org.jboss.security.SimplePrincipal Java Examples

The following examples show how to use org.jboss.security.SimplePrincipal. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: DatawaveUsersRolesLoginModule.java    From datawave with Apache License 2.0 6 votes vote down vote up
@Override
protected Principal createIdentity(String username) throws Exception {
    // Create a simple principal if our thread-local indicates we are supposed to,
    // which only happens during the getRolesSets method call.
    if (Boolean.TRUE.equals(createSimplePrincipal.get())) {
        if (log.isTraceEnabled()) {
            log.trace("Creating simple principal, passing username: " + username);
        }
        return new SimplePrincipal(username);
    } else {
        String normalizedUsername = normalizeUsername(username);
        if (log.isTraceEnabled()) {
            log.trace("original username: " + username + " normalizedUsername: " + normalizedUsername);
        }
        return super.createIdentity(normalizedUsername);
    }
}
 
Example #2
Source File: DomainAuthorizationPolicy.java    From wildfly-camel with Apache License 2.0 6 votes vote down vote up
@Override
protected void authorize(LoginContext context) throws LoginException {
    HashSet<String> required = new HashSet<>(requiredRoles);
    Set<Group> groups = context.getSubject().getPrincipals(Group.class);
    if (groups != null) {
        for (Group group : groups) {
            if ("Roles".equals(group.getName())) {
                for (String role : requiredRoles) {
                    if (group.isMember(new SimplePrincipal(role))) {
                        required.remove(role);
                    }
                }
            }
        }
    }
    if (!required.isEmpty())
        throw new LoginException("User does not have required roles: " + required);
}
 
Example #3
Source File: JaasSecurityDomainIdentityLoginModule.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
public boolean commit() throws LoginException
   {
      Principal principal = new SimplePrincipal(username);
      SubjectActions.addPrincipals(subject, principal);
      sharedState.put("javax.security.auth.login.name", username);
      // Decode the encrypted password
//      try
//      {
//         char[] decodedPassword = DecodeAction.decode(password,
//            jaasSecurityDomain, getServer());
//         PasswordCredential cred = new PasswordCredential(username, decodedPassword);
//         cred.setManagedConnectionFactory(getMcf());
//         SubjectActions.addCredentials(subject, cred);
//      }
//      catch(Exception e)
//      {
//         throw new LoginException(ErrorCodes.PROCESSING_FAILED + "Failed to decode password: " + e.getMessage());
//      }
      return true;
   }
 
Example #4
Source File: ConfiguredIdentityLoginModule.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
@Override
public boolean login() throws LoginException
{
   PicketBoxLogger.LOGGER.traceBeginLogin();
   if (super.login())
      return true;

   Principal principal = new SimplePrincipal(principalName);
   SubjectActions.addPrincipals(subject, principal);
   // Put the principal name into the sharedState map
   sharedState.put("javax.security.auth.login.name", principalName);
   PasswordCredential cred = new PasswordCredential(userName, password.toCharArray());
   SubjectActions.addCredentials(subject, cred);
   super.loginOk = true;
   return true;
}
 
Example #5
Source File: PBEIdentityLoginModule.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
@SuppressWarnings("unchecked")
@Override
public boolean commit() throws LoginException
{
   Principal principal = new SimplePrincipal(username);
   SubjectActions.addPrincipals(subject, principal);
   sharedState.put("javax.security.auth.login.name", username);
   // Decode the encrypted password
   try
   {
      char[] decodedPassword = decode(password);
      PasswordCredential cred = new PasswordCredential(username, decodedPassword);
      SubjectActions.addCredentials(subject, cred);
   }
   catch(Exception e)
   {
      LoginException le = new LoginException(e.getLocalizedMessage());
      le.initCause(e);
      throw le;
   }
   return true;
}
 
Example #6
Source File: SecureIdentityLoginModule.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
@Override
public boolean commit() throws LoginException
{
   Principal principal = new SimplePrincipal(username);
   SubjectActions.addPrincipals(subject, principal);
   sharedState.put("javax.security.auth.login.name", username);
   // Decode the encrypted password
   try
   {
      char[] decodedPassword = decode(password);
      PasswordCredential cred = new PasswordCredential(username, decodedPassword);
      SubjectActions.addCredentials(subject, cred);
   }
   catch(Exception e)
   {
      LoginException le = new LoginException(e.getLocalizedMessage());
      le.initCause(e);
      throw le;
   }
   return true;
}
 
Example #7
Source File: AbstractJACCModuleDelegate.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
private Set<Principal> getPrincipalSetFromRole(Role role)
{
   Set<Principal> principalsSet = new HashSet<Principal>();
   if(role instanceof RoleGroup)
   {
      RoleGroup rg = (RoleGroup) role;
      Collection<Role> rolesList = rg.getRoles();
      for(Role r: rolesList)
      {
        principalsSet.add(new SimplePrincipal(r.getRoleName()));      
      }
   }
   else
      principalsSet.add(new SimplePrincipal(role.getRoleName()));
   return principalsSet;
}
 
Example #8
Source File: DatawaveCertRolesLoginModuleTest.java    From datawave with Apache License 2.0 6 votes vote down vote up
@Test
public void testSuccessfulLoginNoIssuer() throws Exception {
    HashMap<String,String> sharedState = new HashMap<>();
    HashMap<String,String> options = new HashMap<>();
    options.put("rolesProperties", "rolesNoIssuer.properties");
    options.put("principalClass", SimplePrincipal.class.getName());
    options.put("verifier", MockDatawaveCertVerifier.class.getName());
    options.put("addIssuerDN", Boolean.FALSE.toString());
    
    loginModule = new DatawaveCertRolesLoginModule();
    loginModule.initialize(new Subject(), callbackHandler, sharedState, options);
    
    callbackHandler.name = testUserCert.getSubjectDN().getName();
    callbackHandler.credential = testUserCert;
    
    boolean success = loginModule.login();
    assertTrue("Login didn't succeed for alias in rolesNoIssuer.properties", success);
    SimplePrincipal principal = (SimplePrincipal) field(DatawaveCertRolesLoginModule.class, "identity").get(loginModule);
    assertEquals(testUserCert.getSubjectDN().getName().toLowerCase(), principal.getName());
}
 
Example #9
Source File: DatawaveUsersRolesLoginModuleTest.java    From datawave with Apache License 2.0 5 votes vote down vote up
@Test
public void testReverseDnSuccessfulLogin() throws Exception {
    String name = SUBJECT_DN_WITH_CN_LAST + "<" + ISSUER_DN_WITH_CN_LAST + ">";
    callbackHandler.setSecurityInfo(new SimplePrincipal(name),
                    new DatawaveCredential(SUBJECT_DN_WITH_CN_LAST, ISSUER_DN_WITH_CN_LAST, null, null).toString());
    
    boolean success = loginModule.login();
    assertTrue("Login didn't succeed for alias in users/roles.properties", success);
    DatawavePrincipal principal = (DatawavePrincipal) field(DatawaveUsersRolesLoginModule.class, "identity").get(loginModule);
    assertEquals(NORMALIZED_SUBJECT_DN_WITH_ISSUER_DN, principal.getName());
}
 
Example #10
Source File: SecurityInfoHelper.java    From keycloak with Apache License 2.0 5 votes vote down vote up
protected static Group[] getRoleSets(Collection<String> roleSet) {
    SimpleGroup roles = new SimpleGroup("Roles");
    Group[] roleSets = {roles};
    for (String role : roleSet) {
        roles.addMember(new SimplePrincipal(role));
    }
    return roleSets;
}
 
Example #11
Source File: KeycloakLoginModule.java    From keycloak with Apache License 2.0 5 votes vote down vote up
@Override
protected Group[] getRoleSets() throws LoginException {
    //log.info("getRoleSets");
    SimpleGroup roles = new SimpleGroup("Roles");
    Group[] roleSets = {roles};
    for (String role : roleSet) {
        //log.info("   adding role: " + role);
        roles.addMember(new SimplePrincipal(role));
    }
    return roleSets;
}
 
Example #12
Source File: SecurityInfoHelper.java    From keycloak with Apache License 2.0 5 votes vote down vote up
protected static Group[] getRoleSets(Collection<String> roleSet) {
    SimpleGroup roles = new SimpleGroup("Roles");
    Group[] roleSets = {roles};
    for (String role : roleSet) {
        roles.addMember(new SimplePrincipal(role));
    }
    return roleSets;
}
 
Example #13
Source File: WildflyRequestAuthenticator.java    From keycloak with Apache License 2.0 5 votes vote down vote up
protected Group[] getRoleSets(Collection<String> roleSet) {
    SimpleGroup roles = new SimpleGroup("Roles");
    Group[] roleSets = {roles};
    for (String role : roleSet) {
        roles.addMember(new SimplePrincipal(role));
    }
    return roleSets;
}
 
Example #14
Source File: JBossWebPrincipalFactory.java    From keycloak with Apache License 2.0 5 votes vote down vote up
protected Group[] getRoleSets(Collection<String> roleSet) {
    SimpleGroup roles = new SimpleGroup("Roles");
    Group[] roleSets = {roles};
    for (String role : roleSet) {
        roles.addMember(new SimplePrincipal(role));
    }
    return roleSets;
}
 
Example #15
Source File: DatawaveCertRolesLoginModule.java    From datawave with Apache License 2.0 5 votes vote down vote up
@Override
protected Principal createIdentity(String username) throws Exception {
    // Create a simple principal if our thread-local indicates we are supposed to,
    // which only happens during the getRolesSets method call.
    if (Boolean.TRUE.equals(createSimplePrincipal.get())) {
        return new SimplePrincipal(username);
    } else {
        return super.createIdentity(DatawaveUsersRolesLoginModule.normalizeUsername(username));
    }
}
 
Example #16
Source File: JWTLoginModule.java    From thorntail with Apache License 2.0 5 votes vote down vote up
@Override
public boolean commit() throws LoginException {
    subject.getPrincipals().add(jwtPrincipal);
    SimpleGroup roles = new SimpleGroup("Roles");
    for (String name : jwtPrincipal.getGroups()) {
        roles.addMember(new SimplePrincipal(name));
    }
    subject.getPrincipals().add(roles);
    sharedState.put("JsonWebToken", jwtPrincipal);
    return super.commit();
}
 
Example #17
Source File: DatawaveUsersRolesLoginModuleTest.java    From datawave with Apache License 2.0 5 votes vote down vote up
@Test
public void testSuccessfulLogin() throws Exception {
    String name = testUserCert.getSubjectDN().getName() + "<" + testUserCert.getIssuerDN().getName() + ">";
    callbackHandler.setSecurityInfo(new SimplePrincipal(name), new DatawaveCredential(testUserCert.getSubjectDN().getName(), testUserCert.getIssuerDN()
                    .getName(), null, null).toString());
    
    boolean success = loginModule.login();
    assertTrue("Login didn't succeed for alias in users/roles.properties", success);
    DatawavePrincipal principal = (DatawavePrincipal) field(DatawaveUsersRolesLoginModule.class, "identity").get(loginModule);
    assertEquals(NORMALIZED_SUBJECT_DN_WITH_ISSUER_DN, principal.getName());
}
 
Example #18
Source File: MappingProviderUtil.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
private static Class<?> getPrincipalClass(Group roles)
{
   //Assume that the roles all belong to the same principal class 
   Class<?> principalClass = SimplePrincipal.class;
   Enumeration<? extends Principal> en = roles.members();
   if(en.hasMoreElements())
   {
      principalClass = roles.members().nextElement().getClass(); 
   }
   return principalClass;
}
 
Example #19
Source File: DatawaveUsersRolesLoginModuleTest.java    From datawave with Apache License 2.0 5 votes vote down vote up
@Test
public void testFailedLoginBadPassword() throws Exception {
    expectedException.expect(FailedLoginException.class);
    expectedException.expectMessage("Password invalid/Password required");
    
    callbackHandler.setSecurityInfo(new SimplePrincipal("testUser<testIssuer>"), new DatawaveCredential("testUser", "testIssuer", null, null).toString());
    
    boolean success = loginModule.login();
    assertFalse("Login succeed for alias in users.properties with bad password", success);
}
 
Example #20
Source File: SimplePrincipalMappingProvider.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
public void performMapping(Map<String, Object> map, Principal mappedObject)
{
   if(mappedObject instanceof SimplePrincipal == false)
      return; 
   
   SimplePrincipal simplePrincipal = (SimplePrincipal) mappedObject;
   if(principalMapProperties != null)
   {
      String newPrincipalName = principalMapProperties.getProperty(simplePrincipal.getName());
      if(newPrincipalName != null && newPrincipalName.length() > 0)
      {
         result.setMappedObject(new SimplePrincipal(newPrincipalName));
      }
   }
}
 
Example #21
Source File: SimpleServerLoginModule.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
protected boolean validatePassword(String inputPassword, String expectedPassword)
{
   boolean isValid = false;
   if( inputPassword == null )
   {
      guestOnly = true;
      isValid = true;
      user = new SimplePrincipal("guest");
   }
   else
   {
      isValid = inputPassword.equals(expectedPassword);
   }
   return isValid;
}
 
Example #22
Source File: SimpleServerLoginModule.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
protected Group[] getRoleSets() throws LoginException
{
   Group[] roleSets = {new SimpleGroup("Roles")};
   if( guestOnly == false )
      roleSets[0].addMember(new SimplePrincipal("user"));
   roleSets[0].addMember(new SimplePrincipal("guest"));
   return roleSets;
}
 
Example #23
Source File: RemoteHostTrustLoginModule.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
protected Group[] getRoleSets() throws LoginException
{
   SimpleGroup roles = new SimpleGroup("Roles");
   Group[] roleSets = {roles};
   if( roleNames != null )
   {
      String[] tokens = roleNames.split(",");
      for ( String token:tokens )
      {
         String roleName = token != null ? token.trim() : token;
         roles.addMember(new SimplePrincipal(roleName));
      }
   }
   return roleSets;
}
 
Example #24
Source File: JBossTimeBasedOTPLoginModule.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
private void appendRoles( Group group )
{
   if( ! group.getName().equals( SecurityConstants.ROLES_IDENTIFIER ) )
     return;
     
   if(additionalRoles != null && !additionalRoles.isEmpty())
   {   
      StringTokenizer st = new StringTokenizer( additionalRoles , "," );
      while(st.hasMoreTokens())
      {
         group.addMember( new SimplePrincipal( st.nextToken().trim() ) ); 
      }
   }
}
 
Example #25
Source File: IdentityLoginModule.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
@SuppressWarnings("unchecked")
public boolean login() throws LoginException
{
   if( super.login() == true )
      return true;

   Principal principal = new SimplePrincipal(principalName);
   subject.getPrincipals().add(principal);
   // Put the principal name into the sharedState map
   sharedState.put("javax.security.auth.login.name", principalName);
   super.loginOk = true;
   return true;
}
 
Example #26
Source File: IdentityLoginModule.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
protected Group[] getRoleSets() throws LoginException
{
   SimpleGroup roles = new SimpleGroup("Roles");
   Group[] roleSets = {roles};
   if( roleNames != null )
   {
      StringTokenizer tokenizer = new StringTokenizer(roleNames, ",");
      while( tokenizer.hasMoreTokens() )
      {
         String roleName = tokenizer.nextToken();
         roles.addMember(new SimplePrincipal(roleName));
      }
   }
   return roleSets;
}
 
Example #27
Source File: SerialNumberIssuerDNMapping.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/** Create a SimplePrincipal with the name composed from
 * certs[0].getSerialNumber() + " " + certs[0].getIssuerDN()
 *
 * @param certs Array of client certificates, with the first one in
 * the array being the certificate of the client itself.
 */
public Principal toPrincipal(X509Certificate[] certs)
{
   BigInteger serialNumber = certs[0].getSerialNumber();
   Principal issuer = certs[0].getIssuerDN();
   SimplePrincipal principal = new SimplePrincipal(serialNumber+" "+issuer);
   return principal;
}
 
Example #28
Source File: HttpServletServerAuthModule.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
private Principal getUserName(MessageInfo messageInfo)
{
   Object requestInfo =  messageInfo.getRequestMessage();
   String userNameParam = (String) options.get("userNameParam");
   if(requestInfo instanceof HttpServletRequest == false)
      throw PicketBoxMessages.MESSAGES.invalidType(HttpServletRequest.class.getName());
   HttpServletRequest hsr = (HttpServletRequest)requestInfo;
   return new SimplePrincipal(hsr.getParameter(userNameParam));
}
 
Example #29
Source File: SimpleClientAuthModule.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/**
 * @see ClientAuthModule#validateResponse(javax.security.auth.message.MessageInfo, javax.security.auth.Subject, javax.security.auth.Subject)
 */
public AuthStatus validateResponse(MessageInfo messageInfo, Subject source, Subject recipient) throws AuthException
{  
   //Custom check: Check that the source of the response and the recipient
   // of the response have identical credentials
   Set sourceSet = source.getPrincipals(SimplePrincipal.class);
   Set recipientSet = recipient.getPrincipals(SimplePrincipal.class);
   if(sourceSet == null && recipientSet == null)
      throw new AuthException();
   if(sourceSet.size() != recipientSet.size())
      throw new AuthException(PicketBoxMessages.MESSAGES.sizeMismatchMessage("source", "recipient"));
   return AuthStatus.SUCCESS;
}
 
Example #30
Source File: JBossAuthorizationManager.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
private HashSet<Principal> getRolesAsSet(RoleGroup roles)
{
   HashSet<Principal> userRoles = null;
   if( roles != null )
   {
      userRoles = new HashSet<Principal>();
      Collection<Role> rolesList = roles.getRoles();
      for(Role r: rolesList)
      {
         userRoles.add(new SimplePrincipal(r.getRoleName()));
      } 
   }
   return userRoles;
}