Example 6 with UserPrincipal
use of org.apache.karaf.jaas.boot.principal.UserPrincipal in project karaf by apache.
the class SyncopeLoginModule method login.
public boolean login() throws LoginException {
Callback[] callbacks = new Callback[2];
callbacks[0] = new NameCallback("Username: ");
callbacks[1] = new PasswordCallback("Password: ", false);
try {
callbackHandler.handle(callbacks);
} catch (IOException ioException) {
throw new LoginException(ioException.getMessage());
} catch (UnsupportedCallbackException unsupportedCallbackException) {
throw new LoginException(unsupportedCallbackException.getMessage() + " not available to obtain information from user.");
}
user = ((NameCallback) callbacks[0]).getName();
char[] tmpPassword = ((PasswordCallback) callbacks[1]).getPassword();
if (tmpPassword == null) {
tmpPassword = new char[0];
}
String password = new String(tmpPassword);
principals = new HashSet<>();
// authenticate the user on Syncope
LOGGER.debug("Authenticate user {} on Syncope located {}", user, address);
DefaultHttpClient client = new DefaultHttpClient();
Credentials creds = new UsernamePasswordCredentials(user, password);
client.getCredentialsProvider().setCredentials(AuthScope.ANY, creds);
HttpGet get = new HttpGet(address + "/users/self");
get.setHeader("Content-Type", "application/xml");
List<String> roles = new ArrayList<>();
try {
CloseableHttpResponse response = client.execute(get);
LOGGER.debug("Syncope HTTP response status code: {}", response.getStatusLine().getStatusCode());
if (response.getStatusLine().getStatusCode() != HttpStatus.SC_OK) {
LOGGER.warn("User {} not authenticated", user);
return false;
}
LOGGER.debug("User {} authenticated", user);
LOGGER.debug("Populating principals with user");
principals.add(new UserPrincipal(user));
LOGGER.debug("Retrieving user {} roles", user);
roles = extractingRoles(EntityUtils.toString(response.getEntity()));
} catch (Exception e) {
LOGGER.error("User {} authentication failed", user, e);
throw new LoginException("User " + user + " authentication failed: " + e.getMessage());
}
LOGGER.debug("Populating principals with roles");
for (String role : roles) {
principals.add(new RolePrincipal(role));
}
return true;
}
Also used :
HttpGet(org.apache.http.client.methods.HttpGet)
IOException(java.io.IOException)
DefaultHttpClient(org.apache.http.impl.client.DefaultHttpClient)
UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal)
LoginException(javax.security.auth.login.LoginException)
IOException(java.io.IOException)
UsernamePasswordCredentials(org.apache.http.auth.UsernamePasswordCredentials)
CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse)
LoginException(javax.security.auth.login.LoginException)
RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal)
UsernamePasswordCredentials(org.apache.http.auth.UsernamePasswordCredentials)
Credentials(org.apache.http.auth.Credentials)
Example 7 with UserPrincipal
use of org.apache.karaf.jaas.boot.principal.UserPrincipal in project karaf by apache.
the class JdbcLoginModuleTest method testEngine.
@Test
public void testEngine() throws Exception {
JDBCBackingEngine engine = new JDBCBackingEngine(dataSource);
assertTrue(engine.listUsers().isEmpty());
engine.addUser("abc", "xyz");
assertTrue(engine.listUsers().contains(new UserPrincipal("abc")));
assertTrue(engine.listRoles(new UserPrincipal("abc")).isEmpty());
assertTrue(engine.listRoles(new GroupPrincipal("group1")).isEmpty());
assertTrue(engine.listGroups(new UserPrincipal("abc")).isEmpty());
engine.addRole("abc", "role1");
assertTrue(engine.listUsers().contains(new UserPrincipal("abc")));
assertTrue(engine.listRoles(new UserPrincipal("abc")).contains(new RolePrincipal("role1")));
assertTrue(engine.listRoles(new GroupPrincipal("group1")).isEmpty());
assertTrue(engine.listGroups(new UserPrincipal("abc")).isEmpty());
engine.addGroupRole("group1", "role2");
assertTrue(engine.listUsers().contains(new UserPrincipal("abc")));
assertTrue(engine.listRoles(new UserPrincipal("abc")).contains(new RolePrincipal("role1")));
assertTrue(engine.listRoles(new GroupPrincipal("group1")).contains(new RolePrincipal("role2")));
assertTrue(engine.listGroups(new UserPrincipal("abc")).isEmpty());
engine.addGroup("abc", "group1");
assertTrue(engine.listUsers().contains(new UserPrincipal("abc")));
assertTrue(engine.listRoles(new UserPrincipal("abc")).contains(new RolePrincipal("role1")));
assertTrue(engine.listRoles(new UserPrincipal("abc")).contains(new RolePrincipal("role2")));
assertTrue(engine.listRoles(new GroupPrincipal("group1")).contains(new RolePrincipal("role2")));
assertTrue(engine.listGroups(new UserPrincipal("abc")).contains(new GroupPrincipal("group1")));
engine.deleteRole("abc", "role1");
assertTrue(engine.listUsers().contains(new UserPrincipal("abc")));
assertTrue(engine.listRoles(new UserPrincipal("abc")).contains(new RolePrincipal("role2")));
assertTrue(engine.listRoles(new GroupPrincipal("group1")).contains(new RolePrincipal("role2")));
assertTrue(engine.listGroups(new UserPrincipal("abc")).contains(new GroupPrincipal("group1")));
engine.deleteGroupRole("group1", "role2");
assertTrue(engine.listUsers().contains(new UserPrincipal("abc")));
assertTrue(engine.listRoles(new UserPrincipal("abc")).isEmpty());
assertTrue(engine.listRoles(new GroupPrincipal("group1")).isEmpty());
assertTrue(engine.listGroups(new UserPrincipal("abc")).contains(new GroupPrincipal("group1")));
engine.addGroupRole("group1", "role3");
assertTrue(engine.listUsers().contains(new UserPrincipal("abc")));
assertTrue(engine.listRoles(new UserPrincipal("abc")).contains(new RolePrincipal("role3")));
assertTrue(engine.listRoles(new GroupPrincipal("group1")).contains(new RolePrincipal("role3")));
assertTrue(engine.listGroups(new UserPrincipal("abc")).contains(new GroupPrincipal("group1")));
engine.deleteGroup("abc", "group1");
assertTrue(engine.listUsers().contains(new UserPrincipal("abc")));
assertTrue(engine.listRoles(new UserPrincipal("abc")).isEmpty());
assertTrue(engine.listRoles(new GroupPrincipal("group1")).isEmpty());
assertTrue(engine.listGroups(new UserPrincipal("abc")).isEmpty());
engine.deleteUser("abc");
assertTrue(engine.listUsers().isEmpty());
assertTrue(engine.listRoles(new UserPrincipal("abc")).isEmpty());
assertTrue(engine.listRoles(new GroupPrincipal("group1")).isEmpty());
assertTrue(engine.listGroups(new UserPrincipal("abc")).isEmpty());
}
Also used :
GroupPrincipal(org.apache.karaf.jaas.boot.principal.GroupPrincipal)
RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal)
UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal)
Test(org.junit.Test)
Example 8 with UserPrincipal
use of org.apache.karaf.jaas.boot.principal.UserPrincipal in project karaf by apache.
the class LdapCaseInsensitiveDNTest method testCaseInsensitiveDN.
@Test
public void testCaseInsensitiveDN() throws Exception {
Properties options = ldapLoginModuleOptions();
LDAPLoginModule module = new LDAPLoginModule();
Subject subject = new Subject();
module.initialize(subject, new NamePasswordCallbackHandler("admin", "admin123"), null, options);
assertEquals("Precondition", 0, subject.getPrincipals().size());
assertTrue(module.login());
assertTrue(module.commit());
assertEquals(2, subject.getPrincipals().size());
boolean foundUser = false;
boolean foundRole = false;
for (Principal pr : subject.getPrincipals()) {
if (pr instanceof UserPrincipal) {
assertEquals("admin", pr.getName());
foundUser = true;
} else if (pr instanceof RolePrincipal) {
assertEquals("admin", pr.getName());
foundRole = true;
}
}
assertTrue(foundUser);
assertTrue(foundRole);
assertTrue(module.logout());
assertEquals("Principals should be gone as the user has logged out", 0, subject.getPrincipals().size());
}
Also used :
NamePasswordCallbackHandler(org.apache.karaf.jaas.modules.NamePasswordCallbackHandler)
Properties(org.apache.felix.utils.properties.Properties)
RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal)
Subject(javax.security.auth.Subject)
RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal)
Principal(java.security.Principal)
UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal)
UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal)
Test(org.junit.Test)
Example 9 with UserPrincipal
use of org.apache.karaf.jaas.boot.principal.UserPrincipal in project karaf by apache.
the class PropertiesBackingEngine method deleteGroup.
@Override
public void deleteGroup(String username, String group) {
deleteRole(username, GROUP_PREFIX + group);
// garbage collection, clean up the groups if needed
for (UserPrincipal user : listUsers()) {
for (GroupPrincipal g : listGroups(user)) {
if (group.equals(g.getName())) {
// there is another user of this group, nothing to clean up
return;
}
}
}
// nobody is using this group any more, remote it
deleteUser(GROUP_PREFIX + group);
}
Also used :
GroupPrincipal(org.apache.karaf.jaas.boot.principal.GroupPrincipal)
UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal)
Example 10 with UserPrincipal
use of org.apache.karaf.jaas.boot.principal.UserPrincipal in project karaf by apache.
the class PropertiesLoginModule method login.
public boolean login() throws LoginException {
if (usersFile == null) {
throw new LoginException("The property users may not be null");
}
File f = new File(usersFile);
if (!f.exists()) {
throw new LoginException("Users file not found at " + f);
}
Properties users;
try {
users = new Properties(f);
} catch (IOException ioe) {
throw new LoginException("Unable to load user properties file " + f);
}
Callback[] callbacks = new Callback[2];
callbacks[0] = new NameCallback("Username: ");
callbacks[1] = new PasswordCallback("Password: ", false);
if (callbackHandler != null) {
try {
callbackHandler.handle(callbacks);
} catch (IOException ioe) {
throw new LoginException(ioe.getMessage());
} catch (UnsupportedCallbackException uce) {
throw new LoginException(uce.getMessage() + " not available to obtain information from user");
}
}
// user callback get value
if (((NameCallback) callbacks[0]).getName() == null) {
throw new LoginException("Username can not be null");
}
user = ((NameCallback) callbacks[0]).getName();
if (user.startsWith(PropertiesBackingEngine.GROUP_PREFIX)) {
// you can't log in under a group name
throw new FailedLoginException("login failed");
}
// password callback get value
if (((PasswordCallback) callbacks[1]).getPassword() == null) {
throw new LoginException("Password can not be null");
}
String password = new String(((PasswordCallback) callbacks[1]).getPassword());
// user infos container read from the users properties file
String userInfos = null;
try {
userInfos = users.get(user);
} catch (NullPointerException e) {
//error handled in the next statement
}
if (userInfos == null) {
if (!this.detailedLoginExcepion) {
throw new FailedLoginException("login failed");
} else {
throw new FailedLoginException("User " + user + " does not exist");
}
}
// the password is in the first position
String[] infos = userInfos.split(",");
String storedPassword = infos[0];
// check the provided password
if (!checkPassword(password, storedPassword)) {
if (!this.detailedLoginExcepion) {
throw new FailedLoginException("login failed");
} else {
throw new FailedLoginException("Password for " + user + " does not match");
}
}
principals = new HashSet<>();
principals.add(new UserPrincipal(user));
for (int i = 1; i < infos.length; i++) {
if (infos[i].trim().startsWith(PropertiesBackingEngine.GROUP_PREFIX)) {
// it's a group reference
principals.add(new GroupPrincipal(infos[i].trim().substring(PropertiesBackingEngine.GROUP_PREFIX.length())));
String groupInfo = users.get(infos[i].trim());
if (groupInfo != null) {
String[] roles = groupInfo.split(",");
for (int j = 1; j < roles.length; j++) {
principals.add(new RolePrincipal(roles[j].trim()));
}
}
} else {
// it's an user reference
principals.add(new RolePrincipal(infos[i].trim()));
}
}
users.clear();
if (debug) {
LOGGER.debug("Successfully logged in {}", user);
}
return true;
}
Also used :
IOException(java.io.IOException)
Properties(org.apache.felix.utils.properties.Properties)
UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
NameCallback(javax.security.auth.callback.NameCallback)
Callback(javax.security.auth.callback.Callback)
NameCallback(javax.security.auth.callback.NameCallback)
FailedLoginException(javax.security.auth.login.FailedLoginException)
GroupPrincipal(org.apache.karaf.jaas.boot.principal.GroupPrincipal)
LoginException(javax.security.auth.login.LoginException)
FailedLoginException(javax.security.auth.login.FailedLoginException)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal)
File(java.io.File)
Aggregations
UserPrincipal (org.apache.karaf.jaas.boot.principal.UserPrincipal)34
RolePrincipal (org.apache.karaf.jaas.boot.principal.RolePrincipal)26
Properties (org.apache.felix.utils.properties.Properties)16
Test (org.junit.Test)15
Subject (javax.security.auth.Subject)14
Principal (java.security.Principal)13
NamePasswordCallbackHandler (org.apache.karaf.jaas.modules.NamePasswordCallbackHandler)13
GroupPrincipal (org.apache.karaf.jaas.boot.principal.GroupPrincipal)12
IOException (java.io.IOException)9
LoginException (javax.security.auth.login.LoginException)9
ArrayList (java.util.ArrayList)8
NameCallback (javax.security.auth.callback.NameCallback)7
UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)7
File (java.io.File)6
Callback (javax.security.auth.callback.Callback)6
HashMap (java.util.HashMap)5
PasswordCallback (javax.security.auth.callback.PasswordCallback)5
FailedLoginException (javax.security.auth.login.FailedLoginException)4
DirContext (javax.naming.directory.DirContext)3
CallbackHandler (javax.security.auth.callback.CallbackHandler)2
