List of usage examples for javax.security.auth Subject setReadOnly
public void setReadOnly()
From source file:org.apache.hadoop.gateway.identityasserter.function.UsernameFunctionProcessorTest.java
@Test public void testResolve() throws Exception { final UsernameFunctionProcessor processor = new UsernameFunctionProcessor(); assertThat(processor.resolve(null, null), nullValue()); assertThat(processor.resolve(null, Arrays.asList("test-input")), contains("test-input")); Subject subject = new Subject(); subject.getPrincipals().add(new PrimaryPrincipal("test-username")); subject.setReadOnly(); Subject.doAs(subject, new PrivilegedExceptionAction<Object>() { @Override// ww w . j a v a 2s .co m public Object run() throws Exception { assertThat(processor.resolve(null, null), contains("test-username")); assertThat(processor.resolve(null, Arrays.asList("test-ignored")), contains("test-username")); return null; } }); }
From source file:org.apache.coheigea.cxf.syncope.authorization.SyncopeRolesInterceptor.java
public void handleMessage(Message message) throws Fault { SecurityContext context = message.get(SecurityContext.class); if (context == null) { return;//from w ww. j a v a2 s .c o m } Principal principal = context.getUserPrincipal(); UsernameToken usernameToken = (UsernameToken) message.get(SecurityToken.class); if (principal == null || usernameToken == null || !principal.getName().equals(usernameToken.getName())) { return; } // Read the user from Syncope and get the roles WebClient client = WebClient.create(address, Collections.singletonList(new JacksonJsonProvider())); String authorizationHeader = "Basic " + Base64Utility.encode((usernameToken.getName() + ":" + usernameToken.getPassword()).getBytes()); client.header("Authorization", authorizationHeader); client = client.path("users/self"); UserTO user = null; try { user = client.get(UserTO.class); if (user == null) { Exception exception = new Exception("Authentication failed"); throw new Fault(exception); } } catch (RuntimeException ex) { if (log.isDebugEnabled()) { log.debug(ex.getMessage(), ex); } throw new Fault(ex); } // Now get the roles List<MembershipTO> membershipList = user.getMemberships(); Subject subject = new Subject(); subject.getPrincipals().add(principal); for (MembershipTO membership : membershipList) { String roleName = membership.getGroupName(); subject.getPrincipals().add(new SimpleGroup(roleName, usernameToken.getName())); } subject.setReadOnly(); message.put(SecurityContext.class, new DefaultSecurityContext(principal, subject)); }
From source file:org.apache.coheigea.cxf.x509.authorization.X509AuthorizationValidator.java
public Credential validate(Credential credential, RequestData data) throws WSSecurityException { Credential validatedCredential = super.validate(credential, data); // Validate the Certificate X509Certificate[] certs = validatedCredential.getCertificates(); if (certs == null || certs.length == 0) { if (log.isDebugEnabled()) { log.debug("No X.509 Certificates are found"); }/* w w w.j av a2 s . c o m*/ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION); } Principal principal = validatedCredential.getPrincipal(); // Mock up a Subject Subject subject = new Subject(); subject.getPrincipals().add(principal); subject.getPrincipals().add(new SimpleGroup("employee")); if (principal.getName().startsWith("CN=Client,O=Apache")) { subject.getPrincipals().add(new SimpleGroup("boss")); } subject.setReadOnly(); credential.setSubject(subject); return credential; }
From source file:org.apache.qpid.server.management.plugin.HttpManagementUtil.java
public static void checkRequestAuthenticatedAndAccessAuthorized(HttpServletRequest request, Broker broker, HttpManagementConfiguration managementConfig) { HttpSession session = request.getSession(); Subject subject = getAuthorisedSubject(session); if (subject == null) { subject = tryToAuthenticate(request, managementConfig); if (subject == null) { throw new SecurityException("Only authenticated users can access the management interface"); }/*w w w .j ava 2s .c om*/ Subject original = subject; subject = new Subject(false, original.getPrincipals(), original.getPublicCredentials(), original.getPrivateCredentials()); subject.getPrincipals().add(new ServletConnectionPrincipal(request)); subject.setReadOnly(); assertManagementAccess(broker.getSecurityManager(), subject); saveAuthorisedSubject(session, subject); } }
From source file:org.artificer.devsvr.ArtificerDevServer.java
/** * @return a security handler//from w ww . j av a2 s. c om */ private SecurityHandler createSecurityHandler(boolean forUI) { Constraint constraint = new Constraint(); constraint.setName(Constraint.__BASIC_AUTH); constraint.setRoles(new String[] { "user" }); constraint.setAuthenticate(true); ConstraintMapping cm = new ConstraintMapping(); cm.setConstraint(constraint); cm.setPathSpec("/*"); ConstraintSecurityHandler csh = new ConstraintSecurityHandler(); csh.setSessionRenewedOnAuthentication(false); csh.setAuthenticator(new BasicAuthenticator()); csh.setRealmName("artificer"); if (forUI) { csh.addConstraintMapping(cm); } csh.setLoginService(new HashLoginService() { @Override public UserIdentity login(String username, Object credentials) { Credential credential = (credentials instanceof Credential) ? (Credential) credentials : Credential.getCredential(credentials.toString()); Principal userPrincipal = new KnownUser(username, credential); Subject subject = new Subject(); subject.getPrincipals().add(userPrincipal); subject.getPrivateCredentials().add(credential); String[] roles = new String[] { "user", "readonly", "readwrite", "admin" }; for (String role : roles) { subject.getPrincipals().add(new RolePrincipal(role)); } subject.setReadOnly(); return _identityService.newUserIdentity(subject, userPrincipal, roles); } }); return csh; }
From source file:org.hippoecm.frontend.service.restproxy.RestProxyServicePlugin.java
protected Subject getSubject() { PluginUserSession session = (PluginUserSession) UserSession.get(); Credentials credentials = session.getCredentials(); Subject subject = new Subject(); subject.getPrivateCredentials().add(credentials); subject.setReadOnly(); return subject; }