use of javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag in project kafka by apache.
the class JaasContextTest method testControlFlag.
@Test
public void testControlFlag() throws Exception {
LoginModuleControlFlag[] controlFlags = new LoginModuleControlFlag[] { LoginModuleControlFlag.REQUIRED, LoginModuleControlFlag.REQUISITE, LoginModuleControlFlag.SUFFICIENT, LoginModuleControlFlag.OPTIONAL };
Map<String, Object> options = new HashMap<>();
options.put("propName", "propValue");
for (LoginModuleControlFlag controlFlag : controlFlags) {
checkConfiguration("test.testControlFlag", controlFlag, options);
}
}
use of javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag in project OpenAM by OpenRock.
the class LoginContext method invoke.
/**
* Attempts to invoke the method described by methodName against each module within the stack.
*
* @param methodName
* String method name to be invoked on each module.
* @throws LoginException
* Throw in the case of some login failure.
*/
private void invoke(String methodName) throws LoginException {
for (int i = 0; i < moduleStack.length; i++) {
ModuleInfo info = moduleStack[i];
LoginModuleControlFlag controlFlag = info.entry.getControlFlag();
AuditRequestContext.putProperty(LOGIN_MODULE_CONTROL_FLAG, getControlFlagAsString(controlFlag));
try {
int mIndex = 0;
Method[] methods = null;
if (info.module != null) {
methods = info.module.getClass().getMethods();
} else {
// instantiate the LoginModule
Class c = Class.forName(info.entry.getLoginModuleName(), true, Thread.currentThread().getContextClassLoader());
Constructor constructor = c.getConstructor(PARAMS);
Object[] args = {};
// allow any object to be a LoginModule
// as long as it conforms to the interface
info.module = constructor.newInstance(args);
methods = info.module.getClass().getMethods();
// call the LoginModule's initialize method
for (mIndex = 0; mIndex < methods.length; mIndex++) {
if (methods[mIndex].getName().equals(INIT_METHOD))
break;
}
// Invoke the LoginModule initialize method
Object[] initArgs = { subject, callbackHandler, state, info.entry.getOptions() };
methods[mIndex].invoke(info.module, initArgs);
}
// find the requested method in the LoginModule
for (mIndex = 0; mIndex < methods.length; mIndex++) {
if (methods[mIndex].getName().equals(methodName))
break;
}
// set up the arguments to be passed to the LoginModule method
Object[] args = {};
// invoke the LoginModule method
boolean status = (Boolean) methods[mIndex].invoke(info.module, args);
if (status) {
// if SUFFICIENT, return if no prior REQUIRED errors
if (!requiredExceptionHolder.hasException() && controlFlag == LoginModuleControlFlag.SUFFICIENT && (methodName.equals(LOGIN_METHOD) || methodName.equals(COMMIT_METHOD))) {
if (debug.messageEnabled()) {
debug.message(methodName + " SUFFICIENT success");
}
return;
}
if (debug.messageEnabled()) {
debug.message(methodName + " success");
}
success = true;
} else {
if (debug.messageEnabled()) {
debug.message(methodName + " ignored");
}
}
} catch (NoSuchMethodException nsme) {
throw new LoginException("unable to instantiate LoginModule, module, because it does " + "not provide a no-argument constructor:" + info.entry.getLoginModuleName());
} catch (InstantiationException ie) {
throw new LoginException("unable to instantiate LoginModule: " + ie.getMessage());
} catch (ClassNotFoundException cnfe) {
throw new LoginException("unable to find LoginModule class: " + cnfe.getMessage());
} catch (IllegalAccessException iae) {
throw new LoginException("unable to access LoginModule: " + iae.getMessage());
} catch (InvocationTargetException ite) {
if (ite.getTargetException() instanceof Error) {
if (debug.messageEnabled()) {
debug.message("LoginContext.invoke(): Handling expected java.lang.Error");
}
throw (Error) ite.getTargetException();
}
// failure cases
LoginException le = null;
if (ite.getTargetException() instanceof LoginException) {
le = (LoginException) ite.getTargetException();
} else if (ite.getTargetException() instanceof SecurityException) {
// do not want privacy leak
// (e.g., sensitive file path in exception msg)
le = new LoginException("Security Exception");
// le.initCause(new SecurityException());
if (debug.messageEnabled()) {
debug.message("original security exception with detail msg " + "replaced by new exception with empty detail msg");
debug.message("original security exception: " + ite.getTargetException().toString());
}
} else {
// capture an unexpected LoginModule exception
StringWriter sw = new StringWriter();
ite.getTargetException().printStackTrace(new PrintWriter(sw));
sw.flush();
le = new LoginException(sw.toString());
}
if (debug.messageEnabled()) {
debug.message(String.format("Method %s %s failure.", methodName, controlFlag));
}
if (controlFlag == LoginModuleControlFlag.OPTIONAL || controlFlag == LoginModuleControlFlag.SUFFICIENT) {
// mark down that an OPTIONAL module failed
optionalExceptionHolder.setException(le);
} else {
requiredExceptionHolder.setException(le);
if (controlFlag == LoginModuleControlFlag.REQUISITE && (methodName.equals(LOGIN_METHOD) || methodName.equals(COMMIT_METHOD))) {
// if REQUISITE, then immediately throw an exception
throw requiredExceptionHolder.getException();
}
}
} finally {
AuditRequestContext.removeProperty(LOGIN_MODULE_CONTROL_FLAG);
}
}
if (requiredExceptionHolder.hasException()) {
// a REQUIRED module failed -- return the error
throw requiredExceptionHolder.getException();
} else if (success == false && optionalExceptionHolder.hasException()) {
// no module succeeded -- return the first optional error
throw optionalExceptionHolder.getException();
} else if (success == false) {
// no module succeeded -- all modules were IGNORED
throw new LoginException("Login Failure: all modules ignored");
}
}
use of javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag in project wildfly by wildfly.
the class SecurityDomainAdd method processLoginModules.
private void processLoginModules(OperationContext context, ModelNode node, BaseAuthenticationInfo authInfo, LoginModuleContainer container) throws OperationFailedException {
for (Property moduleProperty : node.asPropertyList()) {
ModelNode module = moduleProperty.getValue();
String codeName = extractCode(context, module, ModulesMap.AUTHENTICATION_MAP);
String flag = LoginModuleResourceDefinition.FLAG.resolveModelAttribute(context, module).asString();
LoginModuleControlFlag controlFlag = getControlFlag(flag);
Map<String, Object> options = extractOptions(context, module);
AppConfigurationEntry entry = new AppConfigurationEntry(codeName, controlFlag, options);
container.addAppConfigurationEntry(entry);
ModelNode moduleName = LoginModuleResourceDefinition.MODULE.resolveModelAttribute(context, module);
if (moduleName.isDefined() && !moduleName.asString().isEmpty()) {
authInfo.addJBossModuleName(moduleName.asString());
} else {
authInfo.addJBossModuleName(DEFAULT_MODULE);
}
}
}
use of javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag in project kafka by apache.
the class JaasConfig method parseAppConfigurationEntry.
private AppConfigurationEntry parseAppConfigurationEntry(StreamTokenizer tokenizer) throws IOException {
String loginModule = tokenizer.sval;
if (tokenizer.nextToken() == StreamTokenizer.TT_EOF)
throw new IllegalArgumentException("Login module control flag not specified in JAAS config");
LoginModuleControlFlag controlFlag = loginModuleControlFlag(tokenizer.sval);
Map<String, String> options = new HashMap<>();
while (tokenizer.nextToken() != StreamTokenizer.TT_EOF && tokenizer.ttype != ';') {
String key = tokenizer.sval;
if (tokenizer.nextToken() != '=' || tokenizer.nextToken() == StreamTokenizer.TT_EOF || tokenizer.sval == null)
throw new IllegalArgumentException("Value not specified for key '" + key + "' in JAAS config");
String value = tokenizer.sval;
options.put(key, value);
}
if (tokenizer.ttype != ';')
throw new IllegalArgumentException("JAAS config entry not terminated by semi-colon");
return new AppConfigurationEntry(loginModule, controlFlag, options);
}
use of javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag in project OpenAM by OpenRock.
the class AMLoginContext method getModuleFromAuthConfiguration.
/** This method returns a Set with is the list of
* modules for a Authentication Configuration.
* Only modules with control flag REQUIRED and
* REQUISITE are returned.
* @param moduleListSet list of configured auth module
* @return set of configured auth module with control flag REQUIRED and
* REQUISITE are returned
*/
private Set<String> getModuleFromAuthConfiguration(Set<String> moduleListSet, String orgDN) {
Configuration config = Configuration.getConfiguration();
if (configName == null) {
configName = getConfigName(indexType, indexName, orgDN, loginState.getClientType());
}
AppConfigurationEntry[] moduleList = config.getAppConfigurationEntry(configName);
if (debug.messageEnabled()) {
debug.message("configName is : " + configName);
}
String moduleName;
if (moduleList != null && moduleList.length > 0) {
if (moduleList.length == 1) {
moduleName = (String) moduleList[0].getOptions().get(ISAuthConstants.MODULE_INSTANCE_NAME);
moduleListSet.add(moduleName);
} else {
for (AppConfigurationEntry moduleListEntry : moduleList) {
LoginModuleControlFlag controlFlag = moduleListEntry.getControlFlag();
moduleName = (String) moduleListEntry.getOptions().get(ISAuthConstants.MODULE_INSTANCE_NAME);
if (isControlFlagMatchFound(controlFlag)) {
moduleListSet.add(moduleName);
}
}
}
}
if (debug.messageEnabled()) {
debug.message("ModuleSet is : " + moduleListSet);
}
return moduleListSet;
}
Aggregations