use of javax.security.auth.message.callback.CallerPrincipalCallback in project tomee by apache.
the class TheServerAuthModule method validateRequest.
@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
Callback[] callbacks;
if (request.getParameter("doLogin") != null) {
callbacks = new Callback[] { new CallerPrincipalCallback(clientSubject, "test"), new GroupPrincipalCallback(clientSubject, new String[] { "architect" }) };
} else {
callbacks = new Callback[] { new CallerPrincipalCallback(clientSubject, (Principal) null) };
}
try {
handler.handle(callbacks);
} catch (IOException | UnsupportedCallbackException e) {
throw (AuthException) new AuthException().initCause(e);
}
cdi(messageInfo, "vr");
return SUCCESS;
}
use of javax.security.auth.message.callback.CallerPrincipalCallback in project tomee by apache.
the class ConnectorCallbackHandler method handle.
public void handle(final Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (final Callback callback : callbacks) {
// jaspi to server communication
if (callback instanceof CallerPrincipalCallback) {
callerPrincipal = ((CallerPrincipalCallback) callback).getPrincipal();
} else if (callback instanceof GroupPrincipalCallback) {
groupsArray = ((GroupPrincipalCallback) callback).getGroups();
} else if (callback instanceof PasswordValidationCallback) {
final PasswordValidationCallback passwordValidationCallback = (PasswordValidationCallback) callback;
final String userName = passwordValidationCallback.getUsername();
final char[] password = passwordValidationCallback.getPassword();
final SecurityService securityService = SystemInstance.get().getComponent(SecurityService.class);
try {
final Object loginObj = securityService.login(securityRealmName, userName, password == null ? "" : new String(password));
securityService.associate(loginObj);
callerPrincipal = securityService.getCallerPrincipal();
passwordValidationCallback.setResult(true);
} catch (final LoginException e) {
passwordValidationCallback.setResult(false);
}
} else // server to jaspi communication
if (callback instanceof CertStoreCallback) {
// NOPMD
// TODO implement me
} else if (callback instanceof PrivateKeyCallback) {
// NOPMD
// TODO implement me
} else if (callback instanceof SecretKeyCallback) {
// NOPMD
// TODO implement me
} else if (callback instanceof TrustStoreCallback) {
// NOPMD
// TODO implement me
} else {
throw new UnsupportedCallbackException(callback);
}
}
}
use of javax.security.auth.message.callback.CallerPrincipalCallback in project tomee by apache.
the class CallbackHandlerImpl method handle.
@Override
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
String name = null;
Principal principal = null;
Subject subject = null;
String[] groups = null;
if (callbacks != null) {
// Process the callbacks
for (Callback callback : callbacks) {
if (callback instanceof CallerPrincipalCallback) {
CallerPrincipalCallback cpc = (CallerPrincipalCallback) callback;
name = cpc.getName();
principal = cpc.getPrincipal();
subject = cpc.getSubject();
} else if (callback instanceof GroupPrincipalCallback) {
GroupPrincipalCallback gpc = (GroupPrincipalCallback) callback;
groups = gpc.getGroups();
} else if (callback instanceof PasswordValidationCallback) {
if (container == null) {
log.warn(sm.getString("callbackHandlerImpl.containerMissing", callback.getClass().getName()));
} else if (container.getRealm() == null) {
log.warn(sm.getString("callbackHandlerImpl.realmMissing", callback.getClass().getName(), container.getName()));
} else {
PasswordValidationCallback pvc = (PasswordValidationCallback) callback;
principal = container.getRealm().authenticate(pvc.getUsername(), String.valueOf(pvc.getPassword()));
pvc.setResult(principal != null);
subject = pvc.getSubject();
}
} else {
log.error(sm.getString("callbackHandlerImpl.jaspicCallbackMissing", callback.getClass().getName()));
}
}
// Create the GenericPrincipal
Principal gp = getPrincipal(principal, name, groups);
if (subject != null && gp != null) {
// merge if needed
String mergeName = gp.getName();
List<String> mergeRoles = new ArrayList<>(Arrays.asList(((GenericPrincipal) gp).getRoles()));
Principal mergePrincipal = ((GenericPrincipal) gp).getUserPrincipal();
for (Object oPrincipal : subject.getPrivateCredentials()) {
if (!(oPrincipal instanceof GenericPrincipal)) {
continue;
}
final GenericPrincipal privateCredential = (GenericPrincipal) oPrincipal;
if (mergeName != null && mergeName.equals(privateCredential.getName())) {
mergeRoles.addAll(Arrays.asList(privateCredential.getRoles()));
subject.getPrivateCredentials().remove(oPrincipal);
}
}
subject.getPrivateCredentials().add(new GenericPrincipal(mergeName, null, mergeRoles, mergePrincipal));
// may come from CallerPrincipalCallback and we need to being to get it from the Subject
if (principal != null) {
subject.getPrincipals().add(principal);
}
}
}
}
use of javax.security.auth.message.callback.CallerPrincipalCallback in project tomee by apache.
the class AutoApplySessionInterceptor method validateRequest.
private AuthenticationStatus validateRequest(final InvocationContext invocationContext) throws Exception {
final HttpMessageContext httpMessageContext = (HttpMessageContext) invocationContext.getParameters()[2];
final Principal principal = httpMessageContext.getRequest().getUserPrincipal();
if (principal == null) {
final Object authenticationStatus = invocationContext.proceed();
if (AuthenticationStatus.SUCCESS.equals(authenticationStatus)) {
httpMessageContext.getMessageInfo().getMap().put("javax.servlet.http.registerSession", "true");
}
return (AuthenticationStatus) authenticationStatus;
} else {
final CallerPrincipalCallback callerPrincipalCallback = new CallerPrincipalCallback(httpMessageContext.getClientSubject(), principal);
httpMessageContext.getHandler().handle(new Callback[] { callerPrincipalCallback });
return AuthenticationStatus.SUCCESS;
}
}
use of javax.security.auth.message.callback.CallerPrincipalCallback in project tomee by apache.
the class TomEEHttpMessageContext method doNothing.
@Override
public AuthenticationStatus doNothing() {
this.principal = null;
this.groups = null;
try {
handler.handle(new Callback[] { new CallerPrincipalCallback(clientSubject, (String) null), new GroupPrincipalCallback(clientSubject, null) });
} catch (final IOException | UnsupportedCallbackException e) {
e.printStackTrace();
}
TomEESecurityContext.registerContainerAboutLogin(new CallerPrincipal(null), null);
return NOT_DONE;
}
Aggregations