Examples with JaasAuthenticationToken - org.springframework.security.authentication.jaas.JaasAuthenticationToken

Example 1 with JaasAuthenticationToken

use of org.springframework.security.authentication.jaas.JaasAuthenticationToken in project spring-security by spring-projects.

the class JaasApiIntegrationFilterTests method onBeforeTests.

// ~ Methods
// ========================================================================================================
@Before
public void onBeforeTests() throws Exception {
    this.filter = new JaasApiIntegrationFilter();
    this.request = new MockHttpServletRequest();
    this.response = new MockHttpServletResponse();
    authenticatedSubject = new Subject();
    authenticatedSubject.getPrincipals().add(new Principal() {

        public String getName() {
            return "principal";
        }
    });
    authenticatedSubject.getPrivateCredentials().add("password");
    authenticatedSubject.getPublicCredentials().add("username");
    callbackHandler = new CallbackHandler() {

        public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
            for (Callback callback : callbacks) {
                if (callback instanceof NameCallback) {
                    ((NameCallback) callback).setName("user");
                } else if (callback instanceof PasswordCallback) {
                    ((PasswordCallback) callback).setPassword("password".toCharArray());
                } else if (callback instanceof TextInputCallback) {
                // ignore
                } else {
                    throw new UnsupportedCallbackException(callback, "Unrecognized Callback " + callback);
                }
            }
        }
    };
    testConfiguration = new Configuration() {

        public void refresh() {
        }

        public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
            return new AppConfigurationEntry[] { new AppConfigurationEntry(TestLoginModule.class.getName(), LoginModuleControlFlag.REQUIRED, new HashMap<String, String>()) };
        }
    };
    LoginContext ctx = new LoginContext("SubjectDoAsFilterTest", authenticatedSubject, callbackHandler, testConfiguration);
    ctx.login();
    token = new JaasAuthenticationToken("username", "password", AuthorityUtils.createAuthorityList("ROLE_ADMIN"), ctx);
    // just in case someone forgot to clear the context
    SecurityContextHolder.clearContext();
}

Also used : CallbackHandler(javax.security.auth.callback.CallbackHandler) Configuration(javax.security.auth.login.Configuration) HashMap(java.util.HashMap) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) IOException(java.io.IOException) Subject(javax.security.auth.Subject) TextInputCallback(javax.security.auth.callback.TextInputCallback) AppConfigurationEntry(javax.security.auth.login.AppConfigurationEntry) TextInputCallback(javax.security.auth.callback.TextInputCallback) PasswordCallback(javax.security.auth.callback.PasswordCallback) NameCallback(javax.security.auth.callback.NameCallback) Callback(javax.security.auth.callback.Callback) NameCallback(javax.security.auth.callback.NameCallback) LoginContext(javax.security.auth.login.LoginContext) JaasAuthenticationToken(org.springframework.security.authentication.jaas.JaasAuthenticationToken) PasswordCallback(javax.security.auth.callback.PasswordCallback) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Principal(java.security.Principal) Before(org.junit.Before)

Example 2 with JaasAuthenticationToken

use of org.springframework.security.authentication.jaas.JaasAuthenticationToken in project spring-security by spring-projects.

the class JaasApiIntegrationFilterTests method obtainSubjectNullLoginContext.

@Test
public void obtainSubjectNullLoginContext() {
    token = new JaasAuthenticationToken("un", "pwd", AuthorityUtils.createAuthorityList("ROLE_ADMIN"), null);
    SecurityContextHolder.getContext().setAuthentication(token);
    assertNullSubject(filter.obtainSubject(request));
}

Also used : JaasAuthenticationToken(org.springframework.security.authentication.jaas.JaasAuthenticationToken) Test(org.junit.Test)

Example 3 with JaasAuthenticationToken

use of org.springframework.security.authentication.jaas.JaasAuthenticationToken in project spring-security by spring-projects.

the class JaasApiIntegrationFilter method obtainSubject.

/**
	 * <p>
	 * Obtains the <code>Subject</code> to run as or <code>null</code> if no
	 * <code>Subject</code> is available.
	 * </p>
	 * <p>
	 * The default implementation attempts to obtain the <code>Subject</code> from the
	 * <code>SecurityContext</code>'s <code>Authentication</code>. If it is of type
	 * <code>JaasAuthenticationToken</code> and is authenticated, the <code>Subject</code>
	 * is returned from it. Otherwise, <code>null</code> is returned.
	 * </p>
	 *
	 * @param request the current <code>ServletRequest</code>
	 * @return the Subject to run as or <code>null</code> if no <code>Subject</code> is
	 * available.
	 */
protected Subject obtainSubject(ServletRequest request) {
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    if (logger.isDebugEnabled()) {
        logger.debug("Attempting to obtainSubject using authentication : " + authentication);
    }
    if (authentication == null) {
        return null;
    }
    if (!authentication.isAuthenticated()) {
        return null;
    }
    if (!(authentication instanceof JaasAuthenticationToken)) {
        return null;
    }
    JaasAuthenticationToken token = (JaasAuthenticationToken) authentication;
    LoginContext loginContext = token.getLoginContext();
    if (loginContext == null) {
        return null;
    }
    return loginContext.getSubject();
}

Also used : LoginContext(javax.security.auth.login.LoginContext) JaasAuthenticationToken(org.springframework.security.authentication.jaas.JaasAuthenticationToken) Authentication(org.springframework.security.core.Authentication)

Example 4 with JaasAuthenticationToken

use of org.springframework.security.authentication.jaas.JaasAuthenticationToken in project spring-security by spring-projects.

the class JaasApiIntegrationFilterTests method obtainSubjectNullSubject.

@Test
public void obtainSubjectNullSubject() throws Exception {
    LoginContext ctx = new LoginContext("obtainSubjectNullSubject", null, callbackHandler, testConfiguration);
    assertThat(ctx.getSubject()).isNull();
    token = new JaasAuthenticationToken("un", "pwd", AuthorityUtils.createAuthorityList("ROLE_ADMIN"), ctx);
    SecurityContextHolder.getContext().setAuthentication(token);
    assertNullSubject(filter.obtainSubject(request));
}

Also used : LoginContext(javax.security.auth.login.LoginContext) JaasAuthenticationToken(org.springframework.security.authentication.jaas.JaasAuthenticationToken) Test(org.junit.Test)

Aggregations

JaasAuthenticationToken (org.springframework.security.authentication.jaas.JaasAuthenticationToken)4 LoginContext (javax.security.auth.login.LoginContext)3 Test (org.junit.Test)2 IOException (java.io.IOException)1 Principal (java.security.Principal)1 HashMap (java.util.HashMap)1 Subject (javax.security.auth.Subject)1 Callback (javax.security.auth.callback.Callback)1 CallbackHandler (javax.security.auth.callback.CallbackHandler)1 NameCallback (javax.security.auth.callback.NameCallback)1 PasswordCallback (javax.security.auth.callback.PasswordCallback)1 TextInputCallback (javax.security.auth.callback.TextInputCallback)1 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)1 AppConfigurationEntry (javax.security.auth.login.AppConfigurationEntry)1 Configuration (javax.security.auth.login.Configuration)1 Before (org.junit.Before)1 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)1 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)1 Authentication (org.springframework.security.core.Authentication)1