Example 11 with RolePrincipal
use of org.apache.karaf.jaas.boot.principal.RolePrincipal in project ddf by codice.
the class LogoutRequestService method logout.
private void logout() {
HttpSession session = sessionFactory.getOrCreateSession(request);
SecurityTokenHolder tokenHolder = ((SecurityTokenHolder) session.getAttribute(SecurityConstants.SAML_ASSERTION));
SecurityAssertion securityAssertion = new SecurityAssertionImpl(tokenHolder.getSecurityToken("idp"));
boolean hasSecurityAuditRole = Arrays.stream(System.getProperty("security.audit.roles").split(",")).filter(role -> securityAssertion.getPrincipals().contains(new RolePrincipal(role))).findFirst().isPresent();
if (hasSecurityAuditRole) {
SecurityLogger.audit("Subject with admin privileges has logged out: {}", securityAssertion.getPrincipal().getName());
}
tokenHolder.remove("idp");
}
Also used :
SecurityTokenHolder(ddf.security.common.SecurityTokenHolder)
HttpSession(javax.servlet.http.HttpSession)
SecurityAssertion(ddf.security.assertion.SecurityAssertion)
RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal)
SecurityAssertionImpl(ddf.security.assertion.impl.SecurityAssertionImpl)
Example 12 with RolePrincipal
use of org.apache.karaf.jaas.boot.principal.RolePrincipal in project opennms by OpenNMS.
the class OpenNMSLoginModule method createPrincipals.
@Override
public Set<Principal> createPrincipals(final GrantedAuthority authority) {
final String role = authority.getAuthority().replaceFirst("^[Rr][Oo][Ll][Ee]_", "");
final Set<Principal> principals = new HashSet<>();
principals.add(new RolePrincipal(role));
principals.add(new RolePrincipal(role.toLowerCase()));
principals.add(new RolePrincipal(authority.getAuthority()));
LOG.debug("created principals from authority {}: {}", authority, principals);
return principals;
}
Also used :
RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal)
RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal)
Principal(java.security.Principal)
HashSet(java.util.HashSet)
Example 13 with RolePrincipal
use of org.apache.karaf.jaas.boot.principal.RolePrincipal in project opennms by OpenNMS.
the class KarafTestCase method executeCommand.
/**
* Executes a shell command and returns output as a String.
* Commands have a default timeout of 10 seconds.
*
* @param command
* @return
*/
protected String executeCommand(final String command) {
try (final ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
final PrintStream printStream = new PrintStream(byteArrayOutputStream);
final PrintStream errStream = new PrintStream(byteArrayOutputStream)) {
final ExecutorService executor = Executors.newCachedThreadPool();
Subject subject = new Subject();
subject.getPrincipals().add(new RolePrincipal("admin"));
return Subject.doAs(subject, new PrivilegedExceptionAction<String>() {
@Override
public String run() throws Exception {
final Session session = sessionFactory.create(System.in, printStream, errStream);
LOG.info("Command: {}", command);
FutureTask<String> commandFuture = new FutureTask<String>(new Callable<String>() {
public String call() {
try {
session.execute(command);
} catch (Exception e) {
e.printStackTrace(System.err);
}
printStream.flush();
errStream.flush();
return byteArrayOutputStream.toString();
}
});
try {
executor.submit(commandFuture);
String response = commandFuture.get(10, TimeUnit.SECONDS);
LOG.info("Response: {}", response);
return response;
} catch (Exception e) {
e.printStackTrace(System.err);
return "SHELL COMMAND TIMED OUT: " + command;
}
}
});
} catch (Exception e) {
LOG.error("Error while executing command", e);
throw new RuntimeException(e);
}
}
Also used :
PrintStream(java.io.PrintStream)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
Subject(javax.security.auth.Subject)
IOException(java.io.IOException)
Callable(java.util.concurrent.Callable)
FutureTask(java.util.concurrent.FutureTask)
ExecutorService(java.util.concurrent.ExecutorService)
RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal)
Session(org.apache.karaf.shell.api.console.Session)
Example 14 with RolePrincipal
use of org.apache.karaf.jaas.boot.principal.RolePrincipal in project karaf by apache.
the class JaasAuthenticator method authenticate.
public Subject authenticate(Object credentials) throws SecurityException {
if (!(credentials instanceof String[])) {
throw new IllegalArgumentException("Expected String[2], got " + (credentials != null ? credentials.getClass().getName() : null));
}
final String[] params = (String[]) credentials;
if (params.length != 2) {
throw new IllegalArgumentException("Expected String[2] but length was " + params.length);
}
try {
Subject subject = new Subject();
try {
subject.getPrincipals().add(new ClientPrincipal("jmx", RemoteServer.getClientHost()));
} catch (Throwable t) {
// Ignore
}
LoginContext loginContext = new LoginContext(realm, subject, callbacks -> {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof NameCallback) {
((NameCallback) callbacks[i]).setName(params[0]);
} else if (callbacks[i] instanceof PasswordCallback) {
((PasswordCallback) callbacks[i]).setPassword((params[1].toCharArray()));
} else {
throw new UnsupportedCallbackException(callbacks[i]);
}
}
});
loginContext.login();
int roleCount = 0;
for (Principal principal : subject.getPrincipals()) {
if (principal instanceof RolePrincipal) {
roleCount++;
}
}
if (roleCount == 0) {
throw new FailedLoginException("User doesn't have role defined");
}
return subject;
} catch (LoginException e) {
throw new SecurityException("Authentication failed", e);
}
}
Also used :
ClientPrincipal(org.apache.karaf.jaas.boot.principal.ClientPrincipal)
Subject(javax.security.auth.Subject)
LoginContext(javax.security.auth.login.LoginContext)
NameCallback(javax.security.auth.callback.NameCallback)
FailedLoginException(javax.security.auth.login.FailedLoginException)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
LoginException(javax.security.auth.login.LoginException)
FailedLoginException(javax.security.auth.login.FailedLoginException)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal)
RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal)
Principal(java.security.Principal)
ClientPrincipal(org.apache.karaf.jaas.boot.principal.ClientPrincipal)
Example 15 with RolePrincipal
use of org.apache.karaf.jaas.boot.principal.RolePrincipal in project karaf by apache.
the class LocalConsoleManager method createLocalKarafSubject.
private Subject createLocalKarafSubject() {
String userName = System.getProperty(KARAF_LOCAL_USER);
if (userName == null) {
userName = "karaf";
}
final Subject subject = new Subject();
subject.getPrincipals().add(new UserPrincipal(userName));
subject.getPrincipals().add(new ClientPrincipal("local", "localhost"));
String roles = System.getProperty(KARAF_LOCAL_ROLES, KARAF_LOCAL_ROLES_DEFAULT);
if (roles != null) {
for (String role : roles.split("[,]")) {
subject.getPrincipals().add(new RolePrincipal(role.trim()));
}
}
return subject;
}
Also used :
RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal)
ClientPrincipal(org.apache.karaf.jaas.boot.principal.ClientPrincipal)
Subject(javax.security.auth.Subject)
UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal)
Aggregations
RolePrincipal (org.apache.karaf.jaas.boot.principal.RolePrincipal)61
UserPrincipal (org.apache.karaf.jaas.boot.principal.UserPrincipal)20
Subject (javax.security.auth.Subject)19
Principal (java.security.Principal)15
Test (org.junit.Test)15
LoginException (javax.security.auth.login.LoginException)14
IOException (java.io.IOException)13
NameCallback (javax.security.auth.callback.NameCallback)13
UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)13
ArrayList (java.util.ArrayList)12
Callback (javax.security.auth.callback.Callback)11
PasswordCallback (javax.security.auth.callback.PasswordCallback)10
FailedLoginException (javax.security.auth.login.FailedLoginException)10
GroupPrincipal (org.apache.karaf.jaas.boot.principal.GroupPrincipal)9
BundleContext (org.osgi.framework.BundleContext)8
Hashtable (java.util.Hashtable)7
HashSet (java.util.HashSet)6
File (java.io.File)4
Configuration (org.osgi.service.cm.Configuration)4
Attribute (ddf.security.assertion.Attribute)3
