Search in sources :

Example 1 with RolePrincipal

use of org.apache.activemq.artemis.spi.core.security.jaas.RolePrincipal in project activemq-artemis by apache.

the class ActiveMQJAASSecurityManager method validateUserAndRole.

@Override
public String validateUserAndRole(final String user, final String password, final Set<Role> roles, final CheckType checkType, final String address, final RemotingConnection remotingConnection) {
    Subject localSubject;
    try {
        localSubject = getAuthenticatedSubject(user, password, remotingConnection);
    } catch (LoginException e) {
        if (logger.isDebugEnabled()) {
            logger.debug("Couldn't validate user", e);
        }
        return null;
    }
    boolean authorized = false;
    if (localSubject != null) {
        Set<RolePrincipal> rolesWithPermission = getPrincipalsInRole(checkType, roles);
        // Check the caller's roles
        Set<Principal> rolesForSubject = new HashSet<>();
        try {
            rolesForSubject.addAll(localSubject.getPrincipals(Class.forName(rolePrincipalClass).asSubclass(Principal.class)));
        } catch (Exception e) {
            ActiveMQServerLogger.LOGGER.failedToFindRolesForTheSubject(e);
        }
        if (rolesForSubject.size() > 0 && rolesWithPermission.size() > 0) {
            Iterator<Principal> rolesForSubjectIter = rolesForSubject.iterator();
            while (!authorized && rolesForSubjectIter.hasNext()) {
                Iterator<RolePrincipal> rolesWithPermissionIter = rolesWithPermission.iterator();
                Principal subjectRole = rolesForSubjectIter.next();
                while (!authorized && rolesWithPermissionIter.hasNext()) {
                    Principal roleWithPermission = rolesWithPermissionIter.next();
                    authorized = subjectRole.equals(roleWithPermission);
                }
            }
        }
        if (logger.isTraceEnabled()) {
            logger.trace("user " + (authorized ? " is " : " is NOT ") + "authorized");
        }
    }
    if (authorized) {
        return getUserFromSubject(localSubject);
    } else {
        return null;
    }
}
Also used : LoginException(javax.security.auth.login.LoginException) RolePrincipal(org.apache.activemq.artemis.spi.core.security.jaas.RolePrincipal) Subject(javax.security.auth.Subject) RolePrincipal(org.apache.activemq.artemis.spi.core.security.jaas.RolePrincipal) UserPrincipal(org.apache.activemq.artemis.spi.core.security.jaas.UserPrincipal) Principal(java.security.Principal) LoginException(javax.security.auth.login.LoginException) HashSet(java.util.HashSet)

Example 2 with RolePrincipal

use of org.apache.activemq.artemis.spi.core.security.jaas.RolePrincipal in project activemq-artemis by apache.

the class CertificateLoginModuleTest method checkPrincipalsMatch.

private void checkPrincipalsMatch(Subject subject) {
    boolean nameFound = false;
    boolean[] rolesFound = new boolean[ROLE_NAMES.size()];
    for (int i = 0; i < rolesFound.length; ++i) {
        rolesFound[i] = false;
    }
    for (Principal currentPrincipal : subject.getPrincipals()) {
        if (currentPrincipal instanceof UserPrincipal) {
            if (currentPrincipal.getName().equals(USER_NAME)) {
                if (!nameFound) {
                    nameFound = true;
                } else {
                    fail("UserPrincipal found twice.");
                }
            } else {
                fail("Unknown UserPrincipal found.");
            }
        } else if (currentPrincipal instanceof RolePrincipal) {
            int principalIdx = ROLE_NAMES.indexOf(((RolePrincipal) currentPrincipal).getName());
            if (principalIdx < 0) {
                fail("Unknown RolePrincipal found.");
            }
            if (!rolesFound[principalIdx]) {
                rolesFound[principalIdx] = true;
            } else {
                fail("RolePrincipal found twice.");
            }
        } else {
            fail("Unknown Principal type found.");
        }
    }
}
Also used : RolePrincipal(org.apache.activemq.artemis.spi.core.security.jaas.RolePrincipal) RolePrincipal(org.apache.activemq.artemis.spi.core.security.jaas.RolePrincipal) UserPrincipal(org.apache.activemq.artemis.spi.core.security.jaas.UserPrincipal) Principal(java.security.Principal) UserPrincipal(org.apache.activemq.artemis.spi.core.security.jaas.UserPrincipal)

Example 3 with RolePrincipal

use of org.apache.activemq.artemis.spi.core.security.jaas.RolePrincipal in project activemq-artemis by apache.

the class RolePrincipalTest method testArguments.

@Test
public void testArguments() {
    RolePrincipal principal = new RolePrincipal("FOO");
    assertEquals("FOO", principal.getName());
    try {
        new RolePrincipal(null);
        fail("Should have thrown IllegalArgumentException");
    } catch (IllegalArgumentException ingore) {
    }
}
Also used : RolePrincipal(org.apache.activemq.artemis.spi.core.security.jaas.RolePrincipal) Test(org.junit.Test)

Example 4 with RolePrincipal

use of org.apache.activemq.artemis.spi.core.security.jaas.RolePrincipal in project activemq-artemis by apache.

the class RolePrincipalTest method testHash.

@Test
public void testHash() {
    RolePrincipal p1 = new RolePrincipal("FOO");
    RolePrincipal p2 = new RolePrincipal("FOO");
    assertEquals(p1.hashCode(), p1.hashCode());
    assertEquals(p1.hashCode(), p2.hashCode());
}
Also used : RolePrincipal(org.apache.activemq.artemis.spi.core.security.jaas.RolePrincipal) Test(org.junit.Test)

Example 5 with RolePrincipal

use of org.apache.activemq.artemis.spi.core.security.jaas.RolePrincipal in project activemq-artemis by apache.

the class GuestLoginModuleTest method testLoginWithDefaults.

@Test
public void testLoginWithDefaults() throws LoginException {
    LoginContext context = new LoginContext("GuestLoginWithDefaults", new CallbackHandler() {

        @Override
        public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
            assertEquals("Should have no Callbacks", 0, callbacks.length);
        }
    });
    context.login();
    Subject subject = context.getSubject();
    assertEquals("Should have two principals", 2, subject.getPrincipals().size());
    assertEquals("Should have one user principal", 1, subject.getPrincipals(UserPrincipal.class).size());
    assertTrue("User principal is 'guest'", subject.getPrincipals(UserPrincipal.class).contains(new UserPrincipal("guest")));
    assertEquals("Should have one group principal", 1, subject.getPrincipals(RolePrincipal.class).size());
    assertTrue("Role principal is 'guests'", subject.getPrincipals(RolePrincipal.class).contains(new RolePrincipal("guests")));
    context.logout();
    assertEquals("Should have zero principals", 0, subject.getPrincipals().size());
}
Also used : CallbackHandler(javax.security.auth.callback.CallbackHandler) LoginContext(javax.security.auth.login.LoginContext) Callback(javax.security.auth.callback.Callback) IOException(java.io.IOException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) RolePrincipal(org.apache.activemq.artemis.spi.core.security.jaas.RolePrincipal) Subject(javax.security.auth.Subject) UserPrincipal(org.apache.activemq.artemis.spi.core.security.jaas.UserPrincipal) Test(org.junit.Test)

Aggregations

RolePrincipal (org.apache.activemq.artemis.spi.core.security.jaas.RolePrincipal)9 Test (org.junit.Test)6 IOException (java.io.IOException)4 Subject (javax.security.auth.Subject)4 Callback (javax.security.auth.callback.Callback)4 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)4 UserPrincipal (org.apache.activemq.artemis.spi.core.security.jaas.UserPrincipal)4 Principal (java.security.Principal)3 CallbackHandler (javax.security.auth.callback.CallbackHandler)3 LoginContext (javax.security.auth.login.LoginContext)3 NameCallback (javax.security.auth.callback.NameCallback)2 PasswordCallback (javax.security.auth.callback.PasswordCallback)2 LoginException (javax.security.auth.login.LoginException)2 HashSet (java.util.HashSet)1 FailedLoginException (javax.security.auth.login.FailedLoginException)1