Example 46 with RolePrincipal
use of org.apache.karaf.jaas.boot.principal.RolePrincipal in project ddf by codice.
the class TestConfiguration method testExportMetacards.
@Test
public void testExportMetacards() throws Exception {
closeFileHandlesInEtc();
resetInitialState();
List<String> metacardIds = ingestMetacardsForExport();
console.runCommand(EXPORT_COMMAND);
assertExportCatalog(getDefaultExportDirectory().resolve("ddf.metacards"));
console.runCommand(CATALOG_REMOVE_ALL_COMMAND, new RolePrincipal("admin"));
console.runCommand(String.format("%s \"%s\"", CATALOG_INGEST_COMMAND, getDefaultExportDirectory().resolve("ddf.metacards")), new RolePrincipal("admin"));
assertMetacardsIngested(metacardIds.size());
}
Also used :
Matchers.containsString(org.hamcrest.Matchers.containsString)
RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal)
AbstractIntegrationTest(org.codice.ddf.itests.common.AbstractIntegrationTest)
Test(org.junit.Test)
Example 47 with RolePrincipal
use of org.apache.karaf.jaas.boot.principal.RolePrincipal in project ddf by codice.
the class TestConfiguration method resetInitialState.
public void resetInitialState() throws Exception {
FileUtils.deleteQuietly(getDefaultExportDirectory().toFile());
FileUtils.deleteQuietly(new File(TEST_FILE));
FileUtils.deleteQuietly(symbolicLink.toFile());
FileUtils.cleanDirectory(getPathToProcessedDirectory().toFile());
FileUtils.cleanDirectory(getPathToFailedDirectory().toFile());
restoreBackup(SYSTEM_PROPERTIES_COPY, SYSTEM_PROPERTIES);
restoreBackup(USERS_PROPERTIES_COPY, USERS_PROPERTIES);
restoreBackup(WS_SECURITY_COPY, WS_SECURITY);
restoreBackup(PDP_COPY, PDP);
System.setProperty(KEYSTORE_PROPERTY, "etc" + File.separator + "keystores" + File.separator + "serverKeystore.jks");
disableCrls();
console.runCommand(CATALOG_REMOVE_ALL_COMMAND, new RolePrincipal("admin"));
}
Also used :
RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal)
File(java.io.File)
Example 48 with RolePrincipal
use of org.apache.karaf.jaas.boot.principal.RolePrincipal in project ddf by codice.
the class SecurityAssertionImpl method getPrincipals.
@Override
public Set<Principal> getPrincipals() {
Set<Principal> principals = new HashSet<>();
Principal primary = getPrincipal();
principals.add(primary);
principals.add(new RolePrincipal(primary.getName()));
for (AttributeStatement attributeStatement : getAttributeStatements()) {
for (Attribute attr : attributeStatement.getAttributes()) {
if (StringUtils.containsIgnoreCase(attr.getName(), "role")) {
for (final XMLObject obj : attr.getAttributeValues()) {
principals.add(new RolePrincipal(((XSString) obj).getValue()));
}
}
}
}
return principals;
}
Also used :
Attribute(org.opensaml.saml.saml2.core.Attribute)
EncryptedAttribute(org.opensaml.saml.saml2.core.EncryptedAttribute)
AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement)
XMLObject(org.opensaml.core.xml.XMLObject)
XSString(org.opensaml.core.xml.schema.XSString)
RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal)
KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal)
Principal(java.security.Principal)
X500Principal(javax.security.auth.x500.X500Principal)
GuestPrincipal(ddf.security.principal.GuestPrincipal)
RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal)
HashSet(java.util.HashSet)
Example 49 with RolePrincipal
use of org.apache.karaf.jaas.boot.principal.RolePrincipal in project pentaho-platform by pentaho.
the class SpringSecurityLoginModule method login.
public boolean login() throws LoginException {
org.springframework.security.core.Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication != null) {
// Obtain the username of the incoming auth request to match against existing authentication on the thread.
Callback[] callbacks = new Callback[1];
callbacks[0] = new NameCallback("User: ");
try {
callbackHandler.handle(callbacks);
} catch (IOException e) {
throw new LoginException(e.getMessage());
} catch (UnsupportedCallbackException e) {
throw new LoginException("Unable to interactively Authenticate with user: " + e.getMessage());
}
// user callback get value
String name = ((NameCallback) callbacks[0]).getName();
if (name == null) {
throw new LoginException("User name is null");
}
// If the existing thread-bound authentication does not match, discard it.
if (!name.equals(authentication.getName())) {
// reauthenticate
authentication = null;
}
}
if (authentication == null) {
Callback[] callbacks = new Callback[2];
callbacks[0] = new NameCallback("User: ");
callbacks[1] = new PasswordCallback("Password: ", false);
try {
callbackHandler.handle(callbacks);
} catch (IOException e) {
throw new LoginException(e.getMessage());
} catch (UnsupportedCallbackException e) {
throw new LoginException("Unable to interactively Authenticate with user: " + e.getMessage());
}
String name = ((NameCallback) callbacks[0]).getName();
char[] password1 = ((PasswordCallback) callbacks[1]).getPassword();
if (password1 == null || name == null) {
throw new LoginException("User Name and Password cannot be null");
}
String password = new String(password1);
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(name, String.valueOf(password));
IPentahoSession session = new StandaloneSession(name);
PentahoSessionHolder.setSession(session);
try {
// Throws an exception on failure.
authentication = getAuthenticationManager().authenticate(token);
if (authentication != null && !authentication.isAuthenticated()) {
throw new IllegalStateException("Got a bad authentication");
}
if (authentication == null) {
throw new IllegalStateException("Not Authenticated");
}
} catch (Exception e) {
session.destroy();
PentahoSessionHolder.removeSession();
throw new LoginException(e.getMessage());
}
}
principals = new HashSet<Principal>();
principals.add(new UserPrincipal(authentication.getName()));
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
if (authorities != null) {
for (GrantedAuthority authority : authorities) {
principals.add(new RolePrincipal(authority.getAuthority()));
}
}
// AuthorizationPolicy requires a PentahoSession. becomeUSer is the easiest way
SecurityHelper.getInstance().becomeUser(authentication.getName());
// If they have AdministerSecurity, grant the Karaf admin role
if (getAuthorizationPolicy().isAllowed(AdministerSecurityAction.NAME)) {
principals.add(new RolePrincipal(KARAF_ADMIN));
}
return true;
}
Also used :
StandaloneSession(org.pentaho.platform.engine.core.system.StandaloneSession)
IPentahoSession(org.pentaho.platform.api.engine.IPentahoSession)
GrantedAuthority(org.springframework.security.core.GrantedAuthority)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
IOException(java.io.IOException)
LoginException(javax.security.auth.login.LoginException)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
IOException(java.io.IOException)
UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
NameCallback(javax.security.auth.callback.NameCallback)
Callback(javax.security.auth.callback.Callback)
NameCallback(javax.security.auth.callback.NameCallback)
LoginException(javax.security.auth.login.LoginException)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal)
UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal)
RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal)
Principal(java.security.Principal)
Example 50 with RolePrincipal
use of org.apache.karaf.jaas.boot.principal.RolePrincipal in project karaf by apache.
the class PublickeyLoginModule method login.
public boolean login() throws LoginException {
File f = new File(usersFile);
Properties users;
try {
users = new Properties(f);
} catch (IOException ioe) {
throw new LoginException("Unable to load user properties file " + f);
}
Callback[] callbacks = new Callback[2];
callbacks[0] = new NameCallback("Username: ");
callbacks[1] = new PublickeyCallback();
try {
callbackHandler.handle(callbacks);
} catch (IOException ioe) {
throw new LoginException(ioe.getMessage());
} catch (UnsupportedCallbackException uce) {
throw new LoginException(uce.getMessage() + " not available to obtain information from user");
}
String user = ((NameCallback) callbacks[0]).getName();
if (user == null) {
throw new FailedLoginException("Unable to retrieve user name");
}
PublicKey key = ((PublickeyCallback) callbacks[1]).getPublicKey();
if (key == null) {
throw new FailedLoginException("Unable to retrieve public key");
}
// user infos container read from the users properties file
String userInfos = null;
try {
userInfos = users.get(user);
} catch (NullPointerException e) {
// error handled in the next statement
}
if (userInfos == null) {
if (!this.detailedLoginExcepion) {
throw new FailedLoginException("login failed");
} else {
throw new FailedLoginException("User " + user + " does not exist");
}
}
// the password is in the first position
String[] infos = userInfos.split(",");
String storedKey = infos[0];
// check the provided password
if (!getString(key).equals(storedKey)) {
if (!this.detailedLoginExcepion) {
throw new FailedLoginException("login failed");
} else {
throw new FailedLoginException("Public key for " + user + " does not match");
}
}
principals = new HashSet<>();
principals.add(new UserPrincipal(user));
for (int i = 1; i < infos.length; i++) {
if (infos[i].trim().startsWith(PropertiesBackingEngine.GROUP_PREFIX)) {
// it's a group reference
principals.add(new GroupPrincipal(infos[i].trim().substring(PropertiesBackingEngine.GROUP_PREFIX.length())));
String groupInfo = users.get(infos[i].trim());
if (groupInfo != null) {
String[] roles = groupInfo.split(",");
for (int j = 1; j < roles.length; j++) {
principals.add(new RolePrincipal(roles[j].trim()));
}
}
} else {
// it's an user reference
principals.add(new RolePrincipal(infos[i].trim()));
}
}
users.clear();
if (debug) {
LOG.debug("Successfully logged in " + user);
}
return true;
}
Also used :
RSAPublicKey(java.security.interfaces.RSAPublicKey)
PublicKey(java.security.PublicKey)
DSAPublicKey(java.security.interfaces.DSAPublicKey)
IOException(java.io.IOException)
Properties(org.apache.felix.utils.properties.Properties)
UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal)
NameCallback(javax.security.auth.callback.NameCallback)
Callback(javax.security.auth.callback.Callback)
NameCallback(javax.security.auth.callback.NameCallback)
FailedLoginException(javax.security.auth.login.FailedLoginException)
GroupPrincipal(org.apache.karaf.jaas.boot.principal.GroupPrincipal)
LoginException(javax.security.auth.login.LoginException)
FailedLoginException(javax.security.auth.login.FailedLoginException)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal)
File(java.io.File)
Aggregations
RolePrincipal (org.apache.karaf.jaas.boot.principal.RolePrincipal)61
UserPrincipal (org.apache.karaf.jaas.boot.principal.UserPrincipal)20
Subject (javax.security.auth.Subject)19
Principal (java.security.Principal)15
Test (org.junit.Test)15
LoginException (javax.security.auth.login.LoginException)14
IOException (java.io.IOException)13
NameCallback (javax.security.auth.callback.NameCallback)13
UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)13
ArrayList (java.util.ArrayList)12
Callback (javax.security.auth.callback.Callback)11
PasswordCallback (javax.security.auth.callback.PasswordCallback)10
FailedLoginException (javax.security.auth.login.FailedLoginException)10
GroupPrincipal (org.apache.karaf.jaas.boot.principal.GroupPrincipal)9
BundleContext (org.osgi.framework.BundleContext)8
Hashtable (java.util.Hashtable)7
HashSet (java.util.HashSet)6
File (java.io.File)4
Configuration (org.osgi.service.cm.Configuration)4
Attribute (ddf.security.assertion.Attribute)3
