Search in sources :

Example 21 with UserPrincipal

use of org.apache.karaf.jaas.boot.principal.UserPrincipal in project karaf by apache.

the class JdbcLoginModuleTest method testLoginModuleWithGroups.

@Test
public void testLoginModuleWithGroups() throws Exception {
    JDBCBackingEngine engine = new JDBCBackingEngine(dataSource);
    engine.addGroupRole("group1", "role2");
    engine.addUser("abc", "xyz");
    engine.addRole("abc", "role1");
    engine.addGroup("abc", "group1");
    JDBCLoginModule module = new JDBCLoginModule();
    Subject subject = new Subject();
    module.initialize(subject, new NamePasswordCallbackHandler("abc", "xyz"), null, options);
    module.login();
    module.commit();
    assertTrue(subject.getPrincipals().contains(new UserPrincipal("abc")));
    assertTrue(subject.getPrincipals().contains(new GroupPrincipal("group1")));
    assertTrue(subject.getPrincipals().contains(new RolePrincipal("role1")));
    assertTrue(subject.getPrincipals().contains(new RolePrincipal("role2")));
}
Also used : NamePasswordCallbackHandler(org.apache.karaf.jaas.modules.NamePasswordCallbackHandler) GroupPrincipal(org.apache.karaf.jaas.boot.principal.GroupPrincipal) RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal) Subject(javax.security.auth.Subject) UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal) Test(org.junit.Test)

Example 22 with UserPrincipal

use of org.apache.karaf.jaas.boot.principal.UserPrincipal in project karaf by apache.

the class PropertiesLoginModuleTest method testBasicLogin.

@Test
public void testBasicLogin() throws Exception {
    File f = File.createTempFile(getClass().getName(), ".tmp");
    try {
        Properties p = new Properties(f);
        PropertiesBackingEngine pbe = new PropertiesBackingEngine(p);
        pbe.addUser("abc", "xyz");
        pbe.addRole("abc", "myrole");
        pbe.addUser("pqr", "abc");
        PropertiesLoginModule module = new PropertiesLoginModule();
        Map<String, String> options = new HashMap<>();
        options.put(PropertiesLoginModule.USER_FILE, f.getAbsolutePath());
        Subject subject = new Subject();
        module.initialize(subject, new NamePasswordCallbackHandler("abc", "xyz"), null, options);
        Assert.assertEquals("Precondition", 0, subject.getPrincipals().size());
        Assert.assertTrue(module.login());
        Assert.assertTrue(module.commit());
        Assert.assertEquals(2, subject.getPrincipals().size());
        boolean foundUser = false;
        boolean foundRole = false;
        for (Principal pr : subject.getPrincipals()) {
            if (pr instanceof UserPrincipal) {
                Assert.assertEquals("abc", pr.getName());
                foundUser = true;
            } else if (pr instanceof RolePrincipal) {
                Assert.assertEquals("myrole", pr.getName());
                foundRole = true;
            }
        }
        Assert.assertTrue(foundUser);
        Assert.assertTrue(foundRole);
        Assert.assertTrue(module.logout());
        Assert.assertEquals("Principals should be gone as the user has logged out", 0, subject.getPrincipals().size());
    } finally {
        if (!f.delete()) {
            Assert.fail("Could not delete temporary file: " + f);
        }
    }
}
Also used : HashMap(java.util.HashMap) Properties(org.apache.felix.utils.properties.Properties) Subject(javax.security.auth.Subject) UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal) NamePasswordCallbackHandler(org.apache.karaf.jaas.modules.NamePasswordCallbackHandler) RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal) File(java.io.File) RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal) Principal(java.security.Principal) GroupPrincipal(org.apache.karaf.jaas.boot.principal.GroupPrincipal) UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal) Test(org.junit.Test)

Example 23 with UserPrincipal

use of org.apache.karaf.jaas.boot.principal.UserPrincipal in project karaf by apache.

the class LdapLoginModuleTest method testRoleMappingSimple.

@Test
public void testRoleMappingSimple() throws Exception {
    Properties options = ldapLoginModuleOptions();
    options.put(LDAPOptions.ROLE_MAPPING, "admin=karaf");
    LDAPLoginModule module = new LDAPLoginModule();
    Subject subject = new Subject();
    module.initialize(subject, new NamePasswordCallbackHandler("admin", "admin123"), null, options);
    assertEquals("Precondition", 0, subject.getPrincipals().size());
    assertTrue(module.login());
    assertTrue(module.commit());
    assertEquals(2, subject.getPrincipals().size());
    boolean foundUser = false;
    boolean foundRole = false;
    for (Principal principal : subject.getPrincipals()) {
        if (principal instanceof UserPrincipal) {
            assertEquals("admin", principal.getName());
            foundUser = true;
        } else if (principal instanceof RolePrincipal) {
            assertEquals("karaf", principal.getName());
            foundRole = true;
        }
    }
    assertTrue(foundUser);
    assertTrue(foundRole);
    assertTrue(module.logout());
    assertEquals("Principals should be gone as the user has logged out", 0, subject.getPrincipals().size());
}
Also used : NamePasswordCallbackHandler(org.apache.karaf.jaas.modules.NamePasswordCallbackHandler) Properties(org.apache.felix.utils.properties.Properties) RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal) Subject(javax.security.auth.Subject) UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal) RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal) Principal(java.security.Principal) UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal) Test(org.junit.Test)

Example 24 with UserPrincipal

use of org.apache.karaf.jaas.boot.principal.UserPrincipal in project karaf by apache.

the class PublickeyLoginModule method login.

public boolean login() throws LoginException {
    File f = new File(usersFile);
    Properties users;
    try {
        users = new Properties(f);
    } catch (IOException ioe) {
        throw new LoginException("Unable to load user properties file " + f);
    }
    Callback[] callbacks = new Callback[2];
    callbacks[0] = new NameCallback("Username: ");
    callbacks[1] = new PublickeyCallback();
    try {
        callbackHandler.handle(callbacks);
    } catch (IOException ioe) {
        throw new LoginException(ioe.getMessage());
    } catch (UnsupportedCallbackException uce) {
        throw new LoginException(uce.getMessage() + " not available to obtain information from user");
    }
    String user = ((NameCallback) callbacks[0]).getName();
    if (user == null) {
        throw new FailedLoginException("Unable to retrieve user name");
    }
    PublicKey key = ((PublickeyCallback) callbacks[1]).getPublicKey();
    if (key == null) {
        throw new FailedLoginException("Unable to retrieve public key");
    }
    // user infos container read from the users properties file
    String userInfos = null;
    try {
        userInfos = users.get(user);
    } catch (NullPointerException e) {
    //error handled in the next statement
    }
    if (userInfos == null) {
        if (!this.detailedLoginExcepion) {
            throw new FailedLoginException("login failed");
        } else {
            throw new FailedLoginException("User " + user + " does not exist");
        }
    }
    // the password is in the first position
    String[] infos = userInfos.split(",");
    String storedKey = infos[0];
    // check the provided password
    if (!getString(key).equals(storedKey)) {
        if (!this.detailedLoginExcepion) {
            throw new FailedLoginException("login failed");
        } else {
            throw new FailedLoginException("Public key for " + user + " does not match");
        }
    }
    principals = new HashSet<>();
    principals.add(new UserPrincipal(user));
    for (int i = 1; i < infos.length; i++) {
        if (infos[i].trim().startsWith(PropertiesBackingEngine.GROUP_PREFIX)) {
            // it's a group reference
            principals.add(new GroupPrincipal(infos[i].trim().substring(PropertiesBackingEngine.GROUP_PREFIX.length())));
            String groupInfo = users.get(infos[i].trim());
            if (groupInfo != null) {
                String[] roles = groupInfo.split(",");
                for (int j = 1; j < roles.length; j++) {
                    principals.add(new RolePrincipal(roles[j].trim()));
                }
            }
        } else {
            // it's an user reference
            principals.add(new RolePrincipal(infos[i].trim()));
        }
    }
    users.clear();
    if (debug) {
        LOG.debug("Successfully logged in " + user);
    }
    return true;
}
Also used : RSAPublicKey(java.security.interfaces.RSAPublicKey) PublicKey(java.security.PublicKey) DSAPublicKey(java.security.interfaces.DSAPublicKey) IOException(java.io.IOException) Properties(org.apache.felix.utils.properties.Properties) UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal) NameCallback(javax.security.auth.callback.NameCallback) Callback(javax.security.auth.callback.Callback) NameCallback(javax.security.auth.callback.NameCallback) FailedLoginException(javax.security.auth.login.FailedLoginException) GroupPrincipal(org.apache.karaf.jaas.boot.principal.GroupPrincipal) LoginException(javax.security.auth.login.LoginException) FailedLoginException(javax.security.auth.login.FailedLoginException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal) File(java.io.File)

Example 25 with UserPrincipal

use of org.apache.karaf.jaas.boot.principal.UserPrincipal in project karaf by apache.

the class SyncopeBackingEngine method listUsers.

public List<UserPrincipal> listUsers() {
    List<UserPrincipal> users = new ArrayList<>();
    HttpGet request = new HttpGet(address + "/users");
    request.setHeader("Content-Type", "application/xml");
    try {
        HttpResponse response = client.execute(request);
        String responseTO = EntityUtils.toString(response.getEntity());
        if (responseTO != null && !responseTO.isEmpty()) {
            // extracting the user
            int index = responseTO.indexOf("<username>");
            while (index != -1) {
                responseTO = responseTO.substring(index + "<username>".length());
                int end = responseTO.indexOf("</username>");
                if (end == -1) {
                    index = -1;
                }
                String username = responseTO.substring(0, end);
                users.add(new UserPrincipal(username));
                responseTO = responseTO.substring(end + "</username>".length());
                index = responseTO.indexOf("<username>");
            }
        }
    } catch (Exception e) {
        throw new RuntimeException("Error listing users", e);
    }
    return users;
}
Also used : HttpGet(org.apache.http.client.methods.HttpGet) ArrayList(java.util.ArrayList) HttpResponse(org.apache.http.HttpResponse) UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal)

Aggregations

UserPrincipal (org.apache.karaf.jaas.boot.principal.UserPrincipal)34 RolePrincipal (org.apache.karaf.jaas.boot.principal.RolePrincipal)26 Properties (org.apache.felix.utils.properties.Properties)16 Test (org.junit.Test)15 Subject (javax.security.auth.Subject)14 Principal (java.security.Principal)13 NamePasswordCallbackHandler (org.apache.karaf.jaas.modules.NamePasswordCallbackHandler)13 GroupPrincipal (org.apache.karaf.jaas.boot.principal.GroupPrincipal)12 IOException (java.io.IOException)9 LoginException (javax.security.auth.login.LoginException)9 ArrayList (java.util.ArrayList)8 NameCallback (javax.security.auth.callback.NameCallback)7 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)7 File (java.io.File)6 Callback (javax.security.auth.callback.Callback)6 HashMap (java.util.HashMap)5 PasswordCallback (javax.security.auth.callback.PasswordCallback)5 FailedLoginException (javax.security.auth.login.FailedLoginException)4 DirContext (javax.naming.directory.DirContext)3 CallbackHandler (javax.security.auth.callback.CallbackHandler)2