Example 1 with RolePrincipal
use of org.apache.karaf.jaas.boot.principal.RolePrincipal in project karaf by apache.
the class ConfigManagedServiceFactoryTest method createNewFactoryConfig.
@Test
public void createNewFactoryConfig() throws Exception {
executeCommand("config:edit --factory myconfig2\n" + "config:property-set test1 data1\n" + "config:update", new RolePrincipal("manager"));
Configuration config = configAdmin.listConfigurations("(service.factorypid=myconfig2)")[0];
assertEquals("data1", config.getProperties().get("test1"));
}
Also used :
Configuration(org.osgi.service.cm.Configuration)
RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal)
Test(org.junit.Test)
Example 2 with RolePrincipal
use of org.apache.karaf.jaas.boot.principal.RolePrincipal in project karaf by apache.
the class GuardProxyCatalogTest method testInvocationBlocking5.
@SuppressWarnings("unchecked")
@Test
public void testInvocationBlocking5() throws Exception {
Dictionary<String, Object> c1 = new Hashtable<>();
c1.put(Constants.SERVICE_PID, "foobar");
c1.put("service.guard", "(objectClass=" + TestServiceAPI.class.getName() + ")");
c1.put("doit", "a,b");
BundleContext bc = mockConfigAdminBundleContext(c1);
final Object proxy = testCreateProxy(bc, new Class[] { TestServiceAPI2.class }, (TestServiceAPI2) String::toUpperCase);
// Invoke the service with role 'c'.
Subject subject = new Subject();
subject.getPrincipals().add(new RolePrincipal("c"));
Subject.doAs(subject, (PrivilegedAction<Object>) () -> {
assertEquals("The invocation under role 'c' should be ok, as there are no rules specified " + "for this service at all.", "HELLO", ((TestServiceAPI2) proxy).doit("hello"));
return null;
});
}
Also used :
Hashtable(java.util.Hashtable)
RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal)
Subject(javax.security.auth.Subject)
BundleContext(org.osgi.framework.BundleContext)
Test(org.junit.Test)
Example 3 with RolePrincipal
use of org.apache.karaf.jaas.boot.principal.RolePrincipal in project karaf by apache.
the class JDBCLoginModule method login.
public boolean login() throws LoginException {
Callback[] callbacks = new Callback[2];
callbacks[0] = new NameCallback("Username: ");
callbacks[1] = new PasswordCallback("Password: ", false);
try {
callbackHandler.handle(callbacks);
} catch (IOException ioe) {
throw new LoginException(ioe.getMessage());
} catch (UnsupportedCallbackException uce) {
throw new LoginException(uce.getMessage() + " not available to obtain information from user");
}
user = ((NameCallback) callbacks[0]).getName();
char[] tmpPassword = ((PasswordCallback) callbacks[1]).getPassword();
if (tmpPassword == null) {
tmpPassword = new char[0];
}
String password = new String(tmpPassword);
principals = new HashSet<>();
try {
DataSource datasource = JDBCUtils.createDatasource(bundleContext, datasourceURL);
try (Connection connection = datasource.getConnection()) {
List<String> passwords = JDBCUtils.rawSelect(connection, passwordQuery, user);
if (passwords.isEmpty()) {
if (!this.detailedLoginExcepion) {
throw new LoginException("login failed");
} else {
throw new LoginException("User " + user + " does not exist");
}
}
if (!checkPassword(password, passwords.get(0))) {
if (!this.detailedLoginExcepion) {
throw new LoginException("login failed");
} else {
throw new LoginException("Password for " + user + " does not match");
}
}
principals.add(new UserPrincipal(user));
if (roleQuery != null && !"".equals(roleQuery.trim())) {
List<String> roles = JDBCUtils.rawSelect(connection, roleQuery, user);
for (String role : roles) {
if (role.startsWith(BackingEngine.GROUP_PREFIX)) {
principals.add(new GroupPrincipal(role.substring(BackingEngine.GROUP_PREFIX.length())));
for (String r : JDBCUtils.rawSelect(connection, roleQuery, role)) {
principals.add(new RolePrincipal(r));
}
} else {
principals.add(new RolePrincipal(role));
}
}
} else {
LOGGER.debug("No roleQuery specified so no roles have been retrieved for the authenticated user");
}
}
} catch (Exception ex) {
throw new LoginException("Error has occurred while retrieving credentials from database:" + ex.getMessage());
}
return true;
}
Also used :
Connection(java.sql.Connection)
IOException(java.io.IOException)
UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal)
LoginException(javax.security.auth.login.LoginException)
IOException(java.io.IOException)
DataSource(javax.sql.DataSource)
GroupPrincipal(org.apache.karaf.jaas.boot.principal.GroupPrincipal)
LoginException(javax.security.auth.login.LoginException)
RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal)
Example 4 with RolePrincipal
use of org.apache.karaf.jaas.boot.principal.RolePrincipal in project karaf by apache.
the class ListUsersCommand method doExecute.
@Override
protected Object doExecute(BackingEngine engine) throws Exception {
List<UserPrincipal> users = engine.listUsers();
ShellTable table = new ShellTable();
table.column("User Name");
table.column("Group");
table.column("Role");
for (UserPrincipal user : users) {
List<String> reportedRoles = new ArrayList<>();
String userName = user.getName();
for (GroupPrincipal group : engine.listGroups(user)) {
reportedRoles.addAll(displayGroupRoles(engine, userName, group, table));
}
for (RolePrincipal role : engine.listRoles(user)) {
String roleName = role.getName();
if (reportedRoles.contains(roleName)) {
continue;
}
reportedRoles.add(roleName);
table.addRow().addContent(userName, "", roleName);
}
if (reportedRoles.size() == 0) {
table.addRow().addContent(userName, "", "");
}
}
table.print(System.out, !noFormat);
return null;
}
Also used :
ShellTable(org.apache.karaf.shell.support.table.ShellTable)
GroupPrincipal(org.apache.karaf.jaas.boot.principal.GroupPrincipal)
ArrayList(java.util.ArrayList)
RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal)
UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal)
Example 5 with RolePrincipal
use of org.apache.karaf.jaas.boot.principal.RolePrincipal in project karaf by apache.
the class KarafJaasAuthenticator method authenticate.
public boolean authenticate(final String username, final String password, final ServerSession session) {
try {
Subject subject = new Subject();
LoginContext loginContext = new LoginContext(realm, subject, callbacks -> {
for (Callback callback : callbacks) {
if (callback instanceof NameCallback) {
((NameCallback) callback).setName(username);
} else if (callback instanceof PasswordCallback) {
((PasswordCallback) callback).setPassword(password.toCharArray());
} else {
throw new UnsupportedCallbackException(callback);
}
}
});
loginContext.login();
int roleCount = 0;
for (Principal principal : subject.getPrincipals()) {
if (principal instanceof RolePrincipal) {
roleCount++;
}
}
if (roleCount == 0) {
throw new FailedLoginException("User doesn't have role defined");
}
session.setAttribute(SUBJECT_ATTRIBUTE_KEY, subject);
return true;
} catch (Exception e) {
LOGGER.debug("User authentication failed with " + e.getMessage(), e);
return false;
}
}
Also used :
LoginContext(javax.security.auth.login.LoginContext)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
NameCallback(javax.security.auth.callback.NameCallback)
PublickeyCallback(org.apache.karaf.jaas.modules.publickey.PublickeyCallback)
Callback(javax.security.auth.callback.Callback)
NameCallback(javax.security.auth.callback.NameCallback)
FailedLoginException(javax.security.auth.login.FailedLoginException)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal)
Subject(javax.security.auth.Subject)
RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal)
Principal(java.security.Principal)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
FailedLoginException(javax.security.auth.login.FailedLoginException)
Aggregations
RolePrincipal (org.apache.karaf.jaas.boot.principal.RolePrincipal)61
UserPrincipal (org.apache.karaf.jaas.boot.principal.UserPrincipal)20
Subject (javax.security.auth.Subject)19
Principal (java.security.Principal)15
Test (org.junit.Test)15
LoginException (javax.security.auth.login.LoginException)14
IOException (java.io.IOException)13
NameCallback (javax.security.auth.callback.NameCallback)13
UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)13
ArrayList (java.util.ArrayList)12
Callback (javax.security.auth.callback.Callback)11
PasswordCallback (javax.security.auth.callback.PasswordCallback)10
FailedLoginException (javax.security.auth.login.FailedLoginException)10
GroupPrincipal (org.apache.karaf.jaas.boot.principal.GroupPrincipal)9
BundleContext (org.osgi.framework.BundleContext)8
Hashtable (java.util.Hashtable)7
HashSet (java.util.HashSet)6
File (java.io.File)4
Configuration (org.osgi.service.cm.Configuration)4
Attribute (ddf.security.assertion.Attribute)3
