@Override protected Group[] getRoleSets() throws LoginException { SimpleGroup roles = new SimpleGroup("Roles"); Group[] roleSets = {roles}; for (Role role : access.getUser().getRoles()) { roles.addMember(new SimplePrincipal(role.getName())); } return roleSets; }
@Override protected boolean login(Request request, HttpServletResponse response) throws LoginException { String tokenHeader = request.getHeader("X-Auth-Signed-Token"); if (tokenHeader == null) return false; // throw new LoginException("No X-Auth-Signed-Token"); // if we don't have a trust store, we'll just use the key store. KeyStore keyStore = null; if (domain != null) { if (domain instanceof SecurityDomain) { keyStore = ((SecurityDomain) domain).getKeyStore(); } else if (domain instanceof JSSESecurityDomain) { keyStore = ((JSSESecurityDomain) domain).getKeyStore(); } } if (keyStore == null) throw new LoginException("No trust store found"); X509Certificate certificate = null; try { certificate = (X509Certificate) keyStore.getCertificate(skeletonKeyCertificateAlias); } catch (KeyStoreException e) { throw new LoginException("Could not get certificate from keyStore"); } try { PKCS7SignatureInput input = new PKCS7SignatureInput(tokenHeader); if (input.verify(certificate) == false) throw new LoginException("Bad Signature"); access = (Access) input.getEntity(Access.class, MediaType.APPLICATION_JSON_TYPE); } catch (LoginException le) { throw le; } catch (Exception e) { throw new LoginException("Bad Token"); } if (access.getToken().expired()) { throw new LoginException("Token expired"); } if (!projectId.equals(access.getToken().getProject().getId())) { throw new LoginException("Token project id doesn't match"); } this.loginOk = true; return true; }
@Override protected Principal getIdentity() { Principal principal = new UserPrincipal(access.getUser()); return principal; }