Example 1 with PrincipalProviderRegistry
use of org.apache.jackrabbit.core.security.principal.PrincipalProviderRegistry in project jackrabbit by apache.
the class AbstractLoginModule method initialize.
/**
* Initialize this LoginModule and sets the following fields for later usage:
* <ul>
* <li>{@link PrincipalProvider} for user-{@link Principal} resolution.</li>
* <li>{@link LoginModuleConfig#PARAM_ADMIN_ID} option is evaluated</li>
* <li>{@link LoginModuleConfig#PARAM_ANONYMOUS_ID} option is evaluated</li>
* </ul>
* Implementations are called via
* {@link #doInit(CallbackHandler, Session, Map)} to implement
* additional initialization
*
* @param subject the <code>Subject</code> to be authenticated. <p>
* @param callbackHandler a <code>CallbackHandler</code> for communicating
* with the end user (prompting for usernames and
* passwords, for example). <p>
* @param sharedState state shared with other configured
* LoginModules.<p>
* @param options options specified in the login <code>Configuration</code>
* for this particular <code>LoginModule</code>.
* @see LoginModule#initialize(Subject, CallbackHandler, Map, Map)
* @see #doInit(CallbackHandler, Session, Map)
* @see #isInitialized()
*/
public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options) {
// common jaas state variables
this.callbackHandler = callbackHandler;
this.subject = subject;
this.sharedState = sharedState;
// initialize the login module
try {
log.debug("Initialize LoginModule: ");
RepositoryCallback repositoryCb = new RepositoryCallback();
callbackHandler.handle(new Callback[] { repositoryCb });
PrincipalProviderRegistry registry = repositoryCb.getPrincipalProviderRegistry();
// is present with the module configuration.
if (options.containsKey(LoginModuleConfig.PARAM_PRINCIPAL_PROVIDER_CLASS)) {
Object pcOption = options.get(LoginModuleConfig.PARAM_PRINCIPAL_PROVIDER_CLASS);
if (pcOption != null) {
principalProviderClassName = pcOption.toString();
}
}
if (principalProviderClassName == null) {
// try compatibility parameters
if (options.containsKey(LoginModuleConfig.COMPAT_PRINCIPAL_PROVIDER_NAME)) {
principalProviderClassName = options.get(LoginModuleConfig.COMPAT_PRINCIPAL_PROVIDER_NAME).toString();
} else if (options.containsKey(LoginModuleConfig.COMPAT_PRINCIPAL_PROVIDER_CLASS)) {
principalProviderClassName = options.get(LoginModuleConfig.COMPAT_PRINCIPAL_PROVIDER_CLASS).toString();
}
}
if (principalProviderClassName != null) {
principalProvider = registry.getProvider(principalProviderClassName);
}
if (principalProvider == null) {
principalProvider = registry.getDefault();
if (principalProvider == null) {
// abort. not even a default principal provider
return;
}
}
log.debug("- PrincipalProvider -> '" + principalProvider.getClass().getName() + "'");
// call implementation for additional setup
doInit(callbackHandler, repositoryCb.getSession(), options);
// adminId: if not present in options -> retrieve from callback
if (options.containsKey(LoginModuleConfig.PARAM_ADMIN_ID)) {
adminId = (String) options.get(LoginModuleConfig.PARAM_ADMIN_ID);
}
if (adminId == null) {
adminId = repositoryCb.getAdminId();
}
// anonymousId: if not present in options -> retrieve from callback
if (options.containsKey(LoginModuleConfig.PARAM_ANONYMOUS_ID)) {
anonymousId = (String) options.get(LoginModuleConfig.PARAM_ANONYMOUS_ID);
}
if (anonymousId == null) {
anonymousId = repositoryCb.getAnonymousId();
}
// trusted credentials attribute name (may be missing to not
// support) (normalized to null aka missing aka unset if an empty
// string)
preAuthAttributeName = (String) options.get(PRE_AUTHENTICATED_ATTRIBUTE_OPTION);
if (preAuthAttributeName != null && preAuthAttributeName.length() == 0) {
preAuthAttributeName = null;
}
//log config values for debug
if (log.isDebugEnabled()) {
for (String option : options.keySet()) {
log.debug("- Option: " + option + " -> '" + options.get(option) + "'");
}
}
initialized = (this.subject != null);
} catch (Exception e) {
log.error("LoginModule failed to initialize.", e);
}
}
Also used :
PrincipalProviderRegistry(org.apache.jackrabbit.core.security.principal.PrincipalProviderRegistry)
LoginException(javax.security.auth.login.LoginException)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
RepositoryException(javax.jcr.RepositoryException)
FailedLoginException(javax.security.auth.login.FailedLoginException)
IOException(java.io.IOException)
Example 2 with PrincipalProviderRegistry
use of org.apache.jackrabbit.core.security.principal.PrincipalProviderRegistry in project jackrabbit by apache.
the class SecurityConfigTest method testPrincipalProviderConfig.
/**
*
* @throws Exception
*/
public void testPrincipalProviderConfig() throws Exception {
PrincipalProviderRegistry ppr = new ProviderRegistryImpl(null);
// standard config
Element xml = parseXML(new InputSource(new StringReader(PRINCIPAL_PROVIDER_CONFIG)), true);
LoginModuleConfig lmc = parser.parseSecurityConfig(xml).getLoginModuleConfig();
PrincipalProvider pp = ppr.registerProvider(lmc.getParameters());
assertEquals(pp, ppr.getProvider(pp.getClass().getName()));
assertEquals("org.apache.jackrabbit.core.security.principal.FallbackPrincipalProvider", pp.getClass().getName());
// config specifying an extra name
xml = parseXML(new InputSource(new StringReader(PRINCIPAL_PROVIDER_CONFIG1)), true);
lmc = parser.parseSecurityConfig(xml).getLoginModuleConfig();
pp = ppr.registerProvider(lmc.getParameters());
assertEquals(pp, ppr.getProvider("test"));
assertEquals("org.apache.jackrabbit.core.security.principal.FallbackPrincipalProvider", pp.getClass().getName());
// use alternative class config
xml = parseXML(new InputSource(new StringReader(PRINCIPAL_PROVIDER_CONFIG2)), true);
lmc = parser.parseSecurityConfig(xml).getLoginModuleConfig();
pp = ppr.registerProvider(lmc.getParameters());
assertEquals(pp, ppr.getProvider("test2"));
assertEquals("org.apache.jackrabbit.core.security.principal.FallbackPrincipalProvider", pp.getClass().getName());
// all 3 providers must be registered despite the fact the all configs
// specify the same provider class
assertEquals(3, ppr.getProviders().length);
}
Also used :
InputSource(org.xml.sax.InputSource)
PrincipalProvider(org.apache.jackrabbit.core.security.principal.PrincipalProvider)
Element(org.w3c.dom.Element)
StringReader(java.io.StringReader)
PrincipalProviderRegistry(org.apache.jackrabbit.core.security.principal.PrincipalProviderRegistry)
ProviderRegistryImpl(org.apache.jackrabbit.core.security.principal.ProviderRegistryImpl)
Example 3 with PrincipalProviderRegistry
use of org.apache.jackrabbit.core.security.principal.PrincipalProviderRegistry in project jackrabbit by apache.
the class UserPerWorkspaceSecurityManager method getPrincipalProviderRegistry.
private PrincipalProviderRegistry getPrincipalProviderRegistry(SessionImpl s) throws RepositoryException {
String wspName = s.getWorkspace().getName();
synchronized (monitor) {
PrincipalProviderRegistry p = ppRegistries.get(wspName);
if (p == null) {
SystemSession systemSession;
if (s instanceof SystemSession) {
systemSession = (SystemSession) s;
} else {
RepositoryImpl repo = (RepositoryImpl) getRepository();
systemSession = repo.getSystemSession(wspName);
// TODO: review again... this workaround is used in several places.
repo.markWorkspaceActive(wspName);
}
Properties[] moduleConfig = new AuthContextProvider("", ((RepositoryImpl) getRepository()).getConfig().getSecurityConfig().getLoginModuleConfig()).getModuleConfig();
PrincipalProvider defaultPP = new DefaultPrincipalProvider(systemSession, (UserManagerImpl) getUserManager(systemSession));
boolean initialized = false;
for (Properties props : moduleConfig) {
//GRANITE-4470: apply config to DefaultPrincipalProvider if there is no explicit PrincipalProvider configured
if (!props.containsKey(LoginModuleConfig.PARAM_PRINCIPAL_PROVIDER_CLASS) && props.containsKey(AbstractPrincipalProvider.MAXSIZE_KEY)) {
defaultPP.init(props);
initialized = true;
break;
}
}
if (!initialized) {
defaultPP.init(new Properties());
}
p = new WorkspaceBasedPrincipalProviderRegistry(defaultPP);
ppRegistries.put(wspName, p);
}
return p;
}
}
Also used :
DefaultPrincipalProvider(org.apache.jackrabbit.core.security.principal.DefaultPrincipalProvider)
AbstractPrincipalProvider(org.apache.jackrabbit.core.security.principal.AbstractPrincipalProvider)
PrincipalProvider(org.apache.jackrabbit.core.security.principal.PrincipalProvider)
DefaultPrincipalProvider(org.apache.jackrabbit.core.security.principal.DefaultPrincipalProvider)
Properties(java.util.Properties)
PrincipalProviderRegistry(org.apache.jackrabbit.core.security.principal.PrincipalProviderRegistry)
AuthContextProvider(org.apache.jackrabbit.core.security.authentication.AuthContextProvider)
Aggregations
PrincipalProviderRegistry (org.apache.jackrabbit.core.security.principal.PrincipalProviderRegistry)3
PrincipalProvider (org.apache.jackrabbit.core.security.principal.PrincipalProvider)2
IOException (java.io.IOException)1
StringReader (java.io.StringReader)1
Properties (java.util.Properties)1
RepositoryException (javax.jcr.RepositoryException)1
UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)1
FailedLoginException (javax.security.auth.login.FailedLoginException)1
LoginException (javax.security.auth.login.LoginException)1
AuthContextProvider (org.apache.jackrabbit.core.security.authentication.AuthContextProvider)1
AbstractPrincipalProvider (org.apache.jackrabbit.core.security.principal.AbstractPrincipalProvider)1
DefaultPrincipalProvider (org.apache.jackrabbit.core.security.principal.DefaultPrincipalProvider)1
ProviderRegistryImpl (org.apache.jackrabbit.core.security.principal.ProviderRegistryImpl)1
Element (org.w3c.dom.Element)1
InputSource (org.xml.sax.InputSource)1
