List of usage examples for javax.security.auth.login LoginContext LoginContext
public LoginContext(String name, Subject subject, CallbackHandler callbackHandler, Configuration config) throws LoginException
From source file:org.getobjects.appserver.publisher.JoSimpleNamePasswordLogin.java
/** * Called by userInContext() of JoHTTPAuthenticator, or by the 'other' login() * method which can be triggered by custom login panels. * /*from w w w . ja v a 2 s .c o m*/ * @param _login - username * @param _pwd - password * @param _realm - realm * @return returns a logged-in LoginContext, or null if login failed */ public LoginContext loginInJaas(String _login, String _pwd, String _realm) { if (_login == null /* not allowed in JAAS */) { log.warn("attempt to login with a 'null' login name"); return null; } LoginContext lc = null; try { lc = new LoginContext(_realm != null ? _realm : "JOPE", null, /* subject (create one if missing) */ new NamePasswordCallbackHandler(_login, _pwd), this.jaasCfg); } catch (LoginException le) { log.error("could not create JAAS LoginContext", le); } if (lc != null) { try { lc.login(); } catch (LoginException le) { if (log.isInfoEnabled()) log.info("login failed: " + _login, le); lc = null; } } return lc; }
From source file:org.jboss.as.test.integration.ejb.container.interceptor.security.api.SwitchIdentityTestCase.java
/** * Perform the tests using the ClientLoginModule and LoginContext API to set the desired Principal. *///from ww w .j av a 2 s. co m private void callUsingClientLoginModul(String userName, boolean hasRole1, boolean hasRole2) throws Exception { LoginContext loginContext = null; try { loginContext = new LoginContext("foo", new Subject(), new UsernamePasswordHandler(userName, new char[0]), CLIENT_LOGIN_CONFIG); loginContext.login(); // register the client side interceptor final Registration clientInterceptorHandler = EJBClientContext.requireCurrent() .registerInterceptor(112567, new ClientSecurityInterceptor()); final Manage targetBean = EJBUtil.lookupEJB(TargetBean.class, Manage.class); final Manage bridgeBean = EJBUtil.lookupEJB(BridgeBean.class, Manage.class); //test direct access testMethodAccess(targetBean, ManageMethodEnum.ALLROLES, true); testMethodAccess(targetBean, ManageMethodEnum.ROLE1, hasRole1); testMethodAccess(targetBean, ManageMethodEnum.ROLE2, hasRole2); //test security context propagation testMethodAccess(bridgeBean, ManageMethodEnum.ALLROLES, true); testMethodAccess(bridgeBean, ManageMethodEnum.ROLE1, hasRole1); testMethodAccess(bridgeBean, ManageMethodEnum.ROLE2, hasRole2); clientInterceptorHandler.remove(); } finally { if (loginContext != null) { loginContext.logout(); } } }
From source file:org.opengroupware.logic.auth.OGoLoginModule.java
/** * This is a convenience function which sets up a JAAS login context with the * default database configuration,/*from ww w . j a v a 2s . co m*/ * and then performs a login with the given login/password. * * @param _db - a setup OGoDatabase object * @param _user - the login name * @param _pwd - the login password * @return null if the login failed, otherwise the LoginContext */ public static LoginContext jaasLogin(final EODatabase _db, final String _user, final String _pwd) { if (_db == null) { log.warn("got no database for JAAS login of user: " + _user); return null; } final Subject subject = new Subject(); LoginContext jlc = null; try { jlc = new LoginContext("OGo", /* application */ subject, /* subject */ new NamePasswordCallbackHandler(_user, _pwd), /* CallbackHandler */ new OGoDefaultLoginConfig(_db) /* configuration */); } catch (LoginException e) { log.error("could not setup JAAS LoginContext", e); } if (jlc == null) return null; /* login */ try { jlc.login(); } catch (LoginException e) { jlc = null; return null; } return jlc; }
From source file:org.springframework.security.extensions.kerberos.sun.SunJaasKerberosClient.java
@Override public String login(String username, String password) { LOG.debug("Trying to authenticate " + username + " with Kerberos"); String validatedUsername;//from w w w . ja v a 2 s .c o m try { LoginContext loginContext = new LoginContext("", null, new KerberosClientCallbackHandler(username, password), new LoginConfig(this.debug)); loginContext.login(); if (LOG.isDebugEnabled()) { LOG.debug("Kerberos authenticated user: " + loginContext.getSubject()); } validatedUsername = loginContext.getSubject().getPrincipals().iterator().next().toString(); loginContext.logout(); } catch (LoginException e) { throw new BadCredentialsException("Kerberos authentication failed", e); } return validatedUsername; }
From source file:org.springframework.security.extensions.kerberos.SunJaasKerberosClient.java
public String login(String username, String password) { LOG.debug("Trying to authenticate " + username + " with Kerberos"); String validatedUsername;/* w ww. ja va 2 s . c om*/ try { LoginContext loginContext = new LoginContext("", null, new KerberosClientCallbackHandler(username, password), new LoginConfig(this.debug)); loginContext.login(); if (LOG.isDebugEnabled()) { LOG.debug("Kerberos authenticated user: " + loginContext.getSubject()); } validatedUsername = loginContext.getSubject().getPrincipals().iterator().next().toString(); loginContext.logout(); } catch (LoginException e) { throw new BadCredentialsException("Kerberos authentication failed", e); } return validatedUsername; }
From source file:org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator.java
public void afterPropertiesSet() throws Exception { Assert.notNull(this.servicePrincipal, "servicePrincipal must be specified"); Assert.notNull(this.keyTabLocation, "keyTab must be specified"); if (keyTabLocation instanceof ClassPathResource) { LOG.warn(//from www . j a va 2s .co m "Your keytab is in the classpath. This file needs special protection and shouldn't be in the classpath. JAAS may also not be able to load this file from classpath."); } String keyTabLocationAsString = this.keyTabLocation.getURL().toExternalForm(); // We need to remove the file prefix (if there is one), as it is not supported in Java 7 anymore. // As Java 6 accepts it with and without the prefix, we don't need to check for Java 7 if (keyTabLocationAsString.startsWith("file:")) { keyTabLocationAsString = keyTabLocationAsString.substring(5); } LoginConfig loginConfig = new LoginConfig(keyTabLocationAsString, this.servicePrincipal, this.debug); Set<Principal> princ = new HashSet<Principal>(1); princ.add(new KerberosPrincipal(this.servicePrincipal)); Subject sub = new Subject(false, princ, new HashSet<Object>(), new HashSet<Object>()); LoginContext lc = new LoginContext("", sub, null, loginConfig); lc.login(); this.serviceSubject = lc.getSubject(); }
From source file:org.springframework.security.kerberos.authentication.sun.SunJaasKerberosTicketValidator.java
@Override public void afterPropertiesSet() throws Exception { Assert.notNull(this.servicePrincipal, "servicePrincipal must be specified"); Assert.notNull(this.keyTabLocation, "keyTab must be specified"); if (keyTabLocation instanceof ClassPathResource) { LOG.warn(//from w ww . j a v a 2 s. c om "Your keytab is in the classpath. This file needs special protection and shouldn't be in the classpath. JAAS may also not be able to load this file from classpath."); } String keyTabLocationAsString = this.keyTabLocation.getURL().toExternalForm(); // We need to remove the file prefix (if there is one), as it is not supported in Java 7 anymore. // As Java 6 accepts it with and without the prefix, we don't need to check for Java 7 if (keyTabLocationAsString.startsWith("file:")) { keyTabLocationAsString = keyTabLocationAsString.substring(5); } LoginConfig loginConfig = new LoginConfig(keyTabLocationAsString, this.servicePrincipal, this.debug); Set<Principal> princ = new HashSet<Principal>(1); princ.add(new KerberosPrincipal(this.servicePrincipal)); Subject sub = new Subject(false, princ, new HashSet<Object>(), new HashSet<Object>()); LoginContext lc = new LoginContext("", sub, null, loginConfig); lc.login(); this.serviceSubject = lc.getSubject(); }
From source file:org.waveprotocol.box.server.robots.agent.passwd.PasswordRobot.java
/** * Verifies user credentials./*from w w w . j av a2s .co m*/ * * @param oldPassword the password to verify. * @param participantId the participantId of the user. * @throws LoginException if the user provided incorrect password. */ private void verifyCredentials(String password, ParticipantId participantId) throws LoginException { MultiMap<String> parameters = new MultiMap<String>(); parameters.putAllValues(ImmutableMap.of("password", password, "address", participantId.getAddress())); CallbackHandler callbackHandler = new HttpRequestBasedCallbackHandler(parameters); LoginContext context = new LoginContext("Wave", new Subject(), callbackHandler, configuration); // If authentication fails, login() will throw a LoginException. context.login(); }
From source file:ru.runa.wfe.security.logic.AuthenticationLogic.java
private User authenticate(CallbackHandler callbackHandler, AuthType authType) throws AuthenticationException { try {//from w w w . j a v a 2 s.co m LoginContext loginContext = new LoginContext(LoginModuleConfiguration.APP_NAME, null, callbackHandler, Configuration.getConfiguration()); loginContext.login(); Subject subject = loginContext.getSubject(); User user = SubjectPrincipalsHelper.getUser(subject); SubjectPrincipalsHelper.validateUser(user); callHandlers(user.getActor(), authType); log.debug(user.getName() + " successfully authenticated"); return user; } catch (Exception e) { throw new AuthenticationException(e); } }