public Subject krb5PasswordLogin(String password) { String loginModuleName = "krb5UsernamePasswordLogin"; LOG.info( "Attempting kerberos authentication of user: "******" using username and password mechanism"); // Set the domain to realm and the kdc // System.setProperty("java.security.krb5.realm", "JTLAN.CO.UK"); // System.setProperty("java.security.krb5.kdc", "jtserver.jtlan.co.uk"); // System.setProperty("java.security.krb5.conf", // "/home/turnerj/git/servlet-security-filter/KerberosSecurityFilter/src/main/resources/krb5.conf"); // Form jaasOptions map Map<String, String> jaasOptions = new HashMap<String, String>(); jaasOptions.put("useKeyTab", "false"); jaasOptions.put("storeKey", "false"); jaasOptions.put("doNotPrompt", "false"); jaasOptions.put("refreshKrb5Config", "false"); jaasOptions.put("clearPass", "true"); jaasOptions.put("useTicketCache", "false"); LOG.debug("Dynamic jaas configuration used:" + jaasOptions.toString()); // Create dynamic jaas config DynamicJaasConfiguration contextConfig = new DynamicJaasConfiguration(); contextConfig.addAppConfigEntry( loginModuleName, "com.sun.security.auth.module.Krb5LoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, jaasOptions); try { /* * Create login context using dynamic config * The "krb5UsernamePasswordLogin" needs to correspond to a configuration in the jaas config. */ LoginContext loginCtx = new LoginContext( loginModuleName, null, new LoginUsernamePasswordHandler(clientPrincipal, password), contextConfig); loginCtx.login(); Subject clientSubject = loginCtx.getSubject(); String loggedInUser = principalNameFromSubject(clientSubject); LOG.info( "SUCCESSFUL LOGIN for user: "******" using username and password mechanism."); return clientSubject; } catch (LoginException le) { le.printStackTrace(); // Failed logins are not an application error so the following line is at info level. LOG.info( "LOGIN FAILED for user: "******" using username and password mechanism. Reason: " + le.toString()); return null; } }
/** * Tries to login the user. If username as well as password are correctly spelled this method * returns the PatientSearch-Site, if not the Login-Failed Site will be returned. * * @return correct login: PatientSearch, else LoginFailed * @throws Exception */ public String login() throws Exception { // FacesContext fc = FacesContext.getCurrentInstance().getExternalContext().getResponse(); // HttpServletResponse resp = // (HttpServletResponse)FacesContext.getCurrentInstance().getExternalContext().getResponse(); // resp. // fc.getMessages(). // throw new Exception(); // TODO: facesContext - register new Error try { LoginContext lc = new LoginContext("Test"); lc.login(); } catch (LoginException e) { e.printStackTrace(); } finally { return "/errorPage.xhtml"; } // File f = null; // f.getName(); // if(findUser(username, password)){ // return "loginAccepted"; // } // else{ // return "loginDenied"; // } // if(findUser(username, password)){ // return "/patientSearch.xhtml"; // } // else{ // return "/loginFalse.xhtml"; // } }
/** @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) */ protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { HttpSession httpSession = request.getSession(); LoginContext lc = (LoginContext) httpSession.getAttribute("LoginContext"); try { System.out.println("INVOCO IL LOGOUT"); lc.logout(); } catch (LoginException e) { e.printStackTrace(); } response.sendRedirect(response.encodeRedirectURL("/JAAS_XACML_Exercise2/public/logout.jsp")); }
public Subject krb5KeytabLogin(String keytab) { String loginModuleName = "krb5NonInteractiveClientLogin"; LOG.info("Attempting kerberos login of user: "******" using keytab: " + keytab); // Form jaasOptions map Map<String, String> jaasOptions = new HashMap<String, String>(); jaasOptions.put("useKeyTab", "true"); jaasOptions.put("keyTab", keytab); jaasOptions.put("principal", clientPrincipal); jaasOptions.put("storeKey", "true"); // Need this to be true for when the server side logs in. jaasOptions.put("doNotPrompt", "true"); jaasOptions.put("refreshKrb5Config", "false"); jaasOptions.put("clearPass", "true"); jaasOptions.put("useTicketCache", "false"); LOG.debug("Dynamic jaas configuration used:" + jaasOptions.toString()); // Create dynamic jaas config DynamicJaasConfiguration contextConfig = new DynamicJaasConfiguration(); contextConfig.addAppConfigEntry( loginModuleName, "com.sun.security.auth.module.Krb5LoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, jaasOptions); try { /* * The nonInteractiveCallbackHandler should not be needed as the jaas config sets the client to use keytab file and not prompt the user. * Therefore this is suitable for system authentication. if the callback handler is used the nonInteractiveCallbackHandler just throws exceptions. */ LoginContext loginCtx = new LoginContext( loginModuleName, null, new NonInteractiveCallbackHandler(), contextConfig); loginCtx.login(); Subject clientSubject = loginCtx.getSubject(); String loggedInUser = principalNameFromSubject(clientSubject); LOG.info("SUCCESSFUL LOGIN for user: "******" using keytab: " + keytab); return clientSubject; } catch (LoginException le) { LOG.info( "LOGIN FAILED for user: "******" using keytab: " + keytab + " Reason: " + le.toString()); le.printStackTrace(); return null; } }
private static void testPerformAs() { try { // performAs("service/[email protected]", // "/apps/workgroup-audit/keytab/keytab.workgroup-audit", new Dummy("phoebe")); // performAs("service/[email protected]", "/etc/krb5.keytab", new // DummyAction("phoebe")); // performAs("ldap/[email protected]", "/etc/krb5.keytab", new SearchAction()); performAs("ldap/[email protected]", "/etc/krb5.keytab", new SearchAction()); } catch (LoginException le) { le.printStackTrace(); } catch (PrivilegedActionException pae) { Exception e = pae.getException(); System.out.println("exception msg is: " + e.getMessage()); e.printStackTrace(); } }
/** * The instance method checks if for the given user the password is correct. The test itself is * done with * * @param _name name of the person name to check * @param _passwd password of the person to check * @see #checkLogin */ protected boolean checkLogin(final String _name, final String _passwd) { boolean ret = false; try { LoginContext login = new LoginContext(this.application, new LoginCallBackHandler(_name, _passwd)); login.login(); Person person = null; for (JAASSystem system : JAASSystem.getAllJAASSystems()) { Set users = login.getSubject().getPrincipals(system.getPersonJAASPrincipleClass()); System.out.println("---------------------->users=" + users); for (Object persObj : users) { try { String persKey = (String) system.getPersonMethodKey().invoke(persObj, null); Person foundPerson = Person.getWithJAASKey(system, persKey); if (foundPerson == null) { // TODO: JAASKey for person must be added!!! } else if (person == null) { person = foundPerson; } else if (person.getId() != foundPerson.getId()) { LOG.error( "For JAAS system " + system.getName() + " " + "person with key '" + persKey + "' is not unique!" + "Have found person '" + person.getName() + "' " + "(id = " + person.getId() + ") and person " + "'" + foundPerson.getName() + "' " + "(id = " + foundPerson.getId() + ")."); // TODO: throw exception!! } } catch (IllegalAccessException e) { LOG.error("could not execute person key method for system " + system.getName(), e); // TODO: throw exception!! } catch (IllegalArgumentException e) { LOG.error("could not execute person key method for system " + system.getName(), e); // TODO: throw exception!! } catch (InvocationTargetException e) { LOG.error("could not execute person key method for system " + system.getName(), e); // TODO: throw exception!! } } } if (person == null) { for (JAASSystem system : JAASSystem.getAllJAASSystems()) { Set users = login.getSubject().getPrincipals(system.getPersonJAASPrincipleClass()); for (Object persObj : users) { try { String persKey = (String) system.getPersonMethodKey().invoke(persObj, null); if (person == null) { person = Person.createPerson(system, persKey, persKey); } else { person.assignToJAASSystem(system, persKey); } } catch (IllegalAccessException e) { LOG.error("could not execute person key method for system " + system.getName(), e); // TODO: throw exception!! } catch (IllegalArgumentException e) { LOG.error("could not execute person key method for system " + system.getName(), e); // TODO: throw exception!! } catch (InvocationTargetException e) { LOG.error("could not execute person key method for system " + system.getName(), e); // TODO: throw exception!! } } } } person.cleanUp(); for (JAASSystem system : JAASSystem.getAllJAASSystems()) { if (system.getRoleJAASPrincipleClass() != null) { Set rolesJaas = login.getSubject().getPrincipals(system.getRoleJAASPrincipleClass()); Set<Role> rolesEfaps = new HashSet<Role>(); for (Object roleObj : rolesJaas) { try { String roleKey = (String) system.getRoleMethodKey().invoke(roleObj, null); Role roleEfaps = Role.getWithJAASKey(system, roleKey); if (roleEfaps != null) { rolesEfaps.add(roleEfaps); } } catch (IllegalAccessException e) { LOG.error("could not execute role key method for system " + system.getName(), e); } catch (IllegalArgumentException e) { LOG.error("could not execute role key method for system " + system.getName(), e); } catch (InvocationTargetException e) { LOG.error("could not execute role key method for system " + system.getName(), e); } } person.setRoles(system, rolesEfaps); } } ret = true; } catch (EFapsException e) { e.printStackTrace(); LOG.error("login failed for '" + _name + "'", e); } catch (LoginException e) { e.printStackTrace(); LOG.error("login failed for '" + _name + "'", e); } return ret; }