コード例 #1
0
  @Before
  public void login() throws Exception {
    final LoginContext lc = Util.getCLMLoginContext("user1", "password1");
    lc.login();

    this.loginContext = lc;
  }
コード例 #2
0
 @Test
 public void testRoleExpansion() throws LoginException {
   LoginContext context =
       new LoginContext(
           "ExpandedLDAPLogin",
           new CallbackHandler() {
             public void handle(Callback[] callbacks)
                 throws IOException, UnsupportedCallbackException {
               for (int i = 0; i < callbacks.length; i++) {
                 if (callbacks[i] instanceof NameCallback) {
                   ((NameCallback) callbacks[i]).setName("first");
                 } else if (callbacks[i] instanceof PasswordCallback) {
                   ((PasswordCallback) callbacks[i]).setPassword("secret".toCharArray());
                 } else {
                   throw new UnsupportedCallbackException(callbacks[i]);
                 }
               }
             }
           });
   context.login();
   Subject subject = context.getSubject();
   boolean isAdmin = false;
   boolean isUser = false;
   for (Principal principal : subject.getPrincipals()) {
     if (principal instanceof GroupPrincipal) {
       GroupPrincipal groupPrincipal = (GroupPrincipal) principal;
       if (groupPrincipal.getName().equalsIgnoreCase("admins")) isAdmin = true;
       if (groupPrincipal.getName().equalsIgnoreCase("users")) isUser = true;
     }
   }
   // Should be in users by virtue of being in admins
   assertTrue(isAdmin && isUser);
   context.logout();
 }
コード例 #3
0
  /**
   * Log a user in from a keytab file. Loads a user identity from a keytab file and login them in.
   * This new user does not affect the currently logged-in user.
   *
   * @param user the principal name to load from the keytab
   * @param path the path to the keytab file
   * @throws IOException if the keytab file can't be read
   */
  public static synchronized UserGroupInformation loginUserFromKeytabAndReturnUGI(
      String user, String path) throws IOException {
    if (!isSecurityEnabled()) return UserGroupInformation.getCurrentUser();
    String oldKeytabFile = null;
    String oldKeytabPrincipal = null;

    long start = 0;
    try {
      oldKeytabFile = keytabFile;
      oldKeytabPrincipal = keytabPrincipal;
      keytabFile = path;
      keytabPrincipal = user;
      Subject subject = new Subject();

      LoginContext login =
          new LoginContext(HadoopConfiguration.KEYTAB_KERBEROS_CONFIG_NAME, subject);

      start = System.currentTimeMillis();
      login.login();
      metrics.loginSuccess.inc(System.currentTimeMillis() - start);
      UserGroupInformation newLoginUser = new UserGroupInformation(subject);
      newLoginUser.setLogin(login);
      newLoginUser.setAuthenticationMethod(AuthenticationMethod.KERBEROS);

      return newLoginUser;
    } catch (LoginException le) {
      if (start > 0) {
        metrics.loginFailure.inc(System.currentTimeMillis() - start);
      }
      throw new IOException("Login failure for " + user + " from keytab " + path, le);
    } finally {
      if (oldKeytabFile != null) keytabFile = oldKeytabFile;
      if (oldKeytabPrincipal != null) keytabPrincipal = oldKeytabPrincipal;
    }
  }
コード例 #4
0
  @Override
  public void run(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
      throws IOException, ServletException {

    LoginContext lc = null;
    if (request.getUserPrincipal() == null) {
      try {
        lc = doLogin(request, response);
        request = wrapRequest(request, lc);
      } catch (LoginException e) {
        // login failed
        handleLoginFailure(request, response, e);
        return;
      }
    }

    try {
      chain.doFilter(request, response);
    } finally {
      ClientLoginModule.getThreadLocalLogin().clear();
      if (lc != null) {
        // a null lc may indicate an anonymous login
        try {
          lc.logout();
        } catch (Exception e) {
        }
      }
    }
  }
コード例 #5
0
 /**
  * Re-Login a user in from the ticket cache. This method assumes that login had happened already.
  * The Subject field of this UserGroupInformation object is updated to have the new credentials.
  *
  * @throws IOException on a failure
  */
 public synchronized void reloginFromTicketCache() throws IOException {
   if (!isSecurityEnabled()
       || user.getAuthenticationMethod() != AuthenticationMethod.KERBEROS
       || !isKrbTkt) return;
   LoginContext login = getLogin();
   if (login == null) {
     throw new IOException("login must be done first");
   }
   if (!hasSufficientTimeElapsed()) {
     return;
   }
   try {
     LOG.info("Initiating logout for " + getUserName());
     // clear up the kerberos state. But the tokens are not cleared! As per
     // the Java kerberos login module code, only the kerberos credentials
     // are cleared
     login.logout();
     // login and also update the subject field of this instance to
     // have the new credentials (pass it to the LoginContext constructor)
     login = new LoginContext(HadoopConfiguration.USER_KERBEROS_CONFIG_NAME, getSubject());
     LOG.info("Initiating re-login for " + getUserName());
     login.login();
     setLogin(login);
   } catch (LoginException le) {
     throw new IOException("Login failure for " + getUserName(), le);
   }
 }
コード例 #6
0
  /**
   * Log a user in from a keytab file. Loads a user identity from a keytab file and logs them in.
   * They become the currently logged-in user.
   *
   * @param user the principal name to load from the keytab
   * @param path the path to the keytab file
   * @throws IOException if the keytab file can't be read
   */
  public static synchronized void loginUserFromKeytab(String user, String path) throws IOException {
    if (!isSecurityEnabled()) {
      return;
    }

    keytabFile = path;
    keytabPrincipal = user;
    Subject subject = new Subject();
    LoginContext login;
    long start = 0;
    try {
      login = new LoginContext(HadoopConfiguration.KEYTAB_KERBEROS_CONFIG_NAME, subject);
      start = System.currentTimeMillis();
      login.login();
      metrics.loginSuccess.inc(System.currentTimeMillis() - start);
      loginUser = new UserGroupInformation(subject);
      loginUser.setLogin(login);
      loginUser.setAuthenticationMethod(AuthenticationMethod.KERBEROS);
    } catch (LoginException le) {
      if (start > 0) {
        metrics.loginFailure.inc(System.currentTimeMillis() - start);
      }
      throw new IOException("Login failure for " + user + " from keytab " + path, le);
    }
    LOG.info("Login successful for user " + keytabPrincipal + " using keytab file " + keytabFile);
  }
コード例 #7
0
  private synchronized void serviceLogin() throws AuthLoginException {
    debug.message("New Service Login ...");
    System.setProperty("java.security.krb5.realm", kdcRealm);
    System.setProperty("java.security.krb5.kdc", kdcServer);
    System.setProperty("java.security.auth.login.config", "/dev/null");

    try {
      Configuration config = Configuration.getConfiguration();
      WindowsDesktopSSOConfig wtc = null;
      if (config instanceof WindowsDesktopSSOConfig) {
        wtc = (WindowsDesktopSSOConfig) config;
        wtc.setRefreshConfig("true");
      } else {
        wtc = new WindowsDesktopSSOConfig(config);
      }
      wtc.setPrincipalName(servicePrincipalName);
      wtc.setKeyTab(keyTabFile);
      Configuration.setConfiguration(wtc);

      // perform service authentication using JDK Kerberos module
      LoginContext lc = new LoginContext(WindowsDesktopSSOConfig.defaultAppName);
      lc.login();

      serviceSubject = lc.getSubject();
      debug.message("Service login succeeded.");
    } catch (Exception e) {
      debug.error("Service Login Error: ");
      if (debug.messageEnabled()) {
        debug.message("Stack trace: ", e);
      }
      throw new AuthLoginException(amAuthWindowsDesktopSSO, "serviceAuth", null, e);
    }
  }
コード例 #8
0
ファイル: LoginBean.java プロジェクト: bmehner/coala
  /**
   * Tries to login the user. If username as well as password are correctly spelled this method
   * returns the PatientSearch-Site, if not the Login-Failed Site will be returned.
   *
   * @return correct login: PatientSearch, else LoginFailed
   * @throws Exception
   */
  public String login() throws Exception {
    //		FacesContext fc = FacesContext.getCurrentInstance().getExternalContext().getResponse();
    //		HttpServletResponse resp =
    // (HttpServletResponse)FacesContext.getCurrentInstance().getExternalContext().getResponse();
    //		resp.
    //		fc.getMessages().
    //		throw new Exception();
    // TODO: facesContext - register new Error
    try {
      LoginContext lc = new LoginContext("Test");
      lc.login();
    } catch (LoginException e) {
      e.printStackTrace();
    } finally {
      return "/errorPage.xhtml";
    }
    //		File f = null;
    //		f.getName();

    //		if(findUser(username, password)){
    //			return "loginAccepted";
    //		}
    //		else{
    //			return "loginDenied";
    //		}
    //		if(findUser(username, password)){
    //			return "/patientSearch.xhtml";
    //		}
    //		else{
    //			return "/loginFalse.xhtml";
    //		}
  }
コード例 #9
0
ファイル: MakeGSS.java プロジェクト: nissassin17/hsm
  public static void authenticate(
      PGStream pgStream,
      String host,
      String user,
      String password,
      String jaasApplicationName,
      String kerberosServerName,
      Logger logger)
      throws IOException, SQLException {
    if (logger.logDebug()) logger.debug(" <=BE AuthenticationReqGSS");

    Object result = null;

    if (jaasApplicationName == null) jaasApplicationName = "pgjdbc";
    if (kerberosServerName == null) kerberosServerName = "postgres";

    try {
      LoginContext lc =
          new LoginContext(jaasApplicationName, new GSSCallbackHandler(user, password));
      lc.login();

      Subject sub = lc.getSubject();
      PrivilegedAction action =
          new GssAction(pgStream, host, user, password, kerberosServerName, logger);
      result = Subject.doAs(sub, action);
    } catch (Exception e) {
      throw new PSQLException(GT.tr("GSS Authentication failed"), PSQLState.CONNECTION_FAILURE, e);
    }

    if (result instanceof IOException) throw (IOException) result;
    else if (result instanceof SQLException) throw (SQLException) result;
    else if (result != null)
      throw new PSQLException(
          GT.tr("GSS Authentication failed"), PSQLState.CONNECTION_FAILURE, (Exception) result);
  }
コード例 #10
0
  public Subject krb5PasswordLogin(String password) {
    String loginModuleName = "krb5UsernamePasswordLogin";

    LOG.info(
        "Attempting kerberos authentication of user: "******" using username and password mechanism");

    // Set the domain to realm and the kdc
    // System.setProperty("java.security.krb5.realm", "JTLAN.CO.UK");
    // System.setProperty("java.security.krb5.kdc", "jtserver.jtlan.co.uk");
    // System.setProperty("java.security.krb5.conf",
    // "/home/turnerj/git/servlet-security-filter/KerberosSecurityFilter/src/main/resources/krb5.conf");

    // Form jaasOptions map
    Map<String, String> jaasOptions = new HashMap<String, String>();
    jaasOptions.put("useKeyTab", "false");
    jaasOptions.put("storeKey", "false");
    jaasOptions.put("doNotPrompt", "false");
    jaasOptions.put("refreshKrb5Config", "false");
    jaasOptions.put("clearPass", "true");
    jaasOptions.put("useTicketCache", "false");
    LOG.debug("Dynamic jaas configuration used:" + jaasOptions.toString());

    // Create dynamic jaas config
    DynamicJaasConfiguration contextConfig = new DynamicJaasConfiguration();
    contextConfig.addAppConfigEntry(
        loginModuleName,
        "com.sun.security.auth.module.Krb5LoginModule",
        AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
        jaasOptions);

    try {
      /*
       * Create login context using dynamic config
       * The "krb5UsernamePasswordLogin" needs to correspond to a configuration in the jaas config.
       */
      LoginContext loginCtx =
          new LoginContext(
              loginModuleName,
              null,
              new LoginUsernamePasswordHandler(clientPrincipal, password),
              contextConfig);
      loginCtx.login();
      Subject clientSubject = loginCtx.getSubject();
      String loggedInUser = principalNameFromSubject(clientSubject);
      LOG.info(
          "SUCCESSFUL LOGIN for user: "******" using username and password mechanism.");
      return clientSubject;
    } catch (LoginException le) {
      le.printStackTrace();
      // Failed logins are not an application error so the following line is at info level.
      LOG.info(
          "LOGIN FAILED for user: "******" using username and password mechanism. Reason: "
              + le.toString());
      return null;
    }
  }
コード例 #11
0
ファイル: KerberosTest.java プロジェクト: hzbarcea/cxf-fediz
  private String getEncodedKerberosTicket(boolean spnego) throws Exception {

    System.setProperty("java.security.auth.login.config", "src/test/resources/kerberos.jaas");
    System.setProperty("org.apache.xml.security.ignoreLineBreaks", "true");

    Oid kerberos5Oid = null;
    if (spnego) {
      kerberos5Oid = new Oid("1.3.6.1.5.5.2");
    } else {
      kerberos5Oid = new Oid("1.2.840.113554.1.2.2");
    }

    GSSManager manager = GSSManager.getInstance();
    GSSName serverName =
        manager.createName("*****@*****.**", GSSName.NT_HOSTBASED_SERVICE);

    GSSContext context =
        manager.createContext(
            serverName.canonicalize(kerberos5Oid), kerberos5Oid, null, GSSContext.DEFAULT_LIFETIME);

    context.requestCredDeleg(true);

    final byte[] token = new byte[0];

    String contextName = "alice";
    LoginContext lc = new LoginContext(contextName);
    lc.login();

    byte[] ticket =
        (byte[]) Subject.doAs(lc.getSubject(), new CreateServiceTicketAction(context, token));
    return Base64.encode(ticket);
  }
コード例 #12
0
 private Subject getAuthenticatedSubject(
     final String user, final String password, final X509Certificate[] certificates)
     throws LoginException {
   LoginContext lc =
       new LoginContext(configurationName, new JaasCallbackHandler(user, password, certificates));
   lc.login();
   return lc.getSubject();
 }
コード例 #13
0
ファイル: JAASLoginService.java プロジェクト: Nextzero/Jetty
 /* ------------------------------------------------------------ */
 public void logout(UserIdentity user) {
   Set<JAASUserPrincipal> userPrincipals =
       user.getSubject().getPrincipals(JAASUserPrincipal.class);
   LoginContext loginContext = userPrincipals.iterator().next().getLoginContext();
   try {
     loginContext.logout();
   } catch (LoginException e) {
     LOG.warn(e);
   }
 }
コード例 #14
0
ファイル: JAASTest.java プロジェクト: tcapener/liferay-portal
  @Test
  public void testLoginEmailAddressWithScreenName() throws Exception {
    _jaasAuthTypeField.set(null, "screenName");

    LoginContext loginContext = getLoginContext(_user.getEmailAddress(), _user.getPassword());

    try {
      loginContext.login();

      Assert.fail();
    } catch (Exception e) {
    }
  }
コード例 #15
0
 private boolean authenticate(SecurityContext securityContext) {
   Connection connection = endpoint.getConnection();
   credentials.setEndpoint(connection.getInetAddress().getHostAddress());
   try {
     LoginContext lc = securityContext.createClientLoginContext(credentials);
     lc.login();
     endpoint.setLoginContext(lc);
     return true;
   } catch (LoginException e) {
     logger.warning(e);
     return false;
   }
 }
コード例 #16
0
ファイル: JAASTest.java プロジェクト: tcapener/liferay-portal
  @Test
  public void testLoginScreenNameWithUserId() throws Exception {
    _jaasAuthTypeField.set(null, "userId");

    LoginContext loginContext = getLoginContext(_user.getScreenName(), _user.getPassword());

    try {
      loginContext.login();

      Assert.fail();
    } catch (Exception e) {
    }
  }
コード例 #17
0
ファイル: JAASTest.java プロジェクト: tcapener/liferay-portal
  @Test
  public void testLoginScreenNameWithScreenName() throws Exception {
    _jaasAuthTypeField.set(null, "screenName");

    LoginContext loginContext = getLoginContext(_user.getScreenName(), _user.getPassword());

    try {
      loginContext.login();
    } catch (Exception e) {
      Assert.fail();
    }

    validateSubject(loginContext.getSubject(), _user.getScreenName());
  }
コード例 #18
0
ファイル: JAASTest.java プロジェクト: tcapener/liferay-portal
  @Test
  public void testLoginEmailAddressWithLogin() throws Exception {
    _jaasAuthTypeField.set(null, "login");

    LoginContext loginContext = getLoginContext(_user.getEmailAddress(), _user.getPassword());

    try {
      loginContext.login();
    } catch (Exception e) {
      Assert.fail();
    }

    validateSubject(loginContext.getSubject(), _user.getEmailAddress());
  }
コード例 #19
0
ファイル: RunAsTestCase.java プロジェクト: Emmanuel35/wildfly
  @Test
  public void testRunAsICIR_TwoBeans() throws Exception {
    LoginContext lc = Util.getCLMLoginContext("user1", "password1");
    lc.login();
    try {
      // TODO - Enable once auth checks are working.
      /*
       * try { whoAmIBean.getCallerPrincipal(); fail("Expected call to whoAmIBean to fail"); } catch (Exception expected)
       * { }
       */

      boolean[] response;
      response = entryBean.doubleDoIHaveRole("Users");
      assertTrue(response[0]);
      assertFalse(response[1]);

      response = entryBean.doubleDoIHaveRole("Role1");
      assertTrue(response[0]);
      assertFalse(response[1]);

      response = entryBean.doubleDoIHaveRole("Role2");
      assertFalse(response[0]);
      assertTrue(response[1]);
    } finally {
      lc.logout();
    }

    lc = Util.getCLMLoginContext("user2", "password2");
    lc.login();
    try {
      // Verify the call now passes.
      Principal user = whoAmIBean.getCallerPrincipal();
      assertNotNull(user);

      boolean[] response;
      response = entryBean.doubleDoIHaveRole("Users");
      assertTrue(response[0]);
      assertFalse(response[1]);

      response = entryBean.doubleDoIHaveRole("Role1");
      assertFalse(response[0]);
      assertFalse(response[1]);

      response = entryBean.doubleDoIHaveRole("Role2");
      assertTrue(response[0]);
      assertTrue(response[1]);
    } finally {
      lc.logout();
    }
  }
コード例 #20
0
ファイル: JAASTest.java プロジェクト: tcapener/liferay-portal
  @Test
  public void testLoginUserIdWithScreenName() throws Exception {
    _jaasAuthTypeField.set(null, "screenName");

    LoginContext loginContext =
        getLoginContext(String.valueOf(_user.getUserId()), _user.getPassword());

    try {
      loginContext.login();

      Assert.fail();
    } catch (Exception e) {
    }
  }
コード例 #21
0
  /** @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) */
  protected void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    HttpSession httpSession = request.getSession();

    LoginContext lc = (LoginContext) httpSession.getAttribute("LoginContext");
    try {
      System.out.println("INVOCO IL LOGOUT");
      lc.logout();
    } catch (LoginException e) {
      e.printStackTrace();
    }

    response.sendRedirect(response.encodeRedirectURL("/JAAS_XACML_Exercise2/public/logout.jsp"));
  }
コード例 #22
0
  /**
   * Authenticates user.
   *
   * @param user user - authenticated user
   * @param password - authentication password
   * @return true/false - authentication decision
   */
  @Override
  protected boolean authenticate(Principal user, String password) {
    String username = user.getName();
    LoginContext lc = null;
    try {
      lc = new LoginContext(AUTHENTICATION_CONTEXT, new StringCallbackHandler(username, password));
      lc.login();
      log.info("Kerberos authentication attempt PASSED!");
      return true;

    } catch (LoginException le) {
      log.error("Kerberos authentication attempt FAILED. Reason:" + le);
    }
    return false;
  }
コード例 #23
0
  private Subject login() throws AuthenticationException {
    try {
      LoginContext lc =
          new LoginContext(
              KerberosLdapContextSource.class.getSimpleName(), null, null, this.loginConfig);

      lc.login();

      return lc.getSubject();
    } catch (LoginException e) {
      AuthenticationException ae = new AuthenticationException(e.getMessage());
      ae.initCause(e);
      throw ae;
    }
  }
コード例 #24
0
  /**
   * Returns true if user was successfully authenticated against Kerberos
   *
   * @param username username without Kerberos realm attached
   * @param password kerberos password
   * @return true if user was successfully authenticated
   */
  public Subject authenticateSubject(String username, String password) throws LoginException {
    String principal = getKerberosPrincipal(username);

    logger.debug("Validating password of principal: " + principal);
    loginContext =
        new LoginContext(
            "does-not-matter",
            null,
            createJaasCallbackHandler(principal, password),
            createJaasConfiguration());

    loginContext.login();
    logger.debug("Principal " + principal + " authenticated succesfully");
    return loginContext.getSubject();
  }
コード例 #25
0
ファイル: Krb5Login.java プロジェクト: koem/Zimbra
 public static void verifyPassword(String principal, String password) throws LoginException {
   LoginContext lc = null;
   try {
     lc = Krb5Login.withPassword(principal, password);
     lc.login();
   } finally {
     if (lc != null) {
       try {
         lc.logout();
       } catch (LoginException le) {
         ZimbraLog.account.warn("krb5 logout failed", le);
       }
     }
   }
 }
コード例 #26
0
ファイル: JAASTest.java プロジェクト: tcapener/liferay-portal
  @Test
  public void testLoginUserIdWithUserId() throws Exception {
    _jaasAuthTypeField.set(null, "userId");

    LoginContext loginContext =
        getLoginContext(String.valueOf(_user.getUserId()), _user.getPassword());

    try {
      loginContext.login();
    } catch (Exception e) {
      Assert.fail();
    }

    validateSubject(loginContext.getSubject(), String.valueOf(_user.getUserId()));
  }
コード例 #27
0
  public Subject krb5KeytabLogin(String keytab) {
    String loginModuleName = "krb5NonInteractiveClientLogin";

    LOG.info("Attempting kerberos login of user: "******" using keytab: " + keytab);
    // Form jaasOptions map
    Map<String, String> jaasOptions = new HashMap<String, String>();
    jaasOptions.put("useKeyTab", "true");
    jaasOptions.put("keyTab", keytab);
    jaasOptions.put("principal", clientPrincipal);
    jaasOptions.put("storeKey", "true"); // Need this to be true for when the server side logs in.
    jaasOptions.put("doNotPrompt", "true");
    jaasOptions.put("refreshKrb5Config", "false");
    jaasOptions.put("clearPass", "true");
    jaasOptions.put("useTicketCache", "false");
    LOG.debug("Dynamic jaas configuration used:" + jaasOptions.toString());

    // Create dynamic jaas config
    DynamicJaasConfiguration contextConfig = new DynamicJaasConfiguration();
    contextConfig.addAppConfigEntry(
        loginModuleName,
        "com.sun.security.auth.module.Krb5LoginModule",
        AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
        jaasOptions);
    try {
      /*
       * The nonInteractiveCallbackHandler should not be needed as the jaas config sets the client to use keytab file and not prompt the user.
       * Therefore this is suitable for system authentication. if the callback handler is used the nonInteractiveCallbackHandler just throws exceptions.
       */
      LoginContext loginCtx =
          new LoginContext(
              loginModuleName, null, new NonInteractiveCallbackHandler(), contextConfig);
      loginCtx.login();
      Subject clientSubject = loginCtx.getSubject();
      String loggedInUser = principalNameFromSubject(clientSubject);
      LOG.info("SUCCESSFUL LOGIN for user: "******" using keytab: " + keytab);
      return clientSubject;
    } catch (LoginException le) {
      LOG.info(
          "LOGIN FAILED for user: "******" using keytab: "
              + keytab
              + " Reason: "
              + le.toString());
      le.printStackTrace();
      return null;
    }
  }
コード例 #28
0
  public void generate() throws SAXException, ProcessingException {
    if (log.isDebugEnabled()) log.debug("begin generate");
    contentHandler.startDocument();
    Document doc = XercesHelper.getNewDocument();
    Element root = doc.createElement("authentication");
    doc.appendChild(root);
    try {
      LoginContext lc = new LoginContext(jaasRealm, new InternalCallbackHandler());
      lc.login();
      Subject s = lc.getSubject();
      if (log.isDebugEnabled()) log.debug("Subject is: " + s.getPrincipals().toString());
      Element idElement = doc.createElement("ID");
      root.appendChild(idElement);

      Iterator it = s.getPrincipals(java.security.Principal.class).iterator();
      while (it.hasNext()) {
        Principal prp = (Principal) it.next();
        if (prp.getName().equalsIgnoreCase("Roles")) {
          Element roles = doc.createElement("roles");
          root.appendChild(roles);
          Group grp = (Group) prp;
          Enumeration member = grp.members();
          while (member.hasMoreElements()) {
            Principal sg = (Principal) member.nextElement();
            Element role = doc.createElement("role");
            roles.appendChild(role);
            Text txt = doc.createTextNode(sg.getName());
            role.appendChild(txt);
          }
        } else {
          Node nde = doc.createTextNode(prp.getName());
          idElement.appendChild(nde);
        }
      }
      lc.logout();
    } catch (Exception exe) {
      log.warn("Could not login user \"" + userid + "\"");
    } finally {
      try {
        DOMStreamer ds = new DOMStreamer(contentHandler);
        ds.stream(doc.getDocumentElement());
        contentHandler.endDocument();
      } catch (Exception exe) {
        log.error("Error streaming to dom", exe);
      }
      if (log.isDebugEnabled()) log.debug("end generate");
    }
  }
コード例 #29
0
  /**
   * Returns true if user with given username exists in kerberos database
   *
   * @param username username without Kerberos realm attached or with correct realm attached
   * @return true if user available
   */
  public boolean isUserAvailable(String username) {
    logger.debug("Checking existence of user: "******"does-not-matter",
              null,
              createJaasCallbackHandler(principal, "fake-password-which-nobody-has"),
              createJaasConfiguration());

      loginContext.login();

      throw new IllegalStateException("Didn't expect to end here");
    } catch (LoginException le) {
      String message = le.getMessage();
      logger.debug("Message from kerberos: " + message);

      checkKerberosServerAvailable(le);

      // Bit cumbersome, but seems to work with tested kerberos servers
      boolean exists = (!message.contains("Client not found"));
      return exists;
    }
  }
コード例 #30
0
ファイル: RunAsTestCase.java プロジェクト: Emmanuel35/wildfly
 @Test
 public void testAuthentication_TwoBeans() throws Exception {
   LoginContext lc = Util.getCLMLoginContext("user1", "password1");
   lc.login();
   try {
     String[] response = entryBean.doubleWhoAmI();
     assertEquals("user1", response[0]);
     assertEquals(
         "anonymous",
         response[
             1]); // Unless a run-as-principal configuration has been done, you cannot expect a
                  // principal
   } finally {
     lc.logout();
   }
 }