Example 6 with GenericPrincipal
use of org.apache.catalina.realm.GenericPrincipal in project tomee by apache.
the class CdiEventRealmTest method ssl.
@Test
public void ssl() {
X509Certificate cert = mock(X509Certificate.class);
GenericPrincipal expected = new GenericPrincipal("john", "doe", Arrays.asList("test"));
when(cert.getSubjectDN()).thenReturn(expected);
final GenericPrincipal gp = getGenericPrincipal(new CdiEventRealm().authenticate(new X509Certificate[] { cert }));
assertEquals(expected, gp);
assertEquals("john", gp.getName());
assertEquals("doe", gp.getPassword());
assertEquals(1, gp.getRoles().length);
assertEquals("test", gp.getRoles()[0]);
}
Also used :
CdiEventRealm(org.apache.tomee.catalina.realm.CdiEventRealm)
GenericPrincipal(org.apache.catalina.realm.GenericPrincipal)
X509Certificate(java.security.cert.X509Certificate)
Test(org.junit.Test)
Example 7 with GenericPrincipal
use of org.apache.catalina.realm.GenericPrincipal in project tomee by apache.
the class CdiEventRealmTest method gss.
@Test
public void gss() {
final GenericPrincipal gp = getGenericPrincipal(new CdiEventRealm().authenticate(mock(GSSContext.class), false));
assertEquals("gss", gp.getName());
assertEquals("", gp.getPassword());
assertEquals(1, gp.getRoles().length);
assertEquals("dummy", gp.getRoles()[0]);
}
Also used :
CdiEventRealm(org.apache.tomee.catalina.realm.CdiEventRealm)
GenericPrincipal(org.apache.catalina.realm.GenericPrincipal)
Test(org.junit.Test)
Example 8 with GenericPrincipal
use of org.apache.catalina.realm.GenericPrincipal in project tomee by apache.
the class TomcatSecurityService method isCallerInRole.
@Override
public boolean isCallerInRole(final String role) {
final Principal principal = getCallerPrincipal();
if (TomcatUser.class.isInstance(principal)) {
if ("**".equals(role)) {
// ie logged in through tomcat
return true;
}
final TomcatUser tomcatUser = (TomcatUser) principal;
final GenericPrincipal genericPrincipal = (GenericPrincipal) tomcatUser.getTomcatPrincipal();
final String[] roles = genericPrincipal.getRoles();
if (roles != null) {
for (final String userRole : roles) {
if (userRole.equals(role)) {
return true;
}
}
}
return false;
}
return super.isCallerInRole(role);
}
Also used :
GenericPrincipal(org.apache.catalina.realm.GenericPrincipal)
GenericPrincipal(org.apache.catalina.realm.GenericPrincipal)
CallerPrincipal(org.apache.openejb.spi.CallerPrincipal)
Principal(java.security.Principal)
Example 9 with GenericPrincipal
use of org.apache.catalina.realm.GenericPrincipal in project tomcat by apache.
the class CallbackHandlerImpl method handle.
@Override
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
String name = null;
Principal principal = null;
Subject subject = null;
String[] groups = null;
if (callbacks != null) {
// Process the callbacks
for (Callback callback : callbacks) {
if (callback instanceof CallerPrincipalCallback) {
CallerPrincipalCallback cpc = (CallerPrincipalCallback) callback;
name = cpc.getName();
principal = cpc.getPrincipal();
subject = cpc.getSubject();
} else if (callback instanceof GroupPrincipalCallback) {
GroupPrincipalCallback gpc = (GroupPrincipalCallback) callback;
groups = gpc.getGroups();
} else {
log.error(sm.getString("callbackHandlerImpl.jaspicCallbackMissing", callback.getClass().getName()));
}
}
// Create the GenericPrincipal
Principal gp = getPrincipal(principal, name, groups);
if (subject != null && gp != null) {
subject.getPrivateCredentials().add(gp);
}
}
}
Also used :
CallerPrincipalCallback(javax.security.auth.message.callback.CallerPrincipalCallback)
GroupPrincipalCallback(javax.security.auth.message.callback.GroupPrincipalCallback)
GroupPrincipalCallback(javax.security.auth.message.callback.GroupPrincipalCallback)
CallerPrincipalCallback(javax.security.auth.message.callback.CallerPrincipalCallback)
Callback(javax.security.auth.callback.Callback)
GenericPrincipal(org.apache.catalina.realm.GenericPrincipal)
Principal(java.security.Principal)
Subject(javax.security.auth.Subject)
Example 10 with GenericPrincipal
use of org.apache.catalina.realm.GenericPrincipal in project tomcat by apache.
the class AuthenticatorBase method checkForCachedAuthentication.
/**
* Check to see if the user has already been authenticated earlier in the
* processing chain or if there is enough information available to
* authenticate the user without requiring further user interaction.
*
* @param request
* The current request
* @param response
* The current response
* @param useSSO
* Should information available from SSO be used to attempt to
* authenticate the current user?
*
* @return <code>true</code> if the user was authenticated via the cache,
* otherwise <code>false</code>
*/
protected boolean checkForCachedAuthentication(Request request, HttpServletResponse response, boolean useSSO) {
// Has the user already been authenticated?
Principal principal = request.getUserPrincipal();
String ssoId = (String) request.getNote(Constants.REQ_SSOID_NOTE);
if (principal != null) {
if (log.isDebugEnabled()) {
log.debug(sm.getString("authenticator.check.found", principal.getName()));
}
// invalidation at log out.
if (ssoId != null) {
associate(ssoId, request.getSessionInternal(true));
}
return true;
}
// Is there an SSO session against which we can try to reauthenticate?
if (useSSO && ssoId != null) {
if (log.isDebugEnabled()) {
log.debug(sm.getString("authenticator.check.sso", ssoId));
}
/*
* Try to reauthenticate using data cached by SSO. If this fails,
* either the original SSO logon was of DIGEST or SSL (which we
* can't reauthenticate ourselves because there is no cached
* username and password), or the realm denied the user's
* reauthentication for some reason. In either case we have to
* prompt the user for a logon
*/
if (reauthenticateFromSSO(ssoId, request)) {
return true;
}
}
// needs to be authorized?
if (request.getCoyoteRequest().getRemoteUserNeedsAuthorization()) {
String username = request.getCoyoteRequest().getRemoteUser().toString();
if (username != null) {
if (log.isDebugEnabled()) {
log.debug(sm.getString("authenticator.check.authorize", username));
}
Principal authorized = context.getRealm().authenticate(username);
if (authorized == null) {
// from the authenticated user name
if (log.isDebugEnabled()) {
log.debug(sm.getString("authenticator.check.authorizeFail", username));
}
authorized = new GenericPrincipal(username, null, null);
}
String authType = request.getAuthType();
if (authType == null || authType.length() == 0) {
authType = getAuthMethod();
}
register(request, response, authorized, authType, username, null);
return true;
}
}
return false;
}
Also used :
GenericPrincipal(org.apache.catalina.realm.GenericPrincipal)
Principal(java.security.Principal)
TomcatPrincipal(org.apache.catalina.TomcatPrincipal)
GenericPrincipal(org.apache.catalina.realm.GenericPrincipal)
Aggregations
GenericPrincipal (org.apache.catalina.realm.GenericPrincipal)13
Principal (java.security.Principal)4
CdiEventRealm (org.apache.tomee.catalina.realm.CdiEventRealm)4
Test (org.junit.Test)4
Subject (javax.security.auth.Subject)2
X509Certificate (java.security.cert.X509Certificate)1
Map (java.util.Map)1
Callback (javax.security.auth.callback.Callback)1
AuthException (javax.security.auth.message.AuthException)1
AuthStatus (javax.security.auth.message.AuthStatus)1
CallerPrincipalCallback (javax.security.auth.message.callback.CallerPrincipalCallback)1
GroupPrincipalCallback (javax.security.auth.message.callback.GroupPrincipalCallback)1
TomcatPrincipal (org.apache.catalina.TomcatPrincipal)1
SerializablePrincipal (org.apache.catalina.ha.session.SerializablePrincipal)1
CallerPrincipal (org.apache.openejb.spi.CallerPrincipal)1
