Examples with Configuration - javax.security.auth.login.Configuration

Example 56 with Configuration

use of javax.security.auth.login.Configuration in project jackrabbit-oak by apache.

the class LoginContextProviderImplTest method testGetLoginContextWithConfigurationPreset.

@Test
public void testGetLoginContextWithConfigurationPreset() throws Exception {
    Configuration.setConfiguration(new Configuration() {

        @Override
        public AppConfigurationEntry[] getAppConfigurationEntry(String applicationName) {
            return new AppConfigurationEntry[] { new AppConfigurationEntry(GuestLoginModule.class.getName(), AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL, new HashMap()) };
        }
    });
    LoginContextProvider provider = new LoginContextProviderImpl(AuthenticationConfiguration.DEFAULT_APP_NAME, ConfigurationParameters.EMPTY, getContentRepository(), getSecurityProvider(), new DefaultWhiteboard());
    LoginContext ctx = provider.getLoginContext(null, null);
    ctx.login();
    assertFalse(ctx.getSubject().getPublicCredentials(GuestCredentials.class).isEmpty());
}

Also used : AppConfigurationEntry(javax.security.auth.login.AppConfigurationEntry) JaasLoginContext(org.apache.jackrabbit.oak.spi.security.authentication.JaasLoginContext) LoginContext(org.apache.jackrabbit.oak.spi.security.authentication.LoginContext) Configuration(javax.security.auth.login.Configuration) AuthenticationConfiguration(org.apache.jackrabbit.oak.spi.security.authentication.AuthenticationConfiguration) HashMap(java.util.HashMap) LoginContextProvider(org.apache.jackrabbit.oak.spi.security.authentication.LoginContextProvider) DefaultWhiteboard(org.apache.jackrabbit.oak.spi.whiteboard.DefaultWhiteboard) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 57 with Configuration

use of javax.security.auth.login.Configuration in project jackrabbit-oak by apache.

the class TokenLoginModuleCredentialsSupportTest method getConfiguration.

@Override
protected Configuration getConfiguration() {
    return new Configuration() {

        @Override
        public AppConfigurationEntry[] getAppConfigurationEntry(String s) {
            AppConfigurationEntry tokenEntry = new AppConfigurationEntry(TokenLoginModule.class.getName(), AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT, Collections.<String, Object>emptyMap());
            AppConfigurationEntry testEntry = new AppConfigurationEntry(TestLoginModule.class.getName(), AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT, ImmutableMap.of("credsSupport", credentialsSupport));
            AppConfigurationEntry defaultEntry = new AppConfigurationEntry(LoginModuleImpl.class.getName(), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, Collections.<String, Object>emptyMap());
            return new AppConfigurationEntry[] { tokenEntry, testEntry, defaultEntry };
        }
    };
}

Also used : AppConfigurationEntry(javax.security.auth.login.AppConfigurationEntry) LoginModuleImpl(org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImpl) CompositeTokenConfiguration(org.apache.jackrabbit.oak.spi.security.authentication.token.CompositeTokenConfiguration) TokenConfiguration(org.apache.jackrabbit.oak.spi.security.authentication.token.TokenConfiguration) Configuration(javax.security.auth.login.Configuration)

Example 58 with Configuration

use of javax.security.auth.login.Configuration in project jackrabbit-oak by apache.

the class L9_NullLoginTest method testJr2CompatibleLoginConfiguration.

public void testJr2CompatibleLoginConfiguration() throws RepositoryException {
    // EXERCISE: define the JAAS configuration that allows you to have null-login treated as anonymous login.
    Configuration configuration = null;
    Configuration.setConfiguration(configuration);
    try {
        testSession = repository.login();
        Session guest = repository.login(new GuestCredentials());
        String expectedId = guest.getUserID();
        guest.logout();
        assertEquals(expectedId, testSession.getUserID());
    } finally {
        Configuration.setConfiguration(null);
    }
}

Also used : Configuration(javax.security.auth.login.Configuration) GuestCredentials(javax.jcr.GuestCredentials) Session(javax.jcr.Session)

Example 59 with Configuration

use of javax.security.auth.login.Configuration in project jdk8u_jdk by JetBrains.

the class MyCallbackHandler method main.

public static void main(String... args) {
    String rightConfigName = "PT";
    String wrongConfigName = "NT";
    char[] rightPwd = new char[] { 't', 'e', 's', 't', 'P', 'a', 's', 's', 'w', 'o', 'r', 'd', '1' };
    char[] wrongPwd = new char[] { 'w', 'r', 'o', 'n', 'g', 'P', 'a', 's', 's', 'w', 'o', 'r', 'd' };
    // Test with wrong configuration name
    // Expect LoginException when initiate a new LoginContext object
    testConfigName(wrongConfigName, true);
    System.out.println("Wrong Config Name Test passed ");
    // Spedify two loginModules: SmartLoginModule and DummyLoginModule
    // Flags: required-required
    // Test with right password for SmartLoginModule
    // No exception is expected
    Configuration cf = new MyConfiguration();
    testLogin(rightConfigName, rightPwd, cf, false);
    System.out.println("Positive test passed");
    // Spedify two loginModules: SmartLoginModule and DummyLoginModule
    // Flags: required-required
    // Test with wrong password for SmartLoginModule
    // Expect LoginException by calling LoginContext.login() method
    testLogin(rightConfigName, wrongPwd, cf, true);
    System.out.println("Should fail test passed");
    // Spedify two loginModules: SmartLoginModule and DummyLoginModule
    // Change the flags from required-required to optional-sufficient
    // Test with wrong password for SmartLoginModule, while DummyLoginModule
    // always passes
    // No Exception is expected
    cf = new MyConfiguration(true);
    testLogin(rightConfigName, wrongPwd, cf, false);
    System.out.println("One module fails where are other module succeeeds " + "Test passed with optional-sufficient flags");
}

Also used : Configuration(javax.security.auth.login.Configuration)

Example 60 with Configuration

use of javax.security.auth.login.Configuration in project nifi by apache.

the class SolrProcessor method customValidate.

@Override
protected final Collection<ValidationResult> customValidate(ValidationContext context) {
    final List<ValidationResult> problems = new ArrayList<>();
    if (SOLR_TYPE_CLOUD.equals(context.getProperty(SOLR_TYPE).getValue())) {
        final String collection = context.getProperty(COLLECTION).getValue();
        if (collection == null || collection.trim().isEmpty()) {
            problems.add(new ValidationResult.Builder().subject(COLLECTION.getName()).input(collection).valid(false).explanation("A collection must specified for Solr Type of Cloud").build());
        }
    }
    // If a JAAS Client App Name is provided then the system property for the JAAS config file must be set,
    // and that config file must contain an entry for the name provided by the processor
    final String jaasAppName = context.getProperty(JAAS_CLIENT_APP_NAME).getValue();
    if (!StringUtils.isEmpty(jaasAppName)) {
        final String loginConf = System.getProperty(Krb5HttpClientConfigurer.LOGIN_CONFIG_PROP);
        if (StringUtils.isEmpty(loginConf)) {
            problems.add(new ValidationResult.Builder().subject(JAAS_CLIENT_APP_NAME.getDisplayName()).valid(false).explanation("the system property " + Krb5HttpClientConfigurer.LOGIN_CONFIG_PROP + " must be set when providing a JAAS Client App Name").build());
        } else {
            final Configuration config = javax.security.auth.login.Configuration.getConfiguration();
            if (config.getAppConfigurationEntry(jaasAppName) == null) {
                problems.add(new ValidationResult.Builder().subject(JAAS_CLIENT_APP_NAME.getDisplayName()).valid(false).explanation("'" + jaasAppName + "' does not exist in " + loginConf).build());
            }
        }
    }
    // we can validate if the url starts with https we need an SSLContextService, if it starts with http we can't have an SSLContextService
    if (SOLR_TYPE_STANDARD.equals(context.getProperty(SOLR_TYPE).getValue())) {
        final String solrLocation = context.getProperty(SOLR_LOCATION).evaluateAttributeExpressions().getValue();
        if (solrLocation != null) {
            final SSLContextService sslContextService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
            if (solrLocation.startsWith("https:") && sslContextService == null) {
                problems.add(new ValidationResult.Builder().subject(SSL_CONTEXT_SERVICE.getDisplayName()).valid(false).explanation("an SSLContextService must be provided when using https").build());
            } else if (solrLocation.startsWith("http:") && sslContextService != null) {
                problems.add(new ValidationResult.Builder().subject(SSL_CONTEXT_SERVICE.getDisplayName()).valid(false).explanation("an SSLContextService can not be provided when using http").build());
            }
        }
    }
    // Validate that we username and password are provided together, or that neither are provided
    final String username = context.getProperty(BASIC_USERNAME).evaluateAttributeExpressions().getValue();
    final String password = context.getProperty(BASIC_PASSWORD).evaluateAttributeExpressions().getValue();
    if (!StringUtils.isBlank(username) && StringUtils.isBlank(password)) {
        problems.add(new ValidationResult.Builder().subject(BASIC_PASSWORD.getDisplayName()).valid(false).explanation("a password must be provided for the given username").build());
    }
    if (!StringUtils.isBlank(password) && StringUtils.isBlank(username)) {
        problems.add(new ValidationResult.Builder().subject(BASIC_USERNAME.getDisplayName()).valid(false).explanation("a username must be provided for the given password").build());
    }
    Collection<ValidationResult> otherProblems = this.additionalCustomValidation(context);
    if (otherProblems != null) {
        problems.addAll(otherProblems);
    }
    return problems;
}

Also used : Configuration(javax.security.auth.login.Configuration) SSLContextService(org.apache.nifi.ssl.SSLContextService) ArrayList(java.util.ArrayList) ValidationResult(org.apache.nifi.components.ValidationResult)

Aggregations

Configuration (javax.security.auth.login.Configuration)100 AppConfigurationEntry (javax.security.auth.login.AppConfigurationEntry)47 LoginContext (javax.security.auth.login.LoginContext)30 HashMap (java.util.HashMap)27 Subject (javax.security.auth.Subject)22 Test (org.junit.Test)17 IOException (java.io.IOException)15 LoginException (javax.security.auth.login.LoginException)13 File (java.io.File)8 Principal (java.security.Principal)7 CallbackHandler (javax.security.auth.callback.CallbackHandler)7 URI (java.net.URI)6 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)6 ArrayList (java.util.ArrayList)6 Test (org.junit.jupiter.api.Test)5 URIParameter (java.security.URIParameter)4 Map (java.util.Map)4 Callback (javax.security.auth.callback.Callback)4 LoginModuleImpl (org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImpl)4 NoSuchProviderException (java.security.NoSuchProviderException)3