public AdSchemeHandler() { try { RegistryClient rc = new RegistryClient(); AuthMethod am = AuthenticationUtil.getAuthMethod(AuthenticationUtil.getCurrentSubject()); if (am == null) { am = AuthMethod.ANON; } URL serviceURL = rc.getServiceURL(URI.create(DATA_URI), Standards.DATA_10, am); this.baseURL = serviceURL.toExternalForm(); } catch (Throwable t) { log.error("failed to find CADC data service URL", t); throw new RuntimeException("BUG: failed to find CADC data service URL", t); } log.debug("CADC data service URL: " + baseURL); }
/** * Convenience method that uses a ServletPrincipalExtractor. * * @param request The HTTP Request. * @return a Subject with all available request content * @see #getSubject(PrincipalExtractor) */ public static Subject getSubject(final HttpServletRequest request) { return getSubject(new ServletPrincipalExtractor(request)); }
private AuthMethod getAuthMethod() throws AccessControlException { Subject subject = AuthenticationUtil.getCurrentSubject(); AuthMethod am = AuthenticationUtil.getAuthMethodFromCredentials(subject); if (am == null || am.equals(AuthMethod.ANON)) { throw new AccessControlException("Anonymous access not supported."); } return am; }
NumericPrincipal p = new NumericPrincipal(uuid); Subject s = AuthenticationUtil.getCurrentSubject(); if (s != null) { for (Principal cp : s.getPrincipals()) { if (AuthenticationUtil.equals(p, cp)) { log.debug("[cache hit] caller Subject matches " + p + ": " + s); return s;
private Principal getCurrentUserID() { Subject cur = AuthenticationUtil.getCurrentSubject(); if (cur == null) return null; // throw new IllegalArgumentException("no subject"); Set<HttpPrincipal> ps = cur.getPrincipals(HttpPrincipal.class); // hack if (ps.isEmpty()) return null; // throw new IllegalArgumentException("no principals"); Principal p = ps.iterator().next(); log.debug("getCurrentID: " + p.getClass()); return p; }
Subject subject = AuthenticationUtil.getSubject(request); logInfo.setSubject(subject); AuthMethod am = AuthenticationUtil.getAuthMethod(subject); if (am != null && !AuthMethod.ANON.equals(am)) {
this.subject = AuthenticationUtil.getAnonSubject(); if (argMap.isSet("netrc")) { this.subject = AuthenticationUtil.getSubject(new NetrcAuthenticator(true)); } else if (argMap.isSet("cert")) { AuthMethod meth = AuthenticationUtil.getAuthMethodFromCredentials(subject); log.info("authentication using: " + meth); this.subject = AuthenticationUtil.getAnonSubject();
public String getCurrentHttpPrincipalUsername(Subject subject) { final AuthMethod authMethod = AuthenticationUtil.getAuthMethod(subject); String username; if ((authMethod != null) && (authMethod != AuthMethod.ANON)) { final Set curPrincipals = subject.getPrincipals(HttpPrincipal.class); HttpPrincipal[] principalArray = new HttpPrincipal[curPrincipals.size()]; username = ((HttpPrincipal[]) curPrincipals .toArray(principalArray))[0].getName(); } else { username = null; } return username; } }
private URL getJobListURL() { AuthMethod am = AuthMethod.ANON; if (subject != null) { am = AuthenticationUtil.getAuthMethodFromCredentials(subject); } RegistryClient rc = new RegistryClient(); URL ret = rc.getServiceURL(resourceID, standardID, am, interfaceType); if (ret == null) { throw new RuntimeException("init FAIL, service not found:" + resourceID + " " + standardID + " " + am + " " + interfaceType); } log.info("jobListURL: " + ret); return ret; }
protected boolean userIsSubject(Principal userID, Subject subject) { if (userID == null || subject == null) { return false; } for (Principal subjectPrincipal : subject.getPrincipals()) { if (AuthenticationUtil.equals(subjectPrincipal, userID)) { return true; } } return false; }
/** * @param dn DN to generate the hash key * @return hash code corresponding to the CADC canonized version of the DN */ public static String genHashKey(X500Principal dn) { String dn1 = AuthenticationUtil.canonizeDistinguishedName(dn .getName()); return Integer.toString(dn1.hashCode()); }
Subject cur = AuthenticationUtil.getCurrentSubject(); for (Principal cp : cur.getPrincipals()) { for (Principal op : owner.getPrincipals()) { if (AuthenticationUtil.equals(op, cp)) { return;
/** * Check if the current subject has usable credentials (a valid X509 proxy * certificate) and call the local CDP service if necessary. * * @throws AccessControlException * @return true if subject has valid credentials, false if subject is anonymous * @throws java.security.cert.CertificateExpiredException * @throws java.security.cert.CertificateNotYetValidException */ public static boolean checkCredentials() throws AccessControlException, CertificateExpiredException, CertificateNotYetValidException { return checkCredentials(AuthenticationUtil.getCurrentSubject()); }
/** * @param subject * @return the possibly modified subject */ public Subject getSubject(Subject subject) { AuthMethod am = AuthenticationUtil.getAuthMethod(subject); if (am == null || AuthMethod.ANON.equals(am)) { return subject; } if (subject != null && subject.getPrincipals().size() > 0) { Profiler prof = new Profiler(AuthenticatorImpl.class); this.augmentSubject(subject); prof.checkpoint("AuthenticatorImpl.augmentSubject()"); } return subject; }
/** * Checks that the current caller is equivalent to the job owner. * * @param job The Job to check authorization to. * @throws AccessControlException If the current subject is not authorized */ protected void doAuthorizationCheck(Job job) throws AccessControlException { log.debug("doAuthorizationCheck: " + job.getID() + "," + job.getOwnerID()); if (job.ownerSubject == null) { return; } AccessControlContext acContext = AccessController.getContext(); Subject caller = Subject.getSubject(acContext); if (caller != null) { Set<Principal> ownerPrincipals = job.ownerSubject.getPrincipals(); Set<Principal> callerPrincipals = caller.getPrincipals(); for (Principal oPrin : ownerPrincipals) { for (Principal cPrin : callerPrincipals) { log.debug("doAuthorizationCheck: " + oPrin + " vs " + cPrin); if (AuthenticationUtil.equals(oPrin, cPrin)) { return; // caller===owner } } } } throw new AccessControlException("permission denied"); } }
/** * This method gets the distinguished name from toOwnerString and massages it * for persistence: canonical form and convert to lower case. * * @param subject * @return persistable distinguished name or null if there is no * X500Principal in the subject */ public Object toOwner(Subject subject) { String dn = toOwnerString(subject); if (dn != null) return AuthenticationUtil.canonizeDistinguishedName(dn); return dn; }
@Override public URL toURL(URI uri) { if (!SCHEME.equals(uri.getScheme())) { throw new IllegalArgumentException("invalid scheme in " + uri); } try { String path = getPath(uri); // check if authMethod has been set AuthMethod am = this.authMethod; if (am == null) { am = AuthenticationUtil.getAuthMethod(AuthenticationUtil.getCurrentSubject()); } if (am == null) { am = AuthMethod.ANON; } RegistryClient rc = new RegistryClient(); URL serviceURL = rc.getServiceURL(new URI(DATA_URI), Standards.DATA_10, am); URL url = this.toURL(serviceURL, path); log.debug(uri + " --> " + url); return url; } catch (MalformedURLException ex) { throw new RuntimeException("BUG", ex); } catch (URISyntaxException bug) { throw new RuntimeException("BUG - failed to create data web service URI", bug); } }
private URL lookupServiceURL(final URI standard) throws AccessControlException { Subject subject = AuthenticationUtil.getCurrentSubject(); AuthMethod am = AuthenticationUtil.getAuthMethodFromCredentials(subject); URL serviceURL = getRegistryClient().getServiceURL(this.serviceID, standard, am); if (serviceURL == null) { throw new RuntimeException( String.format("Unable to get Service URL for '%s', '%s', '%s'", serviceID.toString(), standard, am)); } return serviceURL; }
/** * Create a subject with the specified certificate chain and private key. * This method constructs an X509CertificateChain and then calls * getSubject(X509CertificateChain). * * @param certs a non-null and non-empty certificate chain * @param key optional private key * @return a Subject */ public static Subject getSubject(X509Certificate[] certs, PrivateKey key) { final X509CertificateChain chain = new X509CertificateChain(certs, key); return getSubject(chain); }
Subject cur = AuthenticationUtil.getCurrentSubject(); for (Principal cp : cur.getPrincipals()) { for (Principal op : owner.getPrincipals()) { if (AuthenticationUtil.equals(op, cp)) { log.debug("user is owner, permission granted"); return;