use of org.apache.activemq.artemis.spi.core.security.jaas.RolePrincipal in project activemq-artemis by apache.
the class ActiveMQJAASSecurityManager method validateUserAndRole.
@Override
public String validateUserAndRole(final String user, final String password, final Set<Role> roles, final CheckType checkType, final String address, final RemotingConnection remotingConnection) {
Subject localSubject;
try {
localSubject = getAuthenticatedSubject(user, password, remotingConnection);
} catch (LoginException e) {
if (logger.isDebugEnabled()) {
logger.debug("Couldn't validate user", e);
}
return null;
}
boolean authorized = false;
if (localSubject != null) {
Set<RolePrincipal> rolesWithPermission = getPrincipalsInRole(checkType, roles);
// Check the caller's roles
Set<Principal> rolesForSubject = new HashSet<>();
try {
rolesForSubject.addAll(localSubject.getPrincipals(Class.forName(rolePrincipalClass).asSubclass(Principal.class)));
} catch (Exception e) {
ActiveMQServerLogger.LOGGER.failedToFindRolesForTheSubject(e);
}
if (rolesForSubject.size() > 0 && rolesWithPermission.size() > 0) {
Iterator<Principal> rolesForSubjectIter = rolesForSubject.iterator();
while (!authorized && rolesForSubjectIter.hasNext()) {
Iterator<RolePrincipal> rolesWithPermissionIter = rolesWithPermission.iterator();
Principal subjectRole = rolesForSubjectIter.next();
while (!authorized && rolesWithPermissionIter.hasNext()) {
Principal roleWithPermission = rolesWithPermissionIter.next();
authorized = subjectRole.equals(roleWithPermission);
}
}
}
if (logger.isTraceEnabled()) {
logger.trace("user " + (authorized ? " is " : " is NOT ") + "authorized");
}
}
if (authorized) {
return getUserFromSubject(localSubject);
} else {
return null;
}
}
use of org.apache.activemq.artemis.spi.core.security.jaas.RolePrincipal in project activemq-artemis by apache.
the class CertificateLoginModuleTest method checkPrincipalsMatch.
private void checkPrincipalsMatch(Subject subject) {
boolean nameFound = false;
boolean[] rolesFound = new boolean[ROLE_NAMES.size()];
for (int i = 0; i < rolesFound.length; ++i) {
rolesFound[i] = false;
}
for (Principal currentPrincipal : subject.getPrincipals()) {
if (currentPrincipal instanceof UserPrincipal) {
if (currentPrincipal.getName().equals(USER_NAME)) {
if (!nameFound) {
nameFound = true;
} else {
fail("UserPrincipal found twice.");
}
} else {
fail("Unknown UserPrincipal found.");
}
} else if (currentPrincipal instanceof RolePrincipal) {
int principalIdx = ROLE_NAMES.indexOf(((RolePrincipal) currentPrincipal).getName());
if (principalIdx < 0) {
fail("Unknown RolePrincipal found.");
}
if (!rolesFound[principalIdx]) {
rolesFound[principalIdx] = true;
} else {
fail("RolePrincipal found twice.");
}
} else {
fail("Unknown Principal type found.");
}
}
}
use of org.apache.activemq.artemis.spi.core.security.jaas.RolePrincipal in project activemq-artemis by apache.
the class RolePrincipalTest method testArguments.
@Test
public void testArguments() {
RolePrincipal principal = new RolePrincipal("FOO");
assertEquals("FOO", principal.getName());
try {
new RolePrincipal(null);
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException ingore) {
}
}
use of org.apache.activemq.artemis.spi.core.security.jaas.RolePrincipal in project activemq-artemis by apache.
the class RolePrincipalTest method testHash.
@Test
public void testHash() {
RolePrincipal p1 = new RolePrincipal("FOO");
RolePrincipal p2 = new RolePrincipal("FOO");
assertEquals(p1.hashCode(), p1.hashCode());
assertEquals(p1.hashCode(), p2.hashCode());
}
use of org.apache.activemq.artemis.spi.core.security.jaas.RolePrincipal in project activemq-artemis by apache.
the class GuestLoginModuleTest method testLoginWithDefaults.
@Test
public void testLoginWithDefaults() throws LoginException {
LoginContext context = new LoginContext("GuestLoginWithDefaults", new CallbackHandler() {
@Override
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
assertEquals("Should have no Callbacks", 0, callbacks.length);
}
});
context.login();
Subject subject = context.getSubject();
assertEquals("Should have two principals", 2, subject.getPrincipals().size());
assertEquals("Should have one user principal", 1, subject.getPrincipals(UserPrincipal.class).size());
assertTrue("User principal is 'guest'", subject.getPrincipals(UserPrincipal.class).contains(new UserPrincipal("guest")));
assertEquals("Should have one group principal", 1, subject.getPrincipals(RolePrincipal.class).size());
assertTrue("Role principal is 'guests'", subject.getPrincipals(RolePrincipal.class).contains(new RolePrincipal("guests")));
context.logout();
assertEquals("Should have zero principals", 0, subject.getPrincipals().size());
}
Aggregations