Search in sources :

Example 26 with AppConfigurationEntry

use of javax.security.auth.login.AppConfigurationEntry in project OpenAM by OpenRock.

the class AMConfiguration method cloneConfigurationEntry.

/**
     * There is a problem here in JAAS or our framework,
     * AppConfigurationEntry[] could not be reused, Auth will hang.
     * This method is used to create a clone copy of given config entry.
     */
private AppConfigurationEntry[] cloneConfigurationEntry(AppConfigurationEntry[] entries, String orgDN, AMAuthenticationManager amAM) {
    if (debug.messageEnabled()) {
        debug.message("AMConfiguration.cloneConfigurationEntry, orgDN=" + orgDN + ", entries=" + entries);
    }
    // clone the entry
    List list = new ArrayList();
    // get supported modules for this org
    Set supportedModules = null;
    if (AuthD.revisionNumber < ISAuthConstants.AUTHSERVICE_REVISION7_0) {
        supportedModules = amAM.getAllowedModuleNames();
        if (supportedModules.isEmpty()) {
            return null;
        }
    }
    synchronized (entries) {
        int len = entries.length;
        for (int i = 0; i < len; i++) {
            String tmp = entries[i].getLoginModuleName();
            if (AuthD.revisionNumber < ISAuthConstants.AUTHSERVICE_REVISION7_0 && !tmp.equals(ISAuthConstants.APPLICATION_MODULE) && !supportedModules.contains(AMAuthConfigUtils.getModuleName(tmp))) {
                if (debug.messageEnabled()) {
                    debug.message("skip module " + tmp);
                }
                continue;
            }
            list.add(new AppConfigurationEntry(entries[i].getLoginModuleName(), entries[i].getControlFlag(), entries[i].getOptions()));
        }
    }
    int len = list.size();
    if (len == 0) {
        return null;
    }
    // convert list to AppConfigurationEntry[]
    AppConfigurationEntry[] clone = new AppConfigurationEntry[len];
    for (int i = 0; i < len; i++) {
        clone[i] = (AppConfigurationEntry) list.get(i);
    }
    return clone;
}
Also used : AppConfigurationEntry(javax.security.auth.login.AppConfigurationEntry) Set(java.util.Set) HashSet(java.util.HashSet) ArrayList(java.util.ArrayList) ArrayList(java.util.ArrayList) List(java.util.List)

Example 27 with AppConfigurationEntry

use of javax.security.auth.login.AppConfigurationEntry in project OpenAM by OpenRock.

the class AMConfiguration method getModuleBasedConfig.

/**
     * Returns module based authentication configuration.
     * This method will read the auth config xml string for the module
     * defined in the specified organization,
     * parse the xml string to return the AppConfigurationEntry[].
     *
     * @param orgDN Organization DN.
     * @param module auth module name.
     * @param name Authentication configuration name.
     * @return module based authentication configuration.
     */
private AppConfigurationEntry[] getModuleBasedConfig(String orgDN, String module, String name, AMAuthenticationManager amAM) {
    if (debug.messageEnabled()) {
        debug.message("ModuleBasedConfig,  START " + orgDN + "|" + module + ", name = " + name);
    }
    try {
        AMAuthenticationInstance instance = amAM.getAuthenticationInstance(module);
        if (instance == null) {
            return null;
        }
        Map attribs = instance.getAttributeValues();
        attribs.put(ISAuthConstants.MODULE_INSTANCE_NAME, module);
        String type = instance.getType();
        // construct AppConfigurationEntry
        AppConfigurationEntry[] ret = new AppConfigurationEntry[1];
        ret[0] = new AppConfigurationEntry(getLoginModuleClassName(type), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, attribs);
        // add SM ServiceListener on module
        addServiceListener(AuthUtils.getModuleServiceName(type), name);
        if (debug.messageEnabled()) {
            debug.message("ModuleBaseConfig, return config " + module + ", " + orgDN);
        }
        return ret;
    } catch (Exception e) {
        // got exception, return null config
        debug.error("getModuleBasedConfig " + orgDN + "|" + module, e);
        return null;
    }
}
Also used : AppConfigurationEntry(javax.security.auth.login.AppConfigurationEntry) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) HashMap(java.util.HashMap) Map(java.util.Map) SMSException(com.sun.identity.sm.SMSException) SSOException(com.iplanet.sso.SSOException)

Example 28 with AppConfigurationEntry

use of javax.security.auth.login.AppConfigurationEntry in project OpenAM by OpenRock.

the class AMAuthConfigUtils method processValue.

/**
     * Processes value of the Auth Configuration.
     * The value consists of thress part :
     * module_name flag options
     * there could only be one A/V pair in options, e.g. instance=/iplanet/ldap
     */
private static AppConfigurationEntry processValue(Node node) {
    if (debug.messageEnabled()) {
        debug.message("ConfigUtils.processValue, value=" + node.toString());
    }
    String value = node.getFirstChild().getNodeValue();
    if (value == null || value.length() == 0) {
        debug.error("ConfigUtils.processValue, invalid value=" + value);
        return null;
    }
    // construct string tokenizer
    StringTokenizer st = new StringTokenizer(value);
    int len = st.countTokens();
    if (len < 2) {
        debug.error("ConfigUtils.processValue, wrong config : " + value);
        return null;
    }
    // set module & flag
    String moduleName = st.nextToken();
    String flag = st.nextToken();
    Map options = new HashMap();
    // check control flag
    AppConfigurationEntry.LoginModuleControlFlag cFlag = null;
    if (flag.equals("REQUIRED")) {
        cFlag = AppConfigurationEntry.LoginModuleControlFlag.REQUIRED;
    } else if (flag.equals("OPTIONAL")) {
        cFlag = AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL;
    } else if (flag.equals("REQUISITE")) {
        cFlag = AppConfigurationEntry.LoginModuleControlFlag.REQUISITE;
    } else if (flag.equals("SUFFICIENT")) {
        cFlag = AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT;
    } else {
        debug.error("ConfigUtils.processValue, invalid flag : " + value);
        return null;
    }
    // process options if any
    while (st.hasMoreElements()) {
        // process next options 
        String opt = st.nextToken();
        int k = opt.indexOf("=");
        if (k != -1) {
            HashSet set = new HashSet();
            //set.add("Empty");
            set.add(opt.substring(k + 1));
            options.put(opt.substring(0, k), set);
        }
    }
    return new AppConfigurationEntry(moduleName, cFlag, options);
}
Also used : StringTokenizer(java.util.StringTokenizer) AppConfigurationEntry(javax.security.auth.login.AppConfigurationEntry) HashMap(java.util.HashMap) HashMap(java.util.HashMap) Map(java.util.Map) LoginModuleControlFlag(javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag) HashSet(java.util.HashSet)

Example 29 with AppConfigurationEntry

use of javax.security.auth.login.AppConfigurationEntry in project OpenAM by OpenRock.

the class LoginContextTest method setUp.

/**
     * This test sets up four mock login modules, each with different control flags. The modules are created with
     * control flags in the following order: required, requisite, sufficient and optional.
     *
     * @throws LoginException
     *         Can be thrown by invocation of the authentication framework.
     */
@BeforeMethod
public void setUp() throws LoginException {
    optionCache = new HashMap<LoginModule, Map<String, Object>>();
    // Create required delegate login module.
    requiredDelegate = mock(LoginModule.class);
    Map<String, Object> requiredOptions = new HashMap<String, Object>();
    requiredOptions.put(DELEGATE_MODULE, requiredDelegate);
    optionCache.put(requiredDelegate, requiredOptions);
    AppConfigurationEntry requiredEntry = new AppConfigurationEntry(LOGIN_MODULE, LoginModuleControlFlag.REQUIRED, requiredOptions);
    // Create requisite delegate login module.
    requisiteDelegate = mock(LoginModule.class);
    Map<String, Object> requisiteOptions = new HashMap<String, Object>();
    requisiteOptions.put(DELEGATE_MODULE, requisiteDelegate);
    optionCache.put(requisiteDelegate, requisiteOptions);
    AppConfigurationEntry requisiteEntry = new AppConfigurationEntry(LOGIN_MODULE, LoginModuleControlFlag.REQUISITE, requisiteOptions);
    // Create sufficient delegate login module.
    sufficientDelegate = mock(LoginModule.class);
    Map<String, Object> sufficientOptions = new HashMap<String, Object>();
    sufficientOptions.put(DELEGATE_MODULE, sufficientDelegate);
    optionCache.put(sufficientDelegate, sufficientOptions);
    AppConfigurationEntry sufficientEntry = new AppConfigurationEntry(LOGIN_MODULE, LoginModuleControlFlag.SUFFICIENT, sufficientOptions);
    // Create optional delegate login module.
    optionalDelegate = mock(LoginModule.class);
    Map<String, Object> optionalOptions = new HashMap<String, Object>();
    optionalOptions.put(DELEGATE_MODULE, optionalDelegate);
    optionCache.put(optionalDelegate, optionalOptions);
    AppConfigurationEntry optionalEntry = new AppConfigurationEntry(LOGIN_MODULE, LoginModuleControlFlag.OPTIONAL, optionalOptions);
    AppConfigurationEntry[] entries = new AppConfigurationEntry[] { requiredEntry, requisiteEntry, sufficientEntry, optionalEntry };
    subject = new Subject();
    handler = mock(CallbackHandler.class);
    // Initialise class under test.
    context = new LoginContext(entries, subject, handler);
}
Also used : AppConfigurationEntry(javax.security.auth.login.AppConfigurationEntry) CallbackHandler(javax.security.auth.callback.CallbackHandler) HashMap(java.util.HashMap) LoginModule(javax.security.auth.spi.LoginModule) HashMap(java.util.HashMap) Matchers.anyMap(org.mockito.Matchers.anyMap) Map(java.util.Map) Subject(javax.security.auth.Subject) BeforeMethod(org.testng.annotations.BeforeMethod)

Example 30 with AppConfigurationEntry

use of javax.security.auth.login.AppConfigurationEntry in project zm-mailbox by Zimbra.

the class SaslAuthenticator method getLoginContext.

private LoginContext getLoginContext() throws LoginException {
    Map<String, String> options = new HashMap<String, String>();
    options.put("debug", Boolean.toString(config.getLogger().isDebugEnabled()));
    options.put("principal", getPrincipal());
    // options.put("useTicketCache", "true");
    // options.put("storeKey", "true");
    final AppConfigurationEntry ace = new AppConfigurationEntry(LOGIN_MODULE_NAME, AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options);
    Configuration config = new Configuration() {

        @Override
        public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
            return new AppConfigurationEntry[] { ace };
        }

        @Override
        public void refresh() {
        }
    };
    return new LoginContext("krb5", null, new SaslCallbackHandler(), config);
}
Also used : AppConfigurationEntry(javax.security.auth.login.AppConfigurationEntry) LoginContext(javax.security.auth.login.LoginContext) Configuration(javax.security.auth.login.Configuration) HashMap(java.util.HashMap)

Aggregations

AppConfigurationEntry (javax.security.auth.login.AppConfigurationEntry)74 HashMap (java.util.HashMap)30 Configuration (javax.security.auth.login.Configuration)25 Map (java.util.Map)13 Test (org.junit.Test)11 Subject (javax.security.auth.Subject)10 LoginContext (javax.security.auth.login.LoginContext)10 SSOException (com.iplanet.sso.SSOException)7 SMSException (com.sun.identity.sm.SMSException)7 HashSet (java.util.HashSet)7 JaasRealm (org.apache.karaf.jaas.config.JaasRealm)7 Set (java.util.Set)6 LoginException (javax.security.auth.login.LoginException)5 IOException (java.io.IOException)4 ConcurrentHashMap (java.util.concurrent.ConcurrentHashMap)4 CallbackHandler (javax.security.auth.callback.CallbackHandler)4 LoginModuleControlFlag (javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag)4 LoginModuleImpl (org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImpl)4 File (java.io.File)3 Principal (java.security.Principal)3