@Override public String toString() { return toJavaSubject().toString(); }
Login login = new Login(jaas_section, ch); subject = login.getSubject(); LOG.debug("Got Subject: {}", subject.toString()); } catch (LoginException ex) { LOG.error("Client failed to login in principal:" + ex, ex);
Login login = new Login(jaas_section, ch); subject = login.getSubject(); LOG.debug("Got Subject: {}", subject.toString()); } catch (LoginException ex) { LOG.error("Server failed to login in principal:", ex);
public String toString() { return this.subject.toString(); } }
@Override public String toString() { return subject.toString(); } }
/** * {@inheritDoc} */ @Override public String getUserName() throws ResourceException { if (subject == null) { return "anonymous"; } return subject.toString(); }
private String getUserName() { if (associatedHandle != null) { Subject subject = handles.get(associatedHandle); if (subject != null) { return subject.toString(); } } return null; }
final public boolean logout() throws LoginException { if (_logger.isLoggable(Level.FINE)) { _logger.log(Level.FINE, "JAAS logout for: {0}", subject.toString()); } subject.getPrincipals().clear(); subject.getPublicCredentials().clear(); subject.getPrivateCredentials().clear(); success = false; commitsuccess = false; if (groups != null) { for (int i = 0; i < groups.length; i++) { groups[i] = null; } groups = null; } if (certs != null) { for (int i = 0; i < certs.length; i++) { certs[i] = null; } certs = null; } x500Principal = null; return true; }
final public boolean logout() throws LoginException { if (_logger.isLoggable(Level.FINE)) { _logger.log(Level.FINE, "JAAS logout for: {0}", subject.toString()); } subject.getPrincipals().clear(); subject.getPublicCredentials().clear(); subject.getPrivateCredentials().clear(); success = false; commitsuccess = false; if (groups != null) { for (int i = 0; i < groups.length; i++) { groups[i] = null; } groups = null; } if (certs != null) { for (int i = 0; i < certs.length; i++) { certs[i] = null; } certs = null; } x500Principal = null; return true; }
@Override public KerberosTicket gssCredentialToKerberosTicket(KerberosTicket kerberosTicket, GSSCredential gssCredential) { try { Class<?> gssUtil = Class.forName("com.sun.security.jgss.GSSUtil"); Method createSubject = gssUtil.getMethod("createSubject", GSSName.class, GSSCredential.class); Subject subject = (Subject) createSubject.invoke(null, null, gssCredential); Set<KerberosTicket> kerberosTickets = subject.getPrivateCredentials(KerberosTicket.class); Iterator<KerberosTicket> iterator = kerberosTickets.iterator(); if (iterator.hasNext()) { return iterator.next(); } else { throw new KerberosSerializationUtils.KerberosSerializationException("Not available kerberosTicket in subject credentials. Subject was: " + subject.toString()); } } catch (KerberosSerializationUtils.KerberosSerializationException ke) { throw ke; } catch (Exception e) { throw new KerberosSerializationUtils.KerberosSerializationException("Unexpected error during convert GSSCredential to KerberosTicket", e); } }
private int traceBeforeNegotiate() { int beforeNumSubjectCreds = 0; // Traces all credentials too. if (subject != null) { log.debug("[" + getName() + "] AUTH_NEGOTIATE as subject " + subject.toString()); beforeNumSubjectCreds = subject.getPrivateCredentials().size(); } if (negotiationToken != null && negotiationToken.length > 0) { try { OutputStream os = new ByteArrayOutputStream(); HexDump.dump(negotiationToken, 0, os, 0); log.debug("[" + getName() + "] AUTH_NEGOTIATE Process token from acceptor==>\n" + os.toString()); } catch (IOException e) {} } return beforeNumSubjectCreds; }
private void traceAfterNegotiate( int beforeNumSubjectCreds ) { if (subject != null) { int afterNumSubjectCreds = subject.getPrivateCredentials().size(); if (afterNumSubjectCreds > beforeNumSubjectCreds) { log.debug("[" + getName() + "] AUTH_NEGOTIATE have extra credentials."); // Traces all credentials too. log.debug("[" + getName() + "] AUTH_NEGOTIATE updated subject=" + subject.toString()); } } if (negotiationToken != null && negotiationToken.length > 0) { try { OutputStream os = new ByteArrayOutputStream(); HexDump.dump(negotiationToken, 0, os, 0); log.debug("[" + getName() + "] AUTH_NEGOTIATE Send token to acceptor==>\n" + os.toString()); } catch (IOException e) {} } }
/** * Log out the subject. * */ final public boolean logout() throws LoginException { if(_logger.isLoggable(Level.FINE)){ _logger.log(Level.FINE, "JAAS logout for: " + _subject.toString()); } _subject.getPrincipals().clear(); _subject.getPublicCredentials().clear(); _subject.getPrivateCredentials().clear(); _succeeded = false; _commitSucceeded = false; setUsername(null); setPassword(null); _userPrincipal = null; if(_groupsList != null){ for (int i = 0; i < _groupsList.length; i++){ _groupsList[i] = null; } _groupsList = null; } return true; }
private static Pair<SubjectType, Subject> setupSubject() { AccessControlContext context = AccessController.getContext(); Subject subject = Subject.getSubject(context); if (subject != null) { if (!subject.getPrincipals(KerberosPrincipal.class).isEmpty()) { LOG.debug("Using caller-provided subject with Kerberos principal {}. " + "Caller is responsible for refreshing credentials.", SecurityUtil.getKerberosPrincipalOrNull(subject)); return new Pair<>(SubjectType.PROVIDED, subject); } LOG.debug("Caller-provided subject {} does not have any Kerberos credentials. " + "Ignoring it.", subject.toString()); } subject = SecurityUtil.getSubjectFromTicketCacheOrNull(); if (subject != null) { return new Pair<>(SubjectType.CREATED, subject); } // If we weren't able to login from a ticket cache when we create the client, // we shouldn't later pick one up. return new Pair<>(SubjectType.NONE, null); }
@Override public void execute(OperationContext context, ModelNode operation) throws OperationFailedException { ServiceController<KeytabService> serviceController = ManagementUtil.getKeytabService(context, operation); KeytabService keytabService = serviceController.getService().getValue(); SubjectIdentity si = null; try { si = keytabService.createSubjectIdentity(false); ModelNode result = context.getResult(); result.get(SUBJECT).set(si.getSubject().toString()); } catch (LoginException e) { throw SECURITY_LOGGER.unableToObtainTGT(e); } finally { if (si != null) { si.logout(); } } context.completeStep(OperationContext.RollbackHandler.NOOP_ROLLBACK_HANDLER); } }, Stage.RUNTIME);
@Override public void execute(OperationContext context, ModelNode operation) throws OperationFailedException { ServiceController<KeytabService> serviceController = ManagementUtil.getKeytabService(context, operation); KeytabService keytabService = serviceController.getService().getValue(); SubjectIdentity si = null; try { si = keytabService.createSubjectIdentity(false); ModelNode result = context.getResult(); result.get(SUBJECT).set(si.getSubject().toString()); } catch (LoginException e) { throw SECURITY_LOGGER.unableToObtainTGT(e); } finally { if (si != null) { si.logout(); } } context.completeStep(OperationContext.RollbackHandler.NOOP_ROLLBACK_HANDLER); } }, Stage.RUNTIME);
@Override public void audit(Subject subject, AuditContext context, String contextName, AuthorizationPermission permission, AuditResponse response) { lastLogRecord = formatLogRecord(permission.toString(), response.toString(), subject.toString()); }
public void testReaderReadAllow() { Security.doAs(READER, new PrivilegedAction<Void>() { @Override public Void run() { cacheManager.getCache().get("key"); return null; } }); String actual = LOGGER.getLastRecord(); String expected = LOGGER.formatLogRecord(AuthorizationPermission.READ.toString(), AuditResponse.ALLOW.toString(), READER.toString()); assertEquals(expected, actual); }
public void testAdminWriteAllow() { Security.doAs(ADMIN, new PrivilegedAction<Void>() { @Override public Void run() { cacheManager.getCache().put("key", "value"); return null; } }); String actual = LOGGER.getLastRecord(); String expected = LOGGER.formatLogRecord(AuthorizationPermission.WRITE.toString(), AuditResponse.ALLOW.toString(), ADMIN.toString()); assertEquals(expected, actual); }
public void testReaderWriteDeny() { try { Security.doAs(READER, new PrivilegedAction<Void>() { @Override public Void run() { cacheManager.getCache().put("key", "value"); return null; } }); } catch (SecurityException ingnored) { } String actual = LOGGER.getLastRecord(); String expected = LOGGER.formatLogRecord(AuthorizationPermission.WRITE.toString(), AuditResponse.DENY.toString(), READER.toString()); assertEquals(expected, actual); }