Example 41 with Subject
use of javax.security.auth.Subject in project jetty.project by eclipse.
the class SpnegoLoginService method login.
/**
* username will be null since the credentials will contain all the relevant info
*/
@Override
public UserIdentity login(String username, Object credentials, ServletRequest request) {
String encodedAuthToken = (String) credentials;
byte[] authToken = B64Code.decode(encodedAuthToken);
GSSManager manager = GSSManager.getInstance();
try {
// http://java.sun.com/javase/6/docs/technotes/guides/security/jgss/jgss-features.html
Oid krb5Oid = new Oid("1.3.6.1.5.5.2");
GSSName gssName = manager.createName(_targetName, null);
GSSCredential serverCreds = manager.createCredential(gssName, GSSCredential.INDEFINITE_LIFETIME, krb5Oid, GSSCredential.ACCEPT_ONLY);
GSSContext gContext = manager.createContext(serverCreds);
if (gContext == null) {
LOG.debug("SpnegoUserRealm: failed to establish GSSContext");
} else {
while (!gContext.isEstablished()) {
authToken = gContext.acceptSecContext(authToken, 0, authToken.length);
}
if (gContext.isEstablished()) {
String clientName = gContext.getSrcName().toString();
String role = clientName.substring(clientName.indexOf('@') + 1);
LOG.debug("SpnegoUserRealm: established a security context");
LOG.debug("Client Principal is: " + gContext.getSrcName());
LOG.debug("Server Principal is: " + gContext.getTargName());
LOG.debug("Client Default Role: " + role);
SpnegoUserPrincipal user = new SpnegoUserPrincipal(clientName, authToken);
Subject subject = new Subject();
subject.getPrincipals().add(user);
return _identityService.newUserIdentity(subject, user, new String[] { role });
}
}
} catch (GSSException gsse) {
LOG.warn(gsse);
}
return null;
}
Also used :
GSSName(org.ietf.jgss.GSSName)
GSSException(org.ietf.jgss.GSSException)
GSSCredential(org.ietf.jgss.GSSCredential)
GSSManager(org.ietf.jgss.GSSManager)
GSSContext(org.ietf.jgss.GSSContext)
Oid(org.ietf.jgss.Oid)
Subject(javax.security.auth.Subject)
Example 42 with Subject
use of javax.security.auth.Subject in project javaee7-samples by javaee-samples.
the class PublicServlet method doGet.
@Override
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// Obtain the active subject via a JACC policy handler
Subject subject = getSubject();
if (subject == null) {
response.getWriter().write("Can't get Subject. JACC doesn't seem to be available.");
return;
}
// Check with JACC if the caller has access to this Servlet. As we're
// currently in this very Servlet and it's a public Servlet,the answer can't be anything
// than "true".
response.getWriter().write("Has access to /public/servlet: " + hasAccess("/public/servlet", subject));
// Check with JACC if the caller has access to another (protected) Servlet. If JACC
// works correctly and we're authenticated this should be true.
response.getWriter().write("\nHas access to /protected/servlet: " + hasAccess("/protected/servlet", subject));
}
Also used :
JACC.getSubject(org.javaee7.jaspic.jaccpropagation.jacc.JACC.getSubject)
Subject(javax.security.auth.Subject)
Example 43 with Subject
use of javax.security.auth.Subject in project javaee7-samples by javaee-samples.
the class SubjectServlet method doGet.
@Override
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
try {
Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container");
if (subject != null) {
response.getWriter().print("Obtained subject from context.\n");
// Get the permissions associated with the Subject we obtained
PermissionCollection permissionCollection = getPermissionCollection(subject);
// Resolve any potentially unresolved permissions
permissionCollection.implies(new WebRoleRefPermission("", "nothing"));
// Filter just the roles from all the permissions, which may include things like
// java.net.SocketPermission, java.io.FilePermission, and obtain the actual role names.
Set<String> roles = filterRoles(request, permissionCollection);
for (String role : roles) {
response.getWriter().print("User has role " + role + "\n");
}
}
} catch (PolicyContextException e) {
e.printStackTrace(response.getWriter());
}
}
Also used :
PermissionCollection(java.security.PermissionCollection)
WebRoleRefPermission(javax.security.jacc.WebRoleRefPermission)
PolicyContextException(javax.security.jacc.PolicyContextException)
Subject(javax.security.auth.Subject)
Example 44 with Subject
use of javax.security.auth.Subject in project javaee7-samples by javaee-samples.
the class ProtectedServlet method doGet.
@Override
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// Obtain the active subject via a JACC policy handler
Subject subject = getSubject();
if (subject == null) {
response.getWriter().write("Can't get Subject. JACC doesn't seem to be available.");
return;
}
// Check with JACC if the caller has access to this Servlet. As we're
// currently in this very Servlet the answer can't be anything than "true" if
// JASPIC, JACC and role propagation all work correctly.
response.getWriter().write("Has access to /protected/servlet: " + hasAccess("/protected/servlet", subject));
}
Also used :
JACC.getSubject(org.javaee7.jaspic.jaccpropagation.jacc.JACC.getSubject)
Subject(javax.security.auth.Subject)
Example 45 with Subject
use of javax.security.auth.Subject in project Openfire by igniterealtime.
the class OpenfireLoginService method login.
public UserIdentity login(String userName, Object credential) {
UserIdentity identity = null;
if (identities.containsKey(userName)) {
identity = identities.get(userName);
if (authTokens.containsKey(userName) == false) {
Log.debug("UserIdentity login " + userName + " ");
try {
if (AdminManager.getInstance().isUserAdmin(userName, true)) {
AuthToken authToken = AuthFactory.authenticate(userName, (String) credential);
authTokens.put(userName, authToken);
} else {
Log.error("access denied, not admin user " + userName);
return null;
}
} catch (UnauthorizedException e) {
Log.error("access denied, bad password " + userName);
return null;
} catch (Exception e) {
Log.error("access denied " + userName);
return null;
}
}
} else {
Log.debug("UserIdentity login " + userName + " ");
try {
userManager.getUser(userName);
} catch (UserNotFoundException e) {
//Log.error( "user not found " + userName, e );
return null;
}
try {
if (AdminManager.getInstance().isUserAdmin(userName, true)) {
AuthToken authToken = AuthFactory.authenticate(userName, (String) credential);
authTokens.put(userName, authToken);
} else {
Log.error("access denied, not admin user " + userName);
return null;
}
} catch (UnauthorizedException e) {
Log.error("access denied, bad password " + userName);
return null;
} catch (Exception e) {
Log.error("access denied " + userName);
return null;
}
Principal userPrincipal = new KnownUser(userName, credential);
Subject subject = new Subject();
subject.getPrincipals().add(userPrincipal);
subject.getPrivateCredentials().add(credential);
subject.getPrincipals().add(new RolePrincipal("jmxweb"));
subject.setReadOnly();
identity = _identityService.newUserIdentity(subject, userPrincipal, new String[] { "jmxweb" });
identities.put(userName, identity);
}
return identity;
}
Also used :
UserNotFoundException(org.jivesoftware.openfire.user.UserNotFoundException)
UserIdentity(org.eclipse.jetty.server.UserIdentity)
UnauthorizedException(org.jivesoftware.openfire.auth.UnauthorizedException)
AuthToken(org.jivesoftware.openfire.auth.AuthToken)
UserAlreadyExistsException(org.jivesoftware.openfire.user.UserAlreadyExistsException)
IOException(java.io.IOException)
UnauthorizedException(org.jivesoftware.openfire.auth.UnauthorizedException)
UserNotFoundException(org.jivesoftware.openfire.user.UserNotFoundException)
Principal(java.security.Principal)
Subject(javax.security.auth.Subject)
Aggregations
Subject (javax.security.auth.Subject)669
Test (org.testng.annotations.Test)131
Test (org.junit.Test)122
HashMap (java.util.HashMap)120
Principal (java.security.Principal)114
HashSet (java.util.HashSet)109
Set (java.util.Set)82
EntitlementException (com.sun.identity.entitlement.EntitlementException)64
LoginContext (javax.security.auth.login.LoginContext)62
LoginException (javax.security.auth.login.LoginException)49
ConditionDecision (com.sun.identity.entitlement.ConditionDecision)47
ResourceResponse (org.forgerock.json.resource.ResourceResponse)47
RealmContext (org.forgerock.openam.rest.RealmContext)46
Context (org.forgerock.services.context.Context)41
SSOToken (com.iplanet.sso.SSOToken)40
IOException (java.io.IOException)40
ClientContext (org.forgerock.services.context.ClientContext)40
Map (java.util.Map)38
SSOTokenContext (org.forgerock.openam.rest.resource.SSOTokenContext)38
ResourceException (org.forgerock.json.resource.ResourceException)37
