List of usage examples for java.security.acl Group members
public Enumeration<? extends Principal> members();
From source file:de.juwimm.cms.beans.foreign.security.ConQuestDaoAuthenticationProvider.java
/** * Attempts to login the user given the Authentication objects principal and credential * * @param auth The Authentication object to be authenticated. * * @return The authenticated Authentication object, with it's grantedAuthorities set. * * @throws AuthenticationException This implementation does not handle 'locked' or 'disabled' accounts. This method * only throws a AuthenticationServiceException, with the message of the LoginException that will be * thrown, should the loginContext.login() method fail. *//* w w w.j av a 2s.com*/ public Authentication authenticate(Authentication auth) throws AuthenticationException { if (auth instanceof UsernamePasswordAuthenticationToken) { UsernamePasswordAuthenticationToken request = (UsernamePasswordAuthenticationToken) auth; try { //Create the LoginContext object, and pass our InternallCallbackHandler LoginContext loginContext = new LoginContext(loginContextName, new InternalCallbackHandler(auth)); //Attempt to login the user, the LoginContext will call our InternalCallbackHandler at this point. loginContext.login(); //create a set to hold the authorities, and add any that have already been applied. Set authorities = new HashSet(); if (request.getAuthorities() != null) { authorities.addAll(Arrays.asList(request.getAuthorities())); } //get the subject principals and pass them to each of the AuthorityGranters Set principals = loginContext.getSubject().getPrincipals(); authorities.add(new JaasGrantedAuthority("*", new AllPrincipal())); for (Iterator iterator = principals.iterator(); iterator.hasNext();) { Principal principal = (Principal) iterator.next(); if (principal instanceof Group) { Group g = (Group) principal; if (g.members() != null) { Enumeration members = g.members(); while (members.hasMoreElements()) { Principal object = (Principal) members.nextElement(); authorities.add(new JaasGrantedAuthority(object.toString(), object)); } } else { authorities.add(new JaasGrantedAuthority(g.toString(), g)); } } } //Convert the authorities set back to an array and apply it to the token. JaasAuthenticationToken result = new JaasAuthenticationToken(request.getPrincipal(), request.getCredentials(), (GrantedAuthority[]) authorities.toArray(new GrantedAuthority[authorities.size()]), loginContext); //Publish the success event publishSuccessEvent(result); //we're done, return the token. return result; } catch (LoginException loginException) { SpringSecurityException ase = loginExceptionResolver.resolveException(loginException); publishFailureEvent(request, ase); throw ase; } } return null; }
From source file:org.apache.catalina.realm.JAASRealm.java
/** * Construct and return a <code>java.security.Principal</code> instance * representing the authenticated user for the specified Subject. If no * such Principal can be constructed, return <code>null</code>. * * @param subject The Subject representing the logged in user *///from www .ja v a 2 s . c o m protected Principal createPrincipal(String username, Subject subject) { // Prepare to scan the Principals for this Subject String password = null; // Will not be carried forward ArrayList roles = new ArrayList(); // Scan the Principals for this Subject Iterator principals = subject.getPrincipals().iterator(); while (principals.hasNext()) { Principal principal = (Principal) principals.next(); // No need to look further - that's our own stuff if (principal instanceof GenericPrincipal) { if (log.isDebugEnabled()) log.debug("Found old GenericPrincipal " + principal); return principal; } String principalClass = principal.getClass().getName(); if (log.isDebugEnabled()) log.info("Principal: " + principalClass + " " + principal); if (userClasses.contains(principalClass)) { // Override the default - which is the original user, accepted by // the friendly LoginManager username = principal.getName(); } if (roleClasses.contains(principalClass)) { roles.add(principal.getName()); } // Same as Jboss - that's a pretty clean solution if ((principal instanceof Group) && "Roles".equals(principal.getName())) { Group grp = (Group) principal; Enumeration en = grp.members(); while (en.hasMoreElements()) { Principal roleP = (Principal) en.nextElement(); roles.add(roleP.getName()); } } } // Create the resulting Principal for our authenticated user if (username != null) { return (new GenericPrincipal(this, username, password, roles)); } else { return (null); } }
From source file:org.betaconceptframework.astroboa.context.SecurityContext.java
private List<String> retrieveAuthorizedRepositoriesFromSubject(List<String> availableRepositories) { List<String> authorizedRepositories = new ArrayList<String>(); boolean foundAuthorizedRepositoriesPrincipal = false; if (subject != null) { Set<Group> subjectGroups = subject.getPrincipals(Group.class); if (subjectGroups != null) { for (Group group : subjectGroups) { if (group.getName() != null && AstroboaPrincipalName.AuthorizedRepositories.toString().equals(group.getName())) { foundAuthorizedRepositoriesPrincipal = true; Enumeration groupMembers = group.members(); while (groupMembers.hasMoreElements()) { Principal groupPrincipal = (Principal) groupMembers.nextElement(); authorizedRepositories.add(groupPrincipal.getName()); }//from w w w . j a va 2s .co m break; } } } } //In cases where no information about authorized repositories //is provided in Subject, a PERMIT ALL policy is enforced, //thus available repositories must be known during initialization of this //context if (!foundAuthorizedRepositoriesPrincipal) { if (CollectionUtils.isNotEmpty(availableRepositories)) { authorizedRepositories.addAll(availableRepositories); } } return authorizedRepositories; }
From source file:org.betaconceptframework.astroboa.context.SecurityContext.java
private void addGroupMembersToRoles(Group group, Set<String> roles) { Enumeration groupMembers = group.members(); while (groupMembers.hasMoreElements()) { Principal role = (Principal) groupMembers.nextElement(); roles.add(role.getName());/*w w w . j av a2s .c o m*/ if (role instanceof Group) { addGroupMembersToRoles((Group) role, roles); } } }
From source file:org.gluu.oxtrust.action.Authenticator.java
/** * Set session variables after user login * //w w w . j a v a 2 s . c o m * @throws Exception */ private void postLogin(User user) { log.debug("Configuring application after user '{0}' login", user.getUid()); GluuCustomPerson person = findPersonByDn(user.getDn()); Contexts.getSessionContext().set(OxTrustConstants.CURRENT_PERSON, person); // Set user roles GluuUserRole[] userRoles = securityService.getUserRoles(user); if (ArrayHelper.isNotEmpty(userRoles)) { log.debug("Get '{0}' user roles", Arrays.toString(userRoles)); } else { log.debug("Get 0 user roles"); } for (GluuUserRole userRole : userRoles) { identity.addRole(userRole.getRoleName()); } if (log.isDebugEnabled()) { for (Group sg : identity.getSubject().getPrincipals(java.security.acl.Group.class)) { if ("Roles".equals(sg.getName())) { log.debug("Using next user roles: '{0}'", sg.members()); break; } } } }
From source file:org.josso.gl2.agent.jaas.CatalinaJAASRealm.java
/** * Construct and return a java.security.Principal instance * representing the authenticated user for the specified Subject. If no * such Principal can be constructed, return null. * * The Principal constructed is *not* GenericPrincipal as in Catalina JAASRealm class, * but CatalinaSSOUser which is a SSOUser. * The Partner Application can access SSOUser-specific properties that are not available * in GenericPrincipal./*from w w w . j a v a 2 s . com*/ * The JAASRealm superclass invokes this factory method to build the Catalina-specific * Principal from the Subject filled by the configured JAASLoginModule. * * @param subject The Subject representing the logged in user */ @Override protected Principal createPrincipal(String username, Subject subject) { // We also populate roles map ... CatalinaSSOUser p = CatalinaSSOUser.newInstance(this, subject); if (requiresRoleMap) { // This is a Tomcat 5.0.30 ... ! try { List<Principal> roles = new ArrayList<Principal>(); Iterator principals = subject.getPrincipals().iterator(); while (principals.hasNext()) { Principal principal = (Principal) principals.next(); String principalClass = principal.getClass().getName(); if (getRoleClassNames().contains(principalClass)) { log.debug("Adding role : " + principal.getName()); roles.add(principal); } // Same as Jboss - that's a pretty clean solution if ((principal instanceof Group) && "Roles".equals(principal.getName())) { Group grp = (Group) principal; Enumeration en = grp.members(); while (en.hasMoreElements()) { Principal roleP = (Principal) en.nextElement(); log.debug("Adding role : " + roleP.getName()); roles.add(roleP); } } } // Only in Catalina 5.0.30! log.debug("Storing roles in parent roleMap"); Map m = (Map) getRoleMapField().get(this); m.put(p, roles); } catch (Exception e) { log.warn(e.getMessage(), e); return p; } } return p; }
From source file:org.josso.gl2.agent.jaas.CatalinaSSOUser.java
/** * Construct and return a java.security.Principal instance * representing the authenticated user for the specified Subject. If no * such Principal can be constructed, return null. * * The Principal constructed is *not* GenericPrincipal as in Catalina JAASRealm class, * but CatalinaSSOUser which is a SSOUser. * The Partner Application can access SSOUser-specific properties that are not available * in GenericPrincipal.//from w ww . j a va 2 s.c o m * The JAASRealm superclass invokes this factory method to build the Catalina-specific * Principal from the Subject filled by the configured JAASLoginModule. * * @param subject The Subject representing the logged in user */ public static CatalinaSSOUser newInstance(Realm realm, Subject subject) { // Prepare to scan the Principals for this Subject String password = null; // Will not be carried forward ArrayList roles = new ArrayList(); SSOUser ssoUser = null; String username = null; // Scan the Principals for this Subject Iterator principals = subject.getPrincipals().iterator(); while (principals.hasNext()) { Principal principal = (Principal) principals.next(); // No need to look further - that's our own stuff if (principal instanceof CatalinaSSOUser) { if (logger.isDebugEnabled()) logger.debug("Found old CatalinaSSOUser Principal " + principal); return (CatalinaSSOUser) principal; } String principalClass = principal.getClass().getName(); if (logger.isDebugEnabled()) logger.debug("Principal: " + principalClass + " " + principal); if (_userClasses.contains(principalClass)) { // Override the default - which is the original user, accepted by // the friendly LoginManager username = principal.getName(); } if (_roleClasses.contains(principalClass)) { roles.add(principal.getName()); } // Same as Jboss - that's a pretty clean solution if ((principal instanceof Group) && "Roles".equals(principal.getName())) { Group grp = (Group) principal; Enumeration en = grp.members(); while (en.hasMoreElements()) { Principal roleP = (Principal) en.nextElement(); roles.add(roleP.getName()); } } // Save the SSOUser principal so that it can be included in the // CatalinaSSOUser Principal if (principal instanceof SSOUser) { ssoUser = (SSOUser) principal; } } if (ssoUser == null) { logger.error("Fatal: Subject does not contain an SSOUser Principal"); return null; } // Create the resulting Principal for our authenticated user if (username != null) { return (new CatalinaSSOUser(ssoUser, realm, username, password, roles)); } else { return (null); } }
From source file:org.josso.jb5.agent.CatalinaSSOUser.java
/** * Construct and return a java.security.Principal instance * representing the authenticated user for the specified Subject. If no * such Principal can be constructed, return null. * * The Principal constructed is *not* GenericPrincipal as in Catalina JAASRealm class, * but CatalinaSSOUser which is a SSOUser. * The Partner Application can access SSOUser-specific properties that are not available * in GenericPrincipal./*from w w w . ja va 2 s .co m*/ * The JAASRealm superclass invokes this factory method to build the Catalina-specific * Principal from the Subject filled by the configured JAASLoginModule. * * @param subject The Subject representing the logged in user */ public static CatalinaSSOUser newInstance(Realm realm, Subject subject) { // Prepare to scan the Principals for this Subject String password = null; // Will not be carried forward ArrayList roles = new ArrayList(); SSOUser ssoUser = null; String username = null; // Scan the Principals for this Subject Iterator principals = subject.getPrincipals().iterator(); while (principals.hasNext()) { Principal principal = (Principal) principals.next(); // No need to look further - that's our own stuff if (principal instanceof CatalinaSSOUser) { if (logger.isDebugEnabled()) logger.debug("Found old CatalinaSSOUser Principal " + principal); return (CatalinaSSOUser) principal; } String principalClass = principal.getClass().getName(); if (logger.isDebugEnabled()) logger.debug("Principal: " + principalClass + " " + principal); if (_userClasses.contains(principalClass)) { // Override the default - which is the original user, accepted by // the friendly LoginManager username = principal.getName(); } if (_roleClasses.contains(principalClass)) { roles.add(principal.getName()); } // Same as Jboss - that's a pretty clean solution if ((principal instanceof Group) && "Roles".equals(principal.getName())) { Group grp = (Group) principal; Enumeration en = grp.members(); while (en.hasMoreElements()) { Principal roleP = (Principal) en.nextElement(); roles.add(roleP.getName()); } } // Save the SSOUser principal so that it can be included in the // CatalinaSSOUser Principal if (principal instanceof SSOUser) { ssoUser = (SSOUser) principal; } } if (ssoUser == null) { logger.error("Fatal: Subject does not contain an SSOUser Principal"); return null; } // Create the resulting Principal for our authenticated user if (username != null) { return (new CatalinaSSOUser(ssoUser, realm, username, password, roles)); } else { return (null); } }
From source file:org.josso.tc50.agent.CatalinaNativeRealm.java
/** * Construct and return a java.security.Principal instance * representing the authenticated user for the specified Subject. If no * such Principal can be constructed, return null. *//w w w.ja va 2 s . co m * The Principal constructed is CatalinaSSOUser which is a SSOUser. * The Partner Application can access SSOUser-specific properties that are not available * in GenericPrincipal. * * @param subject The Subject representing the logged in user */ protected Principal createPrincipal(String username, Subject subject) { CatalinaSSOUser p = CatalinaSSOUser.newInstance(this, subject); if (requiresRoleMap) { // This is a Tomcat 5.0.30 ... ! try { List<Principal> roles = new ArrayList<Principal>(); Iterator principals = subject.getPrincipals().iterator(); while (principals.hasNext()) { Principal principal = (Principal) principals.next(); String principalClass = principal.getClass().getName(); if (_roleClasses.contains(principalClass)) { log.debug("Adding role : " + principal.getName()); roles.add(principal); } // Same as Jboss - that's a pretty clean solution if ((principal instanceof Group) && "Roles".equals(principal.getName())) { Group grp = (Group) principal; Enumeration en = grp.members(); while (en.hasMoreElements()) { Principal roleP = (Principal) en.nextElement(); log.debug("Adding role : " + roleP.getName()); roles.add(roleP); } } } // Only in Catalina 5.0.30! log.debug("Storing roles in parent roleMap"); Map m = (Map) getRoleMapField().get(this); m.put(p, roles); } catch (Exception e) { log.warn(e.getMessage(), e); return p; } } return p; }
From source file:org.josso.tc50.agent.jaas.CatalinaJAASRealm.java
/** * Construct and return a java.security.Principal instance * representing the authenticated user for the specified Subject. If no * such Principal can be constructed, return null. * * The Principal constructed is *not* GenericPrincipal as in Catalina JAASRealm class, * but CatalinaSSOUser which is a SSOUser. * The Partner Application can access SSOUser-specific properties that are not available * in GenericPrincipal.//from w ww . j av a2 s . c o m * The JAASRealm superclass invokes this factory method to build the Catalina-specific * Principal from the Subject filled by the configured JAASLoginModule. * * @param subject The Subject representing the logged in user */ protected Principal createPrincipal(String username, Subject subject) { // We also populate roles map ... CatalinaSSOUser p = CatalinaSSOUser.newInstance(this, subject); if (requiresRoleMap) { // This is a Tomcat 5.0.30 ... ! try { List<Principal> roles = new ArrayList<Principal>(); Iterator principals = subject.getPrincipals().iterator(); while (principals.hasNext()) { Principal principal = (Principal) principals.next(); String principalClass = principal.getClass().getName(); if (getRoleClassNames().contains(principalClass)) { log.debug("Adding role : " + principal.getName()); roles.add(principal); } // Same as Jboss - that's a pretty clean solution if ((principal instanceof Group) && "Roles".equals(principal.getName())) { Group grp = (Group) principal; Enumeration en = grp.members(); while (en.hasMoreElements()) { Principal roleP = (Principal) en.nextElement(); log.debug("Adding role : " + roleP.getName()); roles.add(roleP); } } } // Only in Catalina 5.0.30! log.debug("Storing roles in parent roleMap"); Map m = (Map) getRoleMapField().get(this); m.put(p, roles); } catch (Exception e) { log.warn(e.getMessage(), e); return p; } } return p; }