Examples with AuthPermission javax.security.auth.AuthPermission used on opensource projects

Example 1 with AuthPermission

use of javax.security.auth.AuthPermission in project wildfly by wildfly.

the class AuthenticationTestCase method deployment.

/*
     * Authentication Scenarios
     *
     * Client -> Bean
     * Client -> Bean -> Bean
     * Client -> Bean (Re-auth) -> Bean
     * Client -> Servlet -> Bean
     * Client -> Servlet (Re-auth) -> Bean
     * Client -> Servlet -> Bean -> Bean
     * Client -> Servlet -> Bean (Re Auth) -> Bean
     */
@Deployment
public static Archive<?> deployment() {
    final Package currentPackage = AuthenticationTestCase.class.getPackage();
    // using JavaArchive doesn't work, because of a bug in Arquillian, it only deploys wars properly
    final WebArchive war = ShrinkWrap.create(WebArchive.class, "ejb3security.war").addPackage(WhoAmIBean.class.getPackage()).addPackage(EntryBean.class.getPackage()).addClass(WhoAmI.class).addClass(Util.class).addClass(Entry.class).addClasses(WhoAmIServlet.class, AuthenticationTestCase.class).addClasses(AbstractSecurityDomainSetup.class, EjbElytronDomainSetup.class).addClass(TestSuiteEnvironment.class).addAsResource(currentPackage, "users.properties", "users.properties").addAsResource(currentPackage, "roles.properties", "roles.properties").addAsWebInfResource(currentPackage, "web.xml", "web.xml").addAsWebInfResource(currentPackage, "jboss-web.xml", "jboss-web.xml").addAsWebInfResource(currentPackage, "jboss-ejb3.xml", "jboss-ejb3.xml").addAsManifestResource(new StringAsset("Manifest-Version: 1.0\nDependencies: org.jboss.as.controller-client,org.jboss.dmr\n"), "MANIFEST.MF").addAsManifestResource(createPermissionsXmlAsset(// login module needs to modify principal to commit logging in
    new AuthPermission("modifyPrincipals"), // AuthenticationTestCase#testAuthenticatedCall calls org.jboss.security.client.JBossSecurityClient#performSimpleLogin
    new RuntimePermission("org.jboss.security.getSecurityContext"), new RuntimePermission("org.jboss.security.SecurityContextFactory.createSecurityContext"), new RuntimePermission("org.jboss.security.SecurityContextFactory.createUtil"), new RuntimePermission("org.jboss.security.plugins.JBossSecurityContext.setSubjectInfo"), new RuntimePermission("org.jboss.security.setSecurityContext"), // AuthenticationTestCase#execute calls ExecutorService#shutdownNow
    new RuntimePermission("modifyThread"), // AuthenticationTestCase#execute calls sun.net.www.http.HttpClient#openServer under the hood
    new SocketPermission(SERVER_HOST_PORT, "connect,resolve"), // TestSuiteEnvironment reads system properties
    new PropertyPermission("management.address", "read"), new PropertyPermission("node0", "read"), new PropertyPermission("jboss.http.port", "read")), "permissions.xml");
    war.addPackage(CommonCriteria.class.getPackage());
    return war;
}

Example 2 with AuthPermission

use of javax.security.auth.AuthPermission in project wildfly by wildfly.

the class CustomLoginModuleTestCase method create.

/**
     * Base method to create a {@link WebArchive}
     *
     * @param name         Name of the war file
     * @param servletClass a class that is the servlet
     * @return
     */
public static WebArchive create(String name, Class<?> servletClass) {
    WebArchive war = ShrinkWrap.create(WebArchive.class, name);
    war.addClass(servletClass);
    war.addAsWebResource(CustomLoginModuleTestCase.class.getPackage(), "login.jsp", "login.jsp");
    war.addAsWebResource(CustomLoginModuleTestCase.class.getPackage(), "error.jsp", "error.jsp");
    war.addAsWebInfResource(CustomLoginModuleTestCase.class.getPackage(), "jboss-web.xml", "jboss-web.xml");
    war.setWebXML(CustomLoginModuleTestCase.class.getPackage(), "web.xml");
    war.addClass(CustomTestLoginModule.class);
    war.addAsManifestResource(createPermissionsXmlAsset(new AuthPermission("modifyPrincipals")), "permissions.xml");
    return war;
}

Example 3 with AuthPermission

use of javax.security.auth.AuthPermission in project wildfly by wildfly.

the class RunAsLoginModuleTestCase method appDeployment1.

/**
     * Test deployment
     */
@Deployment(name = DEP1, order = 1)
public static WebArchive appDeployment1() {
    WebArchive war = ShrinkWrap.create(WebArchive.class, DEP1 + ".war");
    war.addClass(PrincipalPrintingServlet.class);
    war.setWebXML(Utils.getResource("org/jboss/as/test/integration/security/loginmodules/deployments/RunAsLoginModule/web.xml"));
    war.addAsWebInfResource(Utils.getResource("org/jboss/as/test/integration/security/loginmodules/deployments/RunAsLoginModule/jboss-web.xml"), "jboss-web.xml");
    war.addClasses(SimpleSecuredEJB.class, SimpleSecuredEJBImpl.class, CustomEjbAccessingLoginModule.class);
    war.addAsManifestResource(createPermissionsXmlAsset(new AuthPermission("modifyPrincipals")), "permissions.xml");
    return war;
}

Example 4 with AuthPermission

use of javax.security.auth.AuthPermission in project jdk8u_jdk by JetBrains.

the class LoginContext method init.

private void init(String name) throws LoginException {
    SecurityManager sm = System.getSecurityManager();
    if (sm != null && creatorAcc == null) {
        sm.checkPermission(new AuthPermission("createLoginContext." + name));
    }
    if (name == null)
        throw new LoginException(ResourcesMgr.getString("Invalid.null.input.name"));
    // get the Configuration
    if (config == null) {
        config = java.security.AccessController.doPrivileged(new java.security.PrivilegedAction<Configuration>() {

            public Configuration run() {
                return Configuration.getConfiguration();
            }
        });
    }
    // get the LoginModules configured for this application
    AppConfigurationEntry[] entries = config.getAppConfigurationEntry(name);
    if (entries == null) {
        if (sm != null && creatorAcc == null) {
            sm.checkPermission(new AuthPermission("createLoginContext." + OTHER));
        }
        entries = config.getAppConfigurationEntry(OTHER);
        if (entries == null) {
            MessageFormat form = new MessageFormat(ResourcesMgr.getString("No.LoginModules.configured.for.name"));
            Object[] source = { name };
            throw new LoginException(form.format(source));
        }
    }
    moduleStack = new ModuleInfo[entries.length];
    for (int i = 0; i < entries.length; i++) {
        // clone returned array
        moduleStack[i] = new ModuleInfo(new AppConfigurationEntry(entries[i].getLoginModuleName(), entries[i].getControlFlag(), entries[i].getOptions()), null);
    }
    contextClassLoader = java.security.AccessController.doPrivileged(new java.security.PrivilegedAction<ClassLoader>() {

        public ClassLoader run() {
            ClassLoader loader = Thread.currentThread().getContextClassLoader();
            if (loader == null) {
                // Don't use bootstrap class loader directly to ensure
                // proper package access control!
                loader = ClassLoader.getSystemClassLoader();
            }
            return loader;
        }
    });
}

Example 5 with AuthPermission

use of javax.security.auth.AuthPermission in project spring-framework by spring-projects.

the class CallbacksSecurityTests method testTrustedExecution.

@Test
public void testTrustedExecution() throws Exception {
    beanFactory.setSecurityContextProvider(null);
    Permissions perms = new Permissions();
    perms.add(new AuthPermission("getSubject"));
    ProtectionDomain pd = new ProtectionDomain(null, perms);
    new AccessControlContext(new ProtectionDomain[] { pd });
    final Subject subject = new Subject();
    subject.getPrincipals().add(new TestPrincipal("user1"));
    // request the beans from non-privileged code
    Subject.doAsPrivileged(subject, new PrivilegedAction<Object>() {

        @Override
        public Object run() {
            // sanity check
            assertEquals("user1", getCurrentSubjectName());
            assertEquals(false, NonPrivilegedBean.destroyed);
            beanFactory.getBean("trusted-spring-callbacks");
            beanFactory.getBean("trusted-custom-init-destroy");
            // the factory is a prototype - ask for multiple instances
            beanFactory.getBean("trusted-spring-factory");
            beanFactory.getBean("trusted-spring-factory");
            beanFactory.getBean("trusted-spring-factory");
            beanFactory.getBean("trusted-factory-bean");
            beanFactory.getBean("trusted-static-factory-method");
            beanFactory.getBean("trusted-factory-method");
            beanFactory.getBean("trusted-property-injection");
            beanFactory.getBean("trusted-working-property-injection");
            beanFactory.destroySingletons();
            assertEquals(true, NonPrivilegedBean.destroyed);
            return null;
        }
    }, provider.getAccessControlContext());
}