Example 1 with PasswordCredential
use of javax.resource.spi.security.PasswordCredential in project cxf by apache.
the class ManagedConnectionImplTest method testGetConnectionWithSubject.
@Test
public void testGetConnectionWithSubject() throws ResourceException {
String user = new String("user");
char[] password = { 'a', 'b', 'c' };
PasswordCredential creds = new PasswordCredential(user, password);
creds.setManagedConnectionFactory(factory);
subj.getPrivateCredentials().add(creds);
Object o = mci.getConnection(subj, cri);
verifyProxyInterceptors(o);
}
Also used :
PasswordCredential(javax.resource.spi.security.PasswordCredential)
Test(org.junit.Test)
Example 2 with PasswordCredential
use of javax.resource.spi.security.PasswordCredential in project teiid by teiid.
the class PassthroughIdentityLoginModule method commit.
@Override
public boolean commit() throws LoginException {
// Put the principal name into the sharedState map
// $NON-NLS-1$
sharedState.put("javax.security.auth.login.name", userName);
if (this.addPrincipal) {
subject.getPrincipals().add(getIdentity());
// Add the PasswordCredential
if (this.password != null) {
PasswordCredential cred = new PasswordCredential(userName, password);
SecurityActions.addCredentials(subject, cred);
}
}
if (this.callerSubject != null) {
GSSCredential rawCredential = getGssCredential(this.callerSubject);
if (rawCredential != null) {
log.trace("Kerberos passthough mechanism in works");
this.storedCredential = wrapGssCredential ? wrapCredential(rawCredential) : rawCredential;
this.intermediateSubject = GSSUtil.createGssSubject(rawCredential, storedCredential);
if (this.intermediateSubject == null) {
throw new LoginException(IntegrationPlugin.Util.gs(IntegrationPlugin.Event.TEIID50108));
}
log.tracef("created a subject from deletegate credential");
makeCopy(intermediateSubject, this.subject);
log.tracef("Copied contents of temporary Subject to Subject from the LoginContext");
addPrivateCredential(this.subject, storedCredential);
log.trace("Also add the GSSCredential to the Subject");
} else {
makeCopy(this.callerSubject, this.subject);
}
}
addPrivateCredential(this.subject, this.properties);
log.trace("Adding module option properties as private credential");
// if oauth credential available in calling context then add the OAuthCredential.
if (OAuthCredentialContext.getCredential() != null) {
addPrivateCredential(this.subject, OAuthCredentialContext.getCredential());
log.trace("Adding OAuth credential as private credential");
}
return true;
}
Also used :
GSSCredential(org.ietf.jgss.GSSCredential)
PasswordCredential(javax.resource.spi.security.PasswordCredential)
LoginException(javax.security.auth.login.LoginException)
Example 3 with PasswordCredential
use of javax.resource.spi.security.PasswordCredential in project activemq-artemis by apache.
the class ActiveMQRACredential method getCredential.
/**
* Get credentials
*
* @param mcf The managed connection factory
* @param subject The subject
* @param info The connection request info
* @return The credentials
* @throws SecurityException Thrown if the credentials can't be retrieved
*/
public static ActiveMQRACredential getCredential(final ManagedConnectionFactory mcf, final Subject subject, final ConnectionRequestInfo info) throws SecurityException {
if (ActiveMQRACredential.trace) {
ActiveMQRALogger.LOGGER.trace("getCredential(" + mcf + ", " + subject + ", " + info + ")");
}
ActiveMQRACredential jc = new ActiveMQRACredential();
if (subject == null && info != null) {
jc.setUserName(((ActiveMQRAConnectionRequestInfo) info).getUserName());
jc.setPassword(((ActiveMQRAConnectionRequestInfo) info).getPassword());
} else if (subject != null) {
PasswordCredential pwdc = GetCredentialAction.getCredential(subject, mcf);
if (pwdc == null) {
throw new SecurityException("No password credentials found");
}
jc.setUserName(pwdc.getUserName());
jc.setPassword(new String(pwdc.getPassword()));
} else {
throw new SecurityException("No Subject or ConnectionRequestInfo set, could not get credentials");
}
return jc;
}
Also used :
PasswordCredential(javax.resource.spi.security.PasswordCredential)
SecurityException(javax.resource.spi.SecurityException)
Example 4 with PasswordCredential
use of javax.resource.spi.security.PasswordCredential in project wildfly by wildfly.
the class ElytronCallbackHandler method handleInternal.
protected void handleInternal(final CallerPrincipalCallback callerPrincipalCallback, final GroupPrincipalCallback groupPrincipalCallback, final PasswordValidationCallback passwordValidationCallback) throws IOException {
if (this.executionSubject == null) {
throw SUBSYSTEM_RA_LOGGER.executionSubjectNotSetInHandler();
}
SecurityIdentity identity = this.securityDomain.getAnonymousSecurityIdentity();
// establish the caller principal using the info from the callback.
Principal callerPrincipal = null;
if (callerPrincipalCallback != null) {
Principal callbackPrincipal = callerPrincipalCallback.getPrincipal();
callerPrincipal = callbackPrincipal != null ? new NamePrincipal(callbackPrincipal.getName()) : callerPrincipalCallback.getName() != null ? new NamePrincipal(callerPrincipalCallback.getName()) : null;
}
// a null principal is the ra contract for requiring the use of the unauthenticated identity - no point in attempting to authenticate.
if (callerPrincipal != null) {
// check if we have a username/password pair to authenticate - first try the password validation callback.
if (passwordValidationCallback != null) {
final String username = passwordValidationCallback.getUsername();
final char[] password = passwordValidationCallback.getPassword();
try {
identity = this.authenticate(username, password);
// add a password credential to the execution subject and set the successful result in the callback.
this.addPrivateCredential(this.executionSubject, new PasswordCredential(username, password));
passwordValidationCallback.setResult(true);
} catch (SecurityException e) {
passwordValidationCallback.setResult(false);
return;
}
} else {
// identity not established using the callback - check if the execution subject contains a password credential.
PasswordCredential passwordCredential = this.getPrivateCredential(this.executionSubject, PasswordCredential.class);
if (passwordCredential != null) {
try {
identity = this.authenticate(passwordCredential.getUserName(), passwordCredential.getPassword());
} catch (SecurityException e) {
return;
}
} else {
identity = securityDomain.createAdHocIdentity(callerPrincipal);
}
}
// is different from the identity principal and switch to the caller principal identity if needed.
if (!callerPrincipal.equals(identity.getPrincipal())) {
identity = identity.createRunAsIdentity(callerPrincipal.getName());
}
// if we have new roles coming from the group callback, set a new mapper in the identity.
if (groupPrincipalCallback != null) {
String[] groups = groupPrincipalCallback.getGroups();
if (groups != null) {
Set<String> roles = new HashSet<>(Arrays.asList(groups));
// TODO what category should we use here?
identity = identity.withRoleMapper(ElytronSecurityIntegration.SECURITY_IDENTITY_ROLE, RoleMapper.constant(Roles.fromSet(roles)));
}
}
}
// set the authenticated identity as a private credential in the subject.
this.executionSubject.getPrincipals().add(identity.getPrincipal());
this.addPrivateCredential(executionSubject, identity);
}
Also used :
SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity)
NamePrincipal(org.wildfly.security.auth.principal.NamePrincipal)
PasswordCredential(javax.resource.spi.security.PasswordCredential)
NamePrincipal(org.wildfly.security.auth.principal.NamePrincipal)
Principal(java.security.Principal)
HashSet(java.util.HashSet)
Example 5 with PasswordCredential
use of javax.resource.spi.security.PasswordCredential in project wildfly by wildfly.
the class ElytronSubjectFactory method createSubject.
/**
* Create a {@link Subject} with the principal and password credential obtained from the authentication configuration
* that matches the target {@link URI}.
*
* @param authenticationContext the {@link AuthenticationContext} used to select a configuration that matches the
* target {@link URI}.
* @return the constructed {@link Subject}. It contains a single principal and a {@link PasswordCredential}.
*/
private Subject createSubject(final AuthenticationContext authenticationContext) {
final AuthenticationConfiguration configuration = AUTH_CONFIG_CLIENT.getAuthenticationConfiguration(this.targetURI, authenticationContext);
final CallbackHandler handler = AUTH_CONFIG_CLIENT.getCallbackHandler(configuration);
final NameCallback nameCallback = new NameCallback("Username: ");
final PasswordCallback passwordCallback = new PasswordCallback("Password: ", false);
final CredentialCallback credentialCallback = new CredentialCallback(GSSKerberosCredential.class);
try {
handler.handle(new Callback[] { nameCallback, passwordCallback, credentialCallback });
Subject subject = new Subject();
// if a GSSKerberosCredential was found, add the enclosed GSSCredential and KerberosTicket to the private set in the Subject.
if (credentialCallback.getCredential() != null) {
GSSKerberosCredential kerberosCredential = GSSKerberosCredential.class.cast(credentialCallback.getCredential());
this.addPrivateCredential(subject, kerberosCredential.getKerberosTicket());
this.addPrivateCredential(subject, kerberosCredential.getGssCredential());
// use the GSSName to build a kerberos principal and set it in the Subject.
GSSName gssName = kerberosCredential.getGssCredential().getName();
subject.getPrincipals().add(new KerberosPrincipal(gssName.toString()));
}
// use the name from the callback, if available, to build a principal and set it in the Subject.
if (nameCallback.getName() != null) {
subject.getPrincipals().add(new NamePrincipal(nameCallback.getName()));
}
// use the password from the callback, if available, to build a credential and set it as a private credential in the Subject.
if (passwordCallback.getPassword() != null) {
this.addPrivateCredential(subject, new PasswordCredential(nameCallback.getName(), passwordCallback.getPassword()));
}
return subject;
} catch (Exception e) {
throw new SecurityException(e);
}
}
Also used :
AuthenticationConfiguration(org.wildfly.security.auth.client.AuthenticationConfiguration)
GSSName(org.ietf.jgss.GSSName)
KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal)
CallbackHandler(javax.security.auth.callback.CallbackHandler)
NamePrincipal(org.wildfly.security.auth.principal.NamePrincipal)
PasswordCredential(javax.resource.spi.security.PasswordCredential)
CredentialCallback(org.wildfly.security.auth.callback.CredentialCallback)
Subject(javax.security.auth.Subject)
GSSKerberosCredential(org.wildfly.security.credential.GSSKerberosCredential)
NameCallback(javax.security.auth.callback.NameCallback)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
Aggregations
PasswordCredential (javax.resource.spi.security.PasswordCredential)16
DataSourceObjectBuilder (com.sun.gjc.common.DataSourceObjectBuilder)4
SQLException (java.sql.SQLException)4
ResourceException (javax.resource.ResourceException)4
Subject (javax.security.auth.Subject)4
StringManager (com.sun.enterprise.util.i18n.StringManager)3
Principal (java.security.Principal)3
ResourceAllocationException (javax.resource.spi.ResourceAllocationException)3
ResourcePrincipal (com.sun.enterprise.deployment.ResourcePrincipal)2
Properties (java.util.Properties)2
NamingException (javax.naming.NamingException)2
ManagedConnection (javax.resource.spi.ManagedConnection)2
ManagedConnectionFactory (javax.resource.spi.ManagedConnectionFactory)2
XAResource (javax.transaction.xa.XAResource)2
PoolInfo (org.glassfish.resourcebase.resources.api.PoolInfo)2
ResourceInfo (org.glassfish.resourcebase.resources.api.ResourceInfo)2
NamePrincipal (org.wildfly.security.auth.principal.NamePrincipal)2
ConnectorRuntime (com.sun.appserv.connectors.internal.api.ConnectorRuntime)1
ConnectorRuntimeException (com.sun.appserv.connectors.internal.api.ConnectorRuntimeException)1
Config (com.sun.enterprise.config.serverbeans.Config)1
