Search in sources :

Example 6 with SecurityService

use of org.apache.openejb.spi.SecurityService in project tomee by apache.

the class SecurityContextHandler method after.

@SuppressWarnings("unchecked")
@Override
public void after(final SecurityContext securityContext) throws WorkCompletedException {
    final SecurityService securityService = SystemInstance.get().getComponent(SecurityService.class);
    final Object loginObj = securityService.disassociate();
    if (loginObj != null) {
        try {
            securityService.logout(loginObj);
        } catch (final LoginException e) {
        //Ignore
        }
    }
}
Also used : SecurityService(org.apache.openejb.spi.SecurityService) LoginException(javax.security.auth.login.LoginException)

Example 7 with SecurityService

use of org.apache.openejb.spi.SecurityService in project tomee by apache.

the class OpenEJBLoginValidator method verifyDigestPassword.

@Override
protected void verifyDigestPassword(final UsernameToken usernameToken, final RequestData data) throws WSSecurityException {
    // check password
    super.verifyDigestPassword(usernameToken, data);
    // get the plain text password
    final WSPasswordCallback pwCb = new WSPasswordCallback(usernameToken.getName(), null, usernameToken.getPasswordType(), WSPasswordCallback.USERNAME_TOKEN);
    try {
        data.getCallbackHandler().handle(new Callback[] { pwCb });
    } catch (Exception e) {
    // no-op: the login will fail
    }
    // log the user
    final String user = usernameToken.getName();
    final String password = pwCb.getPassword();
    final SecurityService securityService = SystemInstance.get().getComponent(SecurityService.class);
    final Object token;
    try {
        securityService.disassociate();
        token = securityService.login(user, password);
        if (AbstractSecurityService.class.isInstance(securityService) && AbstractSecurityService.class.cast(securityService).currentState() == null) {
            securityService.associate(token);
        }
    } catch (final LoginException e) {
        throw new SecurityException("cannot log user " + user, e);
    }
}
Also used : AbstractSecurityService(org.apache.openejb.core.security.AbstractSecurityService) SecurityService(org.apache.openejb.spi.SecurityService) LoginException(javax.security.auth.login.LoginException) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) AbstractSecurityService(org.apache.openejb.core.security.AbstractSecurityService) WSPasswordCallback(org.apache.wss4j.common.ext.WSPasswordCallback) LoginException(javax.security.auth.login.LoginException) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)

Example 8 with SecurityService

use of org.apache.openejb.spi.SecurityService in project tomee by apache.

the class BasicAuthHttpListenerWrapper method onMessage.

@Override
@SuppressWarnings("unchecked")
public void onMessage(final HttpRequest request, final HttpResponse response) throws Exception {
    Object token = null;
    String auth = request.getHeader("Authorization");
    if (auth != null && auth.length() > 0) {
        if (auth.toUpperCase(Locale.ENGLISH).startsWith("BASIC ")) {
            auth = auth.substring(6);
            final String decoded = new String(Base64.decodeBase64(auth.getBytes()));
            final String[] parts = decoded.split(":");
            if (parts.length == 2) {
                final String username = parts[0];
                final String password = parts[1];
                try {
                    final SecurityService securityService = getSecurityService();
                    token = securityService.login(realmName, username, password);
                    if (token != null) {
                        securityService.associate(token);
                    }
                } catch (final LoginException e) {
                // login failed, return 401
                }
            }
        }
    }
    try {
        if (token != null || HttpRequest.Method.GET.name().equals(request.getMethod())) {
            httpListener.onMessage(request, response);
        } else {
        // login failed,  return 401
        }
    } finally {
        if (token != null) {
            final SecurityService securityService = getSecurityService();
            final Object disassociate = securityService.disassociate();
            if (disassociate != null) {
                securityService.logout(disassociate);
            }
        }
    }
}
Also used : SecurityService(org.apache.openejb.spi.SecurityService) LoginException(javax.security.auth.login.LoginException)

Example 9 with SecurityService

use of org.apache.openejb.spi.SecurityService in project tomee by apache.

the class SecurityServiceDoesntLeakTest method run.

@Test
public void run() throws NamingException {
    final SecurityService ss = SystemInstance.get().getComponent(SecurityService.class);
    assertNotNull(ss);
    final Map<Object, Object> identities = (Map<Object, Object>) Reflections.get(ss, "identities");
    assertEquals(0, identities.size());
    final Properties p = new PropertiesBuilder().p("java.naming.factory.initial", RemoteInitialContextFactory.class.getName()).p("java.naming.provider.url", "ejbd://localhost:" + port).p("java.naming.security.principal", "foo").p("java.naming.security.credentials", "bar").p("openejb.authentication.realmName", "PropertiesLogin").build();
    final Context ctx = new InitialContext(p);
    final CallMeRemotely handle = CallMeRemotely.class.cast(ctx.lookup("java:global/openejb/CallMe!org.apache.openejb.SecurityServiceDoesntLeakTest$CallMeRemotely"));
    assertNotNull(handle);
    assertEquals("remote!", handle.remote());
    assertEquals(1, identities.size());
    ctx.close();
    assertEquals(0, identities.size());
}
Also used : InitialContext(javax.naming.InitialContext) Context(javax.naming.Context) SecurityService(org.apache.openejb.spi.SecurityService) Properties(java.util.Properties) ContainerProperties(org.apache.openejb.testing.ContainerProperties) Map(java.util.Map) PropertiesBuilder(org.apache.openejb.testng.PropertiesBuilder) InitialContext(javax.naming.InitialContext) Test(org.junit.Test)

Example 10 with SecurityService

use of org.apache.openejb.spi.SecurityService in project tomee by apache.

the class EjbDaemon method init.

public void init(final Properties props) throws Exception {
    containerSystem = SystemInstance.get().getComponent(ContainerSystem.class);
    //        deploymentIndex = new DeploymentIndex(containerSystem.deployments());
    clientObjectFactory = new ClientObjectFactory(this, props);
    ejbHandler = new EjbRequestHandler(this);
    jndiHandler = new JndiRequestHandler(this);
    authHandler = new AuthRequestHandler(this);
    logoutHandler = new LogoutRequestHandler(this);
    clusterHandler = new ClusterRequestHandler(this);
    gzip = "true".equalsIgnoreCase(props.getProperty("gzip", "false"));
    try {
        this.timeout = Integer.parseInt(props.getProperty("timeout", "14400000"));
    } catch (Exception e) {
    //Ignore
    }
    final String serializer = props.getProperty("serializer", null);
    if (serializer != null) {
        try {
            this.serializer = EJBDSerializer.class.cast(Thread.currentThread().getContextClassLoader().loadClass(serializer).newInstance());
        } catch (final ClassNotFoundException | NoClassDefFoundError cnfe) {
            // let's try later with app classloader
            this.serializer = new ContextualSerializer(serializer);
        }
    }
    final DiscoveryAgent discovery = SystemInstance.get().getComponent(DiscoveryAgent.class);
    if (discovery != null) {
        discovery.setDiscoveryListener(clusterHandler);
    }
    countStreams = Boolean.parseBoolean(props.getProperty("stream.count", Boolean.toString(jndiHandler.isDebug())));
    securityService = SystemInstance.get().getComponent(SecurityService.class);
}
Also used : ContainerSystem(org.apache.openejb.spi.ContainerSystem) IOException(java.io.IOException) RemoteException(java.rmi.RemoteException) OpenEJBRuntimeException(org.apache.openejb.OpenEJBRuntimeException) DiscoveryAgent(org.apache.openejb.server.DiscoveryAgent) SecurityService(org.apache.openejb.spi.SecurityService) EJBDSerializer(org.apache.openejb.client.serializer.EJBDSerializer)

Aggregations

SecurityService (org.apache.openejb.spi.SecurityService)16 LoginException (javax.security.auth.login.LoginException)9 Test (org.junit.Test)3 RemoteException (java.rmi.RemoteException)2 AuthenticationException (javax.naming.AuthenticationException)2 Context (javax.naming.Context)2 InitialContext (javax.naming.InitialContext)2 BeanContext (org.apache.openejb.BeanContext)2 OpenEJBRuntimeException (org.apache.openejb.OpenEJBRuntimeException)2 ThreadContext (org.apache.openejb.core.ThreadContext)2 AbstractSecurityService (org.apache.openejb.core.security.AbstractSecurityService)2 ContainerSystem (org.apache.openejb.spi.ContainerSystem)2 IOException (java.io.IOException)1 Map (java.util.Map)1 Properties (java.util.Properties)1 EJBAccessException (javax.ejb.EJBAccessException)1 EJBLocalObject (javax.ejb.EJBLocalObject)1 EJBObject (javax.ejb.EJBObject)1 Callback (javax.security.auth.callback.Callback)1 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)1