List of usage examples for javax.security.auth Subject getPrincipals
public Set<Principal> getPrincipals()
From source file:org.apache.hadoop.security.SecureClientLogin.java
public synchronized static Subject loginUserFromKeytab(String user, String path, String nameRules) throws IOException { try {/* w w w.j a v a2 s .c om*/ Subject subject = new Subject(); SecureClientLoginConfiguration loginConf = new SecureClientLoginConfiguration(true, user, path); LoginContext login = new LoginContext("hadoop-keytab-kerberos", subject, null, loginConf); KerberosName.setRules(nameRules); subject.getPrincipals().add(new User(user, AuthenticationMethod.KERBEROS, login)); login.login(); return login.getSubject(); } catch (LoginException le) { throw new IOException("Login failure for " + user + " from keytab " + path, le); } }
From source file:org.josso.jb5.agent.CatalinaSSOUser.java
/** * Construct and return a java.security.Principal instance * representing the authenticated user for the specified Subject. If no * such Principal can be constructed, return null. * * The Principal constructed is *not* GenericPrincipal as in Catalina JAASRealm class, * but CatalinaSSOUser which is a SSOUser. * The Partner Application can access SSOUser-specific properties that are not available * in GenericPrincipal./*from w w w .j a v a2 s .c om*/ * The JAASRealm superclass invokes this factory method to build the Catalina-specific * Principal from the Subject filled by the configured JAASLoginModule. * * @param subject The Subject representing the logged in user */ public static CatalinaSSOUser newInstance(Realm realm, Subject subject) { // Prepare to scan the Principals for this Subject String password = null; // Will not be carried forward ArrayList roles = new ArrayList(); SSOUser ssoUser = null; String username = null; // Scan the Principals for this Subject Iterator principals = subject.getPrincipals().iterator(); while (principals.hasNext()) { Principal principal = (Principal) principals.next(); // No need to look further - that's our own stuff if (principal instanceof CatalinaSSOUser) { if (logger.isDebugEnabled()) logger.debug("Found old CatalinaSSOUser Principal " + principal); return (CatalinaSSOUser) principal; } String principalClass = principal.getClass().getName(); if (logger.isDebugEnabled()) logger.debug("Principal: " + principalClass + " " + principal); if (_userClasses.contains(principalClass)) { // Override the default - which is the original user, accepted by // the friendly LoginManager username = principal.getName(); } if (_roleClasses.contains(principalClass)) { roles.add(principal.getName()); } // Same as Jboss - that's a pretty clean solution if ((principal instanceof Group) && "Roles".equals(principal.getName())) { Group grp = (Group) principal; Enumeration en = grp.members(); while (en.hasMoreElements()) { Principal roleP = (Principal) en.nextElement(); roles.add(roleP.getName()); } } // Save the SSOUser principal so that it can be included in the // CatalinaSSOUser Principal if (principal instanceof SSOUser) { ssoUser = (SSOUser) principal; } } if (ssoUser == null) { logger.error("Fatal: Subject does not contain an SSOUser Principal"); return null; } // Create the resulting Principal for our authenticated user if (username != null) { return (new CatalinaSSOUser(ssoUser, realm, username, password, roles)); } else { return (null); } }
From source file:org.josso.gl2.agent.jaas.CatalinaSSOUser.java
/** * Construct and return a java.security.Principal instance * representing the authenticated user for the specified Subject. If no * such Principal can be constructed, return null. * * The Principal constructed is *not* GenericPrincipal as in Catalina JAASRealm class, * but CatalinaSSOUser which is a SSOUser. * The Partner Application can access SSOUser-specific properties that are not available * in GenericPrincipal./*from ww w. ja v a 2 s. c om*/ * The JAASRealm superclass invokes this factory method to build the Catalina-specific * Principal from the Subject filled by the configured JAASLoginModule. * * @param subject The Subject representing the logged in user */ public static CatalinaSSOUser newInstance(Realm realm, Subject subject) { // Prepare to scan the Principals for this Subject String password = null; // Will not be carried forward ArrayList roles = new ArrayList(); SSOUser ssoUser = null; String username = null; // Scan the Principals for this Subject Iterator principals = subject.getPrincipals().iterator(); while (principals.hasNext()) { Principal principal = (Principal) principals.next(); // No need to look further - that's our own stuff if (principal instanceof CatalinaSSOUser) { if (logger.isDebugEnabled()) logger.debug("Found old CatalinaSSOUser Principal " + principal); return (CatalinaSSOUser) principal; } String principalClass = principal.getClass().getName(); if (logger.isDebugEnabled()) logger.debug("Principal: " + principalClass + " " + principal); if (_userClasses.contains(principalClass)) { // Override the default - which is the original user, accepted by // the friendly LoginManager username = principal.getName(); } if (_roleClasses.contains(principalClass)) { roles.add(principal.getName()); } // Same as Jboss - that's a pretty clean solution if ((principal instanceof Group) && "Roles".equals(principal.getName())) { Group grp = (Group) principal; Enumeration en = grp.members(); while (en.hasMoreElements()) { Principal roleP = (Principal) en.nextElement(); roles.add(roleP.getName()); } } // Save the SSOUser principal so that it can be included in the // CatalinaSSOUser Principal if (principal instanceof SSOUser) { ssoUser = (SSOUser) principal; } } if (ssoUser == null) { logger.error("Fatal: Subject does not contain an SSOUser Principal"); return null; } // Create the resulting Principal for our authenticated user if (username != null) { return (new CatalinaSSOUser(ssoUser, realm, username, password, roles)); } else { return (null); } }
From source file:org.betaconceptframework.astroboa.resourceapi.utility.ContentApiUtils.java
public static Subject createSubjectForSystemUserAndItsRoles(String cmsRepositoryId) { Subject subject = new Subject(); //System identity subject.getPrincipals().add(new IdentityPrincipal(IdentityPrincipal.SYSTEM)); //Load default roles for SYSTEM USER //Must return at list one group named "Roles" in order to be Group rolesPrincipal = new CmsGroup(AstroboaPrincipalName.Roles.toString()); for (CmsRole cmsRole : CmsRole.values()) { rolesPrincipal.addMember(new CmsPrincipal(CmsRoleAffiliationFactory.INSTANCE .getCmsRoleAffiliationForRepository(cmsRole, cmsRepositoryId))); }/*from www . j av a2 s .c o m*/ subject.getPrincipals().add(rolesPrincipal); return subject; }
From source file:com.keybox.manage.util.ExternalAuthUtil.java
/** * external auth login method/*from w w w .jav a 2 s .co m*/ * * @param auth contains username and password * @return auth token if success */ public static String login(final Auth auth) { String authToken = null; if (externalAuthEnabled && auth != null && StringUtils.isNotEmpty(auth.getUsername()) && StringUtils.isNotEmpty(auth.getPassword())) { Connection con = null; try { CallbackHandler handler = new CallbackHandler() { @Override public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { for (Callback callback : callbacks) { if (callback instanceof NameCallback) { ((NameCallback) callback).setName(auth.getUsername()); } else if (callback instanceof PasswordCallback) { ((PasswordCallback) callback).setPassword(auth.getPassword().toCharArray()); } } } }; try { LoginContext loginContext = new LoginContext(JAAS_MODULE, handler); //will throw exception if login fail loginContext.login(); Subject subject = loginContext.getSubject(); con = DBUtils.getConn(); User user = AuthDB.getUserByUID(con, auth.getUsername()); if (user == null) { user = new User(); user.setUserType(User.ADMINISTRATOR); user.setUsername(auth.getUsername()); //if it looks like name is returned default it for (Principal p : subject.getPrincipals()) { if (p.getName().contains(" ")) { String[] name = p.getName().split(" "); if (name.length > 1) { user.setFirstNm(name[0]); user.setLastNm(name[name.length - 1]); } } } //set email if (auth.getUsername().contains("@")) { user.setEmail(auth.getUsername()); } user.setId(UserDB.insertUser(con, user)); } authToken = UUID.randomUUID().toString(); user.setAuthToken(authToken); user.setAuthType(Auth.AUTH_EXTERNAL); //set auth token AuthDB.updateLogin(con, user); } catch (LoginException e) { //auth failed return empty authToken = null; } } catch (Exception e) { log.error(e.toString(), e); } DBUtils.closeConn(con); } return authToken; }
From source file:org.apache.storm.utils.ServerUtils.java
public static Subject principalNameToSubject(String name) { SingleUserPrincipal principal = new SingleUserPrincipal(name); Subject sub = new Subject(); sub.getPrincipals().add(principal); return sub;//from ww w . j a v a 2s . co m }
From source file:org.jkcsoft.web.struts.http.HttpHelper.java
public static Principal getLoggedInPrincipal(HttpServletRequest request) { Principal principal = null;// ww w .j a v a2s.c o m Subject subject = getLoggedInSubject(request); if (subject != null) { try { principal = (Principal) subject.getPrincipals().toArray()[0]; } catch (RuntimeException e) { LogHelper.getLogger(HttpHelper.class).error("Error getting login Principal", e); } } return principal; }
From source file:org.wso2.carbon.identity.application.authenticator.iwa.IWAAuthenticationUtil.java
/** * Create GSSCredential as Subject/* w w w. ja v a 2 s.c o m*/ * * @param subject login context subject * @return GSSCredential * @throws PrivilegedActionException */ private static GSSCredential createCredentialsForSubject(final Subject subject) throws PrivilegedActionException { final PrivilegedExceptionAction<GSSCredential> action = new PrivilegedExceptionAction<GSSCredential>() { public GSSCredential run() throws GSSException { return gssManager.createCredential(null, GSSCredential.INDEFINITE_LIFETIME, GSSUtil.GSS_SPNEGO_MECH_OID, GSSCredential.ACCEPT_ONLY); } }; if (log.isDebugEnabled()) { Set<Principal> principals = subject.getPrincipals(); String principalName = null; if (principals != null) { principalName = principals.toString(); } log.debug("Creating gss credentials as principal : " + principalName); } return Subject.doAs(subject, action); }
From source file:com.google.gsa.valve.modules.krb.KerberosAuthenticationProcess.java
/** * Gets the main principal from the user subject got as a result * of the Kerberos authentication process * //from w ww. java 2s . c o m * @param subject user subject * * @return the user principal */ public static String getPrincipalStr(Subject subject) { String principal = null; logger.debug("Getting principal from Subject"); try { Set principals = subject.getPrincipals(); if (!principals.isEmpty()) { logger.debug("Subject contains at least one Principal"); Iterator it = principals.iterator(); if (it.hasNext()) { Principal ppal = (Principal) it.next(); principal = ppal.getName().substring(0, ppal.getName().indexOf("@")); logger.debug("Getting the first principal: " + principal); } } } catch (Exception e) { logger.error("Error retrieving the client's Principal from the Subject: " + e.getMessage(), e); } return principal; }
From source file:org.apache.ranger.audit.provider.MiscUtil.java
public static UserGroupInformation createUGIFromSubject(Subject subject) throws IOException { logger.info("SUBJECT " + (subject == null ? "not found" : "found")); UserGroupInformation ugi = null;//from w ww . jav a 2s . c om if (subject != null) { logger.info("SUBJECT.PRINCIPALS.size()=" + subject.getPrincipals().size()); Set<Principal> principals = subject.getPrincipals(); for (Principal principal : principals) { logger.info("SUBJECT.PRINCIPAL.NAME=" + principal.getName()); } try { // Do not remove the below statement. The default // getLoginUser does some initialization which is needed // for getUGIFromSubject() to work. UserGroupInformation.getLoginUser(); logger.info("Default UGI before using new Subject:" + UserGroupInformation.getLoginUser()); } catch (Throwable t) { logger.error(t); } ugi = UserGroupInformation.getUGIFromSubject(subject); logger.info("SUBJECT.UGI.NAME=" + ugi.getUserName() + ", ugi=" + ugi); } else { logger.info("Server username is not available"); } return ugi; }