use of javax.ejb.EJBAccessException in project wildfly by wildfly.
the class RunAsPrincipalTestCase method testRunAsPrincipal.
@Test
public void testRunAsPrincipal() throws Exception {
WhoAmI bean = lookupCallerRunAsPrincipal();
try {
String actual = bean.getCallerPrincipal();
Assert.fail("Expected EJBAccessException and it was get identity: " + actual);
} catch (EJBAccessException e) {
// good
}
}
use of javax.ejb.EJBAccessException in project wildfly by wildfly.
the class WhoAmIServlet method doGet.
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
Writer writer = resp.getWriter();
String method = req.getParameter("method");
String username = req.getParameter("username");
String password = req.getParameter("password");
String role = req.getParameter("role");
if ("whoAmI".equals(method)) {
LoginContext lc = null;
try {
if (username != null && password != null) {
lc = getCLMLoginContext(username, password);
lc.login();
}
try {
writer.write(bean.whoAmI());
} finally {
if (lc != null) {
lc.logout();
}
}
} catch (LoginException le) {
throw new IOException("Unexpected failure", le);
}
} else if ("doubleWhoAmI".equals(method)) {
String[] response;
try {
if (username != null && password != null) {
response = bean.doubleWhoAmI(username, password);
} else {
response = bean.doubleWhoAmI();
}
} catch (EJBAccessException e) {
resp.sendError(HttpServletResponse.SC_FORBIDDEN, e.toString());
return;
} catch (LoginException e) {
throw new ServletException("Unexpected failure", e);
}
writer.write(response[0] + "," + response[1]);
} else if ("doIHaveRole".equals(method)) {
LoginContext lc = null;
try {
if (username != null && password != null) {
lc = getCLMLoginContext(username, password);
lc.login();
}
try {
writer.write(String.valueOf(bean.doIHaveRole(role)));
} finally {
if (lc != null) {
lc.logout();
}
}
} catch (LoginException le) {
throw new IOException("Unexpected failure", le);
}
} else if ("doubleDoIHaveRole".equals(method)) {
try {
boolean[] response = null;
if (username != null && password != null) {
response = bean.doubleDoIHaveRole(role, username, password);
} else {
response = bean.doubleDoIHaveRole(role);
}
writer.write(String.valueOf(response[0]) + "," + String.valueOf(response[1]));
} catch (Exception e) {
throw new ServletException("Unexpected Failure", e);
}
} else {
throw new IllegalArgumentException("Parameter 'method' either missing or invalid method='" + method + "'");
}
}
use of javax.ejb.EJBAccessException in project wildfly by wildfly.
the class AuthenticationTestCase method testAuthentication_BadPwd.
@Test
@Ignore("[WFLY-7778] EJB identity propagation does not work with Elytron")
public void testAuthentication_BadPwd() throws Exception {
LoginContext lc = Util.getCLMLoginContext("user1", "wrong_password");
lc.login();
try {
entryBean.whoAmI();
fail("Expected EJBAccessException due to bad password not thrown. (EJB 3.1 FR 17.6.9)");
} catch (EJBAccessException ignored) {
} finally {
lc.logout();
}
}
use of javax.ejb.EJBAccessException in project wildfly by wildfly.
the class AuthenticationTestCase method testAuthentication_TwoBeans_ReAuth_BadPwd.
// TODO - Similar test with first bean @RunAs - does it make sense to also manually switch?
@Test
@Ignore("[WFLY-7778] EJB identity propagation does not work with Elytron")
public void testAuthentication_TwoBeans_ReAuth_BadPwd() throws Exception {
LoginContext lc = Util.getCLMLoginContext("user1", "password1");
lc.login();
try {
entryBean.doubleWhoAmI("user2", "wrong_password");
fail("Expected EJBAccessException due to bad password not thrown. (EJB 3.1 FR 17.6.9)");
} catch (EJBAccessException ignored) {
} finally {
lc.logout();
}
}
use of javax.ejb.EJBAccessException in project wildfly by wildfly.
the class ServerSecurityInterceptor method aroundInvoke.
@AroundInvoke
public Object aroundInvoke(final InvocationContext invocationContext) throws Exception {
Principal desiredUser = null;
UserPrincipal connectionUser = null;
Map<String, Object> contextData = invocationContext.getContextData();
if (contextData.containsKey(DELEGATED_USER_KEY)) {
desiredUser = new SimplePrincipal((String) contextData.get(DELEGATED_USER_KEY));
Collection<Principal> principals = ConnectionSecurityContext.getConnectionPrincipals();
if (principals != null) {
for (Principal current : principals) {
if (current instanceof UserPrincipal) {
connectionUser = (UserPrincipal) current;
break;
}
}
} else {
throw new IllegalStateException("Delegation user requested but no user on connection found.");
}
}
ContextStateCache stateCache = null;
try {
if (desiredUser != null && connectionUser != null && (desiredUser.getName().equals(connectionUser.getName()) == false)) {
try {
// The final part of this check is to verify that the change does actually indicate a change in user.
// We have been requested to switch user and have successfully identified the user from the connection
// so now we attempt the switch.
stateCache = ConnectionSecurityContext.pushIdentity(desiredUser, new CurrentUserCredential(connectionUser.getName()));
} catch (Exception e) {
LOGGER.error("Failed to switch security context for user", e);
// Don't propagate the exception stacktrace back to the client for security reasons
throw new EJBAccessException("Unable to attempt switching of user.");
}
}
return invocationContext.proceed();
} finally {
// switch back to original security context
if (stateCache != null) {
ConnectionSecurityContext.popIdentity(stateCache);
}
}
}
Aggregations