use of org.apache.openejb.spi.SecurityService in project tomee by apache.
the class SecurityContextHandler method after.
@SuppressWarnings("unchecked")
@Override
public void after(final SecurityContext securityContext) throws WorkCompletedException {
final SecurityService securityService = SystemInstance.get().getComponent(SecurityService.class);
final Object loginObj = securityService.disassociate();
if (loginObj != null) {
try {
securityService.logout(loginObj);
} catch (final LoginException e) {
//Ignore
}
}
}
use of org.apache.openejb.spi.SecurityService in project tomee by apache.
the class OpenEJBLoginValidator method verifyDigestPassword.
@Override
protected void verifyDigestPassword(final UsernameToken usernameToken, final RequestData data) throws WSSecurityException {
// check password
super.verifyDigestPassword(usernameToken, data);
// get the plain text password
final WSPasswordCallback pwCb = new WSPasswordCallback(usernameToken.getName(), null, usernameToken.getPasswordType(), WSPasswordCallback.USERNAME_TOKEN);
try {
data.getCallbackHandler().handle(new Callback[] { pwCb });
} catch (Exception e) {
// no-op: the login will fail
}
// log the user
final String user = usernameToken.getName();
final String password = pwCb.getPassword();
final SecurityService securityService = SystemInstance.get().getComponent(SecurityService.class);
final Object token;
try {
securityService.disassociate();
token = securityService.login(user, password);
if (AbstractSecurityService.class.isInstance(securityService) && AbstractSecurityService.class.cast(securityService).currentState() == null) {
securityService.associate(token);
}
} catch (final LoginException e) {
throw new SecurityException("cannot log user " + user, e);
}
}
use of org.apache.openejb.spi.SecurityService in project tomee by apache.
the class BasicAuthHttpListenerWrapper method onMessage.
@Override
@SuppressWarnings("unchecked")
public void onMessage(final HttpRequest request, final HttpResponse response) throws Exception {
Object token = null;
String auth = request.getHeader("Authorization");
if (auth != null && auth.length() > 0) {
if (auth.toUpperCase(Locale.ENGLISH).startsWith("BASIC ")) {
auth = auth.substring(6);
final String decoded = new String(Base64.decodeBase64(auth.getBytes()));
final String[] parts = decoded.split(":");
if (parts.length == 2) {
final String username = parts[0];
final String password = parts[1];
try {
final SecurityService securityService = getSecurityService();
token = securityService.login(realmName, username, password);
if (token != null) {
securityService.associate(token);
}
} catch (final LoginException e) {
// login failed, return 401
}
}
}
}
try {
if (token != null || HttpRequest.Method.GET.name().equals(request.getMethod())) {
httpListener.onMessage(request, response);
} else {
// login failed, return 401
}
} finally {
if (token != null) {
final SecurityService securityService = getSecurityService();
final Object disassociate = securityService.disassociate();
if (disassociate != null) {
securityService.logout(disassociate);
}
}
}
}
use of org.apache.openejb.spi.SecurityService in project tomee by apache.
the class SecurityServiceDoesntLeakTest method run.
@Test
public void run() throws NamingException {
final SecurityService ss = SystemInstance.get().getComponent(SecurityService.class);
assertNotNull(ss);
final Map<Object, Object> identities = (Map<Object, Object>) Reflections.get(ss, "identities");
assertEquals(0, identities.size());
final Properties p = new PropertiesBuilder().p("java.naming.factory.initial", RemoteInitialContextFactory.class.getName()).p("java.naming.provider.url", "ejbd://localhost:" + port).p("java.naming.security.principal", "foo").p("java.naming.security.credentials", "bar").p("openejb.authentication.realmName", "PropertiesLogin").build();
final Context ctx = new InitialContext(p);
final CallMeRemotely handle = CallMeRemotely.class.cast(ctx.lookup("java:global/openejb/CallMe!org.apache.openejb.SecurityServiceDoesntLeakTest$CallMeRemotely"));
assertNotNull(handle);
assertEquals("remote!", handle.remote());
assertEquals(1, identities.size());
ctx.close();
assertEquals(0, identities.size());
}
use of org.apache.openejb.spi.SecurityService in project tomee by apache.
the class EjbDaemon method init.
public void init(final Properties props) throws Exception {
containerSystem = SystemInstance.get().getComponent(ContainerSystem.class);
// deploymentIndex = new DeploymentIndex(containerSystem.deployments());
clientObjectFactory = new ClientObjectFactory(this, props);
ejbHandler = new EjbRequestHandler(this);
jndiHandler = new JndiRequestHandler(this);
authHandler = new AuthRequestHandler(this);
logoutHandler = new LogoutRequestHandler(this);
clusterHandler = new ClusterRequestHandler(this);
gzip = "true".equalsIgnoreCase(props.getProperty("gzip", "false"));
try {
this.timeout = Integer.parseInt(props.getProperty("timeout", "14400000"));
} catch (Exception e) {
//Ignore
}
final String serializer = props.getProperty("serializer", null);
if (serializer != null) {
try {
this.serializer = EJBDSerializer.class.cast(Thread.currentThread().getContextClassLoader().loadClass(serializer).newInstance());
} catch (final ClassNotFoundException | NoClassDefFoundError cnfe) {
// let's try later with app classloader
this.serializer = new ContextualSerializer(serializer);
}
}
final DiscoveryAgent discovery = SystemInstance.get().getComponent(DiscoveryAgent.class);
if (discovery != null) {
discovery.setDiscoveryListener(clusterHandler);
}
countStreams = Boolean.parseBoolean(props.getProperty("stream.count", Boolean.toString(jndiHandler.isDebug())));
securityService = SystemInstance.get().getComponent(SecurityService.class);
}
Aggregations