Examples with GenericPrincipal org.apache.catalina.realm.GenericPrincipal used on opensource projects

Example 26 with GenericPrincipal

use of org.apache.catalina.realm.GenericPrincipal in project keycloak by keycloak.

the class CatalinaSamlSessionStore method saveAccount.

@Override
public void saveAccount(SamlSession account) {
    Session session = request.getSessionInternal(true);
    session.getSession().setAttribute(SamlSession.class.getName(), account);
    GenericPrincipal principal = (GenericPrincipal) session.getPrincipal();
    // in clustered environment in JBossWeb, principal is not serialized or saved
    if (principal == null) {
        principal = principalFactory.createPrincipal(request.getContext().getRealm(), account.getPrincipal(), account.getRoles());
        session.setPrincipal(principal);
        session.setAuthType("KEYCLOAK-SAML");
    }
    request.setUserPrincipal(principal);
    request.setAuthType("KEYCLOAK-SAML");
    String newId = changeSessionId(session);
    idMapperUpdater.map(idMapper, account.getSessionIndex(), account.getPrincipal().getSamlSubject(), newId);
}

Example 27 with GenericPrincipal

use of org.apache.catalina.realm.GenericPrincipal in project keycloak by keycloak.

the class CatalinaSamlSessionStore method isLoggedIn.

@Override
public boolean isLoggedIn() {
    Session session = request.getSessionInternal(false);
    if (session == null) {
        log.debug("session was null, returning null");
        return false;
    }
    final SamlSession samlSession = SamlUtil.validateSamlSession(session.getSession().getAttribute(SamlSession.class.getName()), deployment);
    if (samlSession == null) {
        return false;
    }
    GenericPrincipal principal = (GenericPrincipal) session.getPrincipal();
    // in clustered environment in JBossWeb, principal is not serialized or saved
    if (principal == null) {
        principal = principalFactory.createPrincipal(request.getContext().getRealm(), samlSession.getPrincipal(), samlSession.getRoles());
        session.setPrincipal(principal);
        session.setAuthType("KEYCLOAK-SAML");
    } else if (samlSession.getPrincipal().getName().equals(principal.getName())) {
        if (!principal.getUserPrincipal().getName().equals(samlSession.getPrincipal().getName())) {
            throw new RuntimeException("Unknown State");
        }
        log.debug("************principal already in");
        if (log.isDebugEnabled()) {
            for (String role : principal.getRoles()) {
                log.debug("principal role: " + role);
            }
        }
    }
    request.setUserPrincipal(principal);
    request.setAuthType("KEYCLOAK-SAML");
    restoreRequest();
    return true;
}

Example 28 with GenericPrincipal

use of org.apache.catalina.realm.GenericPrincipal in project tomcat by apache.

the class AuthenticatorBase method checkForCachedAuthentication.

/**
 * Check to see if the user has already been authenticated earlier in the
 * processing chain or if there is enough information available to
 * authenticate the user without requiring further user interaction.
 *
 * @param request
 *            The current request
 * @param response
 *            The current response
 * @param useSSO
 *            Should information available from SSO be used to attempt to
 *            authenticate the current user?
 *
 * @return <code>true</code> if the user was authenticated via the cache,
 *         otherwise <code>false</code>
 */
protected boolean checkForCachedAuthentication(Request request, HttpServletResponse response, boolean useSSO) {
    // Has the user already been authenticated?
    Principal principal = request.getUserPrincipal();
    String ssoId = (String) request.getNote(Constants.REQ_SSOID_NOTE);
    if (principal != null) {
        if (log.isDebugEnabled()) {
            log.debug(sm.getString("authenticator.check.found", principal.getName()));
        }
        // invalidation at log out.
        if (ssoId != null) {
            associate(ssoId, request.getSessionInternal(true));
        }
        return true;
    }
    // Is there an SSO session against which we can try to reauthenticate?
    if (useSSO && ssoId != null) {
        if (log.isDebugEnabled()) {
            log.debug(sm.getString("authenticator.check.sso", ssoId));
        }
        /*
             * Try to reauthenticate using data cached by SSO. If this fails,
             * either the original SSO logon was of DIGEST or SSL (which we
             * can't reauthenticate ourselves because there is no cached
             * username and password), or the realm denied the user's
             * reauthentication for some reason. In either case we have to
             * prompt the user for a logon
             */
        if (reauthenticateFromSSO(ssoId, request)) {
            return true;
        }
    }
    // needs to be authorized?
    if (request.getCoyoteRequest().getRemoteUserNeedsAuthorization()) {
        String username = request.getCoyoteRequest().getRemoteUser().toString();
        if (username != null) {
            if (log.isDebugEnabled()) {
                log.debug(sm.getString("authenticator.check.authorize", username));
            }
            Principal authorized = context.getRealm().authenticate(username);
            if (authorized == null) {
                // from the authenticated user name
                if (log.isDebugEnabled()) {
                    log.debug(sm.getString("authenticator.check.authorizeFail", username));
                }
                authorized = new GenericPrincipal(username);
            }
            String authType = request.getAuthType();
            if (authType == null || authType.length() == 0) {
                authType = getAuthMethod();
            }
            register(request, response, authorized, authType, username, null);
            return true;
        }
    }
    return false;
}

Example 29 with GenericPrincipal

use of org.apache.catalina.realm.GenericPrincipal in project tomcat by apache.

the class CallbackHandlerImpl method handle.

@Override
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    String name = null;
    Principal principal = null;
    Subject subject = null;
    String[] groups = null;
    if (callbacks != null) {
        // Process the callbacks
        for (Callback callback : callbacks) {
            if (callback instanceof CallerPrincipalCallback) {
                CallerPrincipalCallback cpc = (CallerPrincipalCallback) callback;
                name = cpc.getName();
                principal = cpc.getPrincipal();
                subject = cpc.getSubject();
            } else if (callback instanceof GroupPrincipalCallback) {
                GroupPrincipalCallback gpc = (GroupPrincipalCallback) callback;
                groups = gpc.getGroups();
            } else if (callback instanceof PasswordValidationCallback) {
                if (container == null) {
                    log.warn(sm.getString("callbackHandlerImpl.containerMissing", callback.getClass().getName()));
                } else if (container.getRealm() == null) {
                    log.warn(sm.getString("callbackHandlerImpl.realmMissing", callback.getClass().getName(), container.getName()));
                } else {
                    PasswordValidationCallback pvc = (PasswordValidationCallback) callback;
                    principal = container.getRealm().authenticate(pvc.getUsername(), String.valueOf(pvc.getPassword()));
                    pvc.setResult(principal != null);
                    subject = pvc.getSubject();
                }
            } else {
                log.error(sm.getString("callbackHandlerImpl.jaspicCallbackMissing", callback.getClass().getName()));
            }
        }
        // Create the GenericPrincipal
        Principal gp = getPrincipal(principal, name, groups);
        if (subject != null && gp != null) {
            subject.getPrivateCredentials().add(gp);
        }
    }
}

Example 30 with GenericPrincipal

use of org.apache.catalina.realm.GenericPrincipal in project tomcat by apache.

the class TestCallbackHandlerImpl method testCallerPrincipalCallback.

@Test
public void testCallerPrincipalCallback() throws Exception {
    CallbackHandler callbackHandler = createCallbackHandler(null);
    Subject clientSubject = new Subject();
    CallerPrincipalCallback cpc1 = new CallerPrincipalCallback(clientSubject, "name1");
    callbackHandler.handle(new Callback[] { cpc1 });
    CallerPrincipalCallback cpc2 = new CallerPrincipalCallback(clientSubject, new Principal() {

        @Override
        public String getName() {
            return "name2";
        }
    });
    callbackHandler.handle(new Callback[] { cpc2 });
    Set<Object> credentials = clientSubject.getPrivateCredentials();
    Assert.assertTrue(credentials.size() == 2);
    Set<String> names = new HashSet<>(Arrays.asList(new String[] { "name1", "name2" }));
    for (Object o : credentials) {
        names.remove(((GenericPrincipal) o).getName());
    }
    Assert.assertTrue(names.isEmpty());
}