use of javax.security.auth.spi.LoginModule in project mssql-jdbc by Microsoft.
the class ConstrainedSample method doInitialLogin.
/**
* Authenticate the intermediate server that is going to impersonate the client
*
* @return a subject for the intermediate server with the keytab credentials
* @throws PrivilegedActionException in case of failure
*/
private static Subject doInitialLogin() throws PrivilegedActionException {
serviceSubject = new Subject();
LoginModule krb5Module;
try {
krb5Module = (LoginModule) Class.forName("com.sun.security.auth.module.Krb5LoginModule").getConstructor().newInstance();
} catch (Exception e) {
System.out.print("Error loading Krb5LoginModule module: " + e);
throw new PrivilegedActionException(e);
}
System.setProperty("sun.security.krb5.debug", String.valueOf(true));
Map<String, String> options = new HashMap<>();
options.put("useKeyTab", "true");
options.put("storeKey", "true");
options.put("doNotPrompt", "true");
options.put("keyTab", KEYTAB_ROUTE);
options.put("principal", SERVICE_PRINCIPAL);
options.put("debug", "true");
options.put("isInitiator", "true");
Map<String, String> sharedState = new HashMap<>(0);
krb5Module.initialize(serviceSubject, null, sharedState, options);
try {
krb5Module.login();
krb5Module.commit();
} catch (LoginException e) {
System.out.print("Error authenticating with Kerberos: " + e);
try {
krb5Module.abort();
} catch (LoginException e1) {
System.out.print("Error aborting Kerberos authentication: " + e1);
throw new PrivilegedActionException(e);
}
throw new PrivilegedActionException(e);
}
return serviceSubject;
}
use of javax.security.auth.spi.LoginModule in project tomee by apache.
the class CDILoginModule method initialize.
@Override
public void initialize(final Subject subject, final CallbackHandler callbackHandler, final Map<String, ?> sharedState, final Map<String, ?> options) {
final WebBeansContext webBeansContext = WebBeansContext.currentInstance();
final BeanManagerImpl bm = webBeansContext.getBeanManagerImpl();
if (!bm.isInUse()) {
throw new OpenEJBRuntimeException("CDI not activated");
}
String delegate = String.valueOf(options.get("delegate"));
if ("null".equals(delegate)) {
final String app = findAppName(webBeansContext);
delegate = String.valueOf(options.get(app));
if ("null".equals(delegate)) {
throw new OpenEJBRuntimeException("Please specify a delegate class");
}
}
final Class<?> clazz;
try {
clazz = Thread.currentThread().getContextClassLoader().loadClass(delegate);
} catch (final ClassNotFoundException e) {
throw new OpenEJBRuntimeException(e.getMessage(), e);
}
cc = bm.createCreationalContext(null);
final String cdiName = String.valueOf(options.get("cdiName"));
if ("true".equals(String.valueOf(options.get("loginModuleAsCdiBean")))) {
final Set<Bean<?>> beans;
if ("null".equals(cdiName)) {
beans = bm.getBeans(clazz);
} else {
beans = bm.getBeans(cdiName);
}
loginModule = LoginModule.class.cast(bm.getReference(bm.resolve(beans), clazz, cc));
} else {
try {
loginModule = LoginModule.class.cast(clazz.newInstance());
OWBInjector.inject(bm, loginModule, cc);
} catch (final Exception e) {
throw new OpenEJBRuntimeException("Can't inject into delegate class " + loginModule, e);
}
}
loginModule.initialize(subject, callbackHandler, sharedState, options);
}
use of javax.security.auth.spi.LoginModule in project karaf by apache.
the class KarafMBeanServerGuardTest method loginWithTestRoles.
private Subject loginWithTestRoles(String... roles) throws LoginException {
Subject subject = new Subject();
LoginModule lm = new TestLoginModule(roles);
lm.initialize(subject, null, null, null);
lm.login();
lm.commit();
return subject;
}
use of javax.security.auth.spi.LoginModule in project karaf by apache.
the class KarafMBeanServerGuardTest method testCurrentUserHasCustomRole.
public void testCurrentUserHasCustomRole() throws Exception {
Subject subject = new Subject();
LoginModule lm = new TestLoginModule(new TestRolePrincipal("foo"));
lm.initialize(subject, null, null, null);
lm.login();
lm.commit();
Subject.doAs(subject, (PrivilegedAction<Void>) () -> {
assertTrue(JaasHelper.currentUserHasRole(TestRolePrincipal.class.getCanonicalName() + ":foo"));
assertFalse(JaasHelper.currentUserHasRole("foo"));
return null;
});
}
Aggregations