Example 11 with User
use of org.apache.catalina.User in project tomcat70 by apache.
the class UserDatabaseRealm method getPrincipal.
/**
* Return the Principal associated with the given user name.
*/
@Override
protected Principal getPrincipal(String username) {
User user = database.findUser(username);
if (user == null) {
return null;
}
List<String> roles = new ArrayList<String>();
Iterator<Role> uroles = user.getRoles();
while (uroles.hasNext()) {
Role role = uroles.next();
roles.add(role.getName());
}
Iterator<Group> groups = user.getGroups();
while (groups.hasNext()) {
Group group = groups.next();
uroles = group.getRoles();
while (uroles.hasNext()) {
Role role = uroles.next();
roles.add(role.getName());
}
}
return new GenericPrincipal(username, user.getPassword(), roles, user);
}Example 12 with User
use of org.apache.catalina.User in project tomcat70 by apache.
the class UserDatabaseRealm method hasRole.
// --------------------------------------------------------- Public Methods
/**
* Return <code>true</code> if the specified Principal has the specified
* security role, within the context of this Realm; otherwise return
* <code>false</code>. This implementation returns <code>true</code>
* if the <code>User</code> has the role, or if any <code>Group</code>
* that the <code>User</code> is a member of has the role.
*
* @param principal Principal for whom the role is to be checked
* @param role Security role to be checked
*/
@Override
public boolean hasRole(Wrapper wrapper, Principal principal, String role) {
// Check for a role alias defined in a <security-role-ref> element
if (wrapper != null) {
String realRole = wrapper.findSecurityReference(role);
if (realRole != null)
role = realRole;
}
if (principal instanceof GenericPrincipal) {
GenericPrincipal gp = (GenericPrincipal) principal;
if (gp.getUserPrincipal() instanceof User) {
principal = gp.getUserPrincipal();
}
}
if (!(principal instanceof User)) {
// Play nice with SSO and mixed Realms
return super.hasRole(null, principal, role);
}
if ("*".equals(role)) {
return true;
} else if (role == null) {
return false;
}
User user = (User) principal;
Role dbrole = database.findRole(role);
if (dbrole == null) {
return false;
}
if (user.isInRole(dbrole)) {
return true;
}
Iterator<Group> groups = user.getGroups();
while (groups.hasNext()) {
Group group = groups.next();
if (group.isInRole(dbrole)) {
return true;
}
}
return false;
}Example 13 with User
use of org.apache.catalina.User in project tomee by apache.
the class TomEEDefaultIdentityStore method validate.
@Override
public CredentialValidationResult validate(final Credential credential) {
if (!(credential instanceof UsernamePasswordCredential)) {
return CredentialValidationResult.NOT_VALIDATED_RESULT;
}
final UsernamePasswordCredential usernamePasswordCredential = (UsernamePasswordCredential) credential;
final User user = getUser(usernamePasswordCredential.getCaller());
if (user == null) {
return CredentialValidationResult.INVALID_RESULT;
}
// deal with hashed passwords in tomcat-users.xml
if (user.getPassword().equals(usernamePasswordCredential.getPasswordAsString())) {
Set<String> groups = emptySet();
if (validationTypes().contains(ValidationType.PROVIDE_GROUPS)) {
groups = new HashSet<>(getUserRoles(user));
}
return new CredentialValidationResult(usernamePasswordCredential.getCaller(), groups);
}
return CredentialValidationResult.NOT_VALIDATED_RESULT;
}
Also used :
User(org.apache.catalina.User)
CredentialValidationResult(javax.security.enterprise.identitystore.CredentialValidationResult)
UsernamePasswordCredential(javax.security.enterprise.credential.UsernamePasswordCredential)
Example 14 with User
use of org.apache.catalina.User in project tomee by apache.
the class TomEEDefaultIdentityStore method getCallerGroups.
@Override
public Set<String> getCallerGroups(final CredentialValidationResult validationResult) {
final SecurityManager securityManager = System.getSecurityManager();
if (securityManager != null) {
securityManager.checkPermission(new IdentityStorePermission("getGroups"));
}
final User user = getUser(validationResult.getCallerPrincipal().getName());
return getUserRoles(user);
}
Also used :
User(org.apache.catalina.User)
IdentityStorePermission(javax.security.enterprise.identitystore.IdentityStorePermission)
Example 15 with User
use of org.apache.catalina.User in project tomcat by apache.
the class DataSourceUserDatabaseTests method testBasicUserRoleDatabase.
@Test
public void testBasicUserRoleDatabase() throws Exception {
// Test functionality with the DataSourceRealm schema
db = new DerbyUserDatabase("simple");
db.setReadonly(false);
db.setUserTable("users");
db.setUserNameCol("user_name");
db.setUserCredCol("user_pass");
db.setUserRoleTable("user_roles");
db.setRoleNameCol("role_name");
db.open();
// First create the DB tables
Connection connection = db.getConnection();
for (String sql : SIMPLE_SCHEMA.split(";")) {
try (Statement statement = connection.createStatement()) {
statement.execute(sql);
}
}
Iterator<User> users = db.getUsers();
Assert.assertFalse("Some users found", users.hasNext());
User tomcatUser = db.createUser("tomcat", "password", "A new user");
Role adminRole = db.createRole("admin", "Admin role");
Role managerRole = db.createRole("manager", "Manager role");
Role userRole = db.createRole("user", "User role");
tomcatUser.addRole(adminRole);
tomcatUser.addRole(userRole);
db.save();
users = db.getUsers();
Assert.assertTrue("No users found", users.hasNext());
tomcatUser = users.next();
Assert.assertTrue("Wrong user", tomcatUser.getUsername().equals("tomcat"));
Assert.assertTrue("Wrong password", tomcatUser.getPassword().equals("password"));
// Cannot save the user full name
Assert.assertNull("Wrong user fullname", tomcatUser.getFullName());
adminRole = db.findRole("admin");
Assert.assertNotNull("No admin role", adminRole);
Assert.assertTrue("No role for user", tomcatUser.isInRole(adminRole));
// Manager role cannot be saved, but remains valid in memory
managerRole = db.findRole("manager");
Assert.assertFalse("Unexpected role for user", tomcatUser.isInRole(managerRole));
db.close();
}
Also used :
Role(org.apache.catalina.Role)
User(org.apache.catalina.User)
Statement(java.sql.Statement)
Connection(java.sql.Connection)
Test(org.junit.Test)
LoggingBaseTest(org.apache.catalina.startup.LoggingBaseTest)
Aggregations
User (org.apache.catalina.User)63
UserDatabase (org.apache.catalina.UserDatabase)24
Group (org.apache.catalina.Group)21
Role (org.apache.catalina.Role)18
ArrayList (java.util.ArrayList)17
MalformedObjectNameException (javax.management.MalformedObjectNameException)12
ObjectName (javax.management.ObjectName)9
Test (org.junit.Test)5
Connection (java.sql.Connection)4
MBeanException (javax.management.MBeanException)4
RuntimeOperationsException (javax.management.RuntimeOperationsException)4
PreparedStatement (java.sql.PreparedStatement)3
SQLException (java.sql.SQLException)3
ResultSet (java.sql.ResultSet)2
Statement (java.sql.Statement)2
NamingException (javax.naming.NamingException)2
OperationNotSupportedException (javax.naming.OperationNotSupportedException)2
LoggingBaseTest (org.apache.catalina.startup.LoggingBaseTest)2
BufferedWriter (java.io.BufferedWriter)1
ByteArrayInputStream (java.io.ByteArrayInputStream)1
