private LoginModuleControlFlag loginModuleControlFlag(String flag) { LoginModuleControlFlag controlFlag; switch (flag.toUpperCase(Locale.ROOT)) { case "REQUIRED": controlFlag = LoginModuleControlFlag.REQUIRED; break; case "REQUISITE": controlFlag = LoginModuleControlFlag.REQUISITE; break; case "SUFFICIENT": controlFlag = LoginModuleControlFlag.SUFFICIENT; break; case "OPTIONAL": controlFlag = LoginModuleControlFlag.OPTIONAL; break; default: throw new IllegalArgumentException("Invalid login module control flag '" + flag + "' in JAAS config"); } return controlFlag; }
private AppConfigurationEntry parseAppConfigurationEntry(StreamTokenizer tokenizer) throws IOException { String loginModule = tokenizer.sval; if (tokenizer.nextToken() == StreamTokenizer.TT_EOF) throw new IllegalArgumentException("Login module control flag not specified in JAAS config"); LoginModuleControlFlag controlFlag = loginModuleControlFlag(tokenizer.sval); Map<String, String> options = new HashMap<>(); while (tokenizer.nextToken() != StreamTokenizer.TT_EOF && tokenizer.ttype != ';') { String key = tokenizer.sval; if (tokenizer.nextToken() != '=' || tokenizer.nextToken() == StreamTokenizer.TT_EOF || tokenizer.sval == null) throw new IllegalArgumentException("Value not specified for key '" + key + "' in JAAS config"); String value = tokenizer.sval; options.put(key, value); } if (tokenizer.ttype != ';') throw new IllegalArgumentException("JAAS config entry not terminated by semi-colon"); return new AppConfigurationEntry(loginModule, controlFlag, options); }
public static Configuration makeConfiguration() { return new Configuration() { @Override public AppConfigurationEntry[] getAppConfigurationEntry(String name) { if (name.equals("Wave")) { AppConfigurationEntry entry = new AppConfigurationEntry(AccountStoreLoginModule.class.getName(), LoginModuleControlFlag.REQUIRED, new HashMap<String, Object>()); return new AppConfigurationEntry[] {entry}; } else { return null; } } }; }
public FileFtpConfiguration(File configFile) { try { doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(configFile); String useUsers = evalXPath("/ftpd/use-users/text()"); if(!StringUtils.isEmpty(useUsers)) { boolean use = Boolean.parseBoolean(useUsers); if(use) { securityDomain = RandomStringUtils.randomAlphabetic(5); AppConfigurationEntry entry = new AppConfigurationEntry(FileConfigLoginModule.class.getName(),LoginModuleControlFlag.REQUIRED, new HashMap()); DeligateConfiguration deligateConfiguration = new DeligateConfiguration(getJAASConfiguration(),securityDomain,new AppConfigurationEntry[]{entry}); Configuration.setConfiguration(deligateConfiguration); } } } catch (Exception e) { throw new IncorrectConfigurationException(e); } }
public LoginContext getLoginContextFromUsernamePassword( final String principal, final String password ) throws LoginException { Map<String, String> opts = new HashMap<String, String>( LOGIN_CONFIG_OPTS_KERBEROS_USER ); opts.put( "principal", principal ); AppConfigurationEntry[] appConfigurationEntries = new AppConfigurationEntry[] { new AppConfigurationEntry( Krb5LoginModule.class.getName(), LoginModuleControlFlag.REQUIRED, opts ) }; return new LoginContext( KERBEROS_APP_NAME, new Subject(), new CallbackHandler() { @Override public void handle( Callback[] callbacks ) throws IOException, UnsupportedCallbackException { for ( Callback callback : callbacks ) { if ( callback instanceof NameCallback ) { ( (NameCallback) callback ).setName( principal ); } else if ( callback instanceof PasswordCallback ) { ( (PasswordCallback) callback ).setPassword( password.toCharArray() ); } else { throw new UnsupportedCallbackException( callback ); } } } }, new PentahoLoginConfiguration( appConfigurationEntries ) ); }
/** * Creates a new instance of Krb5LoginConfiguration. */ public Krb5LoginConfiguration() { String loginModule = "com.sun.security.auth.module.Krb5LoginModule"; HashMap<String, Object> options = new HashMap<>(); // TODO: this only works for Sun JVM options.put( "refreshKrb5Config", "true" ); LoginModuleControlFlag flag = LoginModuleControlFlag.REQUIRED; configList[0] = new AppConfigurationEntry( loginModule, flag, options ); }
public void init() { Debug.info("Configuring authentication service ..."); String m = ApplicationProperty.AuthenticationModules.value(); String[] modules = (m == null || m.isEmpty() ? new String[] {} : m.split(";")); sEntries = new AppConfigurationEntry[modules.length]; for (int idx = 0; idx < modules.length; idx++) { HashMap<String, Object> options = new HashMap<String, Object>(); String[] module = modules[idx].split(" "); LoginModuleControlFlag flag = LoginModuleControlFlag.SUFFICIENT; String name = module[module.length == 1 ? 0 : 1]; if (module.length > 1) { String f = module[0]; if (f.equalsIgnoreCase("sufficient")) flag = LoginModuleControlFlag.SUFFICIENT; else if (f.equalsIgnoreCase("optional")) flag = LoginModuleControlFlag.OPTIONAL; else if (f.equalsIgnoreCase("required")) flag = LoginModuleControlFlag.REQUIRED; else if (f.equalsIgnoreCase("requisite")) flag = LoginModuleControlFlag.REQUISITE; } if (module.length > 2) for (int i = 2; i < module.length; i++) { String[] option = module[i].split("="); if (option.length == 1) options.put(option[0], "true"); else options.put(option[0], option[1]); } Debug.info(" Using " + flag + " " + name + " " + options); sEntries[idx] = new AppConfigurationEntry(name, flag, options); } }
public void addEntry(String name, String loginModule, Map<String, Object> options) { AppConfigurationEntry entry = new AppConfigurationEntry(loginModule, LoginModuleControlFlag.REQUIRED, options); AppConfigurationEntry[] existing = entryMap.get(name); AppConfigurationEntry[] newEntries = existing == null ? new AppConfigurationEntry[1] : Arrays.copyOf(existing, existing.length + 1); newEntries[newEntries.length - 1] = entry; entryMap.put(name, newEntries); }
@Test public void testControlFlag() throws Exception { LoginModuleControlFlag[] controlFlags = new LoginModuleControlFlag[] { LoginModuleControlFlag.REQUIRED, LoginModuleControlFlag.REQUISITE, LoginModuleControlFlag.SUFFICIENT, LoginModuleControlFlag.OPTIONAL }; Map<String, Object> options = new HashMap<>(); options.put("propName", "propValue"); for (LoginModuleControlFlag controlFlag : controlFlags) { checkConfiguration("test.testControlFlag", controlFlag, options); } }
@Test public void testMultipleOptions() throws Exception { Map<String, Object> options = new HashMap<>(); for (int i = 0; i < 10; i++) options.put("propName" + i, "propValue" + i); checkConfiguration("test.testMultipleOptions", LoginModuleControlFlag.SUFFICIENT, options); }
@Test public void testQuotedOptionValue() throws Exception { Map<String, Object> options = new HashMap<>(); options.put("propName", "prop value"); options.put("propName2", "value1 = 1, value2 = 2"); String config = String.format("test.testQuotedOptionValue required propName=\"%s\" propName2=\"%s\";", options.get("propName"), options.get("propName2")); checkConfiguration(config, "test.testQuotedOptionValue", LoginModuleControlFlag.REQUIRED, options); }
@Test public void testQuotedOptionName() throws Exception { Map<String, Object> options = new HashMap<>(); options.put("prop name", "propValue"); String config = "test.testQuotedOptionName required \"prop name\"=propValue;"; checkConfiguration(config, "test.testQuotedOptionName", LoginModuleControlFlag.REQUIRED, options); }
@Test public void testNumericOptionWithQuotes() throws Exception { Map<String, Object> options = new HashMap<>(); options.put("option1", "3"); String config = "test.testNumericOptionWithQuotes required option1=\"3\";"; checkConfiguration(config, "test.testNumericOptionWithQuotes", LoginModuleControlFlag.REQUIRED, options); }
@Test public void testLoadForServerWithListenerNameOverride() throws IOException { writeConfiguration(Arrays.asList( "KafkaServer { test.LoginModuleDefault required; };", "plaintext.KafkaServer { test.LoginModuleOverride requisite; };" )); JaasContext context = JaasContext.load(JaasContext.Type.SERVER, new ListenerName("plaintext"), Collections.<String, Object>emptyMap()); assertEquals("plaintext.KafkaServer", context.name()); assertEquals(JaasContext.Type.SERVER, context.type()); assertEquals(1, context.configurationEntries().size()); checkEntry(context.configurationEntries().get(0), "test.LoginModuleOverride", LoginModuleControlFlag.REQUISITE, Collections.<String, Object>emptyMap()); }
@Test public void testLoadForServerWithListenerNameAndFallback() throws IOException { writeConfiguration(Arrays.asList( "KafkaServer { test.LoginModule required; };", "other.KafkaServer { test.LoginModuleOther requisite; };" )); JaasContext context = JaasContext.load(JaasContext.Type.SERVER, new ListenerName("plaintext"), Collections.<String, Object>emptyMap()); assertEquals("KafkaServer", context.name()); assertEquals(JaasContext.Type.SERVER, context.type()); assertEquals(1, context.configurationEntries().size()); checkEntry(context.configurationEntries().get(0), "test.LoginModule", LoginModuleControlFlag.REQUIRED, Collections.<String, Object>emptyMap()); }
private String jaasConfigProp(String loginModule, LoginModuleControlFlag controlFlag, Map<String, Object> options) { StringBuilder builder = new StringBuilder(); builder.append(loginModule); builder.append(' '); builder.append(controlFlag(controlFlag)); for (Map.Entry<String, Object> entry : options.entrySet()) { builder.append(' '); builder.append(entry.getKey()); builder.append('='); builder.append(entry.getValue()); } builder.append(';'); return builder.toString(); }
private void checkConfiguration(String jaasConfigProp, String loginModule, LoginModuleControlFlag controlFlag, Map<String, Object> options) throws Exception { AppConfigurationEntry dynamicEntry = configurationEntry(JaasContext.Type.CLIENT, jaasConfigProp); checkEntry(dynamicEntry, loginModule, controlFlag, options); assertNull("Static configuration updated", Configuration.getConfiguration().getAppConfigurationEntry(JaasContext.Type.CLIENT.name())); writeConfiguration(JaasContext.Type.SERVER.name(), jaasConfigProp); AppConfigurationEntry staticEntry = configurationEntry(JaasContext.Type.SERVER, null); checkEntry(staticEntry, loginModule, controlFlag, options); }
@Override public AppConfigurationEntry[] getAppConfigurationEntry(String name) { if (contextName.equalsIgnoreCase(name)) { AppConfigurationEntry entry = new AppConfigurationEntry(moduleName, LoginModuleControlFlag.REQUIRED, options); return new AppConfigurationEntry[] { entry }; } return null; }
/** * {@inheritDoc} * * @see javax.security.auth.login.Configuration#getAppConfigurationEntry(java.lang.String) */ @Override public AppConfigurationEntry[] getAppConfigurationEntry ( String name ) { return new AppConfigurationEntry[] { new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule", LoginModuleControlFlag.REQUIRED, this.options) }; }
@Override public AppConfigurationEntry[] getAppConfigurationEntry(String name) { if (name.equals(com.datatorrent.stram.security.KerberosAuth.class.getName())) { AppConfigurationEntry[] configEntries = new AppConfigurationEntry[1]; HashMap<String, String> params = new HashMap<>(); params.put("useTicketCache", "true"); params.put("principal", principal); configEntries[0] = new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule", LoginModuleControlFlag.REQUIRED, params); return configEntries; } else { return null; } }
public MemoryConfiguration addConfigurationEntry( final String name, final String loginModuleName, final LoginModuleControlFlag loginModuleControlFlag, final Map<String, ?> loginModuleConfiguration) { return addConfigurationEntry(name, new AppConfigurationEntry( loginModuleName, loginModuleControlFlag, loginModuleConfiguration ) ); }
public String getFlagString() { if (LoginModuleControlFlag.SUFFICIENT.equals(entry.getControlFlag())) { return "sufficient"; } if (LoginModuleControlFlag.REQUISITE.equals(entry.getControlFlag())) { return "requisite"; } if (LoginModuleControlFlag.REQUIRED.equals(entry.getControlFlag())) { return "required"; } // return the last possibility return "optional"; }
private String valueOf(LoginModuleControlFlag controlFlag) { if (controlFlag.equals(LoginModuleControlFlag.OPTIONAL)) return "optional"; if (controlFlag.equals(LoginModuleControlFlag.REQUIRED)) return "required"; if (controlFlag.equals(LoginModuleControlFlag.REQUISITE)) return "requisite"; return "sufficient"; }
@SuppressWarnings("unchecked") private AppConfigurationEntry getJAASEntry(XMLEventReader xmlEventReader) throws XMLStreamException { XMLEvent xmlEvent = xmlEventReader.nextEvent(); Map<String, Object> options = new HashMap<String, Object>(); String codeName = null; LoginModuleControlFlag controlFlag = LoginModuleControlFlag.REQUIRED; //We got the login-module element StartElement loginModuleElement = (StartElement) xmlEvent; //We got the login-module element Iterator<Attribute> attrs = loginModuleElement.getAttributes(); while (attrs.hasNext()) { Attribute attribute = attrs.next(); QName attQName = attribute.getName(); String attributeValue = StaxParserUtil.getAttributeValue(attribute); if ("code".equals(attQName.getLocalPart())) { codeName = attributeValue; } else if ("flag".equals(attQName.getLocalPart())) { controlFlag = getControlFlag(attributeValue); } } //See if there are options ModuleOptionParser moParser = new ModuleOptionParser(); options.putAll(moParser.parse(xmlEventReader)); return new AppConfigurationEntry(codeName, controlFlag, options); }
private LoginModuleControlFlag getControlFlag(String flag) { if ("required".equalsIgnoreCase(flag)) return LoginModuleControlFlag.REQUIRED; if ("sufficient".equalsIgnoreCase(flag)) return LoginModuleControlFlag.SUFFICIENT; if ("optional".equalsIgnoreCase(flag)) return LoginModuleControlFlag.OPTIONAL; if ("requisite".equalsIgnoreCase(flag)) return LoginModuleControlFlag.REQUISITE; throw PicketBoxMessages.MESSAGES.invalidControlFlag(flag); }
@SuppressWarnings("unchecked") private AppConfigurationEntry getEntry(XMLEventReader xmlEventReader) throws XMLStreamException { XMLEvent xmlEvent = xmlEventReader.nextEvent(); Map<String, Object> options = new HashMap<String,Object>(); String codeName = null; LoginModuleControlFlag controlFlag = LoginModuleControlFlag.REQUIRED; //We got the login-module element StartElement loginModuleElement = (StartElement) xmlEvent; //We got the login-module element Iterator<Attribute> attrs = loginModuleElement.getAttributes(); while(attrs.hasNext()) { Attribute attribute = attrs.next(); QName attQName = attribute.getName(); String attributeValue = StaxParserUtil.getAttributeValue(attribute); if("code".equals(attQName.getLocalPart())) { codeName = attributeValue; } else if("flag".equals(attQName.getLocalPart())) { controlFlag = getControlFlag(attributeValue); } } //See if there are options ModuleOptionParser moParser = new ModuleOptionParser(); options.putAll(moParser.parse(xmlEventReader)); return new AppConfigurationEntry(codeName, controlFlag, options); }
private LoginModuleControlFlag getControlFlag(String flag) { if("required".equalsIgnoreCase(flag)) return LoginModuleControlFlag.REQUIRED; if("sufficient".equalsIgnoreCase(flag)) return LoginModuleControlFlag.SUFFICIENT; if("optional".equalsIgnoreCase(flag)) return LoginModuleControlFlag.OPTIONAL; if("requisite".equalsIgnoreCase(flag)) return LoginModuleControlFlag.REQUISITE; throw PicketBoxMessages.MESSAGES.invalidControlFlag(flag); }
@Override public AppConfigurationEntry[] getAppConfigurationEntry(String name) { HashMap<String,Object> map = new HashMap<String,Object>(); map.put("usersProperties", "users.properties"); map.put("rolesProperties", "roles.properties"); String moduleName = "org.jboss.security.auth.spi.UsersRolesLoginModule"; AppConfigurationEntry ace = new AppConfigurationEntry(moduleName, LoginModuleControlFlag.REQUIRED, map); return new AppConfigurationEntry[]{ace}; }
@Override public AppConfigurationEntry[] getAppConfigurationEntry(String name) { HashMap<String, Object> map = new HashMap<String, Object>(); map.put("usersProperties", "users.properties"); map.put("rolesProperties", "roles.properties"); String moduleName = "org.jboss.security.auth.spi.UsersRolesLoginModule"; AppConfigurationEntry ace = new AppConfigurationEntry(moduleName, LoginModuleControlFlag.REQUIRED, map); return new AppConfigurationEntry[] {ace}; }
private AppConfigurationEntry.LoginModuleControlFlag getFlag(String flag) { if("REQUIRED".equalsIgnoreCase(flag)) return LoginModuleControlFlag.REQUIRED; if("REQUISITE".equalsIgnoreCase(flag)) return LoginModuleControlFlag.REQUISITE; if("SUFFICIENT".equalsIgnoreCase(flag)) return LoginModuleControlFlag.SUFFICIENT; return LoginModuleControlFlag.OPTIONAL; }
Module(AppConfigurationEntry entry) { this.entry = entry; LoginModuleControlFlag flg = entry.getControlFlag(); if (flg == LoginModuleControlFlag.OPTIONAL) { flag = OPTIONAL; } else if (flg == LoginModuleControlFlag.REQUISITE) { flag = REQUISITE; } else if (flg == LoginModuleControlFlag.SUFFICIENT) { flag = SUFFICIENT; } else { flag = REQUIRED; //if(flg!=LoginModuleControlFlag.REQUIRED) throw new Error() } }
/** * Maps an integer value into appropriate LoginModuleControlFlag. * @param flag * @return */ private static LoginModuleControlFlag mapControlFlag(int flag) { switch (flag) { case OPTIONAL: return LoginModuleControlFlag.OPTIONAL; case REQUIRED: return LoginModuleControlFlag.REQUIRED; case REQUISITE: return LoginModuleControlFlag.REQUISITE; case SUFFICIENT: return LoginModuleControlFlag.SUFFICIENT; } throw new Error("Unknown flag:" + flag); }
String add(String name, AppConfigurationEntry.LoginModuleControlFlag flag, Map<String, ?> options) { String fullName = getGlobalClassName(name); AppConfigurationEntry entry = new AppConfigurationEntry(fullName, flag, options); entries.add(entry); return fullName; }
/** * @tests javax.security.auth.login.LoginContext.login() */ public void test_login_resourcesLeakage() throws Exception { // This is a compatibility test. // The test verifies that LoginContext allows to invoke login() method // multiple times without invoking logout() before. In testing scenario // each login() invocation adds new credentials to the passed subject. Configuration.setConfiguration(new Configuration() { @Override public AppConfigurationEntry[] getAppConfigurationEntry(String name) { return new AppConfigurationEntry[] { new AppConfigurationEntry( MyModule.class.getName(), LoginModuleControlFlag.REQUIRED, new HashMap<String, Object>()) }; } @Override public void refresh() { } }); LoginContext context = new LoginContext("moduleName", new Subject()); context.login(); context.login(); Subject subject = context.getSubject(); assertEquals(2, subject.getPrivateCredentials().size()); assertEquals(2, subject.getPublicCredentials().size()); }
/** * Appends required login module to the current configuration */ public static void addRequired(String name, Map<String, ?> options) { ArrayList<AppConfigurationEntry> list = ((MyConfig) Configuration.getConfiguration()).entries; AppConfigurationEntry entry = new AppConfigurationEntry( LoginContextTest.class.getName() + '$' + name, javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options); list.add(entry); }
private AppConfigurationEntry[] createConfig(String service) { Map<String, String> options = new HashMap<>(); if (service != null) { options.put(PamLoginModule.SERVICE_KEY, service); } String loginModule = PamLoginModule.class.getName(); AppConfigurationEntry pamEntry = new AppConfigurationEntry(loginModule, LoginModuleControlFlag.REQUIRED, options); return new AppConfigurationEntry[] { pamEntry }; }
