Search in sources :

Example 1 with CallerPrincipal

use of javax.security.enterprise.CallerPrincipal in project tomee by apache.

the class RememberMeInterceptor method validateRequest.

private AuthenticationStatus validateRequest(final InvocationContext invocationContext) throws Exception {
    final HttpMessageContext httpMessageContext = (HttpMessageContext) invocationContext.getParameters()[2];
    final RememberMe rememberMe = TomEEELInvocationHandler.of(RememberMe.class, getRememberMe(), getElProcessor(invocationContext, httpMessageContext));
    final Optional<Cookie> cookie = getCookie(httpMessageContext.getRequest(), rememberMe.cookieName());
    if (cookie.isPresent() && !isEmpty(cookie.get().getValue())) {
        final RememberMeCredential rememberMeCredential = new RememberMeCredential(cookie.get().getValue());
        final CredentialValidationResult validate = rememberMeIdentityStore.get().validate(rememberMeCredential);
        if (VALID.equals(validate.getStatus())) {
            return httpMessageContext.notifyContainerAboutLogin(validate);
        } else {
            cookie.get().setMaxAge(0);
            httpMessageContext.getResponse().addCookie(cookie.get());
        }
    }
    final AuthenticationStatus status = (AuthenticationStatus) invocationContext.proceed();
    if (SUCCESS.equals(status) && httpMessageContext.getCallerPrincipal() != null) {
        if (rememberMe.isRememberMe()) {
            final CallerPrincipal principal = new CallerPrincipal(httpMessageContext.getCallerPrincipal().getName());
            final Set<String> groups = httpMessageContext.getGroups();
            final String loginToken = rememberMeIdentityStore.get().generateLoginToken(principal, groups);
            final Cookie rememberMeCookie = new Cookie(rememberMe.cookieName(), loginToken);
            rememberMeCookie.setPath(isEmpty(httpMessageContext.getRequest().getContextPath()) ? "/" : httpMessageContext.getRequest().getContextPath());
            rememberMeCookie.setMaxAge(rememberMe.cookieMaxAgeSeconds());
            rememberMeCookie.setHttpOnly(rememberMe.cookieHttpOnly());
            rememberMeCookie.setSecure(rememberMe.cookieSecureOnly());
            httpMessageContext.getResponse().addCookie(rememberMeCookie);
        }
    }
    return status;
}
Also used : Cookie(javax.servlet.http.Cookie) AuthenticationStatus(javax.security.enterprise.AuthenticationStatus) CredentialValidationResult(javax.security.enterprise.identitystore.CredentialValidationResult) RememberMe(javax.security.enterprise.authentication.mechanism.http.RememberMe) HttpMessageContext(javax.security.enterprise.authentication.mechanism.http.HttpMessageContext) CallerPrincipal(javax.security.enterprise.CallerPrincipal) RememberMeCredential(javax.security.enterprise.credential.RememberMeCredential)

Example 2 with CallerPrincipal

use of javax.security.enterprise.CallerPrincipal in project tomee by apache.

the class TomEEHttpMessageContext method doNothing.

@Override
public AuthenticationStatus doNothing() {
    this.principal = null;
    this.groups = null;
    try {
        handler.handle(new Callback[] { new CallerPrincipalCallback(clientSubject, (String) null), new GroupPrincipalCallback(clientSubject, null) });
    } catch (final IOException | UnsupportedCallbackException e) {
        e.printStackTrace();
    }
    TomEESecurityContext.registerContainerAboutLogin(new CallerPrincipal(null), null);
    return NOT_DONE;
}
Also used : CallerPrincipalCallback(javax.security.auth.message.callback.CallerPrincipalCallback) GroupPrincipalCallback(javax.security.auth.message.callback.GroupPrincipalCallback) IOException(java.io.IOException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) CallerPrincipal(javax.security.enterprise.CallerPrincipal)

Example 3 with CallerPrincipal

use of javax.security.enterprise.CallerPrincipal in project Payara by payara.

the class RealmIdentityStore method validate.

protected CredentialValidationResult validate(UsernamePasswordCredential credential, String realmName) {
    try {
        Subject subject = login(credential, realmName);
        Set<String> groups = subject.getPrincipals(Group.class).stream().map(g -> g.getName()).collect(toSet());
        if (!groups.isEmpty()) {
            return new CredentialValidationResult(new CallerPrincipal(credential.getCaller()), groups);
        }
    } catch (LoginException ex) {
        return INVALID_RESULT;
    }
    return INVALID_RESULT;
}
Also used : RealmIdentityStoreDefinition(fish.payara.security.annotations.RealmIdentityStoreDefinition) RealmIdentityStoreConfiguration(fish.payara.security.realm.config.RealmIdentityStoreConfiguration) NOT_VALIDATED_RESULT(javax.security.enterprise.identitystore.CredentialValidationResult.NOT_VALIDATED_RESULT) PasswordCredential(com.sun.enterprise.security.auth.login.common.PasswordCredential) LoginException(com.sun.enterprise.security.auth.login.common.LoginException) Set(java.util.Set) Typed(javax.enterprise.inject.Typed) IdentityStore(javax.security.enterprise.identitystore.IdentityStore) Group(org.glassfish.security.common.Group) CallerPrincipal(javax.security.enterprise.CallerPrincipal) AppservAccessController.privileged(com.sun.enterprise.security.common.AppservAccessController.privileged) Subject(javax.security.auth.Subject) CredentialValidationResult(javax.security.enterprise.identitystore.CredentialValidationResult) INVALID_RESULT(javax.security.enterprise.identitystore.CredentialValidationResult.INVALID_RESULT) Credential(javax.security.enterprise.credential.Credential) WebAndEjbToJaasBridge(com.sun.enterprise.security.auth.WebAndEjbToJaasBridge) LoginContextDriver.getValidRealm(com.sun.enterprise.security.auth.login.LoginContextDriver.getValidRealm) UsernamePasswordCredential(javax.security.enterprise.credential.UsernamePasswordCredential) CertificateCredential(fish.payara.security.api.CertificateCredential) Collectors.toSet(java.util.stream.Collectors.toSet) Group(org.glassfish.security.common.Group) CredentialValidationResult(javax.security.enterprise.identitystore.CredentialValidationResult) LoginException(com.sun.enterprise.security.auth.login.common.LoginException) CallerPrincipal(javax.security.enterprise.CallerPrincipal) Subject(javax.security.auth.Subject)

Example 4 with CallerPrincipal

use of javax.security.enterprise.CallerPrincipal in project Payara by payara.

the class JaccWebAuthorizationManager method checkPermissionForModifiedPrincipalSet.

/* If the principal set contains CallerPrincipal, replace it with PrincipalImpl. 
       This is because CallerPrincipal isn't equal to PrincipalImpl and doesn't imply it.
       CallerPrincipal doesn't even implement equals method, so 2 CallerPrincipals with the same name are not equal. 
       Because CallerPrincipal is from Jakarta EE, we can't change it.
    */
private boolean checkPermissionForModifiedPrincipalSet(Set<Principal> principalSetFromSecurityContext, boolean isGranted, WebRoleRefPermission requestedPermission) {
    boolean principalSetContainsCallerPrincipal = false;
    Set<Principal> modifiedPrincipalSet = new HashSet<Principal>(principalSetFromSecurityContext.size());
    for (Principal p : principalSetFromSecurityContext) {
        if (p instanceof CallerPrincipal) {
            principalSetContainsCallerPrincipal = true;
            modifiedPrincipalSet.add(new PrincipalImpl(p.getName()));
        } else {
            modifiedPrincipalSet.add(p);
        }
    }
    if (principalSetContainsCallerPrincipal) {
        isGranted = checkPermission(requestedPermission, modifiedPrincipalSet);
    }
    return isGranted;
}
Also used : CallerPrincipal(javax.security.enterprise.CallerPrincipal) WebPrincipal(com.sun.enterprise.security.web.integration.WebPrincipal) CallerPrincipal(javax.security.enterprise.CallerPrincipal) Principal(java.security.Principal) PrincipalImpl(org.glassfish.security.common.PrincipalImpl) HashSet(java.util.HashSet)

Aggregations

CallerPrincipal (javax.security.enterprise.CallerPrincipal)4 CredentialValidationResult (javax.security.enterprise.identitystore.CredentialValidationResult)2 WebAndEjbToJaasBridge (com.sun.enterprise.security.auth.WebAndEjbToJaasBridge)1 LoginContextDriver.getValidRealm (com.sun.enterprise.security.auth.login.LoginContextDriver.getValidRealm)1 LoginException (com.sun.enterprise.security.auth.login.common.LoginException)1 PasswordCredential (com.sun.enterprise.security.auth.login.common.PasswordCredential)1 AppservAccessController.privileged (com.sun.enterprise.security.common.AppservAccessController.privileged)1 WebPrincipal (com.sun.enterprise.security.web.integration.WebPrincipal)1 RealmIdentityStoreDefinition (fish.payara.security.annotations.RealmIdentityStoreDefinition)1 CertificateCredential (fish.payara.security.api.CertificateCredential)1 RealmIdentityStoreConfiguration (fish.payara.security.realm.config.RealmIdentityStoreConfiguration)1 IOException (java.io.IOException)1 Principal (java.security.Principal)1 HashSet (java.util.HashSet)1 Set (java.util.Set)1 Collectors.toSet (java.util.stream.Collectors.toSet)1 Typed (javax.enterprise.inject.Typed)1 Subject (javax.security.auth.Subject)1 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)1 CallerPrincipalCallback (javax.security.auth.message.callback.CallerPrincipalCallback)1