Search in sources :

Example 1 with CredentialHandler

use of org.apache.catalina.CredentialHandler in project tomcat by apache.

the class JAASMemoryLoginModule method initialize.

/**
     * Initialize this <code>LoginModule</code> with the specified
     * configuration information.
     *
     * @param subject The <code>Subject</code> to be authenticated
     * @param callbackHandler A <code>CallbackHandler</code> for communicating
     *  with the end user as necessary
     * @param sharedState State information shared with other
     *  <code>LoginModule</code> instances
     * @param options Configuration information for this specific
     *  <code>LoginModule</code> instance
     */
@Override
public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options) {
    if (log.isDebugEnabled()) {
        log.debug("Init");
    }
    // Save configuration values
    this.subject = subject;
    this.callbackHandler = callbackHandler;
    this.sharedState = sharedState;
    this.options = options;
    // Perform instance-specific initialization
    Object option = options.get("pathname");
    if (option instanceof String) {
        this.pathname = (String) option;
    }
    CredentialHandler credentialHandler = null;
    option = options.get("credentialHandlerClassName");
    if (option instanceof String) {
        try {
            Class<?> clazz = Class.forName((String) option);
            credentialHandler = (CredentialHandler) clazz.newInstance();
        } catch (InstantiationException | IllegalAccessException | ClassNotFoundException e) {
            throw new IllegalArgumentException(e);
        }
    }
    if (credentialHandler == null) {
        credentialHandler = new MessageDigestCredentialHandler();
    }
    for (Entry<String, ?> entry : options.entrySet()) {
        if ("pathname".equals(entry.getKey())) {
            continue;
        }
        if ("credentialHandlerClassName".equals(entry.getKey())) {
            continue;
        }
        // will be a String.
        if (entry.getValue() instanceof String) {
            IntrospectionUtils.setProperty(credentialHandler, entry.getKey(), (String) entry.getValue());
        }
    }
    setCredentialHandler(credentialHandler);
    // Load our defined Principals
    load();
}
Also used : CredentialHandler(org.apache.catalina.CredentialHandler)

Example 2 with CredentialHandler

use of org.apache.catalina.CredentialHandler in project tomcat by apache.

the class CredentialHandlerSF method storeChildren.

/**
     * Store the specified CredentialHandler properties and child (CredentialHandler)
     *
     * @param aWriter
     *            PrintWriter to which we are storing
     * @param indent
     *            Number of spaces to indent this element
     * @param aCredentialHandler
     *            CredentialHandler whose properties are being stored
     *
     * @exception Exception
     *                if an exception occurs while storing
     */
@Override
public void storeChildren(PrintWriter aWriter, int indent, Object aCredentialHandler, StoreDescription parentDesc) throws Exception {
    if (aCredentialHandler instanceof NestedCredentialHandler) {
        NestedCredentialHandler nestedCredentialHandler = (NestedCredentialHandler) aCredentialHandler;
        // Store nested <CredentialHandler> element
        CredentialHandler[] credentialHandlers = nestedCredentialHandler.getCredentialHandlers();
        storeElementArray(aWriter, indent, credentialHandlers);
    }
}
Also used : NestedCredentialHandler(org.apache.catalina.realm.NestedCredentialHandler) CredentialHandler(org.apache.catalina.CredentialHandler) NestedCredentialHandler(org.apache.catalina.realm.NestedCredentialHandler)

Example 3 with CredentialHandler

use of org.apache.catalina.CredentialHandler in project tomcat by apache.

the class StandardContext method startInternal.

/**
     * Start this component and implement the requirements
     * of {@link org.apache.catalina.util.LifecycleBase#startInternal()}.
     *
     * @exception LifecycleException if this component detects a fatal error
     *  that prevents this component from being used
     */
@Override
protected synchronized void startInternal() throws LifecycleException {
    if (log.isDebugEnabled())
        log.debug("Starting " + getBaseName());
    // Send j2ee.state.starting notification
    if (this.getObjectName() != null) {
        Notification notification = new Notification("j2ee.state.starting", this.getObjectName(), sequenceNumber.getAndIncrement());
        broadcaster.sendNotification(notification);
    }
    setConfigured(false);
    boolean ok = true;
    // ensure the NamingResources follows the correct lifecycle
    if (namingResources != null) {
        namingResources.start();
    }
    // Add missing components as necessary
    if (getResources() == null) {
        // (1) Required by Loader
        if (log.isDebugEnabled())
            log.debug("Configuring default Resources");
        try {
            setResources(new StandardRoot(this));
        } catch (IllegalArgumentException e) {
            log.error(sm.getString("standardContext.resourcesInit"), e);
            ok = false;
        }
    }
    if (ok) {
        resourcesStart();
    }
    if (getLoader() == null) {
        WebappLoader webappLoader = new WebappLoader(getParentClassLoader());
        webappLoader.setDelegate(getDelegate());
        setLoader(webappLoader);
    }
    // An explicit cookie processor hasn't been specified; use the default
    if (cookieProcessor == null) {
        cookieProcessor = new Rfc6265CookieProcessor();
    }
    // Initialize character set mapper
    getCharsetMapper();
    // Post work directory
    postWorkDirectory();
    // Validate required extensions
    boolean dependencyCheck = true;
    try {
        dependencyCheck = ExtensionValidator.validateApplication(getResources(), this);
    } catch (IOException ioe) {
        log.error(sm.getString("standardContext.extensionValidationError"), ioe);
        dependencyCheck = false;
    }
    if (!dependencyCheck) {
        // do not make application available if dependency check fails
        ok = false;
    }
    // Reading the "catalina.useNaming" environment variable
    String useNamingProperty = System.getProperty("catalina.useNaming");
    if ((useNamingProperty != null) && (useNamingProperty.equals("false"))) {
        useNaming = false;
    }
    if (ok && isUseNaming()) {
        if (getNamingContextListener() == null) {
            NamingContextListener ncl = new NamingContextListener();
            ncl.setName(getNamingContextName());
            ncl.setExceptionOnFailedWrite(getJndiExceptionOnFailedWrite());
            addLifecycleListener(ncl);
            setNamingContextListener(ncl);
        }
    }
    // Standard container startup
    if (log.isDebugEnabled())
        log.debug("Processing standard container startup");
    // Binding thread
    ClassLoader oldCCL = bindThread();
    try {
        if (ok) {
            // Start our subordinate components, if any
            Loader loader = getLoader();
            if (loader instanceof Lifecycle) {
                ((Lifecycle) loader).start();
            }
            // since the loader just started, the webapp classloader is now
            // created.
            setClassLoaderProperty("clearReferencesRmiTargets", getClearReferencesRmiTargets());
            setClassLoaderProperty("clearReferencesStopThreads", getClearReferencesStopThreads());
            setClassLoaderProperty("clearReferencesStopTimerThreads", getClearReferencesStopTimerThreads());
            setClassLoaderProperty("clearReferencesHttpClientKeepAliveThread", getClearReferencesHttpClientKeepAliveThread());
            // By calling unbindThread and bindThread in a row, we setup the
            // current Thread CCL to be the webapp classloader
            unbindThread(oldCCL);
            oldCCL = bindThread();
            // Initialize logger again. Other components might have used it
            // too early, so it should be reset.
            logger = null;
            getLogger();
            Realm realm = getRealmInternal();
            if (null != realm) {
                if (realm instanceof Lifecycle) {
                    ((Lifecycle) realm).start();
                }
                // Place the CredentialHandler into the ServletContext so
                // applications can have access to it. Wrap it in a "safe"
                // handler so application's can't modify it.
                CredentialHandler safeHandler = new CredentialHandler() {

                    @Override
                    public boolean matches(String inputCredentials, String storedCredentials) {
                        return getRealmInternal().getCredentialHandler().matches(inputCredentials, storedCredentials);
                    }

                    @Override
                    public String mutate(String inputCredentials) {
                        return getRealmInternal().getCredentialHandler().mutate(inputCredentials);
                    }
                };
                context.setAttribute(Globals.CREDENTIAL_HANDLER, safeHandler);
            }
            // Notify our interested LifecycleListeners
            fireLifecycleEvent(Lifecycle.CONFIGURE_START_EVENT, null);
            // Start our child containers, if not already started
            for (Container child : findChildren()) {
                if (!child.getState().isAvailable()) {
                    child.start();
                }
            }
            // if any
            if (pipeline instanceof Lifecycle) {
                ((Lifecycle) pipeline).start();
            }
            // Acquire clustered manager
            Manager contextManager = null;
            Manager manager = getManager();
            if (manager == null) {
                if (log.isDebugEnabled()) {
                    log.debug(sm.getString("standardContext.cluster.noManager", Boolean.valueOf((getCluster() != null)), Boolean.valueOf(distributable)));
                }
                if ((getCluster() != null) && distributable) {
                    try {
                        contextManager = getCluster().createManager(getName());
                    } catch (Exception ex) {
                        log.error("standardContext.clusterFail", ex);
                        ok = false;
                    }
                } else {
                    contextManager = new StandardManager();
                }
            }
            // Configure default manager if none was specified
            if (contextManager != null) {
                if (log.isDebugEnabled()) {
                    log.debug(sm.getString("standardContext.manager", contextManager.getClass().getName()));
                }
                setManager(contextManager);
            }
            if (manager != null && (getCluster() != null) && distributable) {
                //let the cluster know that there is a context that is distributable
                //and that it has its own manager
                getCluster().registerManager(manager);
            }
        }
        if (!getConfigured()) {
            log.error(sm.getString("standardContext.configurationFail"));
            ok = false;
        }
        // We put the resources into the servlet context
        if (ok)
            getServletContext().setAttribute(Globals.RESOURCES_ATTR, getResources());
        if (ok) {
            if (getInstanceManager() == null) {
                javax.naming.Context context = null;
                if (isUseNaming() && getNamingContextListener() != null) {
                    context = getNamingContextListener().getEnvContext();
                }
                Map<String, Map<String, String>> injectionMap = buildInjectionMap(getIgnoreAnnotations() ? new NamingResourcesImpl() : getNamingResources());
                setInstanceManager(new DefaultInstanceManager(context, injectionMap, this, this.getClass().getClassLoader()));
            }
            getServletContext().setAttribute(InstanceManager.class.getName(), getInstanceManager());
            InstanceManagerBindings.bind(getLoader().getClassLoader(), getInstanceManager());
        }
        // Create context attributes that will be required
        if (ok) {
            getServletContext().setAttribute(JarScanner.class.getName(), getJarScanner());
        }
        // Set up the context init params
        mergeParameters();
        // Call ServletContainerInitializers
        for (Map.Entry<ServletContainerInitializer, Set<Class<?>>> entry : initializers.entrySet()) {
            try {
                entry.getKey().onStartup(entry.getValue(), getServletContext());
            } catch (ServletException e) {
                log.error(sm.getString("standardContext.sciFail"), e);
                ok = false;
                break;
            }
        }
        // Configure and call application event listeners
        if (ok) {
            if (!listenerStart()) {
                log.error(sm.getString("standardContext.listenerFail"));
                ok = false;
            }
        }
        // change constraints
        if (ok) {
            checkConstraintsForUncoveredMethods(findConstraints());
        }
        try {
            // Start manager
            Manager manager = getManager();
            if (manager instanceof Lifecycle) {
                ((Lifecycle) manager).start();
            }
        } catch (Exception e) {
            log.error(sm.getString("standardContext.managerFail"), e);
            ok = false;
        }
        // Configure and call application filters
        if (ok) {
            if (!filterStart()) {
                log.error(sm.getString("standardContext.filterFail"));
                ok = false;
            }
        }
        // Load and initialize all "load on startup" servlets
        if (ok) {
            if (!loadOnStartup(findChildren())) {
                log.error(sm.getString("standardContext.servletFail"));
                ok = false;
            }
        }
        // Start ContainerBackgroundProcessor thread
        super.threadStart();
    } finally {
        // Unbinding thread
        unbindThread(oldCCL);
    }
    // Set available status depending upon startup success
    if (ok) {
        if (log.isDebugEnabled())
            log.debug("Starting completed");
    } else {
        log.error(sm.getString("standardContext.startFailed", getName()));
    }
    startTime = System.currentTimeMillis();
    // Send j2ee.state.running notification
    if (ok && (this.getObjectName() != null)) {
        Notification notification = new Notification("j2ee.state.running", this.getObjectName(), sequenceNumber.getAndIncrement());
        broadcaster.sendNotification(notification);
    }
    // The WebResources implementation caches references to JAR files. On
    // some platforms these references may lock the JAR files. Since web
    // application start is likely to have read from lots of JARs, trigger
    // a clean-up now.
    getResources().gc();
    // Reinitializing if something went wrong
    if (!ok) {
        setState(LifecycleState.FAILED);
    } else {
        setState(LifecycleState.STARTING);
    }
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) CredentialHandler(org.apache.catalina.CredentialHandler) InstanceManager(org.apache.tomcat.InstanceManager) StandardRoot(org.apache.catalina.webresources.StandardRoot) WebappLoader(org.apache.catalina.loader.WebappLoader) Loader(org.apache.catalina.Loader) Manager(org.apache.catalina.Manager) InstanceManager(org.apache.tomcat.InstanceManager) StandardManager(org.apache.catalina.session.StandardManager) StandardJarScanner(org.apache.tomcat.util.scan.StandardJarScanner) JarScanner(org.apache.tomcat.JarScanner) Notification(javax.management.Notification) ServletContainerInitializer(javax.servlet.ServletContainerInitializer) ServletException(javax.servlet.ServletException) Container(org.apache.catalina.Container) Rfc6265CookieProcessor(org.apache.tomcat.util.http.Rfc6265CookieProcessor) Realm(org.apache.catalina.Realm) Lifecycle(org.apache.catalina.Lifecycle) StandardManager(org.apache.catalina.session.StandardManager) IOException(java.io.IOException) LifecycleException(org.apache.catalina.LifecycleException) ListenerNotFoundException(javax.management.ListenerNotFoundException) IOException(java.io.IOException) ServletException(javax.servlet.ServletException) NamingException(javax.naming.NamingException) MalformedURLException(java.net.MalformedURLException) NamingResourcesImpl(org.apache.catalina.deploy.NamingResourcesImpl) WebappLoader(org.apache.catalina.loader.WebappLoader) Map(java.util.Map) LinkedHashMap(java.util.LinkedHashMap) TreeMap(java.util.TreeMap) FilterMap(org.apache.tomcat.util.descriptor.web.FilterMap) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) HashMap(java.util.HashMap)

Example 4 with CredentialHandler

use of org.apache.catalina.CredentialHandler in project tomcat by apache.

the class RealmSF method storeChildren.

/**
     * Store the specified Realm properties and child (Realm)
     *
     * @param aWriter
     *            PrintWriter to which we are storing
     * @param indent
     *            Number of spaces to indent this element
     * @param aRealm
     *            Realm whose properties are being stored
     *
     * @exception Exception
     *                if an exception occurs while storing
     */
@Override
public void storeChildren(PrintWriter aWriter, int indent, Object aRealm, StoreDescription parentDesc) throws Exception {
    if (aRealm instanceof CombinedRealm) {
        CombinedRealm combinedRealm = (CombinedRealm) aRealm;
        // Store nested <Realm> element
        Realm[] realms = combinedRealm.getNestedRealms();
        storeElementArray(aWriter, indent, realms);
    }
    // Store nested <CredentialHandler> element
    CredentialHandler credentialHandler = ((Realm) aRealm).getCredentialHandler();
    if (credentialHandler != null) {
        storeElement(aWriter, indent, credentialHandler);
    }
}
Also used : CombinedRealm(org.apache.catalina.realm.CombinedRealm) CredentialHandler(org.apache.catalina.CredentialHandler) CombinedRealm(org.apache.catalina.realm.CombinedRealm) Realm(org.apache.catalina.Realm)

Example 5 with CredentialHandler

use of org.apache.catalina.CredentialHandler in project tomcat by apache.

the class RealmBase method main.

/**
     * Generate a stored credential string for the given password and associated
     * parameters.
     * <p>The following parameters are supported:</p>
     * <ul>
     * <li><b>-a</b> - The algorithm to use to generate the stored
     *                 credential. If not specified a default of SHA-512 will be
     *                 used.</li>
     * <li><b>-e</b> - The encoding to use for any byte to/from character
     *                 conversion that may be necessary. If not specified, the
     *                 system encoding ({@link Charset#defaultCharset()}) will
     *                 be used.</li>
     * <li><b>-i</b> - The number of iterations to use when generating the
     *                 stored credential. If not specified, the default for the
     *                 CredentialHandler will be used.</li>
     * <li><b>-s</b> - The length (in bytes) of salt to generate and store as
     *                 part of the credential. If not specified, the default for
     *                 the CredentialHandler will be used.</li>
     * <li><b>-k</b> - The length (in bits) of the key(s), if any, created while
     *                 generating the credential. If not specified, the default
     *                 for the CredentialHandler will be used.</li>
     * <li><b>-h</b> - The fully qualified class name of the CredentialHandler
     *                 to use. If not specified, the built-in handlers will be
     *                 tested in turn and the first one to accept the specified
     *                 algorithm will be used.</li>
     * </ul>
     * <p>This generation process currently supports the following
     * CredentialHandlers, the correct one being selected based on the algorithm
     * specified:</p>
     * <ul>
     * <li>{@link MessageDigestCredentialHandler}</li>
     * <li>{@link SecretKeyCredentialHandler}</li>
     * </ul>
     * @param args The parameters passed on the command line
     */
public static void main(String[] args) {
    // Use negative values since null is not an option to indicate 'not set'
    int saltLength = -1;
    int iterations = -1;
    int keyLength = -1;
    // Default
    String encoding = Charset.defaultCharset().name();
    // Default values for these depend on whether either of them are set on
    // the command line
    String algorithm = null;
    String handlerClassName = null;
    if (args.length == 0) {
        usage();
        return;
    }
    int argIndex = 0;
    while (args.length > argIndex + 2 && args[argIndex].length() == 2 && args[argIndex].charAt(0) == '-') {
        switch(args[argIndex].charAt(1)) {
            case 'a':
                {
                    algorithm = args[argIndex + 1];
                    break;
                }
            case 'e':
                {
                    encoding = args[argIndex + 1];
                    break;
                }
            case 'i':
                {
                    iterations = Integer.parseInt(args[argIndex + 1]);
                    break;
                }
            case 's':
                {
                    saltLength = Integer.parseInt(args[argIndex + 1]);
                    break;
                }
            case 'k':
                {
                    keyLength = Integer.parseInt(args[argIndex + 1]);
                    break;
                }
            case 'h':
                {
                    handlerClassName = args[argIndex + 1];
                    break;
                }
            default:
                {
                    usage();
                    return;
                }
        }
        argIndex += 2;
    }
    //   or may nor support -a and may or may not supply a sensible default
    if (algorithm == null && handlerClassName == null) {
        algorithm = "SHA-512";
    }
    CredentialHandler handler = null;
    if (handlerClassName == null) {
        for (Class<? extends DigestCredentialHandlerBase> clazz : credentialHandlerClasses) {
            try {
                handler = clazz.newInstance();
                if (IntrospectionUtils.setProperty(handler, "algorithm", algorithm)) {
                    break;
                }
            } catch (InstantiationException | IllegalAccessException e) {
                // This isn't good.
                throw new RuntimeException(e);
            }
        }
    } else {
        try {
            Class<?> clazz = Class.forName(handlerClassName);
            handler = (DigestCredentialHandlerBase) clazz.newInstance();
            IntrospectionUtils.setProperty(handler, "algorithm", algorithm);
        } catch (InstantiationException | IllegalAccessException | ClassNotFoundException e) {
            throw new RuntimeException(e);
        }
    }
    if (handler == null) {
        throw new RuntimeException(new NoSuchAlgorithmException(algorithm));
    }
    IntrospectionUtils.setProperty(handler, "encoding", encoding);
    if (iterations > 0) {
        IntrospectionUtils.setProperty(handler, "iterations", Integer.toString(iterations));
    }
    if (saltLength > -1) {
        IntrospectionUtils.setProperty(handler, "saltLength", Integer.toString(saltLength));
    }
    if (keyLength > 0) {
        IntrospectionUtils.setProperty(handler, "keyLength", Integer.toString(keyLength));
    }
    for (; argIndex < args.length; argIndex++) {
        String credential = args[argIndex];
        System.out.print(credential + ":");
        System.out.println(handler.mutate(credential));
    }
}
Also used : CredentialHandler(org.apache.catalina.CredentialHandler) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) SecurityConstraint(org.apache.tomcat.util.descriptor.web.SecurityConstraint)

Aggregations

CredentialHandler (org.apache.catalina.CredentialHandler)5 Realm (org.apache.catalina.Realm)2 IOException (java.io.IOException)1 MalformedURLException (java.net.MalformedURLException)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 HashMap (java.util.HashMap)1 HashSet (java.util.HashSet)1 LinkedHashMap (java.util.LinkedHashMap)1 Map (java.util.Map)1 Set (java.util.Set)1 TreeMap (java.util.TreeMap)1 ConcurrentHashMap (java.util.concurrent.ConcurrentHashMap)1 ListenerNotFoundException (javax.management.ListenerNotFoundException)1 Notification (javax.management.Notification)1 NamingException (javax.naming.NamingException)1 ServletContainerInitializer (javax.servlet.ServletContainerInitializer)1 ServletException (javax.servlet.ServletException)1 Container (org.apache.catalina.Container)1 Lifecycle (org.apache.catalina.Lifecycle)1 LifecycleException (org.apache.catalina.LifecycleException)1