/** * Publishes the {@link JaasAuthenticationFailedEvent}. Can be overridden by * subclasses for different functionality * * @param token The authentication token being processed * @param ase The excetion that caused the authentication failure */ @Override protected void publishFailureEvent(UsernamePasswordAuthenticationToken token, AuthenticationException ase) { // exists for passivity (the superclass does a null check before publishing) getApplicationEventPublisher() .publishEvent(new JaasAuthenticationFailedEvent(token, ase)); }
@Test public void detectsMissingLoginConfig() throws Exception { JaasAuthenticationProvider myJaasProvider = new JaasAuthenticationProvider(); myJaasProvider.setApplicationEventPublisher(context); myJaasProvider.setAuthorityGranters(jaasProvider.getAuthorityGranters()); myJaasProvider.setCallbackHandlers(jaasProvider.getCallbackHandlers()); myJaasProvider.setLoginContextName(jaasProvider.getLoginContextName()); try { myJaasProvider.afterPropertiesSet(); fail("Should have thrown ApplicationContextException"); } catch (IllegalArgumentException expected) { assertThat(expected.getMessage().startsWith("loginConfig must be set on")).isTrue(); } }
@Override public void afterPropertiesSet() throws Exception { // the superclass is not called because it does additional checks that are // non-passive Assert.hasLength(getLoginContextName(), () -> "loginContextName must be set on " + getClass()); Assert.notNull(this.loginConfig, () -> "loginConfig must be set on " + getClass()); configureJaas(this.loginConfig); Assert.notNull(Configuration.getConfiguration(), "As per http://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/Configuration.html " + "\"If a Configuration object was set via the Configuration.setConfiguration method, then that object is " + "returned. Otherwise, a default Configuration object is returned\". Your JRE returned null to " + "Configuration.getConfiguration()."); }
@Test public void testFull() throws Exception { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken( "user", "password", AuthorityUtils.createAuthorityList("ROLE_ONE")); assertThat(jaasProvider.supports(UsernamePasswordAuthenticationToken.class)).isTrue(); Authentication auth = jaasProvider.authenticate(token); assertThat(jaasProvider.getAuthorityGranters()).isNotNull(); assertThat(jaasProvider.getCallbackHandlers()).isNotNull(); assertThat(jaasProvider.getLoginConfig()).isNotNull(); assertThat(jaasProvider.getLoginContextName()).isNotNull(); Collection<? extends GrantedAuthority> list = auth.getAuthorities(); Set<String> set = AuthorityUtils.authorityListToSet(list); assertThat(set.contains("ROLE_ONE")).withFailMessage("GrantedAuthorities should not contain ROLE_ONE").isFalse(); assertThat(set.contains("ROLE_TEST1")).withFailMessage("GrantedAuthorities should contain ROLE_TEST1").isTrue(); assertThat(set.contains("ROLE_TEST2")).withFailMessage("GrantedAuthorities should contain ROLE_TEST2").isTrue(); boolean foundit = false; for (GrantedAuthority a : list) { if (a instanceof JaasGrantedAuthority) { JaasGrantedAuthority grant = (JaasGrantedAuthority) a; assertThat(grant.getPrincipal()).withFailMessage("Principal was null on JaasGrantedAuthority").isNotNull(); foundit = true; } } assertThat(foundit).as("Could not find a JaasGrantedAuthority").isTrue(); assertThat(eventCheck.successEvent).as("Success event should be fired").isNotNull(); assertThat(eventCheck.successEvent.getAuthentication()).withFailMessage("Auth objects should be equal").isEqualTo(auth); assertThat(eventCheck.failedEvent).as("Failure event should not be fired").isNull(); }
private void testConfigureJaasCase(JaasAuthenticationProvider p1, JaasAuthenticationProvider p2) throws Exception { p1.setLoginConfig(new ClassPathResource(resolveConfigFile("/test1.conf"))); p1.setLoginContextName("test1"); p1.setCallbackHandlers(new JaasAuthenticationCallbackHandler[] { new TestCallbackHandler(), new JaasNameCallbackHandler(), new JaasPasswordCallbackHandler() }); p1.setAuthorityGranters(new AuthorityGranter[] { new TestAuthorityGranter() }); p1.afterPropertiesSet(); testAuthenticate(p1); p2.setLoginConfig(new ClassPathResource(resolveConfigFile("/test2.conf"))); p2.setLoginContextName("test2"); p2.setCallbackHandlers(new JaasAuthenticationCallbackHandler[] { new TestCallbackHandler(), new JaasNameCallbackHandler(), new JaasPasswordCallbackHandler() }); p2.setAuthorityGranters(new AuthorityGranter[] { new TestAuthorityGranter() }); p2.afterPropertiesSet(); testAuthenticate(p2); }
@Override protected LoginContext createLoginContext(CallbackHandler handler) throws LoginException { return new LoginContext(getLoginContextName(), handler); }
/** * Configure jaas authentication provider. * * @param auth the auth * @param jaas the jaas * @throws Exception the exception */ protected void configureJaasAuthenticationProvider(final AuthenticationManagerBuilder auth, final MonitorProperties.Endpoints.JaasSecurity jaas) throws Exception { val p = new JaasAuthenticationProvider(); p.setLoginConfig(jaas.getLoginConfig()); p.setLoginContextName(jaas.getLoginContextName()); p.setRefreshConfigurationOnStartup(jaas.isRefreshConfigurationOnStartup()); p.afterPropertiesSet(); auth.authenticationProvider(p); }
/** * Hook method for configuring Jaas. * * @param loginConfig URL to Jaas login configuration * * @throws IOException if there is a problem reading the config resource. */ protected void configureJaas(Resource loginConfig) throws IOException { configureJaasUsingLoop(); if (this.refreshConfigurationOnStartup) { // Overcome issue in SEC-760 Configuration.getConfiguration().refresh(); } }
/** * Loops through the login.config.url.1,login.config.url.2 properties looking for the * login configuration. If it is not set, it will be set to the last available * login.config.url.X property. * */ private void configureJaasUsingLoop() throws IOException { String loginConfigUrl = convertLoginConfigToUrl(); boolean alreadySet = false; int n = 1; final String prefix = "login.config.url."; String existing; while ((existing = Security.getProperty(prefix + n)) != null) { alreadySet = existing.equals(loginConfigUrl); if (alreadySet) { break; } n++; } if (!alreadySet) { String key = prefix + n; log.debug("Setting security property [" + key + "] to: " + loginConfigUrl); Security.setProperty(key, loginConfigUrl); } }
@Test public void testLogout() throws Exception { MockLoginContext loginContext = new MockLoginContext( jaasProvider.getLoginContextName()); JaasAuthenticationToken token = new JaasAuthenticationToken(null, null, loginContext); SecurityContext context = SecurityContextHolder.createEmptyContext(); context.setAuthentication(token); SessionDestroyedEvent event = mock(SessionDestroyedEvent.class); when(event.getSecurityContexts()).thenReturn(Arrays.asList(context)); jaasProvider.handleLogout(event); assertThat(loginContext.loggedOut).isTrue(); }
@Test public void testConfigureJaas() throws Exception { testConfigureJaasCase(new JaasAuthenticationProvider(), new JaasAuthenticationProvider()); }
@Override protected LoginContext createLoginContext(CallbackHandler handler) throws LoginException { return new LoginContext(getLoginContextName(), handler); }
/** * Hook method for configuring Jaas. * * @param loginConfig URL to Jaas login configuration * * @throws IOException if there is a problem reading the config resource. */ protected void configureJaas(Resource loginConfig) throws IOException { configureJaasUsingLoop(); if (this.refreshConfigurationOnStartup) { // Overcome issue in SEC-760 Configuration.getConfiguration().refresh(); } }
/** * Loops through the login.config.url.1,login.config.url.2 properties looking for the * login configuration. If it is not set, it will be set to the last available * login.config.url.X property. * */ private void configureJaasUsingLoop() throws IOException { String loginConfigUrl = convertLoginConfigToUrl(); boolean alreadySet = false; int n = 1; final String prefix = "login.config.url."; String existing; while ((existing = Security.getProperty(prefix + n)) != null) { alreadySet = existing.equals(loginConfigUrl); if (alreadySet) { break; } n++; } if (!alreadySet) { String key = prefix + n; log.debug("Setting security property [" + key + "] to: " + loginConfigUrl); Security.setProperty(key, loginConfigUrl); } }
@Test public void detectsMissingLoginContextName() throws Exception { JaasAuthenticationProvider myJaasProvider = new JaasAuthenticationProvider(); myJaasProvider.setApplicationEventPublisher(context); myJaasProvider.setAuthorityGranters(jaasProvider.getAuthorityGranters()); myJaasProvider.setCallbackHandlers(jaasProvider.getCallbackHandlers()); myJaasProvider.setLoginConfig(jaasProvider.getLoginConfig()); myJaasProvider.setLoginContextName(null); try { myJaasProvider.afterPropertiesSet(); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { assertThat(expected.getMessage()).startsWith("loginContextName must be set on"); } myJaasProvider.setLoginContextName(""); try { myJaasProvider.afterPropertiesSet(); fail("Should have thrown IllegalArgumentException"); } catch (IllegalArgumentException expected) { assertThat(expected.getMessage().startsWith("loginContextName must be set on")); } }
@Override public void afterPropertiesSet() throws Exception { // the superclass is not called because it does additional checks that are // non-passive Assert.hasLength(getLoginContextName(), () -> "loginContextName must be set on " + getClass()); Assert.notNull(this.loginConfig, () -> "loginConfig must be set on " + getClass()); configureJaas(this.loginConfig); Assert.notNull(Configuration.getConfiguration(), "As per http://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/Configuration.html " + "\"If a Configuration object was set via the Configuration.setConfiguration method, then that object is " + "returned. Otherwise, a default Configuration object is returned\". Your JRE returned null to " + "Configuration.getConfiguration()."); }
/** * Publishes the {@link JaasAuthenticationFailedEvent}. Can be overridden by * subclasses for different functionality * * @param token The authentication token being processed * @param ase The excetion that caused the authentication failure */ @Override protected void publishFailureEvent(UsernamePasswordAuthenticationToken token, AuthenticationException ase) { // exists for passivity (the superclass does a null check before publishing) getApplicationEventPublisher() .publishEvent(new JaasAuthenticationFailedEvent(token, ase)); }
@Override protected LoginContext createLoginContext(CallbackHandler handler) throws LoginException { return new LoginContext(getLoginContextName(), handler); }
/** * Hook method for configuring Jaas. * * @param loginConfig URL to Jaas login configuration * * @throws IOException if there is a problem reading the config resource. */ protected void configureJaas(Resource loginConfig) throws IOException { configureJaasUsingLoop(); if (refreshConfigurationOnStartup) { // Overcome issue in SEC-760 Configuration.getConfiguration().refresh(); } }
/** * Loops through the login.config.url.1,login.config.url.2 properties looking for the login configuration. * If it is not set, it will be set to the last available login.config.url.X property. * */ private void configureJaasUsingLoop() throws IOException { String loginConfigUrl = convertLoginConfigToUrl(); boolean alreadySet = false; int n = 1; final String prefix = "login.config.url."; String existing; while ((existing = Security.getProperty(prefix + n)) != null) { alreadySet = existing.equals(loginConfigUrl); if (alreadySet) { break; } n++; } if (!alreadySet) { String key = prefix + n; log.debug("Setting security property [" + key + "] to: " + loginConfigUrl); Security.setProperty(key, loginConfigUrl); } }