use of org.jboss.remoting3.Connection in project cloudstack by apache.
the class ConfigTest method executeTest.
@Override
public boolean executeTest() {
int error = 0;
Element rootElement = this.getInputFile().get(0).getDocumentElement();
NodeList commandLst = rootElement.getElementsByTagName("command");
//Analyze each command, send request and build the array list of api commands
for (int i = 0; i < commandLst.getLength(); i++) {
Node fstNode = commandLst.item(i);
Element fstElmnt = (Element) fstNode;
//new command
ApiCommand api = new ApiCommand(fstElmnt, this.getParam(), this.getCommands());
if (api.getName().equals("rebootManagementServer")) {
s_logger.info("Attempting to SSH into management server " + this.getParam().get("hostip"));
try {
Connection conn = new Connection(this.getParam().get("hostip"));
conn.connect(null, 60000, 60000);
s_logger.info("SSHed successfully into management server " + this.getParam().get("hostip"));
boolean isAuthenticated = conn.authenticateWithPassword("root", "password");
if (isAuthenticated == false) {
s_logger.info("Authentication failed for root with password");
return false;
}
String restartCommand = "service cloud-management restart; service cloud-usage restart";
Session sess = conn.openSession();
s_logger.info("Executing : " + restartCommand);
sess.execCommand(restartCommand);
Thread.sleep(120000);
sess.close();
conn.close();
} catch (Exception ex) {
s_logger.error(ex);
return false;
}
} else {
//send a command
api.sendCommand(this.getClient(), null);
//verify the response of the command
if ((api.getResponseType() == ResponseType.ERROR) && (api.getResponseCode() == 200) && (api.getTestCaseInfo() != null)) {
s_logger.error("Test case " + api.getTestCaseInfo() + "failed. Command that was supposed to fail, passed. The command was sent with the following url " + api.getUrl());
error++;
} else if ((api.getResponseType() != ResponseType.ERROR) && (api.getResponseCode() == 200)) {
//set parameters for the future use
if (api.setParam(this.getParam()) == false) {
s_logger.error("Exiting the test...Command " + api.getName() + " didn't return parameters needed for the future use. The command was sent with url " + api.getUrl());
return false;
} else {
//verify parameters
if (api.verifyParam() == false) {
s_logger.error("Command " + api.getName() + " failed. Verification for returned parameters failed. Command was sent with url " + api.getUrl());
error++;
} else if (api.getTestCaseInfo() != null) {
s_logger.info("Test case " + api.getTestCaseInfo() + " passed. Command was sent with the url " + api.getUrl());
}
}
} else if ((api.getResponseType() != ResponseType.ERROR) && (api.getResponseCode() != 200)) {
s_logger.error("Command " + api.getName() + " failed with an error code " + api.getResponseCode() + " . Command was sent with url " + api.getUrl() + " Required: " + api.getRequired());
if (api.getRequired() == true) {
s_logger.info("The command is required for the future use, so exiging");
return false;
}
error++;
} else if (api.getTestCaseInfo() != null) {
s_logger.info("Test case " + api.getTestCaseInfo() + " passed. Command that was supposed to fail, failed - test passed. Command was sent with url " + api.getUrl());
}
}
}
if (error != 0)
return false;
else
return true;
}
use of org.jboss.remoting3.Connection in project wildfly by wildfly.
the class SimpleSecurityManager method push.
/**
* Must be called from within a privileged action.
*
* @param securityDomain
*/
public void push(final String securityDomain) {
// TODO - Handle a null securityDomain here? Yes I think so.
final SecurityContext previous = SecurityContextAssociation.getSecurityContext();
contexts.push(previous);
SecurityContext current = establishSecurityContext(securityDomain);
if (propagate && previous != null) {
current.setSubjectInfo(getSubjectInfo(previous));
current.setIncomingRunAs(previous.getOutgoingRunAs());
}
RunAs currentRunAs = current.getIncomingRunAs();
boolean trusted = currentRunAs != null && currentRunAs instanceof RunAsIdentity;
if (trusted == false) {
/*
* We should only be switching to a context based on an identity from the Remoting connection if we don't already
* have a trusted identity - this allows for beans to reauthenticate as a different identity.
*/
if (SecurityActions.remotingContextIsSet()) {
// In this case the principal and credential will not have been set to set some random values.
SecurityContextUtil util = current.getUtil();
Connection connection = SecurityActions.remotingContextGetConnection();
Principal p = null;
Object credential = null;
SecurityIdentity localIdentity = connection.getLocalIdentity();
if (localIdentity != null) {
p = new SimplePrincipal(localIdentity.getPrincipal().getName());
IdentityCredentials privateCredentials = localIdentity.getPrivateCredentials();
PasswordCredential passwordCredential = privateCredentials.getCredential(PasswordCredential.class, ClearPassword.ALGORITHM_CLEAR);
if (passwordCredential != null) {
credential = new String(passwordCredential.getPassword(ClearPassword.class).getPassword());
} else {
credential = new RemotingConnectionCredential(connection);
}
} else {
throw SecurityLogger.ROOT_LOGGER.noUserPrincipalFound();
}
SecurityActions.remotingContextClear();
util.createSubjectInfo(p, credential, null);
}
}
}
use of org.jboss.remoting3.Connection in project wildfly by wildfly.
the class RemotingLoginModule method login.
@SuppressWarnings("unchecked")
@Override
public boolean login() throws LoginException {
if (super.login() == true) {
log.debug("super.login()==true");
return true;
}
Object credential = getCredential();
if (credential instanceof RemotingConnectionCredential) {
Connection con = ((RemotingConnectionCredential) credential).getConnection();
Principal up = null;
SecurityIdentity localIdentity = con.getLocalIdentity();
if (localIdentity != null) {
up = new RealmUser(localIdentity.getPrincipal().getName());
}
// If we found a principal from the connection then authentication succeeded.
if (up != null) {
identity = up;
if (getUseFirstPass()) {
String userName = identity.getName();
log.debugf("Storing username '%s'", userName);
// Add the username to the shared state map
sharedState.put("javax.security.auth.login.name", identity);
if (useNewClientCert) {
SSLSession session = con.getSslSession();
if (session != null) {
try {
credential = session.getPeerCertificates()[0];
log.debug("Using new certificate as credential.");
} catch (SSLPeerUnverifiedException e) {
log.debugf("No peer certificate available for '%s'", userName);
}
}
} else if (useClientCert) {
SSLSession session = con.getSslSession();
if (session != null) {
try {
credential = session.getPeerCertificateChain()[0];
log.debug("Using certificate as credential.");
} catch (SSLPeerUnverifiedException e) {
log.debugf("No peer certificate available for '%s'", userName);
}
}
}
sharedState.put("javax.security.auth.login.password", credential);
}
loginOk = true;
return true;
}
}
// username and password has been supplied to a web auth.
return false;
}
use of org.jboss.remoting3.Connection in project wildfly by wildfly.
the class ConnectionSecurityContext method getConnectionPrincipals.
/**
* Obtain a {@link Collection} containing the {@link Principal} instances for the user associated with the connection.
*
* Note: This method should be called from within a {@link PrivilegedAction}.
*
* @return The Collection of Principals for the user authenticated with the connection. An empty Collection will be returned
* of no user is associated with the connection, {@code null} will be returned if no connection is associated with
* the {@link Thread}
*/
public static Collection<Principal> getConnectionPrincipals() {
Connection con = RemotingContext.getConnection();
if (con != null) {
Collection<Principal> principals = new HashSet<>();
SecurityIdentity localIdentity = con.getLocalIdentity();
if (localIdentity != null) {
principals.add(new RealmUser(localIdentity.getPrincipal().getName()));
StreamSupport.stream(localIdentity.getRoles().spliterator(), true).forEach((String role) -> {
principals.add(new RealmGroup(role));
principals.add(new RealmRole(role));
});
return principals;
} else {
return Collections.emptySet();
}
}
return null;
}
use of org.jboss.remoting3.Connection in project wildfly by wildfly.
the class ConnectionSecurityContext method pushIdentity.
/**
* Push a new {@link Principal} and Credential pair.
*
* This method is to be called before an EJB invocation is passed through it's security interceptor, at that point the
* Principal and Credential pair can be verified.
*
* Note: This method should be called from within a {@link PrivilegedAction}.
*
* @param principal - The alternative {@link Principal} to use in verification before the next EJB is called.
* @param credential - The credential to verify with the {@linl Principal}
* @return A {@link ContextStateCache} that can later be used to pop the identity pushed here and restore internal state to it's previous values.
* @throws Exception If there is a problem associating the new {@link Principal} and Credential pair.
*/
public static ContextStateCache pushIdentity(final Principal principal, final Object credential) throws Exception {
SecurityContext current = SecurityContextAssociation.getSecurityContext();
SecurityContext nextContext = SecurityContextFactory.createSecurityContext(principal, credential, new Subject(), "USER_DELEGATION");
SecurityContextAssociation.setSecurityContext(nextContext);
Connection con = RemotingContext.getConnection();
RemotingContext.clear();
return new ContextStateCache(con, current);
}
Aggregations