Example 26 with Subject
use of javax.security.auth.Subject in project tomcat by apache.
the class AuthenticatorBase method authenticateJaspic.
private boolean authenticateJaspic(Request request, Response response, JaspicState state, boolean requirePrincipal) {
boolean cachedAuth = checkForCachedAuthentication(request, response, false);
Subject client = new Subject();
AuthStatus authStatus;
try {
authStatus = state.serverAuthContext.validateRequest(state.messageInfo, client, null);
} catch (AuthException e) {
log.debug(sm.getString("authenticator.loginFail"), e);
return false;
}
request.setRequest((HttpServletRequest) state.messageInfo.getRequestMessage());
response.setResponse((HttpServletResponse) state.messageInfo.getResponseMessage());
if (authStatus == AuthStatus.SUCCESS) {
GenericPrincipal principal = getPrincipal(client);
if (log.isDebugEnabled()) {
log.debug("Authenticated user: " + principal);
}
if (principal == null) {
request.setUserPrincipal(null);
request.setAuthType(null);
if (requirePrincipal) {
return false;
}
} else if (cachedAuth == false || !principal.getUserPrincipal().equals(request.getUserPrincipal())) {
// Skip registration if authentication credentials were
// cached and the Principal did not change.
request.setNote(Constants.REQ_JASPIC_SUBJECT_NOTE, client);
// JASPIC API uses raw types
@SuppressWarnings("rawtypes") Map map = state.messageInfo.getMap();
if (map != null && map.containsKey("javax.servlet.http.registerSession")) {
register(request, response, principal, "JASPIC", null, null, true, true);
} else {
register(request, response, principal, "JASPIC", null, null);
}
}
return true;
}
return false;
}
Also used :
GenericPrincipal(org.apache.catalina.realm.GenericPrincipal)
AuthStatus(javax.security.auth.message.AuthStatus)
AuthException(javax.security.auth.message.AuthException)
Map(java.util.Map)
Subject(javax.security.auth.Subject)
Example 27 with Subject
use of javax.security.auth.Subject in project tomcat by apache.
the class JAASRealm method authenticate.
// -------------------------------------------------------- Package Methods
// ------------------------------------------------------ Protected Methods
/**
* Perform the actual JAAS authentication.
* @param username The user name
* @param callbackHandler The callback handler
* @return the associated principal, or <code>null</code> if there is none.
*/
protected Principal authenticate(String username, CallbackHandler callbackHandler) {
// Establish a LoginContext to use for authentication
try {
LoginContext loginContext = null;
if (appName == null)
appName = "Tomcat";
if (log.isDebugEnabled())
log.debug(sm.getString("jaasRealm.beginLogin", username, appName));
// What if the LoginModule is in the container class loader ?
ClassLoader ocl = null;
if (!isUseContextClassLoader()) {
ocl = Thread.currentThread().getContextClassLoader();
Thread.currentThread().setContextClassLoader(this.getClass().getClassLoader());
}
try {
Configuration config = getConfig();
loginContext = new LoginContext(appName, null, callbackHandler, config);
} catch (Throwable e) {
ExceptionUtils.handleThrowable(e);
log.error(sm.getString("jaasRealm.unexpectedError"), e);
return (null);
} finally {
if (!isUseContextClassLoader()) {
Thread.currentThread().setContextClassLoader(ocl);
}
}
if (log.isDebugEnabled())
log.debug("Login context created " + username);
// Negotiate a login via this LoginContext
Subject subject = null;
try {
loginContext.login();
subject = loginContext.getSubject();
if (subject == null) {
if (log.isDebugEnabled())
log.debug(sm.getString("jaasRealm.failedLogin", username));
return (null);
}
} catch (AccountExpiredException e) {
if (log.isDebugEnabled())
log.debug(sm.getString("jaasRealm.accountExpired", username));
return (null);
} catch (CredentialExpiredException e) {
if (log.isDebugEnabled())
log.debug(sm.getString("jaasRealm.credentialExpired", username));
return (null);
} catch (FailedLoginException e) {
if (log.isDebugEnabled())
log.debug(sm.getString("jaasRealm.failedLogin", username));
return (null);
} catch (LoginException e) {
log.warn(sm.getString("jaasRealm.loginException", username), e);
return (null);
} catch (Throwable e) {
ExceptionUtils.handleThrowable(e);
log.error(sm.getString("jaasRealm.unexpectedError"), e);
return (null);
}
if (log.isDebugEnabled())
log.debug(sm.getString("jaasRealm.loginContextCreated", username));
// Return the appropriate Principal for this authenticated Subject
Principal principal = createPrincipal(username, subject, loginContext);
if (principal == null) {
log.debug(sm.getString("jaasRealm.authenticateFailure", username));
return (null);
}
if (log.isDebugEnabled()) {
log.debug(sm.getString("jaasRealm.authenticateSuccess", username));
}
return (principal);
} catch (Throwable t) {
log.error("error ", t);
return null;
}
}
Also used :
LoginContext(javax.security.auth.login.LoginContext)
FailedLoginException(javax.security.auth.login.FailedLoginException)
Configuration(javax.security.auth.login.Configuration)
AccountExpiredException(javax.security.auth.login.AccountExpiredException)
LoginException(javax.security.auth.login.LoginException)
FailedLoginException(javax.security.auth.login.FailedLoginException)
CredentialExpiredException(javax.security.auth.login.CredentialExpiredException)
Subject(javax.security.auth.Subject)
Principal(java.security.Principal)
Example 28 with Subject
use of javax.security.auth.Subject in project tomcat by apache.
the class SecurityUtil method execute.
/**
* Perform work as a particular <code>Subject</code>. Here the work
* will be granted to a <code>null</code> subject.
*
* @param methodName the method to apply the security restriction
* @param targetObject the <code>Servlet</code> on which the method will
* be called.
* @param targetArguments <code>Object</code> array contains the
* runtime parameters instance.
* @param principal the <code>Principal</code> to which the security
* privilege applies
* @throws Exception an execution error occurred
*/
private static void execute(final Method method, final Object targetObject, final Object[] targetArguments, Principal principal) throws Exception {
try {
Subject subject = null;
PrivilegedExceptionAction<Void> pea = new PrivilegedExceptionAction<Void>() {
@Override
public Void run() throws Exception {
method.invoke(targetObject, targetArguments);
return null;
}
};
// The first argument is always the request object
if (targetArguments != null && targetArguments[0] instanceof HttpServletRequest) {
HttpServletRequest request = (HttpServletRequest) targetArguments[0];
boolean hasSubject = false;
HttpSession session = request.getSession(false);
if (session != null) {
subject = (Subject) session.getAttribute(Globals.SUBJECT_ATTR);
hasSubject = (subject != null);
}
if (subject == null) {
subject = new Subject();
if (principal != null) {
subject.getPrincipals().add(principal);
}
}
if (session != null && !hasSubject) {
session.setAttribute(Globals.SUBJECT_ATTR, subject);
}
}
Subject.doAsPrivileged(subject, pea, null);
} catch (PrivilegedActionException pe) {
Throwable e;
if (pe.getException() instanceof InvocationTargetException) {
e = pe.getException().getCause();
ExceptionUtils.handleThrowable(e);
} else {
e = pe;
}
if (log.isDebugEnabled()) {
log.debug(sm.getString("SecurityUtil.doAsPrivilege"), e);
}
if (e instanceof UnavailableException)
throw (UnavailableException) e;
else if (e instanceof ServletException)
throw (ServletException) e;
else if (e instanceof IOException)
throw (IOException) e;
else if (e instanceof RuntimeException)
throw (RuntimeException) e;
else
throw new ServletException(e.getMessage(), e);
}
}
Also used :
PrivilegedActionException(java.security.PrivilegedActionException)
HttpSession(javax.servlet.http.HttpSession)
UnavailableException(javax.servlet.UnavailableException)
PrivilegedExceptionAction(java.security.PrivilegedExceptionAction)
IOException(java.io.IOException)
Subject(javax.security.auth.Subject)
InvocationTargetException(java.lang.reflect.InvocationTargetException)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ServletException(javax.servlet.ServletException)
Example 29 with Subject
use of javax.security.auth.Subject in project storm by apache.
the class DefaultHttpCredentialsPlugin method populateContext.
/**
* Populates a given context with a new Subject derived from the
* credentials in a servlet request.
* @param context the context to be populated
* @param req the servlet request
* @return the context
*/
@Override
public ReqContext populateContext(ReqContext context, HttpServletRequest req) {
String userName = getUserName(req);
String doAsUser = req.getHeader("doAsUser");
if (doAsUser == null) {
doAsUser = req.getParameter("doAsUser");
}
if (doAsUser != null) {
context.setRealPrincipal(new SingleUserPrincipal(userName));
userName = doAsUser;
} else {
context.setRealPrincipal(null);
}
Set<Principal> principals = new HashSet<>();
if (userName != null) {
Principal p = new SingleUserPrincipal(userName);
principals.add(p);
}
Subject s = new Subject(true, principals, new HashSet(), new HashSet());
context.setSubject(s);
return context;
}Example 30 with Subject
use of javax.security.auth.Subject in project storm by apache.
the class AutoTGT method main.
public static void main(String[] args) throws Exception {
AutoTGT at = new AutoTGT();
Map conf = new java.util.HashMap();
conf.put("java.security.auth.login.config", args[0]);
at.prepare(conf);
Map<String, String> creds = new java.util.HashMap<String, String>();
at.populateCredentials(creds);
Subject s = new Subject();
at.populateSubject(s, creds);
LOG.info("Got a Subject " + s);
}Aggregations
Subject (javax.security.auth.Subject)669
Test (org.testng.annotations.Test)131
Test (org.junit.Test)122
HashMap (java.util.HashMap)120
Principal (java.security.Principal)114
HashSet (java.util.HashSet)109
Set (java.util.Set)82
EntitlementException (com.sun.identity.entitlement.EntitlementException)64
LoginContext (javax.security.auth.login.LoginContext)62
LoginException (javax.security.auth.login.LoginException)49
ConditionDecision (com.sun.identity.entitlement.ConditionDecision)47
ResourceResponse (org.forgerock.json.resource.ResourceResponse)47
RealmContext (org.forgerock.openam.rest.RealmContext)46
Context (org.forgerock.services.context.Context)41
SSOToken (com.iplanet.sso.SSOToken)40
IOException (java.io.IOException)40
ClientContext (org.forgerock.services.context.ClientContext)40
Map (java.util.Map)38
SSOTokenContext (org.forgerock.openam.rest.resource.SSOTokenContext)38
ResourceException (org.forgerock.json.resource.ResourceException)37
