List of usage examples for javax.security.auth.login LoginContext login
public void login() throws LoginException
From source file:org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator.java
public void afterPropertiesSet() throws Exception { Assert.notNull(this.servicePrincipal, "servicePrincipal must be specified"); Assert.notNull(this.keyTabLocation, "keyTab must be specified"); if (keyTabLocation instanceof ClassPathResource) { LOG.warn(/*from w w w . j a va2s. c o m*/ "Your keytab is in the classpath. This file needs special protection and shouldn't be in the classpath. JAAS may also not be able to load this file from classpath."); } String keyTabLocationAsString = this.keyTabLocation.getURL().toExternalForm(); // We need to remove the file prefix (if there is one), as it is not supported in Java 7 anymore. // As Java 6 accepts it with and without the prefix, we don't need to check for Java 7 if (keyTabLocationAsString.startsWith("file:")) { keyTabLocationAsString = keyTabLocationAsString.substring(5); } LoginConfig loginConfig = new LoginConfig(keyTabLocationAsString, this.servicePrincipal, this.debug); Set<Principal> princ = new HashSet<Principal>(1); princ.add(new KerberosPrincipal(this.servicePrincipal)); Subject sub = new Subject(false, princ, new HashSet<Object>(), new HashSet<Object>()); LoginContext lc = new LoginContext("", sub, null, loginConfig); lc.login(); this.serviceSubject = lc.getSubject(); }
From source file:org.springframework.security.kerberos.authentication.sun.SunJaasKerberosTicketValidator.java
@Override public void afterPropertiesSet() throws Exception { Assert.notNull(this.servicePrincipal, "servicePrincipal must be specified"); Assert.notNull(this.keyTabLocation, "keyTab must be specified"); if (keyTabLocation instanceof ClassPathResource) { LOG.warn(/*from w ww .j a v a 2 s . co m*/ "Your keytab is in the classpath. This file needs special protection and shouldn't be in the classpath. JAAS may also not be able to load this file from classpath."); } String keyTabLocationAsString = this.keyTabLocation.getURL().toExternalForm(); // We need to remove the file prefix (if there is one), as it is not supported in Java 7 anymore. // As Java 6 accepts it with and without the prefix, we don't need to check for Java 7 if (keyTabLocationAsString.startsWith("file:")) { keyTabLocationAsString = keyTabLocationAsString.substring(5); } LoginConfig loginConfig = new LoginConfig(keyTabLocationAsString, this.servicePrincipal, this.debug); Set<Principal> princ = new HashSet<Principal>(1); princ.add(new KerberosPrincipal(this.servicePrincipal)); Subject sub = new Subject(false, princ, new HashSet<Object>(), new HashSet<Object>()); LoginContext lc = new LoginContext("", sub, null, loginConfig); lc.login(); this.serviceSubject = lc.getSubject(); }
From source file:org.waveprotocol.box.server.robots.agent.passwd.PasswordRobot.java
/** * Verifies user credentials.// w w w.j a v a2 s. co m * * @param oldPassword the password to verify. * @param participantId the participantId of the user. * @throws LoginException if the user provided incorrect password. */ private void verifyCredentials(String password, ParticipantId participantId) throws LoginException { MultiMap<String> parameters = new MultiMap<String>(); parameters.putAllValues(ImmutableMap.of("password", password, "address", participantId.getAddress())); CallbackHandler callbackHandler = new HttpRequestBasedCallbackHandler(parameters); LoginContext context = new LoginContext("Wave", new Subject(), callbackHandler, configuration); // If authentication fails, login() will throw a LoginException. context.login(); }
From source file:org.wso2.carbon.identity.application.authenticator.iwa.IWAAuthenticationUtil.java
/** * Create server credential using SPNName and SPNPassword. This credential is used to decrypt the Kerberos Token * presented by the user. Although an actual authentication does not happen with the KDC, an invalid password * will result in checksum failure when decrypting the token. * * @param callbackHandler username password callback handler * @throws PrivilegedActionException//from w w w . j av a 2 s .c o m * @throws LoginException */ private static GSSCredential createServerCredentials(CallbackHandler callbackHandler) throws PrivilegedActionException, LoginException { LoginContext loginContext = new LoginContext(IWAConstants.SERVER, callbackHandler); loginContext.login(); if (log.isDebugEnabled()) { log.debug("Pre-authentication successful for with Kerberos Server."); } // create server credentials from pre authentication with the AD return createCredentialsForSubject(loginContext.getSubject()); }
From source file:ru.runa.wfe.security.logic.AuthenticationLogic.java
private User authenticate(CallbackHandler callbackHandler, AuthType authType) throws AuthenticationException { try {/*from w w w. j a v a 2 s .c o m*/ LoginContext loginContext = new LoginContext(LoginModuleConfiguration.APP_NAME, null, callbackHandler, Configuration.getConfiguration()); loginContext.login(); Subject subject = loginContext.getSubject(); User user = SubjectPrincipalsHelper.getUser(subject); SubjectPrincipalsHelper.validateUser(user); callHandlers(user.getActor(), authType); log.debug(user.getName() + " successfully authenticated"); return user; } catch (Exception e) { throw new AuthenticationException(e); } }