use of org.glassfish.security.common.PrincipalImpl in project Payara by payara.
the class SecurityContext method getDefaultCallerPrincipal.
// get caller principal of unauthenticated Security Context
public static Principal getDefaultCallerPrincipal() {
synchronized (SecurityContext.class) {
if (defaultSecurityContext.initiator == null) {
String guestUser = null;
try {
guestUser = (String) AppservAccessController.doPrivileged(new PrivilegedExceptionAction() {
public java.lang.Object run() throws Exception {
SecurityService securityService = SecurityServicesUtil.getInstance().getHabitat().getService(SecurityService.class, ServerEnvironment.DEFAULT_INSTANCE_NAME);
if (securityService == null)
return null;
return securityService.getDefaultPrincipal();
}
});
} catch (Exception e) {
_logger.log(Level.SEVERE, SecurityLoggerInfo.defaultUserLoginError, e);
} finally {
if (guestUser == null) {
guestUser = "ANONYMOUS";
}
}
defaultSecurityContext.initiator = new PrincipalImpl(guestUser);
}
}
return defaultSecurityContext.initiator;
}
use of org.glassfish.security.common.PrincipalImpl in project Payara by payara.
the class ClientCertificateLoginModule method commit.
/**
* <p> This method is called if the LoginContext's
* overall authentication succeeded
* (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules
* succeeded).
*
* <p> If this LoginModule's own authentication attempt
* succeeded (checked by retrieving the private state saved by the
* <code>login</code> method), then this method associates a
* <code>PrincipalImpl</code>
* with the <code>Subject</code> located in the
* <code>LoginModule</code>. If this LoginModule's own
* authentication attempted failed, then this method removes
* any state that was originally saved.
*
* <p>
*
* @exception LoginException if the commit fails.
*
* @return true if this LoginModule's own login and commit
* attempts succeeded, or false otherwise.
*/
public boolean commit() throws LoginException {
if (succeeded == false) {
return false;
} else {
// add a Principal (authenticated identity)
// to the Subject
// assume the user we authenticated is the PrincipalImpl
userPrincipal = new PrincipalImpl(alias);
if (!subject.getPrincipals().contains(userPrincipal)) {
subject.getPrincipals().add(userPrincipal);
}
if (debug) {
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, "\t\t[ClientCertificateLoginModule] " + "added PrincipalImpl to Subject");
}
}
ssl = new AppClientSSL();
ssl.setCertNickname(this.alias);
sslUtils.setAppclientSsl(ssl);
String realm = LoginContextDriver.CERT_REALMNAME;
X509Certificate[] certChain = new X509Certificate[1];
certChain[0] = certificate;
X509CertificateCredential pc = new X509CertificateCredential(certChain, alias, realm);
if (!subject.getPrivateCredentials().contains(pc)) {
subject.getPrivateCredentials().add(pc);
}
commitSucceeded = true;
return true;
}
}
use of org.glassfish.security.common.PrincipalImpl in project Payara by payara.
the class ClientPasswordLoginModule method commit.
/**
* <p> This method is called if the LoginContext's
* overall authentication succeeded
* (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules
* succeeded).
*
* <p> If this LoginModule's own authentication attempt
* succeeded (checked by retrieving the private state saved by the
* <code>login</code> method), then this method associates a
* <code>PrincipalImpl</code>
* with the <code>Subject</code> located in the
* <code>LoginModule</code>. If this LoginModule's own
* authentication attempted failed, then this method removes
* any state that was originally saved.
*
* <p>
*
* @exception LoginException if the commit fails.
*
* @return true if this LoginModule's own login and commit
* attempts succeeded, or false otherwise.
*/
public boolean commit() throws LoginException {
if (succeeded == false) {
return false;
} else {
// add a Principal (authenticated identity)
// to the Subject
// assume the user we authenticated is the PrincipalImpl
userPrincipal = new PrincipalImpl(username);
if (!subject.getPrincipals().contains(userPrincipal)) {
subject.getPrincipals().add(userPrincipal);
}
_logger.log(Level.FINE, "\t\t[ClientPasswordLoginModule] " + "added PrincipalImpl to Subject");
String realm = DEFAULT_REALMNAME;
PasswordCredential pc = new PasswordCredential(username, password, realm);
if (!subject.getPrivateCredentials().contains(pc)) {
subject.getPrivateCredentials().add(pc);
}
// in any case, clean out state
username = null;
for (int i = 0; i < password.length; i++) {
password[i] = ' ';
}
password = null;
commitSucceeded = true;
return true;
}
}
use of org.glassfish.security.common.PrincipalImpl in project Payara by payara.
the class SimpleAtzProviderTest method adminSubject.
private Subject adminSubject() {
final Subject result = new Subject();
result.getPrincipals().add(new PrincipalImpl("asadmin"));
return result;
}
use of org.glassfish.security.common.PrincipalImpl in project Payara by payara.
the class BaseContainerCallbackHandler method processCallerPrincipal.
private void processCallerPrincipal(CallerPrincipalCallback cpCallback) {
final Subject fs = cpCallback.getSubject();
Principal principal = cpCallback.getPrincipal();
// PAYARA-755 If the SAM has set a custom principal then we check that the original WebPrincipal has the same custom principal within it
if (principal != null && !(principal instanceof WebPrincipal)) {
Principal additional = SecurityContext.getCurrent().getAdditionalPrincipal();
if ((additional != null) && (additional instanceof WebPrincipal) && ((WebPrincipal) additional).getCustomPrincipal() == principal) {
principal = additional;
}
}
if (principal instanceof WebPrincipal) {
WebPrincipal wp = (WebPrincipal) principal;
/**
* Check if the WebPrincipal satisfies the criteria for reuse. If
* it does, the CBH will have already copied its contents into the
* Subject, and established the caller principal.
*/
if (reuseWebPrincipal(fs, wp)) {
return;
}
/**
* Otherwise the webPrincipal must be distinguished as the
* callerPrincipal, but the contents of its internal SecurityContext
* will not be copied.
* For the special case where the WebPrincipal represents
* the defaultCallerPrincipal, the argument principal is set to
* null to cause the handler to assign its representation of the
* unauthenticated caller in the Subject.
*/
Principal dp = SecurityContext.getDefaultCallerPrincipal();
SecurityContext sc = wp.getSecurityContext();
Principal cp = sc != null ? sc.getCallerPrincipal() : null;
if (wp.getName() == null || wp.equals(dp) || cp == null || cp.equals(dp)) {
principal = null;
}
}
String realmName = null;
if (handlerContext != null) {
realmName = handlerContext.getRealmName();
}
boolean isCertRealm = CertificateRealm.AUTH_TYPE.equals(realmName);
if (principal == null) {
if (cpCallback.getName() != null) {
if (isCertRealm) {
principal = new X500Principal(cpCallback.getName());
} else {
principal = new PrincipalImpl(cpCallback.getName());
}
} else {
// 196 unauthenticated caller principal
principal = SecurityContext.getDefaultCallerPrincipal();
}
}
if (isCertRealm) {
if (principal instanceof X500Principal) {
LoginContextDriver.jmacLogin(fs, (X500Principal) principal);
}
} else {
if (!principal.equals(SecurityContext.getDefaultCallerPrincipal())) {
LoginContextDriver.jmacLogin(fs, principal.getName(), realmName);
}
}
final Principal fprin = principal;
final DistinguishedPrincipalCredential fdpc = new DistinguishedPrincipalCredential(principal);
AppservAccessController.doPrivileged(new PrivilegedAction() {
public java.lang.Object run() {
fs.getPrincipals().add(fprin);
Iterator iter = fs.getPublicCredentials().iterator();
while (iter.hasNext()) {
Object obj = iter.next();
if (obj instanceof DistinguishedPrincipalCredential) {
iter.remove();
}
}
fs.getPublicCredentials().add(fdpc);
return fs;
}
});
}
Aggregations