/** * Returns the configuration option for <code>key</code> from this context. * If login module name is specified, return option value only from that module. */ public static String configEntryOption(List<AppConfigurationEntry> configurationEntries, String key, String loginModuleName) { for (AppConfigurationEntry entry : configurationEntries) { if (loginModuleName != null && !loginModuleName.equals(entry.getLoginModuleName())) continue; Object val = entry.getOptions().get(key); if (val != null) return (String) val; } return null; }
for (int i = 0; i < moduleCount; i++) { AppConfigurationEntry staticEntry = staticEntries[i]; checkEntry(staticEntry, dynamicEntries[i].getLoginModuleName(), LoginModuleControlFlag.REQUIRED, dynamicEntries[i].getOptions());
private void checkEntry(AppConfigurationEntry entry, String loginModule, LoginModuleControlFlag controlFlag, Map<String, ?> options) { assertEquals(loginModule, entry.getLoginModuleName()); assertEquals(controlFlag, entry.getControlFlag()); assertEquals(options, entry.getOptions()); }
public String getLoginModuleFQCN() { return entry.getLoginModuleName(); }
public String getLoginModuleFQCN() { return entry.getLoginModuleName(); }
private AppConfigurationEntry createProxyEntry(AppConfigurationEntry entry) { Map<String, Object> options = new HashMap<>(entry.getOptions()); options.put(ProxyLoginModule.LOGIN_MODULE_OPTION_KEY, entry.getLoginModuleName()); return new AppConfigurationEntry(ProxyLoginModule.class.getName(), entry.getControlFlag(), options); }
public Object run() throws java.lang.ClassNotFoundException, java.lang.NoSuchMethodException, java.lang.InstantiationException, java.lang.IllegalAccessException, java.lang.reflect.InvocationTargetException { Constructor[] ctor = new Constructor[entry.length]; ClassLoader loader = Thread.currentThread().getContextClassLoader(); for (int i = 0; i < entry.length; i++) { ctor[i] = null; String clazz = entry[i].getLoginModuleName(); try { Class c = Class.forName(clazz, true, loader); if (moduleType.isAssignableFrom(c)) { ctor[i] = c.getConstructor(PARAMS); } } catch (Throwable t) { logIfLevel(Level.WARNING, null, "skipping unloadable class: ", clazz, " of appCOntext: ", appContext); } } return ctor; } });
public Object run() throws java.lang.ClassNotFoundException, java.lang.NoSuchMethodException, java.lang.InstantiationException, java.lang.IllegalAccessException, java.lang.reflect.InvocationTargetException { Constructor[] ctor = new Constructor[entry.length]; ClassLoader loader = Thread.currentThread().getContextClassLoader(); for (int i = 0; i < entry.length; i++) { ctor[i] = null; String clazz = entry[i].getLoginModuleName(); try { Class c = Class.forName(clazz, true, loader); if (moduleType.isAssignableFrom(c)) { ctor[i] = c.getConstructor(PARAMS); } } catch (Throwable t) { logIfLevel(Level.WARNING, null, "skipping unloadable class: ", clazz, " of appCOntext: ", appContext); } } return ctor; } });
public void addChild(AuthenticationInfo authInfo, AppConfigurationEntryHolder entryInfo, UnmarshallingContext navigator, String namespaceURI, String localName) { AppConfigurationEntry entry = entryInfo.getEntry(); authInfo.addAppConfigurationEntry(entry); if (trace) log.trace("addChild.AuthenticationInfo, name: " + entry.getLoginModuleName()); }
@Override public String toString() { StringBuffer buffer = new StringBuffer("AppConfigurationEntry[]:\n"); for (int i = 0; i < moduleEntries.size(); i++) { AppConfigurationEntry entry = (AppConfigurationEntry) moduleEntries.get(i); buffer.append("[" + i + "]"); buffer.append("\nLoginModule Class: " + entry.getLoginModuleName()); buffer.append("\nControlFlag: " + entry.getControlFlag()); buffer.append("\nOptions:\n"); Map<String, ?> options = entry.getOptions(); Iterator iter = options.entrySet().iterator(); while (iter.hasNext()) { Entry e = (Entry) iter.next(); String name = (String) e.getKey(); String value = e.getValue() == null ? "" : e.getValue().toString(); String nameToLower = name.toLowerCase(Locale.ENGLISH); if (nameToLower.equals("password") || nameToLower.equals("bindcredential") || nameToLower.equals(Context.SECURITY_CREDENTIALS)) value = "****"; buffer.append("name=" + name); buffer.append(", value=" + value); buffer.append("\n"); } } return buffer.toString(); }
FileBasedSecStoreConfig getConfiguration() throws Exception { Configuration securityConfig = Configuration.getConfiguration(); AppConfigurationEntry[] entries = securityConfig.getAppConfigurationEntry(entry); for (AppConfigurationEntry entry : entries) { if (entry.getLoginModuleName().equals(PropertiesLoginModule.class.getName())) { String userFileName = (String) entry.getOptions().get(USER_FILE_PROP_NAME); String roleFileName = (String) entry.getOptions().get(ROLE_FILE_PROP_NAME); File etcDir = new File(getBrokerEtc()); File userFile = new File(etcDir, userFileName); File roleFile = new File(etcDir, roleFileName); if (!userFile.exists() || !roleFile.exists()) { throw new IllegalArgumentException("Couldn't find user file or role file!"); } return new FileBasedSecStoreConfig(userFile, roleFile); } } throw new IllegalArgumentException("Failed to load security file"); }
FileBasedSecStoreConfig getConfiguration() throws Exception { Configuration securityConfig = Configuration.getConfiguration(); AppConfigurationEntry[] entries = securityConfig.getAppConfigurationEntry(entry); for (AppConfigurationEntry entry : entries) { if (entry.getLoginModuleName().equals(PropertiesLoginModule.class.getName())) { String userFileName = (String) entry.getOptions().get(USER_FILE_PROP_NAME); String roleFileName = (String) entry.getOptions().get(ROLE_FILE_PROP_NAME); File etcDir = new File(getBrokerEtc()); File userFile = new File(etcDir, userFileName); File roleFile = new File(etcDir, roleFileName); if (!userFile.exists() || !roleFile.exists()) { throw new IllegalArgumentException("Couldn't find user file or role file!"); } return new FileBasedSecStoreConfig(userFile, roleFile); } } throw new IllegalArgumentException("Failed to load security file"); }
public void addChild(LoginModuleStackHolder lmsh, AppConfigurationEntryHolder entryInfo, UnmarshallingContext navigator, String namespaceURI, String localName) { lmsh.addAppConfigurationEntry(entryInfo.getEntry()); if (trace) log.trace("addChild.LoginModuleStackHolder, name: " + entryInfo.getEntry().getLoginModuleName()); }
/** * <p> * Creates and returns a copy of the specified list of {@code AppConfigurationEntry} objects, adding the security * domain option when necessary. Execution of this method requires a {@code getLoginConfiguration} permission. * * </p> * * @param entries a {@code List} containing the {@code AppConfigurationEntry} objects to be copied. * @return an {@code AppConfigurationEntry} array containing the copied entries. */ protected AppConfigurationEntry[] copyAppConfigurationEntry(List<Object> entries) { SecurityManager sm = System.getSecurityManager(); if (sm != null) sm.checkPermission(GET_CONFIG_ENTRY_PERM); AppConfigurationEntry[] copy = new AppConfigurationEntry[entries.size()]; for (int i = 0; i < copy.length; i++) { AppConfigurationEntry entry = (AppConfigurationEntry) entries.get(i); HashMap<String, Object> options = new HashMap<String, Object>(entry.getOptions()); if (!disableSecurityDomainInOptions()) { options.put(SecurityConstants.SECURITY_DOMAIN_OPTION, this.getName()); } copy[i] = new AppConfigurationEntry(entry.getLoginModuleName(), entry.getControlFlag(), options); } return copy; }
/** * <p> * Creates and returns a copy of the specified list of {@code AppConfigurationEntry} objects, adding the security * domain option when necessary. Execution of this method requires a {@code getLoginConfiguration} permission. * * </p> * * @param entries a {@code List} containing the {@code AppConfigurationEntry} objects to be copied. * @return an {@code AppConfigurationEntry} array containing the copied entries. */ protected AppConfigurationEntry[] copyAppConfigurationEntry(List<Object> entries) { SecurityManager sm = System.getSecurityManager(); if (sm != null) sm.checkPermission(GET_CONFIG_ENTRY_PERM); AppConfigurationEntry[] copy = new AppConfigurationEntry[entries.size()]; for (int i = 0; i < copy.length; i++) { AppConfigurationEntry entry = (AppConfigurationEntry) entries.get(i); HashMap<String, Object> options = new HashMap<String, Object>(entry.getOptions()); if (!disableSecurityDomainInOptions()) { options.put(SecurityConstants.SECURITY_DOMAIN_OPTION, this.getName()); } copy[i] = new AppConfigurationEntry(entry.getLoginModuleName(), entry.getControlFlag(), options); } return copy; }
@Override public String getLoginModules() { Configuration configuration = realm.getConfiguration(); AppConfigurationEntry[] appConfigEntries = configuration.getAppConfigurationEntry(realm.getName()); JSONArray jsonArray = new JSONArray(); JSONObject jsonObj; try { for (AppConfigurationEntry appConfigEntry : appConfigEntries) { String loginModuleName = appConfigEntry.getLoginModuleName(); LoginModuleControlFlag flag = appConfigEntry.getControlFlag(); Map<String, ?> options = appConfigEntry.getOptions(); jsonObj = new JSONObject(); jsonObj.put("type", loginModuleName); // success enum values do a 'toString' that includes the type // before the value. Send over only actual value. String successVal = flag.toString(); successVal = successVal.substring(successVal.indexOf(" ") + 1); jsonObj.put("success", successVal.toLowerCase()); if ((options != null) && !options.isEmpty()) { jsonObj.put("options", options); } jsonArray.put(jsonObj); } } catch (Exception ex) { // This is only for JSON exceptions, but there should be no way to // hit this. } return jsonArray.toString(); }
public AppConfigurationEntry[] getAppConfigurationEntry() { AppConfigurationEntry[] appConfig = null; if( loginInfo != null ) appConfig = loginInfo.getAppConfigurationEntry(); if( appConfig == null && this != defaultAppPolicy ) appConfig = defaultAppPolicy.getAppConfigurationEntry(); AppConfigurationEntry[] copy = null; if( appConfig != null ) { copy = new AppConfigurationEntry[appConfig.length]; for(int c = 0; c < copy.length; c ++) { AppConfigurationEntry e0 = appConfig[c]; AppConfigurationEntry e1 = new AppConfigurationEntry( e0.getLoginModuleName(), e0.getControlFlag(), e0.getOptions() ); copy[c] = e1; } } return copy; } public PermissionCollection getPermissions(Subject subject, CodeSource codesource)
public AppConfigurationEntry[] getAppConfigurationEntry() { AppConfigurationEntry[] appConfig = null; if( loginInfo != null ) appConfig = loginInfo.getAppConfigurationEntry(); if( appConfig == null && this != defaultAppPolicy ) appConfig = defaultAppPolicy.getAppConfigurationEntry(); AppConfigurationEntry[] copy = null; if( appConfig != null ) { copy = new AppConfigurationEntry[appConfig.length]; for(int c = 0; c < copy.length; c ++) { AppConfigurationEntry e0 = appConfig[c]; AppConfigurationEntry e1 = new AppConfigurationEntry( e0.getLoginModuleName(), e0.getControlFlag(), e0.getOptions() ); copy[c] = e1; } } return copy; } public PermissionCollection getPermissions(Subject subject, CodeSource codesource)
private void checkEntry(String loginModuleName, String name, String principal, String keytab) { AppConfigurationEntry entry = JaasConfiguration.getEntries().get(name); assertEquals(loginModuleName, entry.getLoginModuleName()); assertEquals(AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, entry.getControlFlag()); Map<String, ?> options = entry.getOptions(); assertEquals(principal, options.get("principal")); if (loginModuleName.equals("com.ibm.security.auth.module.Krb5LoginModule")){ assertEquals(keytab.startsWith("file://") ? keytab : "file://" + keytab, options.get("useKeytab")); assertEquals("both",options.get("credsType")); assertEquals(3, options.size()); } else{ assertEquals("true", options.get("useKeyTab")); assertEquals(keytab, options.get("keyTab")); assertEquals("true", options.get("storeKey")); assertEquals("false", options.get("useTicketCache")); assertEquals(5, options.size()); } } }
@Test public void test() throws Exception { String krb5LoginModuleName; if (System.getProperty("java.vendor").contains("IBM")) { krb5LoginModuleName = "com.ibm.security.auth.module.Krb5LoginModule"; } else { krb5LoginModuleName = "com.sun.security.auth.module.Krb5LoginModule"; } ZKSignerSecretProvider.JaasConfiguration jConf = new ZKSignerSecretProvider.JaasConfiguration("foo", "foo/localhost", "/some/location/foo.keytab"); AppConfigurationEntry[] entries = jConf.getAppConfigurationEntry("bar"); Assert.assertNull(entries); entries = jConf.getAppConfigurationEntry("foo"); Assert.assertEquals(1, entries.length); AppConfigurationEntry entry = entries[0]; Assert.assertEquals(AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, entry.getControlFlag()); Assert.assertEquals(krb5LoginModuleName, entry.getLoginModuleName()); Map<String, ?> options = entry.getOptions(); Assert.assertEquals("/some/location/foo.keytab", options.get("keyTab")); Assert.assertEquals("foo/localhost", options.get("principal")); Assert.assertEquals("true", options.get("useKeyTab")); Assert.assertEquals("true", options.get("storeKey")); Assert.assertEquals("false", options.get("useTicketCache")); Assert.assertEquals("true", options.get("refreshKrb5Config")); Assert.assertEquals(6, options.size()); } }