Example 6 with GroupPrincipal
use of org.apache.karaf.jaas.boot.principal.GroupPrincipal in project karaf by apache.
the class DigestPasswordLoginModule method login.
public boolean login() throws LoginException {
if (usersFile == null) {
throw new LoginException("The property users may not be null");
}
File f = new File(usersFile);
if (!f.exists()) {
throw new LoginException("Users file not found at " + f);
}
Properties users;
try {
users = new Properties(f);
} catch (IOException ioe) {
throw new LoginException("Unable to load user properties file " + f);
}
Callback[] callbacks = new Callback[2];
callbacks[0] = new NameCallback("Username: ");
callbacks[1] = new PasswordCallback("Password: ", false);
if (callbackHandler != null) {
try {
callbackHandler.handle(callbacks);
} catch (IOException ioe) {
throw new LoginException(ioe.getMessage());
} catch (UnsupportedCallbackException uce) {
throw new LoginException(uce.getMessage() + " not available to obtain information from user");
}
}
// user callback get value
if (((NameCallback) callbacks[0]).getName() == null) {
throw new LoginException("Username can not be null");
}
user = ((NameCallback) callbacks[0]).getName();
if (user.startsWith(PropertiesBackingEngine.GROUP_PREFIX)) {
// you can't log in under a group name
throw new FailedLoginException("login failed");
}
// password callback get value
if (((PasswordCallback) callbacks[1]).getPassword() == null) {
throw new LoginException("Password can not be null");
}
String password = new String(((PasswordCallback) callbacks[1]).getPassword());
// user infos container read from the users properties file
String userInfos = null;
try {
userInfos = users.get(user);
} catch (NullPointerException e) {
// error handled in the next statement
}
if (userInfos == null) {
if (!this.detailedLoginExcepion) {
throw new FailedLoginException("login failed");
} else {
throw new FailedLoginException("User " + user + " does not exist");
}
}
// the password is in the first position
String[] infos = userInfos.split(",");
String storedPassword = infos[0];
CallbackHandler myCallbackHandler = null;
try {
Field field = callbackHandler.getClass().getDeclaredField("ch");
field.setAccessible(true);
myCallbackHandler = (CallbackHandler) field.get(callbackHandler);
} catch (Exception e) {
throw new LoginException("Unable to load underlying callback handler");
}
if (myCallbackHandler instanceof NameDigestPasswordCallbackHandler) {
NameDigestPasswordCallbackHandler digestCallbackHandler = (NameDigestPasswordCallbackHandler) myCallbackHandler;
storedPassword = doPasswordDigest(digestCallbackHandler.getNonce(), digestCallbackHandler.getCreatedTime(), storedPassword);
}
// check the provided password
if (!checkPassword(password, storedPassword)) {
if (!this.detailedLoginExcepion) {
throw new FailedLoginException("login failed");
} else {
throw new FailedLoginException("Password for " + user + " does not match");
}
}
principals = new HashSet<>();
principals.add(new UserPrincipal(user));
for (int i = 1; i < infos.length; i++) {
if (infos[i].trim().startsWith(PropertiesBackingEngine.GROUP_PREFIX)) {
// it's a group reference
principals.add(new GroupPrincipal(infos[i].trim().substring(PropertiesBackingEngine.GROUP_PREFIX.length())));
String groupInfo = users.get(infos[i].trim());
if (groupInfo != null) {
String[] roles = groupInfo.split(",");
for (int j = 1; j < roles.length; j++) {
principals.add(new RolePrincipal(roles[j].trim()));
}
}
} else {
// it's an user reference
principals.add(new RolePrincipal(infos[i].trim()));
}
}
users.clear();
if (debug) {
LOGGER.debug("Successfully logged in {}", user);
}
return true;
}
Also used :
CallbackHandler(javax.security.auth.callback.CallbackHandler)
IOException(java.io.IOException)
Properties(org.apache.felix.utils.properties.Properties)
LoginException(javax.security.auth.login.LoginException)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
IOException(java.io.IOException)
FailedLoginException(javax.security.auth.login.FailedLoginException)
UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal)
Field(java.lang.reflect.Field)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
NameCallback(javax.security.auth.callback.NameCallback)
Callback(javax.security.auth.callback.Callback)
NameCallback(javax.security.auth.callback.NameCallback)
FailedLoginException(javax.security.auth.login.FailedLoginException)
GroupPrincipal(org.apache.karaf.jaas.boot.principal.GroupPrincipal)
LoginException(javax.security.auth.login.LoginException)
FailedLoginException(javax.security.auth.login.FailedLoginException)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal)
File(java.io.File)
Example 7 with GroupPrincipal
use of org.apache.karaf.jaas.boot.principal.GroupPrincipal in project karaf by apache.
the class PropertiesBackingEngine method deleteGroup.
@Override
public void deleteGroup(String username, String group) {
deleteRole(username, GROUP_PREFIX + group);
// garbage collection, clean up the groups if needed
for (UserPrincipal user : listUsers()) {
for (GroupPrincipal g : listGroups(user)) {
if (group.equals(g.getName())) {
// there is another user of this group, nothing to clean up
return;
}
}
}
// nobody is using this group any more, remove it
deleteUser(GROUP_PREFIX + group);
}
Also used :
GroupPrincipal(org.apache.karaf.jaas.boot.principal.GroupPrincipal)
UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal)
Example 8 with GroupPrincipal
use of org.apache.karaf.jaas.boot.principal.GroupPrincipal in project karaf by apache.
the class PropertiesLoginModule method login.
public boolean login() throws LoginException {
if (usersFile == null) {
throw new LoginException("The property users may not be null");
}
File f = new File(usersFile);
if (!f.exists()) {
throw new LoginException("Users file not found at " + f);
}
Properties users;
try {
users = new Properties(f);
} catch (IOException ioe) {
throw new LoginException("Unable to load user properties file " + f);
}
Callback[] callbacks = new Callback[2];
callbacks[0] = new NameCallback("Username: ");
callbacks[1] = new PasswordCallback("Password: ", false);
if (callbackHandler != null) {
try {
callbackHandler.handle(callbacks);
} catch (IOException ioe) {
throw new LoginException(ioe.getMessage());
} catch (UnsupportedCallbackException uce) {
throw new LoginException(uce.getMessage() + " not available to obtain information from user");
}
}
// user callback get value
if (((NameCallback) callbacks[0]).getName() == null) {
throw new LoginException("Username can not be null");
}
user = ((NameCallback) callbacks[0]).getName();
if (user.startsWith(PropertiesBackingEngine.GROUP_PREFIX)) {
// you can't log in under a group name
throw new FailedLoginException("login failed");
}
// password callback get value
if (((PasswordCallback) callbacks[1]).getPassword() == null) {
throw new LoginException("Password can not be null");
}
String password = new String(((PasswordCallback) callbacks[1]).getPassword());
// user infos container read from the users properties file
String userInfos = null;
try {
userInfos = users.get(user);
} catch (NullPointerException e) {
// error handled in the next statement
}
if (userInfos == null) {
if (!this.detailedLoginExcepion) {
throw new FailedLoginException("login failed");
} else {
throw new FailedLoginException("User " + user + " does not exist");
}
}
// the password is in the first position
String[] infos = userInfos.split(",");
String storedPassword = infos[0];
// check the provided password
if (!checkPassword(password, storedPassword)) {
if (!this.detailedLoginExcepion) {
throw new FailedLoginException("login failed");
} else {
throw new FailedLoginException("Password for " + user + " does not match");
}
}
principals = new HashSet<>();
principals.add(new UserPrincipal(user));
for (int i = 1; i < infos.length; i++) {
if (infos[i].trim().startsWith(PropertiesBackingEngine.GROUP_PREFIX)) {
// it's a group reference
principals.add(new GroupPrincipal(infos[i].trim().substring(PropertiesBackingEngine.GROUP_PREFIX.length())));
String groupInfo = users.get(infos[i].trim());
if (groupInfo != null) {
String[] roles = groupInfo.split(",");
for (int j = 1; j < roles.length; j++) {
principals.add(new RolePrincipal(roles[j].trim()));
}
}
} else {
// it's an user reference
principals.add(new RolePrincipal(infos[i].trim()));
}
}
users.clear();
if (debug) {
LOGGER.debug("Successfully logged in {}", user);
}
return true;
}
Also used :
IOException(java.io.IOException)
Properties(org.apache.felix.utils.properties.Properties)
UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
NameCallback(javax.security.auth.callback.NameCallback)
Callback(javax.security.auth.callback.Callback)
NameCallback(javax.security.auth.callback.NameCallback)
FailedLoginException(javax.security.auth.login.FailedLoginException)
GroupPrincipal(org.apache.karaf.jaas.boot.principal.GroupPrincipal)
LoginException(javax.security.auth.login.LoginException)
FailedLoginException(javax.security.auth.login.FailedLoginException)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal)
File(java.io.File)
Example 9 with GroupPrincipal
use of org.apache.karaf.jaas.boot.principal.GroupPrincipal in project karaf by apache.
the class JdbcLoginModuleTest method testEngine.
@Test
public void testEngine() throws Exception {
UserPrincipal user = new UserPrincipal("abc");
GroupPrincipal group1 = new GroupPrincipal("group1");
RolePrincipal role1 = new RolePrincipal("role1");
RolePrincipal role2 = new RolePrincipal("role2");
RolePrincipal role3 = new RolePrincipal("role3");
JDBCBackingEngine engine = new JDBCBackingEngine(dataSource);
assertTrue(engine.listUsers().isEmpty());
engine.addUser("abc", "xyz");
assertTrue(engine.listUsers().contains(user));
assertTrue(engine.listRoles(user).isEmpty());
assertTrue(engine.listRoles(group1).isEmpty());
assertTrue(engine.listGroups(user).isEmpty());
assertNotNull(engine.lookupUser("abc"));
assertEquals("abc", engine.lookupUser("abc").getName());
engine.addRole("abc", "role1");
assertTrue(engine.listUsers().contains(user));
assertTrue(engine.listRoles(user).contains(role1));
assertTrue(engine.listRoles(group1).isEmpty());
assertTrue(engine.listGroups(user).isEmpty());
engine.addGroupRole("group1", "role2");
assertTrue(engine.listUsers().contains(user));
assertTrue(engine.listRoles(user).contains(role1));
assertTrue(engine.listRoles(group1).contains(role2));
assertTrue(engine.listGroups(user).isEmpty());
engine.addGroup("abc", "group1");
assertTrue(engine.listUsers().contains(user));
assertTrue(engine.listRoles(user).contains(role1));
assertTrue(engine.listRoles(user).contains(role2));
assertTrue(engine.listRoles(group1).contains(role2));
assertTrue(engine.listGroups(user).contains(group1));
engine.deleteRole("abc", "role1");
assertTrue(engine.listUsers().contains(user));
assertTrue(engine.listRoles(user).contains(role2));
assertTrue(engine.listRoles(group1).contains(role2));
assertTrue(engine.listGroups(user).contains(group1));
engine.deleteGroupRole("group1", "role2");
assertTrue(engine.listUsers().contains(user));
assertTrue(engine.listRoles(user).isEmpty());
assertTrue(engine.listRoles(group1).isEmpty());
assertTrue(engine.listGroups(user).contains(group1));
engine.addGroupRole("group1", "role3");
assertTrue(engine.listUsers().contains(user));
assertTrue(engine.listRoles(user).contains(role3));
assertTrue(engine.listRoles(group1).contains(role3));
assertTrue(engine.listGroups(user).contains(group1));
engine.deleteGroup("abc", "group1");
assertTrue(engine.listUsers().contains(user));
assertTrue(engine.listRoles(user).isEmpty());
assertTrue(engine.listRoles(group1).isEmpty());
assertTrue(engine.listGroups(user).isEmpty());
engine.deleteUser("abc");
assertTrue(engine.listUsers().isEmpty());
assertTrue(engine.listRoles(user).isEmpty());
assertTrue(engine.listRoles(group1).isEmpty());
assertTrue(engine.listGroups(user).isEmpty());
}
Also used :
GroupPrincipal(org.apache.karaf.jaas.boot.principal.GroupPrincipal)
RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal)
UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal)
Test(org.junit.Test)
Example 10 with GroupPrincipal
use of org.apache.karaf.jaas.boot.principal.GroupPrincipal in project karaf by apache.
the class PropertiesBackingEngineTest method testUserRoles.
@Test
public void testUserRoles() throws IOException {
Properties p = new Properties(f);
PropertiesBackingEngine engine = new PropertiesBackingEngine(p);
engine.addUser("a", "aa");
engine.addUser("b", "bb");
engine.addRole("a", "role1");
engine.addRole("a", "role2");
UserPrincipal upa = getUser(engine, "a");
Assert.assertThat(names(engine.listRoles(upa)), containsInAnyOrder("role1", "role2"));
engine.addGroup("a", "g");
engine.addGroupRole("g", "role2");
engine.addGroupRole("g", "role3");
engine.addGroup("b", "g");
engine.addGroup("b", "g2");
engine.addGroupRole("g2", "role4");
Assert.assertThat(names(engine.listUsers()), containsInAnyOrder("a", "b"));
Assert.assertThat(names(engine.listRoles(upa)), containsInAnyOrder("role1", "role2", "role3"));
checkLoading();
assertNotNull(engine.lookupUser("a"));
assertEquals("a", engine.lookupUser("a").getName());
// removing some stuff
UserPrincipal upb = getUser(engine, "b");
assertEquals(1, engine.listGroups(upa).size());
assertEquals(2, engine.listGroups(upb).size());
GroupPrincipal gp = engine.listGroups(upa).iterator().next();
engine.deleteGroupRole("g", "role2");
Assert.assertThat(names(engine.listRoles(gp)), containsInAnyOrder("role3"));
// role2 should still be there as it was added to the user directly too
Assert.assertThat(names(engine.listRoles(upa)), containsInAnyOrder("role1", "role2", "role3"));
Assert.assertThat(names(engine.listRoles(upb)), containsInAnyOrder("role3", "role4"));
engine.deleteGroup("b", "g");
engine.deleteGroup("b", "g2");
assertEquals(0, engine.listRoles(upb).size());
engine.deleteUser("b");
engine.deleteUser("a");
assertEquals("Properties should be empty now", 0, p.size());
}
Also used :
GroupPrincipal(org.apache.karaf.jaas.boot.principal.GroupPrincipal)
Properties(org.apache.felix.utils.properties.Properties)
UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal)
Test(org.junit.Test)
Aggregations
GroupPrincipal (org.apache.karaf.jaas.boot.principal.GroupPrincipal)16
UserPrincipal (org.apache.karaf.jaas.boot.principal.UserPrincipal)10
RolePrincipal (org.apache.karaf.jaas.boot.principal.RolePrincipal)9
IOException (java.io.IOException)4
ArrayList (java.util.ArrayList)4
LoginException (javax.security.auth.login.LoginException)4
Properties (org.apache.felix.utils.properties.Properties)4
File (java.io.File)3
Callback (javax.security.auth.callback.Callback)3
NameCallback (javax.security.auth.callback.NameCallback)3
UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)3
FailedLoginException (javax.security.auth.login.FailedLoginException)3
Test (org.junit.Test)3
PasswordCallback (javax.security.auth.callback.PasswordCallback)2
Field (java.lang.reflect.Field)1
PublicKey (java.security.PublicKey)1
DSAPublicKey (java.security.interfaces.DSAPublicKey)1
RSAPublicKey (java.security.interfaces.RSAPublicKey)1
Connection (java.sql.Connection)1
Subject (javax.security.auth.Subject)1
