

Principal (java.security.Principal)931 Test (org.junit.Test)243 Subject (javax.security.auth.Subject)114 EveryonePrincipal (org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal)114 HashSet (java.util.HashSet)89 User (org.apache.jackrabbit.api.security.user.User)75 Group (org.apache.jackrabbit.api.security.user.Group)74 Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)58 Privilege (javax.jcr.security.Privilege)57 RepositoryException (javax.jcr.RepositoryException)51 IOException (java.io.IOException)50 ArrayList (java.util.ArrayList)48 HttpServletRequest (javax.servlet.http.HttpServletRequest)47 TestPrincipal (org.apache.jackrabbit.core.security.TestPrincipal)45 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)43 EveryonePrincipal (org.apache.jackrabbit.core.security.principal.EveryonePrincipal)42 PrincipalIterator (org.apache.jackrabbit.api.security.principal.PrincipalIterator)40 HashMap (java.util.HashMap)39 PrincipalImpl (org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl)39 X500Principal (javax.security.auth.x500.X500Principal)38