Examples with SecurityService org.apache.openejb.spi.SecurityService used on opensource projects

Example 1 with SecurityService

use of org.apache.openejb.spi.SecurityService in project tomee by apache.

the class OpenEJBLoginValidator method verifyDigestPassword.

@Override
protected void verifyDigestPassword(final UsernameToken usernameToken, final RequestData data) throws WSSecurityException {
    // check password
    super.verifyDigestPassword(usernameToken, data);
    // get the plain text password
    final WSPasswordCallback pwCb = new WSPasswordCallback(usernameToken.getName(), null, usernameToken.getPasswordType(), WSPasswordCallback.USERNAME_TOKEN);
    try {
        data.getCallbackHandler().handle(new Callback[] { pwCb });
    } catch (Exception e) {
    // no-op: the login will fail
    }
    // log the user
    final String user = usernameToken.getName();
    final String password = pwCb.getPassword();
    final SecurityService securityService = SystemInstance.get().getComponent(SecurityService.class);
    final Object token;
    try {
        securityService.disassociate();
        token = securityService.login(user, password);
        if (AbstractSecurityService.class.isInstance(securityService) && AbstractSecurityService.class.cast(securityService).currentState() == null) {
            securityService.associate(token);
        }
    } catch (final LoginException e) {
        throw new SecurityException("cannot log user " + user, e);
    }
}

Example 2 with SecurityService

use of org.apache.openejb.spi.SecurityService in project tomee by apache.

the class EjbDaemon method init.

public void init(final Properties props) throws Exception {
    containerSystem = SystemInstance.get().getComponent(ContainerSystem.class);
    // deploymentIndex = new DeploymentIndex(containerSystem.deployments());
    clientObjectFactory = new ClientObjectFactory(this, props);
    ejbHandler = new EjbRequestHandler(this);
    jndiHandler = new JndiRequestHandler(this);
    authHandler = new AuthRequestHandler(this);
    logoutHandler = new LogoutRequestHandler(this);
    clusterHandler = new ClusterRequestHandler(this);
    gzip = "true".equalsIgnoreCase(props.getProperty("gzip", "false"));
    try {
        this.timeout = Integer.parseInt(props.getProperty("timeout", "14400000"));
    } catch (Exception e) {
    // Ignore
    }
    final String serializer = props.getProperty("serializer", null);
    if (serializer != null) {
        try {
            this.serializer = EJBDSerializer.class.cast(Thread.currentThread().getContextClassLoader().loadClass(serializer).newInstance());
        } catch (final ClassNotFoundException | NoClassDefFoundError cnfe) {
            // let's try later with app classloader
            this.serializer = new ContextualSerializer(serializer);
        }
    }
    final DiscoveryAgent discovery = SystemInstance.get().getComponent(DiscoveryAgent.class);
    if (discovery != null) {
        discovery.setDiscoveryListener(clusterHandler);
    }
    countStreams = Boolean.parseBoolean(props.getProperty("stream.count", Boolean.toString(jndiHandler.isDebug())));
    securityService = SystemInstance.get().getComponent(SecurityService.class);
}

Example 3 with SecurityService

use of org.apache.openejb.spi.SecurityService in project tomee by apache.

the class SecurityServiceDoesntLeakTest method run.

@Test
public void run() throws NamingException {
    final SecurityService ss = SystemInstance.get().getComponent(SecurityService.class);
    assertNotNull(ss);
    final Map<Object, Object> identities = (Map<Object, Object>) Reflections.get(ss, "identities");
    assertEquals(0, identities.size());
    final Properties p = new PropertiesBuilder().p("java.naming.factory.initial", RemoteInitialContextFactory.class.getName()).p("java.naming.provider.url", "ejbd://localhost:" + port).p("java.naming.security.principal", "foo").p("java.naming.security.credentials", "bar").p("openejb.authentication.realmName", "PropertiesLogin").build();
    final Context ctx = new InitialContext(p);
    final CallMeRemotely handle = CallMeRemotely.class.cast(ctx.lookup("java:global/openejb/CallMe!org.apache.openejb.SecurityServiceDoesntLeakTest$CallMeRemotely"));
    assertNotNull(handle);
    assertEquals("remote!", handle.remote());
    assertEquals(1, identities.size());
    ctx.close();
    assertEquals(0, identities.size());
}

Example 4 with SecurityService

use of org.apache.openejb.spi.SecurityService in project tomee by apache.

the class BasicAuthHttpListenerWrapper method onMessage.

@Override
@SuppressWarnings("unchecked")
public void onMessage(final HttpRequest request, final HttpResponse response) throws Exception {
    Object token = null;
    String auth = request.getHeader("Authorization");
    if (auth != null && auth.length() > 0) {
        if (auth.toUpperCase(Locale.ENGLISH).startsWith("BASIC ")) {
            auth = auth.substring(6);
            final String decoded = new String(Base64.decodeBase64(auth.getBytes()));
            final String[] parts = decoded.split(":");
            if (parts.length == 2) {
                final String username = parts[0];
                final String password = parts[1];
                try {
                    final SecurityService securityService = getSecurityService();
                    token = securityService.login(realmName, username, password);
                    if (token != null) {
                        securityService.associate(token);
                    }
                } catch (final LoginException e) {
                // login failed, return 401
                }
            }
        }
    }
    try {
        if (token != null || HttpRequest.Method.GET.name().equals(request.getMethod())) {
            httpListener.onMessage(request, response);
        } else {
        // login failed,  return 401
        }
    } finally {
        if (token != null) {
            final SecurityService securityService = getSecurityService();
            final Object disassociate = securityService.disassociate();
            if (disassociate != null) {
                securityService.logout(disassociate);
            }
        }
    }
}

Example 5 with SecurityService

use of org.apache.openejb.spi.SecurityService in project tomee by apache.

the class BaseEjbProxyHandler method invoke.

@Override
public Object invoke(final Object proxy, Method method, Object[] args) throws Throwable {
    try {
        isValidReference(method);
    } catch (final IllegalStateException ise) {
        // bean was undeployed
        if (method.getName().equals("writeReplace")) {
            // session serialization, we just need to replace this
            final BeanContext beanContext = beanContextRef.get();
            if (beanContext != null) {
                return _writeReplace(proxy);
            }
        }
        throw ise;
    }
    if (args == null) {
        args = new Object[] {};
    }
    if (method.getDeclaringClass() == Object.class) {
        final String methodName = method.getName();
        if (methodName.equals("toString")) {
            return toString();
        } else if (methodName.equals("equals")) {
            return equals(args[0]) ? Boolean.TRUE : Boolean.FALSE;
        } else if (methodName.equals("hashCode")) {
            return hashCode();
        } else {
            throw new UnsupportedOperationException("Unknown method: " + method);
        }
    } else if (method.getDeclaringClass() == IntraVmProxy.class) {
        final String methodName = method.getName();
        if (methodName.equals("writeReplace")) {
            return _writeReplace(proxy);
        } else {
            throw new UnsupportedOperationException("Unknown method: " + method);
        }
    } else if (method.getDeclaringClass() == BeanContext.Removable.class) {
        return _invoke(proxy, BeanContext.Removable.class, method, args);
    }
    Class interfce = getInvokedInterface(method);
    final ThreadContext callContext = ThreadContext.getThreadContext();
    final Object localClientIdentity = ClientSecurity.getIdentity();
    try {
        if (callContext == null && localClientIdentity != null) {
            final SecurityService securityService = SystemInstance.get().getComponent(SecurityService.class);
            securityService.associate(localClientIdentity);
        }
        if (strategy == CLASSLOADER_COPY || getBeanContext().getInterfaceType(interfce) == InterfaceType.BUSINESS_REMOTE) {
            IntraVmCopyMonitor.pre(strategy);
            final ClassLoader oldClassLoader = Thread.currentThread().getContextClassLoader();
            Thread.currentThread().setContextClassLoader(getBeanContext().getClassLoader());
            try {
                args = copyArgs(args);
                method = copyMethod(method);
                interfce = copyObj(interfce);
            } finally {
                Thread.currentThread().setContextClassLoader(oldClassLoader);
                IntraVmCopyMonitor.post();
            }
        } else if (strategy == COPY && args != null && args.length > 0) {
            IntraVmCopyMonitor.pre(strategy);
            try {
                args = copyArgs(args);
            } finally {
                IntraVmCopyMonitor.post();
            }
        }
        final IntraVmCopyMonitor.State oldStrategy = strategy;
        if (getBeanContext().isAsynchronous(method) || getBeanContext().getComponentType().equals(BeanType.MANAGED)) {
            strategy = IntraVmCopyMonitor.State.NONE;
        }
        try {
            final Object returnValue = _invoke(proxy, interfce, method, args);
            return copy(strategy, returnValue);
        } catch (Throwable throwable) {
            throwable = copy(strategy, throwable);
            throw convertException(throwable, method, interfce);
        } finally {
            strategy = oldStrategy;
        }
    } finally {
        if (callContext == null && localClientIdentity != null) {
            final SecurityService securityService = SystemInstance.get().getComponent(SecurityService.class);
            securityService.disassociate();
        }
    }
}