public Subject krb5PasswordLogin(String password) {
    String loginModuleName = "krb5UsernamePasswordLogin";

    LOG.info(
        "Attempting kerberos authentication of user: "******" using username and password mechanism");

    // Set the domain to realm and the kdc
    // System.setProperty("java.security.krb5.realm", "JTLAN.CO.UK");
    // System.setProperty("java.security.krb5.kdc", "jtserver.jtlan.co.uk");
    // System.setProperty("java.security.krb5.conf",
    // "/home/turnerj/git/servlet-security-filter/KerberosSecurityFilter/src/main/resources/krb5.conf");

    // Form jaasOptions map
    Map<String, String> jaasOptions = new HashMap<String, String>();
    jaasOptions.put("useKeyTab", "false");
    jaasOptions.put("storeKey", "false");
    jaasOptions.put("doNotPrompt", "false");
    jaasOptions.put("refreshKrb5Config", "false");
    jaasOptions.put("clearPass", "true");
    jaasOptions.put("useTicketCache", "false");
    LOG.debug("Dynamic jaas configuration used:" + jaasOptions.toString());

    // Create dynamic jaas config
    DynamicJaasConfiguration contextConfig = new DynamicJaasConfiguration();
    contextConfig.addAppConfigEntry(
        loginModuleName,
        "com.sun.security.auth.module.Krb5LoginModule",
        AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
        jaasOptions);

    try {
      /*
       * Create login context using dynamic config
       * The "krb5UsernamePasswordLogin" needs to correspond to a configuration in the jaas config.
       */
      LoginContext loginCtx =
          new LoginContext(
              loginModuleName,
              null,
              new LoginUsernamePasswordHandler(clientPrincipal, password),
              contextConfig);
      loginCtx.login();
      Subject clientSubject = loginCtx.getSubject();
      String loggedInUser = principalNameFromSubject(clientSubject);
      LOG.info(
          "SUCCESSFUL LOGIN for user: "******" using username and password mechanism.");
      return clientSubject;
    } catch (LoginException le) {
      le.printStackTrace();
      // Failed logins are not an application error so the following line is at info level.
      LOG.info(
          "LOGIN FAILED for user: "******" using username and password mechanism. Reason: "
              + le.toString());
      return null;
    }
  }
Exemple #2
0
  /**
   * Tries to login the user. If username as well as password are correctly spelled this method
   * returns the PatientSearch-Site, if not the Login-Failed Site will be returned.
   *
   * @return correct login: PatientSearch, else LoginFailed
   * @throws Exception
   */
  public String login() throws Exception {
    //		FacesContext fc = FacesContext.getCurrentInstance().getExternalContext().getResponse();
    //		HttpServletResponse resp =
    // (HttpServletResponse)FacesContext.getCurrentInstance().getExternalContext().getResponse();
    //		resp.
    //		fc.getMessages().
    //		throw new Exception();
    // TODO: facesContext - register new Error
    try {
      LoginContext lc = new LoginContext("Test");
      lc.login();
    } catch (LoginException e) {
      e.printStackTrace();
    } finally {
      return "/errorPage.xhtml";
    }
    //		File f = null;
    //		f.getName();

    //		if(findUser(username, password)){
    //			return "loginAccepted";
    //		}
    //		else{
    //			return "loginDenied";
    //		}
    //		if(findUser(username, password)){
    //			return "/patientSearch.xhtml";
    //		}
    //		else{
    //			return "/loginFalse.xhtml";
    //		}
  }
  /** @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) */
  protected void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    HttpSession httpSession = request.getSession();

    LoginContext lc = (LoginContext) httpSession.getAttribute("LoginContext");
    try {
      System.out.println("INVOCO IL LOGOUT");
      lc.logout();
    } catch (LoginException e) {
      e.printStackTrace();
    }

    response.sendRedirect(response.encodeRedirectURL("/JAAS_XACML_Exercise2/public/logout.jsp"));
  }
  public Subject krb5KeytabLogin(String keytab) {
    String loginModuleName = "krb5NonInteractiveClientLogin";

    LOG.info("Attempting kerberos login of user: "******" using keytab: " + keytab);
    // Form jaasOptions map
    Map<String, String> jaasOptions = new HashMap<String, String>();
    jaasOptions.put("useKeyTab", "true");
    jaasOptions.put("keyTab", keytab);
    jaasOptions.put("principal", clientPrincipal);
    jaasOptions.put("storeKey", "true"); // Need this to be true for when the server side logs in.
    jaasOptions.put("doNotPrompt", "true");
    jaasOptions.put("refreshKrb5Config", "false");
    jaasOptions.put("clearPass", "true");
    jaasOptions.put("useTicketCache", "false");
    LOG.debug("Dynamic jaas configuration used:" + jaasOptions.toString());

    // Create dynamic jaas config
    DynamicJaasConfiguration contextConfig = new DynamicJaasConfiguration();
    contextConfig.addAppConfigEntry(
        loginModuleName,
        "com.sun.security.auth.module.Krb5LoginModule",
        AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
        jaasOptions);
    try {
      /*
       * The nonInteractiveCallbackHandler should not be needed as the jaas config sets the client to use keytab file and not prompt the user.
       * Therefore this is suitable for system authentication. if the callback handler is used the nonInteractiveCallbackHandler just throws exceptions.
       */
      LoginContext loginCtx =
          new LoginContext(
              loginModuleName, null, new NonInteractiveCallbackHandler(), contextConfig);
      loginCtx.login();
      Subject clientSubject = loginCtx.getSubject();
      String loggedInUser = principalNameFromSubject(clientSubject);
      LOG.info("SUCCESSFUL LOGIN for user: "******" using keytab: " + keytab);
      return clientSubject;
    } catch (LoginException le) {
      LOG.info(
          "LOGIN FAILED for user: "******" using keytab: "
              + keytab
              + " Reason: "
              + le.toString());
      le.printStackTrace();
      return null;
    }
  }
Exemple #5
0
 private static void testPerformAs() {
   try {
     // performAs("service/[email protected]",
     // "/apps/workgroup-audit/keytab/keytab.workgroup-audit", new Dummy("phoebe"));
     // performAs("service/[email protected]", "/etc/krb5.keytab", new
     // DummyAction("phoebe"));
     // performAs("ldap/[email protected]", "/etc/krb5.keytab", new SearchAction());
     performAs("ldap/[email protected]", "/etc/krb5.keytab", new SearchAction());
   } catch (LoginException le) {
     le.printStackTrace();
   } catch (PrivilegedActionException pae) {
     Exception e = pae.getException();
     System.out.println("exception msg is: " + e.getMessage());
     e.printStackTrace();
   }
 }
  /**
   * The instance method checks if for the given user the password is correct. The test itself is
   * done with
   *
   * @param _name name of the person name to check
   * @param _passwd password of the person to check
   * @see #checkLogin
   */
  protected boolean checkLogin(final String _name, final String _passwd) {
    boolean ret = false;
    try {
      LoginContext login =
          new LoginContext(this.application, new LoginCallBackHandler(_name, _passwd));
      login.login();

      Person person = null;
      for (JAASSystem system : JAASSystem.getAllJAASSystems()) {
        Set users = login.getSubject().getPrincipals(system.getPersonJAASPrincipleClass());
        System.out.println("---------------------->users=" + users);
        for (Object persObj : users) {
          try {
            String persKey = (String) system.getPersonMethodKey().invoke(persObj, null);

            Person foundPerson = Person.getWithJAASKey(system, persKey);
            if (foundPerson == null) {
              // TODO: JAASKey for person must be added!!!
            } else if (person == null) {
              person = foundPerson;
            } else if (person.getId() != foundPerson.getId()) {
              LOG.error(
                  "For JAAS system "
                      + system.getName()
                      + " "
                      + "person with key '"
                      + persKey
                      + "' is not unique!"
                      + "Have found person '"
                      + person.getName()
                      + "' "
                      + "(id = "
                      + person.getId()
                      + ") and person "
                      + "'"
                      + foundPerson.getName()
                      + "' "
                      + "(id = "
                      + foundPerson.getId()
                      + ").");
              // TODO: throw exception!!
            }
          } catch (IllegalAccessException e) {
            LOG.error("could not execute person key method for system " + system.getName(), e);
            // TODO: throw exception!!
          } catch (IllegalArgumentException e) {
            LOG.error("could not execute person key method for system " + system.getName(), e);
            // TODO: throw exception!!
          } catch (InvocationTargetException e) {
            LOG.error("could not execute person key method for system " + system.getName(), e);
            // TODO: throw exception!!
          }
        }
      }

      if (person == null) {
        for (JAASSystem system : JAASSystem.getAllJAASSystems()) {
          Set users = login.getSubject().getPrincipals(system.getPersonJAASPrincipleClass());
          for (Object persObj : users) {
            try {
              String persKey = (String) system.getPersonMethodKey().invoke(persObj, null);

              if (person == null) {
                person = Person.createPerson(system, persKey, persKey);
              } else {
                person.assignToJAASSystem(system, persKey);
              }

            } catch (IllegalAccessException e) {
              LOG.error("could not execute person key method for system " + system.getName(), e);
              // TODO: throw exception!!
            } catch (IllegalArgumentException e) {
              LOG.error("could not execute person key method for system " + system.getName(), e);
              // TODO: throw exception!!
            } catch (InvocationTargetException e) {
              LOG.error("could not execute person key method for system " + system.getName(), e);
              // TODO: throw exception!!
            }
          }
        }
      }

      person.cleanUp();

      for (JAASSystem system : JAASSystem.getAllJAASSystems()) {
        if (system.getRoleJAASPrincipleClass() != null) {
          Set rolesJaas = login.getSubject().getPrincipals(system.getRoleJAASPrincipleClass());
          Set<Role> rolesEfaps = new HashSet<Role>();
          for (Object roleObj : rolesJaas) {
            try {
              String roleKey = (String) system.getRoleMethodKey().invoke(roleObj, null);
              Role roleEfaps = Role.getWithJAASKey(system, roleKey);
              if (roleEfaps != null) {
                rolesEfaps.add(roleEfaps);
              }
            } catch (IllegalAccessException e) {
              LOG.error("could not execute role key method for system " + system.getName(), e);
            } catch (IllegalArgumentException e) {
              LOG.error("could not execute role key method for system " + system.getName(), e);
            } catch (InvocationTargetException e) {
              LOG.error("could not execute role key method for system " + system.getName(), e);
            }
          }
          person.setRoles(system, rolesEfaps);
        }
      }

      ret = true;
    } catch (EFapsException e) {
      e.printStackTrace();
      LOG.error("login failed for '" + _name + "'", e);
    } catch (LoginException e) {
      e.printStackTrace();
      LOG.error("login failed for '" + _name + "'", e);
    }
    return ret;
  }