Search in sources :

Example 26 with UserPrincipal

use of org.apache.karaf.jaas.boot.principal.UserPrincipal in project karaf by apache.

the class LdapCacheTest method testAdminLogin.

@Test
public void testAdminLogin() throws Exception {
    Properties options = ldapLoginModuleOptions();
    LDAPLoginModule module = new LDAPLoginModule();
    CallbackHandler cb = new NamePasswordCallbackHandler("admin", "admin123");
    Subject subject = new Subject();
    module.initialize(subject, cb, null, options);
    assertEquals("Precondition", 0, subject.getPrincipals().size());
    assertTrue(module.login());
    assertTrue(module.commit());
    assertEquals(2, subject.getPrincipals().size());
    boolean foundUser = false;
    boolean foundRole = false;
    for (Principal pr : subject.getPrincipals()) {
        if (pr instanceof UserPrincipal) {
            assertEquals("admin", pr.getName());
            foundUser = true;
        } else if (pr instanceof RolePrincipal) {
            assertEquals("admin", pr.getName());
            foundRole = true;
        }
    }
    assertTrue(foundUser);
    assertTrue(foundRole);
    assertTrue(module.logout());
    assertEquals("Principals should be gone as the user has logged out", 0, subject.getPrincipals().size());
    DirContext context = new LDAPCache(new LDAPOptions(options)).open();
    // Make "admin" user a member of a new "another" group
    //        dn: cn=admin,ou=groups,dc=example,dc=com
    //        objectClass: top
    //        objectClass: groupOfNames
    //        cn: admin
    //        member: cn=admin,ou=people,dc=example,dc=com
    Attributes entry = new BasicAttributes();
    entry.put(new BasicAttribute("cn", "another"));
    Attribute oc = new BasicAttribute("objectClass");
    oc.add("top");
    oc.add("groupOfNames");
    entry.put(oc);
    Attribute mb = new BasicAttribute("member");
    mb.add("cn=admin,ou=people,dc=example,dc=com");
    entry.put(mb);
    context.createSubcontext("cn=another,ou=groups,dc=example,dc=com", entry);
    Thread.sleep(100);
    module = new LDAPLoginModule();
    subject = new Subject();
    module.initialize(subject, cb, null, options);
    assertEquals("Precondition", 0, subject.getPrincipals().size());
    assertTrue(module.login());
    assertTrue(module.commit());
    assertEquals("Postcondition", 3, subject.getPrincipals().size());
}
Also used : BasicAttribute(javax.naming.directory.BasicAttribute) BasicAttributes(javax.naming.directory.BasicAttributes) NamePasswordCallbackHandler(org.apache.karaf.jaas.modules.NamePasswordCallbackHandler) CallbackHandler(javax.security.auth.callback.CallbackHandler) BasicAttribute(javax.naming.directory.BasicAttribute) Attribute(javax.naming.directory.Attribute) BasicAttributes(javax.naming.directory.BasicAttributes) Attributes(javax.naming.directory.Attributes) DirContext(javax.naming.directory.DirContext) Properties(org.apache.felix.utils.properties.Properties) Subject(javax.security.auth.Subject) UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal) NamePasswordCallbackHandler(org.apache.karaf.jaas.modules.NamePasswordCallbackHandler) RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal) UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal) RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal) Principal(java.security.Principal) Test(org.junit.Test)

Example 27 with UserPrincipal

use of org.apache.karaf.jaas.boot.principal.UserPrincipal in project karaf by apache.

the class PropertiesBackingEngine method listUsers.

@Override
public List<UserPrincipal> listUsers() {
    List<UserPrincipal> result = new ArrayList<>();
    for (Object user : users.keySet()) {
        String userName = (String) user;
        if (userName.startsWith(GROUP_PREFIX))
            continue;
        UserPrincipal userPrincipal = new UserPrincipal(userName);
        result.add(userPrincipal);
    }
    return result;
}
Also used : ArrayList(java.util.ArrayList) UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal)

Example 28 with UserPrincipal

use of org.apache.karaf.jaas.boot.principal.UserPrincipal in project karaf by apache.

the class LdapLoginModuleTest method testNonAdminLogin.

@Test
public void testNonAdminLogin() throws Exception {
    Properties options = ldapLoginModuleOptions();
    LDAPLoginModule module = new LDAPLoginModule();
    Subject subject = new Subject();
    module.initialize(subject, new NamePasswordCallbackHandler("cheese", "foodie"), null, options);
    assertEquals("Precondition", 0, subject.getPrincipals().size());
    assertTrue(module.login());
    assertTrue(module.commit());
    assertEquals(1, subject.getPrincipals().size());
    boolean foundUser = false;
    boolean foundRole = false;
    for (Principal pr : subject.getPrincipals()) {
        if (pr instanceof UserPrincipal) {
            assertEquals("cheese", pr.getName());
            foundUser = true;
        } else if (pr instanceof RolePrincipal) {
            assertEquals("admin", pr.getName());
            foundRole = true;
        }
    }
    assertTrue(foundUser);
    // cheese is not an admin so no roles should be returned
    assertFalse(foundRole);
    assertTrue(module.logout());
    assertEquals("Principals should be gone as the user has logged out", 0, subject.getPrincipals().size());
}
Also used : NamePasswordCallbackHandler(org.apache.karaf.jaas.modules.NamePasswordCallbackHandler) Properties(org.apache.felix.utils.properties.Properties) RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal) Subject(javax.security.auth.Subject) UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal) RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal) Principal(java.security.Principal) UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal) Test(org.junit.Test)

Example 29 with UserPrincipal

use of org.apache.karaf.jaas.boot.principal.UserPrincipal in project karaf by apache.

the class LdapLoginModuleTest method testRoleMappingParsing.

@Test
public void testRoleMappingParsing() throws Exception {
    Properties options = ldapLoginModuleOptions();
    options.put(LDAPOptions.ROLE_MAPPING, "admin = karaf, test; admin = another");
    LDAPLoginModule module = new LDAPLoginModule();
    Subject subject = new Subject();
    module.initialize(subject, new NamePasswordCallbackHandler("admin", "admin123"), null, options);
    assertEquals("Precondition", 0, subject.getPrincipals().size());
    assertTrue(module.login());
    assertTrue(module.commit());
    assertEquals(4, subject.getPrincipals().size());
    final List<String> roles = new ArrayList<>(Arrays.asList("karaf", "test", "another"));
    boolean foundUser = false;
    boolean foundRole = false;
    for (Principal pr : subject.getPrincipals()) {
        if (pr instanceof UserPrincipal) {
            assertEquals("admin", pr.getName());
            foundUser = true;
        } else if (pr instanceof RolePrincipal) {
            assertTrue(roles.remove(pr.getName()));
            foundRole = true;
        }
    }
    assertTrue(foundUser);
    assertTrue(foundRole);
    assertTrue(roles.isEmpty());
    assertTrue(module.logout());
    assertEquals("Principals should be gone as the user has logged out", 0, subject.getPrincipals().size());
}
Also used : NamePasswordCallbackHandler(org.apache.karaf.jaas.modules.NamePasswordCallbackHandler) ArrayList(java.util.ArrayList) Properties(org.apache.felix.utils.properties.Properties) RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal) Subject(javax.security.auth.Subject) UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal) RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal) Principal(java.security.Principal) UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal) Test(org.junit.Test)

Example 30 with UserPrincipal

use of org.apache.karaf.jaas.boot.principal.UserPrincipal in project karaf by apache.

the class LdapLoginModuleTest method testRoleMappingFqdn.

@Test
public void testRoleMappingFqdn() throws Exception {
    Properties options = ldapLoginModuleOptions();
    options.put(LDAPOptions.ROLE_MAPPING, "cn=admin,ou=groups,dc=example,dc=com=karaf;cn=admin,ou=mygroups,dc=example,dc=com=another");
    options.put(LDAPOptions.ROLE_BASE_DN, "ou=groups,dc=example,dc=com");
    options.put(LDAPOptions.ROLE_SEARCH_SUBTREE, "true");
    options.put(LDAPOptions.ROLE_FILTER, "(member=%fqdn)");
    options.put(LDAPOptions.ROLE_NAME_ATTRIBUTE, "description");
    LDAPLoginModule module = new LDAPLoginModule();
    Subject subject = new Subject();
    module.initialize(subject, new NamePasswordCallbackHandler("admin", "admin123"), null, options);
    assertEquals("Precondition", 0, subject.getPrincipals().size());
    assertTrue(module.login());
    assertTrue(module.commit());
    assertEquals(2, subject.getPrincipals().size());
    final List<String> roles = new ArrayList<>(Arrays.asList("karaf"));
    boolean foundUser = false;
    boolean foundRole = false;
    for (Principal principal : subject.getPrincipals()) {
        if (principal instanceof UserPrincipal) {
            assertEquals("admin", principal.getName());
            foundUser = true;
        } else if (principal instanceof RolePrincipal) {
            assertTrue(roles.remove(principal.getName()));
            foundRole = true;
        }
    }
    assertTrue(foundUser);
    assertTrue(foundRole);
    assertTrue(roles.isEmpty());
    assertTrue(module.logout());
    assertEquals("Principals should be gone as the user has logged out", 0, subject.getPrincipals().size());
}
Also used : NamePasswordCallbackHandler(org.apache.karaf.jaas.modules.NamePasswordCallbackHandler) ArrayList(java.util.ArrayList) Properties(org.apache.felix.utils.properties.Properties) RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal) Subject(javax.security.auth.Subject) UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal) RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal) Principal(java.security.Principal) UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal) Test(org.junit.Test)

Aggregations

UserPrincipal (org.apache.karaf.jaas.boot.principal.UserPrincipal)34 RolePrincipal (org.apache.karaf.jaas.boot.principal.RolePrincipal)26 Properties (org.apache.felix.utils.properties.Properties)16 Test (org.junit.Test)15 Subject (javax.security.auth.Subject)14 Principal (java.security.Principal)13 NamePasswordCallbackHandler (org.apache.karaf.jaas.modules.NamePasswordCallbackHandler)13 GroupPrincipal (org.apache.karaf.jaas.boot.principal.GroupPrincipal)12 IOException (java.io.IOException)9 LoginException (javax.security.auth.login.LoginException)9 ArrayList (java.util.ArrayList)8 NameCallback (javax.security.auth.callback.NameCallback)7 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)7 File (java.io.File)6 Callback (javax.security.auth.callback.Callback)6 HashMap (java.util.HashMap)5 PasswordCallback (javax.security.auth.callback.PasswordCallback)5 FailedLoginException (javax.security.auth.login.FailedLoginException)4 DirContext (javax.naming.directory.DirContext)3 CallbackHandler (javax.security.auth.callback.CallbackHandler)2