use of org.apache.catalina.User in project tomcat70 by apache.
the class UserDatabaseRealm method getPrincipal.
/**
* Return the Principal associated with the given user name.
*/
@Override
protected Principal getPrincipal(String username) {
User user = database.findUser(username);
if (user == null) {
return null;
}
List<String> roles = new ArrayList<String>();
Iterator<Role> uroles = user.getRoles();
while (uroles.hasNext()) {
Role role = uroles.next();
roles.add(role.getName());
}
Iterator<Group> groups = user.getGroups();
while (groups.hasNext()) {
Group group = groups.next();
uroles = group.getRoles();
while (uroles.hasNext()) {
Role role = uroles.next();
roles.add(role.getName());
}
}
return new GenericPrincipal(username, user.getPassword(), roles, user);
}
use of org.apache.catalina.User in project tomcat70 by apache.
the class UserDatabaseRealm method hasRole.
// --------------------------------------------------------- Public Methods
/**
* Return <code>true</code> if the specified Principal has the specified
* security role, within the context of this Realm; otherwise return
* <code>false</code>. This implementation returns <code>true</code>
* if the <code>User</code> has the role, or if any <code>Group</code>
* that the <code>User</code> is a member of has the role.
*
* @param principal Principal for whom the role is to be checked
* @param role Security role to be checked
*/
@Override
public boolean hasRole(Wrapper wrapper, Principal principal, String role) {
// Check for a role alias defined in a <security-role-ref> element
if (wrapper != null) {
String realRole = wrapper.findSecurityReference(role);
if (realRole != null)
role = realRole;
}
if (principal instanceof GenericPrincipal) {
GenericPrincipal gp = (GenericPrincipal) principal;
if (gp.getUserPrincipal() instanceof User) {
principal = gp.getUserPrincipal();
}
}
if (!(principal instanceof User)) {
// Play nice with SSO and mixed Realms
return super.hasRole(null, principal, role);
}
if ("*".equals(role)) {
return true;
} else if (role == null) {
return false;
}
User user = (User) principal;
Role dbrole = database.findRole(role);
if (dbrole == null) {
return false;
}
if (user.isInRole(dbrole)) {
return true;
}
Iterator<Group> groups = user.getGroups();
while (groups.hasNext()) {
Group group = groups.next();
if (group.isInRole(dbrole)) {
return true;
}
}
return false;
}
use of org.apache.catalina.User in project tomee by apache.
the class TomEEDefaultIdentityStore method validate.
@Override
public CredentialValidationResult validate(final Credential credential) {
if (!(credential instanceof UsernamePasswordCredential)) {
return CredentialValidationResult.NOT_VALIDATED_RESULT;
}
final UsernamePasswordCredential usernamePasswordCredential = (UsernamePasswordCredential) credential;
final User user = getUser(usernamePasswordCredential.getCaller());
if (user == null) {
return CredentialValidationResult.INVALID_RESULT;
}
// deal with hashed passwords in tomcat-users.xml
if (user.getPassword().equals(usernamePasswordCredential.getPasswordAsString())) {
Set<String> groups = emptySet();
if (validationTypes().contains(ValidationType.PROVIDE_GROUPS)) {
groups = new HashSet<>(getUserRoles(user));
}
return new CredentialValidationResult(usernamePasswordCredential.getCaller(), groups);
}
return CredentialValidationResult.NOT_VALIDATED_RESULT;
}
use of org.apache.catalina.User in project tomee by apache.
the class TomEEDefaultIdentityStore method getCallerGroups.
@Override
public Set<String> getCallerGroups(final CredentialValidationResult validationResult) {
final SecurityManager securityManager = System.getSecurityManager();
if (securityManager != null) {
securityManager.checkPermission(new IdentityStorePermission("getGroups"));
}
final User user = getUser(validationResult.getCallerPrincipal().getName());
return getUserRoles(user);
}
use of org.apache.catalina.User in project tomcat by apache.
the class DataSourceUserDatabaseTests method testBasicUserRoleDatabase.
@Test
public void testBasicUserRoleDatabase() throws Exception {
// Test functionality with the DataSourceRealm schema
db = new DerbyUserDatabase("simple");
db.setReadonly(false);
db.setUserTable("users");
db.setUserNameCol("user_name");
db.setUserCredCol("user_pass");
db.setUserRoleTable("user_roles");
db.setRoleNameCol("role_name");
db.open();
// First create the DB tables
Connection connection = db.getConnection();
for (String sql : SIMPLE_SCHEMA.split(";")) {
try (Statement statement = connection.createStatement()) {
statement.execute(sql);
}
}
Iterator<User> users = db.getUsers();
Assert.assertFalse("Some users found", users.hasNext());
User tomcatUser = db.createUser("tomcat", "password", "A new user");
Role adminRole = db.createRole("admin", "Admin role");
Role managerRole = db.createRole("manager", "Manager role");
Role userRole = db.createRole("user", "User role");
tomcatUser.addRole(adminRole);
tomcatUser.addRole(userRole);
db.save();
users = db.getUsers();
Assert.assertTrue("No users found", users.hasNext());
tomcatUser = users.next();
Assert.assertTrue("Wrong user", tomcatUser.getUsername().equals("tomcat"));
Assert.assertTrue("Wrong password", tomcatUser.getPassword().equals("password"));
// Cannot save the user full name
Assert.assertNull("Wrong user fullname", tomcatUser.getFullName());
adminRole = db.findRole("admin");
Assert.assertNotNull("No admin role", adminRole);
Assert.assertTrue("No role for user", tomcatUser.isInRole(adminRole));
// Manager role cannot be saved, but remains valid in memory
managerRole = db.findRole("manager");
Assert.assertFalse("Unexpected role for user", tomcatUser.isInRole(managerRole));
db.close();
}
Aggregations