List of usage examples for javax.security.auth.login LoginContext LoginContext
public LoginContext(String name) throws LoginException
From source file:AuthenticateNT.java
public static void main(String[] args) { try {// w w w. j a v a 2 s . c o m LoginContext loginContext = new LoginContext("AuthenticateNT"); loginContext.login(); System.out.println("Login Successful"); Subject subject = loginContext.getSubject(); System.out.println(subject); Subject.doAs(subject, new WriteFileAction()); loginContext.logout(); System.exit(0); } catch (LoginException loginException) { loginException.printStackTrace(); System.exit(-1); } }
From source file:freeipa.client.JSONRequestServlet.java
@Override protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException { String jsonRequest = req.getParameter("json"); URL ipaUrl = new URL("https://vm-144.idm.lab.eng.brq.redhat.com/ipa/json"); PrintWriter writer = resp.getWriter(); writer.println("<html>"); writer.println(" <head>"); writer.println(" <title>Json request servlet</title>"); writer.println(" </head>"); writer.println(" <body>"); writer.println(" <h1>JSON POST Test:</h1>"); displayForm(writer);/*from ww w.jav a2 s . c o m*/ if (jsonRequest == null) { try { LoginContext context = new LoginContext(SECURITY_DOMAIN); log.debug("Obtained LoginContext for '" + SECURITY_DOMAIN + "' security-domain."); context.login(); writer.println("<h4>Authenticated</h4>"); Subject subject = context.getSubject(); KerberosHttpClient.makeCallWithKerberosAuthn(ipaUrl, subject, httpClient); } catch (Exception e) { // TODO - Output full exception detail. writer.println("<h5>Failed!</h5>"); writer.print("<p>"); writer.print(e.getClass().getName()); writer.print(" - "); writer.print(e.getMessage()); writer.println("</p>"); log.error("testDomain Failed", e); } } else { testRequest(jsonRequest, writer); } writer.println(" </body>"); writer.println("</html>"); writer.flush(); }
From source file:com.srotya.collectd.storm.StormNimbusMetrics.java
public void login() { try {/*from w ww .j a va 2s . c o m*/ LoginContext ctx = new LoginContext("KrbLogin"); ctx.login(); subject = ctx.getSubject(); Collectd.logDebug("Logged in"); } catch (LoginException e) { // TODO Auto-generated catch block e.printStackTrace(); } }
From source file:org.apache.cxf.fediz.integrationtests.KerberosTest.java
private String getEncodedKerberosTicket(boolean spnego) throws Exception { System.setProperty("java.security.auth.login.config", "src/test/resources/kerberos.jaas"); System.setProperty("org.apache.xml.security.ignoreLineBreaks", "true"); Oid kerberos5Oid = null; if (spnego) { kerberos5Oid = new Oid("1.3.6.1.5.5.2"); } else {// ww w . j a v a 2 s . c om kerberos5Oid = new Oid("1.2.840.113554.1.2.2"); } GSSManager manager = GSSManager.getInstance(); GSSName serverName = manager.createName("bob@service.ws.apache.org", GSSName.NT_HOSTBASED_SERVICE); GSSContext context = manager.createContext(serverName.canonicalize(kerberos5Oid), kerberos5Oid, null, GSSContext.DEFAULT_LIFETIME); context.requestCredDeleg(true); final byte[] token = new byte[0]; String contextName = "alice"; LoginContext lc = new LoginContext(contextName); lc.login(); byte[] ticket = (byte[]) Subject.doAs(lc.getSubject(), new CreateServiceTicketAction(context, token)); return Base64.encode(ticket); }
From source file:org.apache.activemq.artemis.tests.integration.amqp.SaslKrb5LDAPSecurityTest.java
@Test public void testSaslGssapiLdapAuth() throws Exception { final Hashtable<String, String> env = new Hashtable<>(); env.put(Context.PROVIDER_URL, "ldap://localhost:1024"); env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env.put(Context.SECURITY_AUTHENTICATION, "GSSAPI"); LoginContext loginContext = new LoginContext("broker-sasl-gssapi"); loginContext.login();//from ww w. j a v a2 s. com try { Subject.doAs(loginContext.getSubject(), (PrivilegedExceptionAction<Object>) () -> { HashSet<String> set = new HashSet<>(); DirContext ctx = new InitialDirContext(env); NamingEnumeration<NameClassPair> list = ctx.list("ou=system"); while (list.hasMore()) { NameClassPair ncp = list.next(); set.add(ncp.getName()); } Assert.assertTrue(set.contains("uid=first")); Assert.assertTrue(set.contains("cn=users")); Assert.assertTrue(set.contains("ou=configuration")); Assert.assertTrue(set.contains("prefNodeName=sysPrefRoot")); ctx.close(); return null; }); } catch (PrivilegedActionException e) { throw e.getException(); } }
From source file:org.apache.ws.security.message.token.KerberosSecurity.java
/** * Retrieve a service ticket from a KDC using the Kerberos JAAS module, and set it in this * BinarySecurityToken./*from w w w . j a va2 s .co m*/ * @param jaasLoginModuleName the JAAS Login Module name to use * @param callbackHandler a CallbackHandler instance to retrieve a password (optional) * @param serviceName the desired Kerberized service * @throws WSSecurityException */ public void retrieveServiceTicket(String jaasLoginModuleName, CallbackHandler callbackHandler, String serviceName) throws WSSecurityException { // Get a TGT from the KDC using JAAS LoginContext loginContext = null; try { if (callbackHandler == null) { loginContext = new LoginContext(jaasLoginModuleName); } else { loginContext = new LoginContext(jaasLoginModuleName, callbackHandler); } loginContext.login(); } catch (LoginException ex) { if (log.isDebugEnabled()) { log.debug(ex.getMessage(), ex); } throw new WSSecurityException(WSSecurityException.FAILURE, "kerberosLoginError", new Object[] { ex.getMessage() }, ex); } if (log.isDebugEnabled()) { log.debug("Successfully authenticated to the TGT"); } Subject clientSubject = loginContext.getSubject(); Set<Principal> clientPrincipals = clientSubject.getPrincipals(); if (clientPrincipals.isEmpty()) { throw new WSSecurityException(WSSecurityException.FAILURE, "kerberosLoginError", new Object[] { "No Client principals found after login" }); } // Store the TGT KerberosTicket tgt = getKerberosTicket(clientSubject, null); // Get the service ticket KerberosClientAction action = new KerberosClientAction(clientPrincipals.iterator().next(), serviceName); byte[] ticket = (byte[]) Subject.doAs(clientSubject, action); if (ticket == null) { throw new WSSecurityException(WSSecurityException.FAILURE, "kerberosServiceTicketError"); } if (log.isDebugEnabled()) { log.debug("Successfully retrieved a service ticket"); } // Get the Service Ticket (private credential) KerberosTicket serviceTicket = getKerberosTicket(clientSubject, tgt); if (serviceTicket != null) { secretKey = serviceTicket.getSessionKey(); } setToken(ticket); if ("".equals(getValueType())) { setValueType(WSConstants.WSS_GSS_KRB_V5_AP_REQ); } }
From source file:org.apache.ws.security.spnego.SpnegoTokenContext.java
/** * Retrieve a service ticket from a KDC using the Kerberos JAAS module, and set it in this * BinarySecurityToken.// w ww. j av a 2s.c o m * @param jaasLoginModuleName the JAAS Login Module name to use * @param callbackHandler a CallbackHandler instance to retrieve a password (optional) * @param serviceName the desired Kerberized service * @throws WSSecurityException */ public void retrieveServiceTicket(String jaasLoginModuleName, CallbackHandler callbackHandler, String serviceName) throws WSSecurityException { // Get a TGT from the KDC using JAAS LoginContext loginContext = null; try { if (callbackHandler == null) { loginContext = new LoginContext(jaasLoginModuleName); } else { loginContext = new LoginContext(jaasLoginModuleName, callbackHandler); } loginContext.login(); } catch (LoginException ex) { if (LOG.isDebugEnabled()) { LOG.debug(ex.getMessage(), ex); } throw new WSSecurityException(WSSecurityException.FAILURE, "kerberosLoginError", new Object[] { ex.getMessage() }, ex); } if (LOG.isDebugEnabled()) { LOG.debug("Successfully authenticated to the TGT"); } Subject clientSubject = loginContext.getSubject(); Set<Principal> clientPrincipals = clientSubject.getPrincipals(); if (clientPrincipals.isEmpty()) { throw new WSSecurityException(WSSecurityException.FAILURE, "kerberosLoginError", new Object[] { "No Client principals found after login" }); } // Get the service ticket clientAction.setServiceName(serviceName); clientAction.setMutualAuth(mutualAuth); token = (byte[]) Subject.doAs(clientSubject, clientAction); if (token == null) { throw new WSSecurityException(WSSecurityException.FAILURE, "kerberosServiceTicketError"); } secContext = clientAction.getContext(); if (LOG.isDebugEnabled()) { LOG.debug("Successfully retrieved a service ticket"); } }
From source file:org.apache.ws.security.spnego.SpnegoTokenContext.java
/** * Validate a service ticket./*w w w. j av a 2s . c o m*/ * @param jaasLoginModuleName * @param callbackHandler * @param serviceName * @param ticket * @throws WSSecurityException */ public void validateServiceTicket(String jaasLoginModuleName, CallbackHandler callbackHandler, String serviceName, byte[] ticket) throws WSSecurityException { // Get a TGT from the KDC using JAAS LoginContext loginContext = null; try { if (callbackHandler == null) { loginContext = new LoginContext(jaasLoginModuleName); } else { loginContext = new LoginContext(jaasLoginModuleName, callbackHandler); } loginContext.login(); } catch (LoginException ex) { if (LOG.isDebugEnabled()) { LOG.debug(ex.getMessage(), ex); } throw new WSSecurityException(WSSecurityException.FAILURE, "kerberosLoginError", new Object[] { ex.getMessage() }, ex); } if (LOG.isDebugEnabled()) { LOG.debug("Successfully authenticated to the TGT"); } // Get the service name to use - fall back on the principal Subject subject = loginContext.getSubject(); String service = serviceName; if (service == null) { Set<Principal> principals = subject.getPrincipals(); if (principals.isEmpty()) { throw new WSSecurityException(WSSecurityException.FAILURE, "kerberosLoginError", new Object[] { "No Client principals found after login" }); } service = principals.iterator().next().getName(); } // Validate the ticket serviceAction.setTicket(ticket); serviceAction.setServiceName(service); token = (byte[]) Subject.doAs(subject, serviceAction); secContext = serviceAction.getContext(); if (LOG.isDebugEnabled()) { LOG.debug("Successfully validated a service ticket"); } }
From source file:org.apache.ws.security.validate.KerberosTokenValidator.java
/** * Validate the credential argument. It must contain a non-null BinarySecurityToken. * /*ww w .java 2 s . c om*/ * @param credential the Credential to be validated * @param data the RequestData associated with the request * @throws WSSecurityException on a failed validation */ public Credential validate(Credential credential, RequestData data) throws WSSecurityException { if (credential == null || credential.getBinarySecurityToken() == null) { throw new WSSecurityException(WSSecurityException.FAILURE, "noCredential"); } BinarySecurity binarySecurity = credential.getBinarySecurityToken(); if (!(binarySecurity instanceof KerberosSecurity)) { return credential; } if (log.isDebugEnabled()) { try { String jaasAuth = System.getProperty("java.security.auth.login.config"); String krbConf = System.getProperty("java.security.krb5.conf"); log.debug("KerberosTokenValidator - Using JAAS auth login file: " + jaasAuth); log.debug("KerberosTokenValidator - Using KRB conf file: " + krbConf); } catch (SecurityException ex) { log.debug(ex.getMessage(), ex); } } // Get a TGT from the KDC using JAAS LoginContext loginContext = null; try { if (callbackHandler == null) { loginContext = new LoginContext(getContextName()); } else { loginContext = new LoginContext(getContextName(), callbackHandler); } loginContext.login(); } catch (LoginException ex) { if (log.isDebugEnabled()) { log.debug(ex.getMessage(), ex); } throw new WSSecurityException(WSSecurityException.FAILURE, "kerberosLoginError", new Object[] { ex.getMessage() }, ex); } if (log.isDebugEnabled()) { log.debug("Successfully authenticated to the TGT"); } byte[] token = binarySecurity.getToken(); // Get the service name to use - fall back on the principal Subject subject = loginContext.getSubject(); String service = serviceName; if (service == null) { Set<Principal> principals = subject.getPrincipals(); if (principals.isEmpty()) { throw new WSSecurityException(WSSecurityException.FAILURE, "kerberosLoginError", new Object[] { "No Client principals found after login" }); } service = principals.iterator().next().getName(); } // Validate the ticket KerberosServiceAction action = new KerberosServiceAction(token, service); Principal principal = (Principal) Subject.doAs(subject, action); if (principal == null) { throw new WSSecurityException(WSSecurityException.FAILURE, "kerberosTicketValidationError"); } credential.setPrincipal(principal); credential.setSubject(subject); // Try to extract the session key from the token if a KerberosTokenDecoder implementation is // available if (kerberosTokenDecoder != null) { kerberosTokenDecoder.clear(); kerberosTokenDecoder.setToken(token); kerberosTokenDecoder.setSubject(subject); byte[] sessionKey = kerberosTokenDecoder.getSessionKey(); credential.setSecretKey(sessionKey); } if (log.isDebugEnabled()) { log.debug("Successfully validated a ticket"); } return credential; }
From source file:org.nuxeo.ecm.platform.ui.web.auth.krb5.Krb5Authenticator.java
@Override public void initPlugin(Map<String, String> parameters) { try {//from w ww . j av a 2 s . co m this.loginContext = new LoginContext("Nuxeo"); // note: we assume that all configuration is done in loginconfig, so there are NO parameters here loginContext.login(); serverCredential = Subject.doAs(loginContext.getSubject(), getServerCredential); logger.debug("Successfully initialized Kerberos auth module"); } catch (LoginException le) { logger.error("Cannot create LoginContext, disabling Kerberos module", le); this.disabled = true; } catch (PrivilegedActionException pae) { logger.error("Cannot get server credentials, disabling Kerberos module", pae); this.disabled = true; } }