Java Code Examples for javax.security.auth.Subject#setReadOnly()

The following examples show how to use javax.security.auth.Subject#setReadOnly() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: SubjectCreator.java    From qpid-broker-j with Apache License 2.0 6 votes vote down vote up
public SubjectAuthenticationResult createResultWithGroups(final AuthenticationResult authenticationResult)
{
    if(authenticationResult.getStatus() == AuthenticationStatus.SUCCESS)
    {
        final Subject authenticationSubject = new Subject();

        authenticationSubject.getPrincipals().addAll(authenticationResult.getPrincipals());
        final Set<Principal> groupPrincipals = getGroupPrincipals(authenticationResult.getMainPrincipal());
        authenticationSubject.getPrincipals().addAll(groupPrincipals);

        authenticationSubject.setReadOnly();

        return new SubjectAuthenticationResult(authenticationResult, authenticationSubject);
    }
    else
    {
        return new SubjectAuthenticationResult(authenticationResult);
    }
}
 
Example 2
Source File: CacheFactoryTest.java    From qpid-broker-j with Apache License 2.0 6 votes vote down vote up
@Test
public void getCache()
{
    String cacheName = "test";
    final Cache<Object, Object> cache = new NullCache<>();
    final CacheProvider virtualHost = mock(CacheProvider.class, withSettings().extraInterfaces(VirtualHost.class));
    when(virtualHost.getNamedCache(cacheName)).thenReturn(cache);
    final Subject subject = new Subject();
    subject.getPrincipals().add(new VirtualHostPrincipal((VirtualHost<?>) virtualHost));
    subject.setReadOnly();

    Cache<String, String> actualCache = Subject.doAs(subject,
                                               (PrivilegedAction<Cache<String, String>>) () -> CacheFactory.getCache(cacheName,
                                                                                                                     null));
    assertSame(actualCache, cache);
    verify(virtualHost).getNamedCache(cacheName);
}
 
Example 3
Source File: UsernameFunctionProcessorTest.java    From knox with Apache License 2.0 6 votes vote down vote up
@Test
public void testResolve() throws Exception {
  final UsernameFunctionProcessor processor = new UsernameFunctionProcessor();
  assertThat( processor.resolve( null, null ), nullValue() );
  assertThat( processor.resolve( null, Collections.singletonList("test-input")), contains( "test-input" ) );
  Subject subject = new Subject();
  subject.getPrincipals().add( new PrimaryPrincipal( "test-username" ) );
  subject.setReadOnly();
  Subject.doAs( subject, new PrivilegedExceptionAction<Object>() {
    @Override
    public Object run() throws Exception {
      assertThat( processor.resolve( null, null ), contains( "test-username" ) );
      assertThat( processor.resolve( null, Collections.singletonList("test-ignored")), contains( "test-username" ) );
      return null;
    }
  } );
}
 
Example 4
Source File: SimpleUsernameTokenInterceptor.java    From cxf with Apache License 2.0 6 votes vote down vote up
protected Subject createSubject(String name,
                                String password,
                                boolean isDigest,
                                String nonce,
                                String created) throws SecurityException {
    Subject subject = new Subject();

    // delegate to the external security system if possible

    // authenticate the user somehow
    subject.getPrincipals().add(new SimplePrincipal(name));

    // add roles this user is in
    String roleName = "Alice".equals(name) ? "developers" : "pms";
    subject.getPrincipals().add(new SimpleGroup(roleName, name));
    subject.setReadOnly();
    return subject;
}
 
Example 5
Source File: SimpleSubjectCreatingInterceptor.java    From steady with Apache License 2.0 5 votes vote down vote up
@Override
protected Subject createSubject(String name, 
                                String password, 
                                boolean isDigest,
                                String nonce,
                                String created) throws SecurityException {
    Subject subject = new Subject();
     
    // delegate to the external security system if possible
     
    subject.getPrincipals().add(new SimplePrincipal(name));
    subject.getPrincipals().add(new SimpleGroup("developers", name));
    subject.setReadOnly();
    return subject;
}
 
Example 6
Source File: SimpleSubjectCreatingInterceptor.java    From steady with Apache License 2.0 5 votes vote down vote up
@Override
protected Subject createSubject(String name, 
                                String password, 
                                boolean isDigest,
                                String nonce,
                                String created) throws SecurityException {
    Subject subject = new Subject();
     
    // delegate to the external security system if possible
     
    subject.getPrincipals().add(new SimplePrincipal(name));
    subject.getPrincipals().add(new SimpleGroup("developers", name));
    subject.setReadOnly();
    return subject;
}
 
Example 7
Source File: SimpleSubjectCreatingInterceptor.java    From steady with Apache License 2.0 5 votes vote down vote up
@Override
protected Subject createSubject(String name, 
                                String password, 
                                boolean isDigest,
                                String nonce,
                                String created) throws SecurityException {
    Subject subject = new Subject();
     
    // delegate to the external security system if possible
     
    subject.getPrincipals().add(new SimplePrincipal(name));
    subject.getPrincipals().add(new SimpleGroup("developers", name));
    subject.setReadOnly();
    return subject;
}
 
Example 8
Source File: SimpleSubjectCreatingInterceptor.java    From steady with Apache License 2.0 5 votes vote down vote up
@Override
protected Subject createSubject(String name, 
                                String password, 
                                boolean isDigest,
                                String nonce,
                                String created) throws SecurityException {
    Subject subject = new Subject();
     
    // delegate to the external security system if possible
     
    subject.getPrincipals().add(new SimplePrincipal(name));
    subject.getPrincipals().add(new SimpleGroup("developers", name));
    subject.setReadOnly();
    return subject;
}
 
Example 9
Source File: HttpManagementUtil.java    From qpid-broker-j with Apache License 2.0 5 votes vote down vote up
public static Subject createServletConnectionSubject(final HttpServletRequest request, Subject original)
{
    Subject subject = new Subject(false,
                          original.getPrincipals(),
                          original.getPublicCredentials(),
                          original.getPrivateCredentials());
    subject.getPrincipals().add(new ServletConnectionPrincipal(request));
    subject.setReadOnly();
    return subject;
}
 
Example 10
Source File: SubjectCreator.java    From qpid-broker-j with Apache License 2.0 5 votes vote down vote up
public Subject createSubjectWithGroups(Principal userPrincipal)
{
    Subject authenticationSubject = new Subject();

    authenticationSubject.getPrincipals().add(userPrincipal);
    authenticationSubject.getPrincipals().addAll(getGroupPrincipals(userPrincipal));
    authenticationSubject.setReadOnly();

    return authenticationSubject;
}
 
Example 11
Source File: MongoLoginService.java    From EDDI with Apache License 2.0 5 votes vote down vote up
private UserIdentity createUserIdentity(String username, Credential credential) {
    Principal userPrincipal = new AbstractLoginService.UserPrincipal(username, credential);
    Subject subject = new Subject();
    subject.getPrincipals().add(userPrincipal);
    subject.getPrivateCredentials().add(credential);
    subject.setReadOnly();
    return identityService.newUserIdentity(subject, userPrincipal, new String[]{"user"});
}
 
Example 12
Source File: CustomUsernameTokenInterceptor.java    From cxf with Apache License 2.0 5 votes vote down vote up
protected Subject createSubject(String name,
                                String password,
                                boolean isDigest,
                                String nonce,
                                String created) throws SecurityException {
    Subject subject = new Subject();

    // delegate to the external security system if possible

    // authenticate the user somehow
    subject.getPrincipals().add(new SimplePrincipal(name));

    // add roles this user is in
    String roleName = "Alice".equals(name) ? "developers" : "pms";
    try {
        String expectedPassword = "Alice".equals(name) ? "ecilA"
            : UsernameTokenUtil.doPasswordDigest(XMLUtils.decode(nonce), created, "invalid-password");
        if (!password.equals(expectedPassword)) {
            throw new SecurityException("Wrong Password");
        }
    } catch (org.apache.wss4j.common.ext.WSSecurityException ex) {
        throw new SecurityException("Wrong Password");
    }

    subject.getPrincipals().add(new SimpleGroup(roleName, name));
    subject.setReadOnly();
    return subject;
}
 
Example 13
Source File: SimpleSubjectCreatingInterceptor.java    From cxf with Apache License 2.0 5 votes vote down vote up
@Override
protected Subject createSubject(String name,
                                String password,
                                boolean isDigest,
                                String nonce,
                                String created) throws SecurityException {
    Subject subject = new Subject();

    // delegate to the external security system if possible
    String roleName = "Alice".equals(name) ? "developers" : "pms";
    subject.getPrincipals().add(new SimplePrincipal(name));
    subject.getPrincipals().add(new SimpleGroup(roleName, name));
    subject.setReadOnly();
    return subject;
}
 
Example 14
Source File: SimpleSubjectCreatingInterceptor.java    From cxf with Apache License 2.0 5 votes vote down vote up
@Override
protected Subject createSubject(String name,
                                String password,
                                boolean isDigest,
                                String nonce,
                                String created) throws SecurityException {
    Subject subject = new Subject();

    // delegate to the external security system if possible

    subject.getPrincipals().add(new SimplePrincipal(name));
    subject.getPrincipals().add(new SimpleGroup("developers", name));
    subject.setReadOnly();
    return subject;
}
 
Example 15
Source File: BrokerImplTest.java    From qpid-broker-j with Apache License 2.0 4 votes vote down vote up
@Test
public void testPurgeUser() throws Exception
{
    final String testUsername = "testUser";
    final String testPassword = "testPassword";

    // setup broker
    Map<String, Object> brokerAttributes = new HashMap<>();
    brokerAttributes.put("name", "Broker");
    brokerAttributes.put(Broker.MODEL_VERSION, BrokerModel.MODEL_VERSION);
    brokerAttributes.put(Broker.DURABLE, true);
    _brokerImpl = new BrokerImpl(brokerAttributes, _systemConfig);
    _brokerImpl.open();

    // setup auth provider with testuser
    final Map<String, Object> authProviderAttributes = new HashMap<>();
    authProviderAttributes.put(ConfiguredObject.NAME, "testAuthProvider");
    authProviderAttributes.put(ConfiguredObject.TYPE, "Simple");
    SimpleAuthenticationManager authenticationProvider = new SimpleAuthenticationManager(authProviderAttributes, _brokerImpl);
    authenticationProvider.create();
    authenticationProvider.addUser(testUsername, testPassword);

    // setup preference owned by testuser
    final Map<String, Object> preferenceAttributes = new HashMap<>();
    UUID preferenceId = UUID.randomUUID();
    preferenceAttributes.put(Preference.ID_ATTRIBUTE, preferenceId);
    preferenceAttributes.put(Preference.NAME_ATTRIBUTE, "testPref");
    preferenceAttributes.put(Preference.TYPE_ATTRIBUTE, "X-testPrefType");
    preferenceAttributes.put(Preference.VALUE_ATTRIBUTE, Collections.EMPTY_MAP);
    Subject testUserSubject = new Subject();
    testUserSubject.getPrincipals()
                   .add(new AuthenticatedPrincipal(new UsernamePrincipal(testUsername, authenticationProvider)));
    testUserSubject.setReadOnly();
    final Collection<Preference> preferences =
            Collections.singleton(PreferenceFactory.fromAttributes(_brokerImpl, preferenceAttributes));
    Subject.doAs(testUserSubject, new PrivilegedAction<Void>()
    {
        @Override
        public Void run()
        {
            try
            {
                _brokerImpl.getUserPreferences().updateOrAppend(preferences).get(10, TimeUnit.SECONDS);
            }
            catch (InterruptedException | ExecutionException | TimeoutException e)
            {
                e.printStackTrace();
                fail("Failed to put preference:");
            }
            return null;
        }
    });

    // test pre-conditions
    Collection<Preference> preferencesBeforePurge = getPreferencesAs(testUserSubject);
    assertEquals("Unexpected number of preferences before userPurge",
                        (long) 1,
                        (long) preferencesBeforePurge.size());
    assertEquals("Unexpected preference before userPurge",
                        preferenceId,
                        preferencesBeforePurge.iterator().next().getId());

    assertTrue("User was not valid before userPurge",
                      authenticationProvider.getUsers().containsKey(testUsername));

    _brokerImpl.purgeUser(authenticationProvider, testUsername);

    // test post-conditions
    Collection<Preference> preferencesAfterPurge = getPreferencesAs(testUserSubject);
    assertEquals("Preferences were not deleted during userPurge",
                        Collections.EMPTY_SET,
                        preferencesAfterPurge);
    assertEquals("User was not deleted from authentication Provider",
                        Collections.EMPTY_MAP,
                        authenticationProvider.getUsers());
    verify(_preferenceStore).replace(Collections.singleton(preferenceId), Collections.EMPTY_SET);
}