Search in sources :

Example 6 with PrincipalImpl

use of org.glassfish.security.common.PrincipalImpl in project Payara by payara.

the class SecurityContext method getDefaultCallerPrincipal.

// get caller principal of unauthenticated Security Context
public static Principal getDefaultCallerPrincipal() {
    synchronized (SecurityContext.class) {
        if (defaultSecurityContext.initiator == null) {
            String guestUser = null;
            try {
                guestUser = (String) AppservAccessController.doPrivileged(new PrivilegedExceptionAction() {

                    public java.lang.Object run() throws Exception {
                        SecurityService securityService = SecurityServicesUtil.getInstance().getHabitat().getService(SecurityService.class, ServerEnvironment.DEFAULT_INSTANCE_NAME);
                        if (securityService == null)
                            return null;
                        return securityService.getDefaultPrincipal();
                    }
                });
            } catch (Exception e) {
                _logger.log(Level.SEVERE, SecurityLoggerInfo.defaultUserLoginError, e);
            } finally {
                if (guestUser == null) {
                    guestUser = "ANONYMOUS";
                }
            }
            defaultSecurityContext.initiator = new PrincipalImpl(guestUser);
        }
    }
    return defaultSecurityContext.initiator;
}
Also used : AppServSecurityContext(com.sun.enterprise.security.integration.AppServSecurityContext) AbstractSecurityContext(com.sun.enterprise.security.common.AbstractSecurityContext) PrivilegedExceptionAction(java.security.PrivilegedExceptionAction) PrincipalImpl(org.glassfish.security.common.PrincipalImpl)

Example 7 with PrincipalImpl

use of org.glassfish.security.common.PrincipalImpl in project Payara by payara.

the class ClientCertificateLoginModule method commit.

/**
 * <p> This method is called if the LoginContext's
 * overall authentication succeeded
 * (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules
 * succeeded).
 *
 * <p> If this LoginModule's own authentication attempt
 * succeeded (checked by retrieving the private state saved by the
 * <code>login</code> method), then this method associates a
 * <code>PrincipalImpl</code>
 * with the <code>Subject</code> located in the
 * <code>LoginModule</code>.  If this LoginModule's own
 * authentication attempted failed, then this method removes
 * any state that was originally saved.
 *
 * <p>
 *
 * @exception LoginException if the commit fails.
 *
 * @return true if this LoginModule's own login and commit
 *		attempts succeeded, or false otherwise.
 */
public boolean commit() throws LoginException {
    if (succeeded == false) {
        return false;
    } else {
        // add a Principal (authenticated identity)
        // to the Subject
        // assume the user we authenticated is the PrincipalImpl
        userPrincipal = new PrincipalImpl(alias);
        if (!subject.getPrincipals().contains(userPrincipal)) {
            subject.getPrincipals().add(userPrincipal);
        }
        if (debug) {
            if (_logger.isLoggable(Level.FINE)) {
                _logger.log(Level.FINE, "\t\t[ClientCertificateLoginModule] " + "added PrincipalImpl to Subject");
            }
        }
        ssl = new AppClientSSL();
        ssl.setCertNickname(this.alias);
        sslUtils.setAppclientSsl(ssl);
        String realm = LoginContextDriver.CERT_REALMNAME;
        X509Certificate[] certChain = new X509Certificate[1];
        certChain[0] = certificate;
        X509CertificateCredential pc = new X509CertificateCredential(certChain, alias, realm);
        if (!subject.getPrivateCredentials().contains(pc)) {
            subject.getPrivateCredentials().add(pc);
        }
        commitSucceeded = true;
        return true;
    }
}
Also used : X509CertificateCredential(com.sun.enterprise.security.auth.login.common.X509CertificateCredential) PrincipalImpl(org.glassfish.security.common.PrincipalImpl) AppClientSSL(com.sun.enterprise.security.integration.AppClientSSL) X509Certificate(java.security.cert.X509Certificate)

Example 8 with PrincipalImpl

use of org.glassfish.security.common.PrincipalImpl in project Payara by payara.

the class ClientPasswordLoginModule method commit.

/**
 * <p> This method is called if the LoginContext's
 * overall authentication succeeded
 * (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules
 * succeeded).
 *
 * <p> If this LoginModule's own authentication attempt
 * succeeded (checked by retrieving the private state saved by the
 * <code>login</code> method), then this method associates a
 * <code>PrincipalImpl</code>
 * with the <code>Subject</code> located in the
 * <code>LoginModule</code>.  If this LoginModule's own
 * authentication attempted failed, then this method removes
 * any state that was originally saved.
 *
 * <p>
 *
 * @exception LoginException if the commit fails.
 *
 * @return true if this LoginModule's own login and commit
 *		attempts succeeded, or false otherwise.
 */
public boolean commit() throws LoginException {
    if (succeeded == false) {
        return false;
    } else {
        // add a Principal (authenticated identity)
        // to the Subject
        // assume the user we authenticated is the PrincipalImpl
        userPrincipal = new PrincipalImpl(username);
        if (!subject.getPrincipals().contains(userPrincipal)) {
            subject.getPrincipals().add(userPrincipal);
        }
        _logger.log(Level.FINE, "\t\t[ClientPasswordLoginModule] " + "added PrincipalImpl to Subject");
        String realm = DEFAULT_REALMNAME;
        PasswordCredential pc = new PasswordCredential(username, password, realm);
        if (!subject.getPrivateCredentials().contains(pc)) {
            subject.getPrivateCredentials().add(pc);
        }
        // in any case, clean out state
        username = null;
        for (int i = 0; i < password.length; i++) {
            password[i] = ' ';
        }
        password = null;
        commitSucceeded = true;
        return true;
    }
}
Also used : PasswordCredential(com.sun.enterprise.security.auth.login.common.PasswordCredential) PrincipalImpl(org.glassfish.security.common.PrincipalImpl)

Example 9 with PrincipalImpl

use of org.glassfish.security.common.PrincipalImpl in project Payara by payara.

the class SimpleAtzProviderTest method adminSubject.

private Subject adminSubject() {
    final Subject result = new Subject();
    result.getPrincipals().add(new PrincipalImpl("asadmin"));
    return result;
}
Also used : Subject(javax.security.auth.Subject) PrincipalImpl(org.glassfish.security.common.PrincipalImpl)

Example 10 with PrincipalImpl

use of org.glassfish.security.common.PrincipalImpl in project Payara by payara.

the class BaseContainerCallbackHandler method processCallerPrincipal.

private void processCallerPrincipal(CallerPrincipalCallback cpCallback) {
    final Subject fs = cpCallback.getSubject();
    Principal principal = cpCallback.getPrincipal();
    // PAYARA-755 If the SAM has set a custom principal then we check that the original WebPrincipal has the same custom principal within it
    if (principal != null && !(principal instanceof WebPrincipal)) {
        Principal additional = SecurityContext.getCurrent().getAdditionalPrincipal();
        if ((additional != null) && (additional instanceof WebPrincipal) && ((WebPrincipal) additional).getCustomPrincipal() == principal) {
            principal = additional;
        }
    }
    if (principal instanceof WebPrincipal) {
        WebPrincipal wp = (WebPrincipal) principal;
        /**
         * Check if the WebPrincipal satisfies the criteria for reuse. If
         * it does, the CBH will have already copied its contents into the
         * Subject, and established the caller principal.
         */
        if (reuseWebPrincipal(fs, wp)) {
            return;
        }
        /**
         * Otherwise the webPrincipal must be distinguished as the
         * callerPrincipal, but the contents of its internal SecurityContext
         * will not be copied.
         * For the special case where the WebPrincipal represents
         * the defaultCallerPrincipal, the argument principal is set to
         * null to cause the handler to assign its representation of the
         * unauthenticated caller in the Subject.
         */
        Principal dp = SecurityContext.getDefaultCallerPrincipal();
        SecurityContext sc = wp.getSecurityContext();
        Principal cp = sc != null ? sc.getCallerPrincipal() : null;
        if (wp.getName() == null || wp.equals(dp) || cp == null || cp.equals(dp)) {
            principal = null;
        }
    }
    String realmName = null;
    if (handlerContext != null) {
        realmName = handlerContext.getRealmName();
    }
    boolean isCertRealm = CertificateRealm.AUTH_TYPE.equals(realmName);
    if (principal == null) {
        if (cpCallback.getName() != null) {
            if (isCertRealm) {
                principal = new X500Principal(cpCallback.getName());
            } else {
                principal = new PrincipalImpl(cpCallback.getName());
            }
        } else {
            // 196 unauthenticated caller principal
            principal = SecurityContext.getDefaultCallerPrincipal();
        }
    }
    if (isCertRealm) {
        if (principal instanceof X500Principal) {
            LoginContextDriver.jmacLogin(fs, (X500Principal) principal);
        }
    } else {
        if (!principal.equals(SecurityContext.getDefaultCallerPrincipal())) {
            LoginContextDriver.jmacLogin(fs, principal.getName(), realmName);
        }
    }
    final Principal fprin = principal;
    final DistinguishedPrincipalCredential fdpc = new DistinguishedPrincipalCredential(principal);
    AppservAccessController.doPrivileged(new PrivilegedAction() {

        public java.lang.Object run() {
            fs.getPrincipals().add(fprin);
            Iterator iter = fs.getPublicCredentials().iterator();
            while (iter.hasNext()) {
                Object obj = iter.next();
                if (obj instanceof DistinguishedPrincipalCredential) {
                    iter.remove();
                }
            }
            fs.getPublicCredentials().add(fdpc);
            return fs;
        }
    });
}
Also used : DistinguishedPrincipalCredential(com.sun.enterprise.security.auth.login.DistinguishedPrincipalCredential) Subject(javax.security.auth.Subject) PrivilegedAction(java.security.PrivilegedAction) SecurityContext(com.sun.enterprise.security.SecurityContext) Iterator(java.util.Iterator) X500Principal(javax.security.auth.x500.X500Principal) WebPrincipal(com.sun.enterprise.security.web.integration.WebPrincipal) WebPrincipal(com.sun.enterprise.security.web.integration.WebPrincipal) Principal(java.security.Principal) X500Principal(javax.security.auth.x500.X500Principal) PrincipalImpl(org.glassfish.security.common.PrincipalImpl)

Aggregations

PrincipalImpl (org.glassfish.security.common.PrincipalImpl)17 Subject (javax.security.auth.Subject)8 Group (org.glassfish.security.common.Group)8 Principal (java.security.Principal)5 ArrayList (java.util.ArrayList)2 SecurityRoleMapping (com.sun.enterprise.deployment.runtime.common.SecurityRoleMapping)1 SecurityRoleAssignment (com.sun.enterprise.deployment.runtime.common.wls.SecurityRoleAssignment)1 SunWebApp (com.sun.enterprise.deployment.runtime.web.SunWebApp)1 LoginConfiguration (com.sun.enterprise.deployment.web.LoginConfiguration)1 PrincipalGroupFactory (com.sun.enterprise.security.PrincipalGroupFactory)1 SecurityContext (com.sun.enterprise.security.SecurityContext)1 DistinguishedPrincipalCredential (com.sun.enterprise.security.auth.login.DistinguishedPrincipalCredential)1 PasswordCredential (com.sun.enterprise.security.auth.login.common.PasswordCredential)1 X509CertificateCredential (com.sun.enterprise.security.auth.login.common.X509CertificateCredential)1 AbstractSecurityContext (com.sun.enterprise.security.common.AbstractSecurityContext)1 CachedPermissionImpl (com.sun.enterprise.security.ee.CachedPermissionImpl)1 AppClientSSL (com.sun.enterprise.security.integration.AppClientSSL)1 AppServSecurityContext (com.sun.enterprise.security.integration.AppServSecurityContext)1 WebPrincipal (com.sun.enterprise.security.web.integration.WebPrincipal)1 URL (java.net.URL)1