Search in sources :

Example 1 with EJBAccessException

use of javax.ejb.EJBAccessException in project wildfly by wildfly.

the class RunAsPrincipalTestCase method testRunAsPrincipal.

@Test
public void testRunAsPrincipal() throws Exception {
    WhoAmI bean = lookupCallerRunAsPrincipal();
    try {
        String actual = bean.getCallerPrincipal();
        Assert.fail("Expected EJBAccessException and it was get identity: " + actual);
    } catch (EJBAccessException e) {
    // good
    }
}
Also used : WhoAmI(org.jboss.as.test.integration.ejb.security.runasprincipal.WhoAmI) EJBAccessException(javax.ejb.EJBAccessException) Test(org.junit.Test)

Example 2 with EJBAccessException

use of javax.ejb.EJBAccessException in project wildfly by wildfly.

the class WhoAmIServlet method doGet.

@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
    Writer writer = resp.getWriter();
    String method = req.getParameter("method");
    String username = req.getParameter("username");
    String password = req.getParameter("password");
    String role = req.getParameter("role");
    if ("whoAmI".equals(method)) {
        LoginContext lc = null;
        try {
            if (username != null && password != null) {
                lc = getCLMLoginContext(username, password);
                lc.login();
            }
            try {
                writer.write(bean.whoAmI());
            } finally {
                if (lc != null) {
                    lc.logout();
                }
            }
        } catch (LoginException le) {
            throw new IOException("Unexpected failure", le);
        }
    } else if ("doubleWhoAmI".equals(method)) {
        String[] response;
        try {
            if (username != null && password != null) {
                response = bean.doubleWhoAmI(username, password);
            } else {
                response = bean.doubleWhoAmI();
            }
        } catch (EJBAccessException e) {
            resp.sendError(HttpServletResponse.SC_FORBIDDEN, e.toString());
            return;
        } catch (LoginException e) {
            throw new ServletException("Unexpected failure", e);
        }
        writer.write(response[0] + "," + response[1]);
    } else if ("doIHaveRole".equals(method)) {
        LoginContext lc = null;
        try {
            if (username != null && password != null) {
                lc = getCLMLoginContext(username, password);
                lc.login();
            }
            try {
                writer.write(String.valueOf(bean.doIHaveRole(role)));
            } finally {
                if (lc != null) {
                    lc.logout();
                }
            }
        } catch (LoginException le) {
            throw new IOException("Unexpected failure", le);
        }
    } else if ("doubleDoIHaveRole".equals(method)) {
        try {
            boolean[] response = null;
            if (username != null && password != null) {
                response = bean.doubleDoIHaveRole(role, username, password);
            } else {
                response = bean.doubleDoIHaveRole(role);
            }
            writer.write(String.valueOf(response[0]) + "," + String.valueOf(response[1]));
        } catch (Exception e) {
            throw new ServletException("Unexpected Failure", e);
        }
    } else {
        throw new IllegalArgumentException("Parameter 'method' either missing or invalid method='" + method + "'");
    }
}
Also used : ServletException(javax.servlet.ServletException) LoginContext(javax.security.auth.login.LoginContext) Util.getCLMLoginContext(org.jboss.as.test.shared.integration.ejb.security.Util.getCLMLoginContext) LoginException(javax.security.auth.login.LoginException) IOException(java.io.IOException) Writer(java.io.Writer) EJBAccessException(javax.ejb.EJBAccessException) LoginException(javax.security.auth.login.LoginException) ServletException(javax.servlet.ServletException) IOException(java.io.IOException) EJBAccessException(javax.ejb.EJBAccessException)

Example 3 with EJBAccessException

use of javax.ejb.EJBAccessException in project wildfly by wildfly.

the class AuthenticationTestCase method testAuthentication_BadPwd.

@Test
@Ignore("[WFLY-7778] EJB identity propagation does not work with Elytron")
public void testAuthentication_BadPwd() throws Exception {
    LoginContext lc = Util.getCLMLoginContext("user1", "wrong_password");
    lc.login();
    try {
        entryBean.whoAmI();
        fail("Expected EJBAccessException due to bad password not thrown. (EJB 3.1 FR 17.6.9)");
    } catch (EJBAccessException ignored) {
    } finally {
        lc.logout();
    }
}
Also used : LoginContext(javax.security.auth.login.LoginContext) EJBAccessException(javax.ejb.EJBAccessException) Ignore(org.junit.Ignore) Test(org.junit.Test)

Example 4 with EJBAccessException

use of javax.ejb.EJBAccessException in project wildfly by wildfly.

the class AuthenticationTestCase method testAuthentication_TwoBeans_ReAuth_BadPwd.

// TODO - Similar test with first bean @RunAs - does it make sense to also manually switch?
@Test
@Ignore("[WFLY-7778] EJB identity propagation does not work with Elytron")
public void testAuthentication_TwoBeans_ReAuth_BadPwd() throws Exception {
    LoginContext lc = Util.getCLMLoginContext("user1", "password1");
    lc.login();
    try {
        entryBean.doubleWhoAmI("user2", "wrong_password");
        fail("Expected EJBAccessException due to bad password not thrown. (EJB 3.1 FR 17.6.9)");
    } catch (EJBAccessException ignored) {
    } finally {
        lc.logout();
    }
}
Also used : LoginContext(javax.security.auth.login.LoginContext) EJBAccessException(javax.ejb.EJBAccessException) Ignore(org.junit.Ignore) Test(org.junit.Test)

Example 5 with EJBAccessException

use of javax.ejb.EJBAccessException in project wildfly by wildfly.

the class ServerSecurityInterceptor method aroundInvoke.

@AroundInvoke
public Object aroundInvoke(final InvocationContext invocationContext) throws Exception {
    Principal desiredUser = null;
    UserPrincipal connectionUser = null;
    Map<String, Object> contextData = invocationContext.getContextData();
    if (contextData.containsKey(DELEGATED_USER_KEY)) {
        desiredUser = new SimplePrincipal((String) contextData.get(DELEGATED_USER_KEY));
        Collection<Principal> principals = ConnectionSecurityContext.getConnectionPrincipals();
        if (principals != null) {
            for (Principal current : principals) {
                if (current instanceof UserPrincipal) {
                    connectionUser = (UserPrincipal) current;
                    break;
                }
            }
        } else {
            throw new IllegalStateException("Delegation user requested but no user on connection found.");
        }
    }
    ContextStateCache stateCache = null;
    try {
        if (desiredUser != null && connectionUser != null && (desiredUser.getName().equals(connectionUser.getName()) == false)) {
            try {
                // The final part of this check is to verify that the change does actually indicate a change in user.
                // We have been requested to switch user and have successfully identified the user from the connection
                // so now we attempt the switch.
                stateCache = ConnectionSecurityContext.pushIdentity(desiredUser, new CurrentUserCredential(connectionUser.getName()));
            } catch (Exception e) {
                LOGGER.error("Failed to switch security context for user", e);
                // Don't propagate the exception stacktrace back to the client for security reasons
                throw new EJBAccessException("Unable to attempt switching of user.");
            }
        }
        return invocationContext.proceed();
    } finally {
        // switch back to original security context
        if (stateCache != null) {
            ConnectionSecurityContext.popIdentity(stateCache);
        }
    }
}
Also used : IllegalStateException(javax.resource.spi.IllegalStateException) ContextStateCache(org.jboss.as.security.api.ContextStateCache) CurrentUserCredential(org.jboss.as.test.integration.ejb.container.interceptor.security.CurrentUserCredential) UserPrincipal(org.jboss.as.core.security.api.UserPrincipal) Principal(java.security.Principal) SimplePrincipal(org.jboss.security.SimplePrincipal) UserPrincipal(org.jboss.as.core.security.api.UserPrincipal) SimplePrincipal(org.jboss.security.SimplePrincipal) EJBAccessException(javax.ejb.EJBAccessException) IllegalStateException(javax.resource.spi.IllegalStateException) EJBAccessException(javax.ejb.EJBAccessException) AroundInvoke(javax.interceptor.AroundInvoke)

Aggregations

EJBAccessException (javax.ejb.EJBAccessException)42 Test (org.junit.Test)26 LoginContext (javax.security.auth.login.LoginContext)16 Context (javax.naming.Context)11 InitialContext (javax.naming.InitialContext)11 OpenEJBException (org.apache.openejb.OpenEJBException)5 Principal (java.security.Principal)4 NamingException (javax.naming.NamingException)4 ApplicationException (org.apache.openejb.ApplicationException)4 IOException (java.io.IOException)3 Method (java.lang.reflect.Method)3 Properties (java.util.Properties)3 EJBHome (javax.ejb.EJBHome)3 EJBLocalHome (javax.ejb.EJBLocalHome)3 EJBLocalObject (javax.ejb.EJBLocalObject)3 EJBObject (javax.ejb.EJBObject)3 LoginException (javax.security.auth.login.LoginException)3 ServletException (javax.servlet.ServletException)3 BeanContext (org.apache.openejb.BeanContext)3 ThreadContext (org.apache.openejb.core.ThreadContext)3