Search in sources :

Example 31 with Principal

use of java.security.Principal in project tomcat by apache.

the class TestJNDIRealm method testAuthenticateWithUserPassword.

@Test
public void testAuthenticateWithUserPassword() throws Exception {
    // GIVEN
    JNDIRealm realm = buildRealm(PASSWORD);
    realm.setUserPassword(USER_PASSWORD_ATTR);
    // WHEN
    String expectedResponse = MD5Encoder.encode(md5Helper.digest((ha1() + ":" + NONCE + ":" + HA2).getBytes()));
    Principal principal = realm.authenticate(USER, expectedResponse, NONCE, null, null, null, REALM, HA2);
    // THEN
    Assert.assertTrue(principal instanceof GenericPrincipal);
    Assert.assertEquals(PASSWORD, ((GenericPrincipal) principal).getPassword());
}
Also used : Principal(java.security.Principal) Test(org.junit.Test)

Example 32 with Principal

use of java.security.Principal in project tomcat by apache.

the class TestJNDIRealm method testAuthenticateWithUserPasswordAndCredentialHandler.

@Test
public void testAuthenticateWithUserPasswordAndCredentialHandler() throws Exception {
    // GIVEN
    JNDIRealm realm = buildRealm(ha1());
    realm.setCredentialHandler(buildCredentialHandler());
    realm.setUserPassword(USER_PASSWORD_ATTR);
    // WHEN
    String expectedResponse = MD5Encoder.encode(md5Helper.digest((ha1() + ":" + NONCE + ":" + HA2).getBytes()));
    Principal principal = realm.authenticate(USER, expectedResponse, NONCE, null, null, null, REALM, HA2);
    // THEN
    Assert.assertTrue(principal instanceof GenericPrincipal);
    Assert.assertEquals(ha1(), ((GenericPrincipal) principal).getPassword());
}
Also used : Principal(java.security.Principal) Test(org.junit.Test)

Example 33 with Principal

use of java.security.Principal in project tomcat by apache.

the class TestRealmBase method doTestDigestDigestPasswords.

private void doTestDigestDigestPasswords(String password, String digest, String digestedPassword) throws Exception {
    Context context = new TesterContext();
    TesterMapRealm realm = new TesterMapRealm();
    realm.setContainer(context);
    MessageDigestCredentialHandler ch = new MessageDigestCredentialHandler();
    ch.setAlgorithm(digest);
    realm.setCredentialHandler(ch);
    realm.start();
    realm.addUser(USER1, digestedPassword);
    Principal p = realm.authenticate(USER1, password);
    Assert.assertNotNull(p);
    Assert.assertEquals(USER1, p.getName());
}
Also used : Context(org.apache.catalina.Context) TesterContext(org.apache.tomcat.unittest.TesterContext) TesterMapRealm(org.apache.catalina.startup.TesterMapRealm) TesterContext(org.apache.tomcat.unittest.TesterContext) Principal(java.security.Principal)

Example 34 with Principal

use of java.security.Principal in project che by eclipse.

the class ServerContainerInitializeListener method createSecurityContext.

protected SecurityContext createSecurityContext(final HandshakeRequest req) {
    //todo: get somehow from request
    final boolean isSecure = false;
    final String authType = "BASIC";
    final Subject subject = EnvironmentContext.getCurrent().getSubject();
    final Principal principal = new SimplePrincipal(subject.getUserName());
    return new SecurityContext() {

        @Override
        public Principal getUserPrincipal() {
            return principal;
        }

        @Override
        public boolean isUserInRole(String role) {
            return false;
        }

        @Override
        public boolean isSecure() {
            return isSecure;
        }

        @Override
        public String getAuthenticationScheme() {
            return authType;
        }
    };
}
Also used : SecurityContext(javax.ws.rs.core.SecurityContext) SimpleSecurityContext(org.everrest.core.tools.SimpleSecurityContext) Subject(org.eclipse.che.commons.subject.Subject) SimplePrincipal(org.everrest.core.tools.SimplePrincipal) Principal(java.security.Principal) SimplePrincipal(org.everrest.core.tools.SimplePrincipal)

Example 35 with Principal

use of java.security.Principal in project dropwizard by dropwizard.

the class AuthFilter method authenticate.

/**
     * Authenticates a request with user credentials and setup the security context.
     *
     * @param requestContext the context of the request
     * @param credentials    the user credentials
     * @param scheme         the authentication scheme; one of {@code BASIC_AUTH, FORM_AUTH, CLIENT_CERT_AUTH, DIGEST_AUTH}.
     *                       See {@link SecurityContext}
     * @return {@code true}, if the request is authenticated, otherwise {@code false}
     */
protected boolean authenticate(ContainerRequestContext requestContext, C credentials, String scheme) {
    try {
        if (credentials == null) {
            return false;
        }
        final Optional<P> principal = authenticator.authenticate(credentials);
        if (!principal.isPresent()) {
            return false;
        }
        final SecurityContext securityContext = requestContext.getSecurityContext();
        final boolean secure = securityContext != null && securityContext.isSecure();
        requestContext.setSecurityContext(new SecurityContext() {

            @Override
            public Principal getUserPrincipal() {
                return principal.get();
            }

            @Override
            public boolean isUserInRole(String role) {
                return authorizer.authorize(principal.get(), role);
            }

            @Override
            public boolean isSecure() {
                return secure;
            }

            @Override
            public String getAuthenticationScheme() {
                return scheme;
            }
        });
        return true;
    } catch (AuthenticationException e) {
        logger.warn("Error authenticating credentials", e);
        throw new InternalServerErrorException();
    }
}
Also used : SecurityContext(javax.ws.rs.core.SecurityContext) InternalServerErrorException(javax.ws.rs.InternalServerErrorException) Principal(java.security.Principal)

Aggregations

Principal (java.security.Principal)931 Test (org.junit.Test)243 Subject (javax.security.auth.Subject)114 EveryonePrincipal (org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal)114 HashSet (java.util.HashSet)89 User (org.apache.jackrabbit.api.security.user.User)75 Group (org.apache.jackrabbit.api.security.user.Group)74 Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)58 Privilege (javax.jcr.security.Privilege)57 RepositoryException (javax.jcr.RepositoryException)51 IOException (java.io.IOException)50 ArrayList (java.util.ArrayList)48 HttpServletRequest (javax.servlet.http.HttpServletRequest)47 TestPrincipal (org.apache.jackrabbit.core.security.TestPrincipal)45 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)43 EveryonePrincipal (org.apache.jackrabbit.core.security.principal.EveryonePrincipal)42 PrincipalIterator (org.apache.jackrabbit.api.security.principal.PrincipalIterator)40 HashMap (java.util.HashMap)39 PrincipalImpl (org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl)39 X500Principal (javax.security.auth.x500.X500Principal)38