Example 1 with CallerPrincipal
use of javax.security.enterprise.CallerPrincipal in project tomee by apache.
the class RememberMeInterceptor method validateRequest.
private AuthenticationStatus validateRequest(final InvocationContext invocationContext) throws Exception {
final HttpMessageContext httpMessageContext = (HttpMessageContext) invocationContext.getParameters()[2];
final RememberMe rememberMe = TomEEELInvocationHandler.of(RememberMe.class, getRememberMe(), getElProcessor(invocationContext, httpMessageContext));
final Optional<Cookie> cookie = getCookie(httpMessageContext.getRequest(), rememberMe.cookieName());
if (cookie.isPresent() && !isEmpty(cookie.get().getValue())) {
final RememberMeCredential rememberMeCredential = new RememberMeCredential(cookie.get().getValue());
final CredentialValidationResult validate = rememberMeIdentityStore.get().validate(rememberMeCredential);
if (VALID.equals(validate.getStatus())) {
return httpMessageContext.notifyContainerAboutLogin(validate);
} else {
cookie.get().setMaxAge(0);
httpMessageContext.getResponse().addCookie(cookie.get());
}
}
final AuthenticationStatus status = (AuthenticationStatus) invocationContext.proceed();
if (SUCCESS.equals(status) && httpMessageContext.getCallerPrincipal() != null) {
if (rememberMe.isRememberMe()) {
final CallerPrincipal principal = new CallerPrincipal(httpMessageContext.getCallerPrincipal().getName());
final Set<String> groups = httpMessageContext.getGroups();
final String loginToken = rememberMeIdentityStore.get().generateLoginToken(principal, groups);
final Cookie rememberMeCookie = new Cookie(rememberMe.cookieName(), loginToken);
rememberMeCookie.setPath(isEmpty(httpMessageContext.getRequest().getContextPath()) ? "/" : httpMessageContext.getRequest().getContextPath());
rememberMeCookie.setMaxAge(rememberMe.cookieMaxAgeSeconds());
rememberMeCookie.setHttpOnly(rememberMe.cookieHttpOnly());
rememberMeCookie.setSecure(rememberMe.cookieSecureOnly());
httpMessageContext.getResponse().addCookie(rememberMeCookie);
}
}
return status;
}
Also used :
Cookie(javax.servlet.http.Cookie)
AuthenticationStatus(javax.security.enterprise.AuthenticationStatus)
CredentialValidationResult(javax.security.enterprise.identitystore.CredentialValidationResult)
RememberMe(javax.security.enterprise.authentication.mechanism.http.RememberMe)
HttpMessageContext(javax.security.enterprise.authentication.mechanism.http.HttpMessageContext)
CallerPrincipal(javax.security.enterprise.CallerPrincipal)
RememberMeCredential(javax.security.enterprise.credential.RememberMeCredential)
Example 2 with CallerPrincipal
use of javax.security.enterprise.CallerPrincipal in project tomee by apache.
the class TomEEHttpMessageContext method doNothing.
@Override
public AuthenticationStatus doNothing() {
this.principal = null;
this.groups = null;
try {
handler.handle(new Callback[] { new CallerPrincipalCallback(clientSubject, (String) null), new GroupPrincipalCallback(clientSubject, null) });
} catch (final IOException | UnsupportedCallbackException e) {
e.printStackTrace();
}
TomEESecurityContext.registerContainerAboutLogin(new CallerPrincipal(null), null);
return NOT_DONE;
}
Also used :
CallerPrincipalCallback(javax.security.auth.message.callback.CallerPrincipalCallback)
GroupPrincipalCallback(javax.security.auth.message.callback.GroupPrincipalCallback)
IOException(java.io.IOException)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
CallerPrincipal(javax.security.enterprise.CallerPrincipal)
Example 3 with CallerPrincipal
use of javax.security.enterprise.CallerPrincipal in project Payara by payara.
the class RealmIdentityStore method validate.
protected CredentialValidationResult validate(UsernamePasswordCredential credential, String realmName) {
try {
Subject subject = login(credential, realmName);
Set<String> groups = subject.getPrincipals(Group.class).stream().map(g -> g.getName()).collect(toSet());
if (!groups.isEmpty()) {
return new CredentialValidationResult(new CallerPrincipal(credential.getCaller()), groups);
}
} catch (LoginException ex) {
return INVALID_RESULT;
}
return INVALID_RESULT;
}
Also used :
RealmIdentityStoreDefinition(fish.payara.security.annotations.RealmIdentityStoreDefinition)
RealmIdentityStoreConfiguration(fish.payara.security.realm.config.RealmIdentityStoreConfiguration)
NOT_VALIDATED_RESULT(javax.security.enterprise.identitystore.CredentialValidationResult.NOT_VALIDATED_RESULT)
PasswordCredential(com.sun.enterprise.security.auth.login.common.PasswordCredential)
LoginException(com.sun.enterprise.security.auth.login.common.LoginException)
Set(java.util.Set)
Typed(javax.enterprise.inject.Typed)
IdentityStore(javax.security.enterprise.identitystore.IdentityStore)
Group(org.glassfish.security.common.Group)
CallerPrincipal(javax.security.enterprise.CallerPrincipal)
AppservAccessController.privileged(com.sun.enterprise.security.common.AppservAccessController.privileged)
Subject(javax.security.auth.Subject)
CredentialValidationResult(javax.security.enterprise.identitystore.CredentialValidationResult)
INVALID_RESULT(javax.security.enterprise.identitystore.CredentialValidationResult.INVALID_RESULT)
Credential(javax.security.enterprise.credential.Credential)
WebAndEjbToJaasBridge(com.sun.enterprise.security.auth.WebAndEjbToJaasBridge)
LoginContextDriver.getValidRealm(com.sun.enterprise.security.auth.login.LoginContextDriver.getValidRealm)
UsernamePasswordCredential(javax.security.enterprise.credential.UsernamePasswordCredential)
CertificateCredential(fish.payara.security.api.CertificateCredential)
Collectors.toSet(java.util.stream.Collectors.toSet)
Group(org.glassfish.security.common.Group)
CredentialValidationResult(javax.security.enterprise.identitystore.CredentialValidationResult)
LoginException(com.sun.enterprise.security.auth.login.common.LoginException)
CallerPrincipal(javax.security.enterprise.CallerPrincipal)
Subject(javax.security.auth.Subject)
Example 4 with CallerPrincipal
use of javax.security.enterprise.CallerPrincipal in project Payara by payara.
the class JaccWebAuthorizationManager method checkPermissionForModifiedPrincipalSet.
/* If the principal set contains CallerPrincipal, replace it with PrincipalImpl.
This is because CallerPrincipal isn't equal to PrincipalImpl and doesn't imply it.
CallerPrincipal doesn't even implement equals method, so 2 CallerPrincipals with the same name are not equal.
Because CallerPrincipal is from Jakarta EE, we can't change it.
*/
private boolean checkPermissionForModifiedPrincipalSet(Set<Principal> principalSetFromSecurityContext, boolean isGranted, WebRoleRefPermission requestedPermission) {
boolean principalSetContainsCallerPrincipal = false;
Set<Principal> modifiedPrincipalSet = new HashSet<Principal>(principalSetFromSecurityContext.size());
for (Principal p : principalSetFromSecurityContext) {
if (p instanceof CallerPrincipal) {
principalSetContainsCallerPrincipal = true;
modifiedPrincipalSet.add(new PrincipalImpl(p.getName()));
} else {
modifiedPrincipalSet.add(p);
}
}
if (principalSetContainsCallerPrincipal) {
isGranted = checkPermission(requestedPermission, modifiedPrincipalSet);
}
return isGranted;
}
Also used :
CallerPrincipal(javax.security.enterprise.CallerPrincipal)
WebPrincipal(com.sun.enterprise.security.web.integration.WebPrincipal)
CallerPrincipal(javax.security.enterprise.CallerPrincipal)
Principal(java.security.Principal)
PrincipalImpl(org.glassfish.security.common.PrincipalImpl)
HashSet(java.util.HashSet)
Aggregations
CallerPrincipal (javax.security.enterprise.CallerPrincipal)4
CredentialValidationResult (javax.security.enterprise.identitystore.CredentialValidationResult)2
WebAndEjbToJaasBridge (com.sun.enterprise.security.auth.WebAndEjbToJaasBridge)1
LoginContextDriver.getValidRealm (com.sun.enterprise.security.auth.login.LoginContextDriver.getValidRealm)1
LoginException (com.sun.enterprise.security.auth.login.common.LoginException)1
PasswordCredential (com.sun.enterprise.security.auth.login.common.PasswordCredential)1
AppservAccessController.privileged (com.sun.enterprise.security.common.AppservAccessController.privileged)1
WebPrincipal (com.sun.enterprise.security.web.integration.WebPrincipal)1
RealmIdentityStoreDefinition (fish.payara.security.annotations.RealmIdentityStoreDefinition)1
CertificateCredential (fish.payara.security.api.CertificateCredential)1
RealmIdentityStoreConfiguration (fish.payara.security.realm.config.RealmIdentityStoreConfiguration)1
IOException (java.io.IOException)1
Principal (java.security.Principal)1
HashSet (java.util.HashSet)1
Set (java.util.Set)1
Collectors.toSet (java.util.stream.Collectors.toSet)1
Typed (javax.enterprise.inject.Typed)1
Subject (javax.security.auth.Subject)1
UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)1
CallerPrincipalCallback (javax.security.auth.message.callback.CallerPrincipalCallback)1
