예제 #1
0
  /** Return the password associated with the given principal's user name. */
  protected String getPassword(String username) {

    GenericPrincipal principal = (GenericPrincipal) principals.get(username);
    if (principal != null) {
      return (principal.getPassword());
    } else {
      return (null);
    }
  }
예제 #2
0
  /**
   * Return <code>true</code> if the specified Principal has the specified security role, within the
   * context of this Realm; otherwise return <code>false</code>. This method can be overridden by
   * Realm implementations, but the default is adequate when an instance of <code>GenericPrincipal
   * </code> is used to represent authenticated Principals from this Realm.
   *
   * @param principal Principal for whom the role is to be checked
   * @param role Security role to be checked
   */
  public boolean hasRole(Principal principal, String role) {

    if ((principal == null) || (role == null) || !(principal instanceof GenericPrincipal))
      return (false);
    GenericPrincipal gp = (GenericPrincipal) principal;
    if (!(gp.getRealm() == this)) return (false);
    boolean result = gp.hasRole(role);
    if (debug >= 2) {
      String name = principal.getName();
      if (result) log(sm.getString("realmBase.hasRoleSuccess", name, role));
      else log(sm.getString("realmBase.hasRoleFailure", name, role));
    }
    return (result);
  }
  protected Principal getPrincipal(String username, GSSCredential gssCredential) {
    Principal p = getPrincipal(username);

    if (p instanceof GenericPrincipal) {
      ((GenericPrincipal) p).setGssCredential(gssCredential);
    }

    return p;
  }
  /**
   * Return <code>true</code> if the specified Principal has the specified security role, within the
   * context of this Realm; otherwise return <code>false</code>. This method can be overridden by
   * Realm implementations, but the default is adequate when an instance of <code>GenericPrincipal
   * </code> is used to represent authenticated Principals from this Realm.
   *
   * @param principal Principal for whom the role is to be checked
   * @param role Security role to be checked
   */
  @Override
  public boolean hasRole(Wrapper wrapper, Principal principal, String role) {
    // Check for a role alias defined in a <security-role-ref> element
    if (wrapper != null) {
      String realRole = wrapper.findSecurityReference(role);
      if (realRole != null) role = realRole;
    }

    // Should be overridden in JAASRealm - to avoid pretty inefficient conversions
    if ((principal == null) || (role == null) || !(principal instanceof GenericPrincipal))
      return (false);

    GenericPrincipal gp = (GenericPrincipal) principal;
    boolean result = gp.hasRole(role);
    if (log.isDebugEnabled()) {
      String name = principal.getName();
      if (result) log.debug(sm.getString("realmBase.hasRoleSuccess", name, role));
      else log.debug(sm.getString("realmBase.hasRoleFailure", name, role));
    }
    return (result);
  }
예제 #5
0
  /**
   * Return the Principal associated with the specified username and credentials, if there is one;
   * otherwise return <code>null</code>.
   *
   * @param username Username of the Principal to look up
   * @param credentials Password or other credentials to use in authenticating this username
   */
  public Principal authenticate(String username, String credentials) {

    GenericPrincipal principal = (GenericPrincipal) principals.get(username);

    boolean validated = false;
    if (principal != null) {
      if (hasMessageDigest()) {
        // Hex hashes should be compared case-insensitive
        validated = (digest(credentials).equalsIgnoreCase(principal.getPassword()));
      } else {
        validated = (digest(credentials).equals(principal.getPassword()));
      }
    }

    if (validated) {
      if (debug >= 2) log(sm.getString("memoryRealm.authenticateSuccess", username));
      return (principal);
    } else {
      if (debug >= 2) log(sm.getString("memoryRealm.authenticateFailure", username));
      return (null);
    }
  }
 /**
  * @see org.overlord.commons.auth.util.SAMLAssertionFactory#createSAMLAssertion(java.lang.String,
  *     java.lang.String, int)
  */
 @Override
 public String createSAMLAssertion(String issuerName, String forService, int timeValidInMillis) {
   try {
     HttpServletRequest request = HttpRequestThreadLocalValve.TL_request.get();
     Principal principal = request.getUserPrincipal();
     if (principal instanceof GenericPrincipal) {
       GenericPrincipal gp = (GenericPrincipal) principal;
       String[] gpRoles = gp.getRoles();
       Set<String> roles = new HashSet<String>(gpRoles.length);
       for (String role : gpRoles) {
         roles.add(role);
       }
       return SAMLBearerTokenUtil.createSAMLAssertion(
           principal, roles, issuerName, forService, timeValidInMillis);
     }
     throw new Exception(
         Messages.getString("TomcatSAMLAssertionFactory.UnexpectedPrincipalType")
             + principal.getClass()); // $NON-NLS-1$
   } catch (Exception e) {
     throw new RuntimeException(e);
   }
 }