private void checkEntry(AppConfigurationEntry entry, String loginModule, LoginModuleControlFlag controlFlag, Map<String, ?> options) { assertEquals(loginModule, entry.getLoginModuleName()); assertEquals(controlFlag, entry.getControlFlag()); assertEquals(options, entry.getOptions()); }
public AppConfigurationEntry.LoginModuleControlFlag getFlag() { return entry.getControlFlag(); }
public AppConfigurationEntry.LoginModuleControlFlag getFlag() { return entry.getControlFlag(); }
public String getFlagString() { if (LoginModuleControlFlag.SUFFICIENT.equals(entry.getControlFlag())) { return "sufficient"; } if (LoginModuleControlFlag.REQUISITE.equals(entry.getControlFlag())) { return "requisite"; } if (LoginModuleControlFlag.REQUIRED.equals(entry.getControlFlag())) { return "required"; } // return the last possibility return "optional"; }
public String getFlagString() { if (LoginModuleControlFlag.SUFFICIENT.equals(entry.getControlFlag())) { return "sufficient"; } if (LoginModuleControlFlag.REQUISITE.equals(entry.getControlFlag())) { return "requisite"; } if (LoginModuleControlFlag.REQUIRED.equals(entry.getControlFlag())) { return "required"; } // return the last possibility return "optional"; }
public boolean exitContext(AuthStatus[] successValue, int i, AuthStatus moduleStatus) { if (entry[i] != null && ctor[i] != null) { LoginModuleControlFlag flag = entry[i].getControlFlag(); if (LoginModuleControlFlag.REQUISITE.equals(flag)) { for (AuthStatus s : successValue) { if (moduleStatus == s) { return false; } } return true; } else if (LoginModuleControlFlag.SUFFICIENT.equals(flag)) { for (AuthStatus s : successValue) { if (moduleStatus == s) { return true; } } return false; } } return false; }
public boolean exitContext(AuthStatus[] successValue, int i, AuthStatus moduleStatus) { if (entry[i] != null && ctor[i] != null) { LoginModuleControlFlag flag = entry[i].getControlFlag(); if (LoginModuleControlFlag.REQUISITE.equals(flag)) { for (AuthStatus s : successValue) { if (moduleStatus == s) { return false; } } return true; } else if (LoginModuleControlFlag.SUFFICIENT.equals(flag)) { for (AuthStatus s : successValue) { if (moduleStatus == s) { return true; } } return false; } } return false; }
private AppConfigurationEntry createProxyEntry(AppConfigurationEntry entry) { Map<String, Object> options = new HashMap<>(entry.getOptions()); options.put(ProxyLoginModule.LOGIN_MODULE_OPTION_KEY, entry.getLoginModuleName()); return new AppConfigurationEntry(ProxyLoginModule.class.getName(), entry.getControlFlag(), options); }
@Override public String toString() { StringBuffer buffer = new StringBuffer("AppConfigurationEntry[]:\n"); for (int i = 0; i < moduleEntries.size(); i++) { AppConfigurationEntry entry = (AppConfigurationEntry) moduleEntries.get(i); buffer.append("[" + i + "]"); buffer.append("\nLoginModule Class: " + entry.getLoginModuleName()); buffer.append("\nControlFlag: " + entry.getControlFlag()); buffer.append("\nOptions:\n"); Map<String, ?> options = entry.getOptions(); Iterator iter = options.entrySet().iterator(); while (iter.hasNext()) { Entry e = (Entry) iter.next(); String name = (String) e.getKey(); String value = e.getValue() == null ? "" : e.getValue().toString(); String nameToLower = name.toLowerCase(Locale.ENGLISH); if (nameToLower.equals("password") || nameToLower.equals("bindcredential") || nameToLower.equals(Context.SECURITY_CREDENTIALS)) value = "****"; buffer.append("name=" + name); buffer.append(", value=" + value); buffer.append("\n"); } } return buffer.toString(); }
@Override @SuppressWarnings("unchecked") public String toString() { StringBuffer buffer = new StringBuffer("AppConfigurationEntry[]:\n"); for (int i = 0; i < moduleEntries.size(); i++) { AppConfigurationEntry entry = (AppConfigurationEntry) moduleEntries.get(i); buffer.append("[" + i + "]"); buffer.append("\nLoginModule Class: " + entry.getLoginModuleName()); buffer.append("\nControlFlag: " + entry.getControlFlag()); buffer.append("\nOptions:\n"); Map<String, ?> options = entry.getOptions(); Iterator iter = options.entrySet().iterator(); while (iter.hasNext()) { Entry e = (Entry) iter.next(); String name = (String) e.getKey(); String value = e.getValue().toString(); if (name.toLowerCase().equals("password") || name.toLowerCase().equals("bindcredential") || name.toLowerCase().equals(Context.SECURITY_CREDENTIALS)) value = "****"; buffer.append("name=" + name); buffer.append(", value=" + value); buffer.append("\n"); } } return buffer.toString(); }
if (!entry[0].getControlFlag().equals( AppConfigurationEntry.LoginModuleControlFlag.REQUIRED)) { throw new UnsupportedOperationException("Control Flag must " + "have a value of REQUIRED: " + entry[0].getControlFlag());
/** * <p> * Creates and returns a copy of the specified list of {@code AppConfigurationEntry} objects, adding the security * domain option when necessary. Execution of this method requires a {@code getLoginConfiguration} permission. * * </p> * * @param entries a {@code List} containing the {@code AppConfigurationEntry} objects to be copied. * @return an {@code AppConfigurationEntry} array containing the copied entries. */ protected AppConfigurationEntry[] copyAppConfigurationEntry(List<Object> entries) { SecurityManager sm = System.getSecurityManager(); if (sm != null) sm.checkPermission(GET_CONFIG_ENTRY_PERM); AppConfigurationEntry[] copy = new AppConfigurationEntry[entries.size()]; for (int i = 0; i < copy.length; i++) { AppConfigurationEntry entry = (AppConfigurationEntry) entries.get(i); HashMap<String, Object> options = new HashMap<String, Object>(entry.getOptions()); if (!disableSecurityDomainInOptions()) { options.put(SecurityConstants.SECURITY_DOMAIN_OPTION, this.getName()); } copy[i] = new AppConfigurationEntry(entry.getLoginModuleName(), entry.getControlFlag(), options); } return copy; }
/** * <p> * Creates and returns a copy of the specified list of {@code AppConfigurationEntry} objects, adding the security * domain option when necessary. Execution of this method requires a {@code getLoginConfiguration} permission. * * </p> * * @param entries a {@code List} containing the {@code AppConfigurationEntry} objects to be copied. * @return an {@code AppConfigurationEntry} array containing the copied entries. */ protected AppConfigurationEntry[] copyAppConfigurationEntry(List<Object> entries) { SecurityManager sm = System.getSecurityManager(); if (sm != null) sm.checkPermission(GET_CONFIG_ENTRY_PERM); AppConfigurationEntry[] copy = new AppConfigurationEntry[entries.size()]; for (int i = 0; i < copy.length; i++) { AppConfigurationEntry entry = (AppConfigurationEntry) entries.get(i); HashMap<String, Object> options = new HashMap<String, Object>(entry.getOptions()); if (!disableSecurityDomainInOptions()) { options.put(SecurityConstants.SECURITY_DOMAIN_OPTION, this.getName()); } copy[i] = new AppConfigurationEntry(entry.getLoginModuleName(), entry.getControlFlag(), options); } return copy; }
@Override public String getLoginModules() { Configuration configuration = realm.getConfiguration(); AppConfigurationEntry[] appConfigEntries = configuration.getAppConfigurationEntry(realm.getName()); JSONArray jsonArray = new JSONArray(); JSONObject jsonObj; try { for (AppConfigurationEntry appConfigEntry : appConfigEntries) { String loginModuleName = appConfigEntry.getLoginModuleName(); LoginModuleControlFlag flag = appConfigEntry.getControlFlag(); Map<String, ?> options = appConfigEntry.getOptions(); jsonObj = new JSONObject(); jsonObj.put("type", loginModuleName); // success enum values do a 'toString' that includes the type // before the value. Send over only actual value. String successVal = flag.toString(); successVal = successVal.substring(successVal.indexOf(" ") + 1); jsonObj.put("success", successVal.toLowerCase()); if ((options != null) && !options.isEmpty()) { jsonObj.put("options", options); } jsonArray.put(jsonObj); } } catch (Exception ex) { // This is only for JSON exceptions, but there should be no way to // hit this. } return jsonArray.toString(); }
writer.writeAttribute(Attribute.FLAG.getLocalName(), valueOf(entry.getControlFlag())); Map<String, ?> options = entry.getOptions(); if (options != null && options.size() > 0)
public AppConfigurationEntry[] getAppConfigurationEntry() { AppConfigurationEntry[] appConfig = null; if( loginInfo != null ) appConfig = loginInfo.getAppConfigurationEntry(); if( appConfig == null && this != defaultAppPolicy ) appConfig = defaultAppPolicy.getAppConfigurationEntry(); AppConfigurationEntry[] copy = null; if( appConfig != null ) { copy = new AppConfigurationEntry[appConfig.length]; for(int c = 0; c < copy.length; c ++) { AppConfigurationEntry e0 = appConfig[c]; AppConfigurationEntry e1 = new AppConfigurationEntry( e0.getLoginModuleName(), e0.getControlFlag(), e0.getOptions() ); copy[c] = e1; } } return copy; } public PermissionCollection getPermissions(Subject subject, CodeSource codesource)
public AppConfigurationEntry[] getAppConfigurationEntry() { AppConfigurationEntry[] appConfig = null; if( loginInfo != null ) appConfig = loginInfo.getAppConfigurationEntry(); if( appConfig == null && this != defaultAppPolicy ) appConfig = defaultAppPolicy.getAppConfigurationEntry(); AppConfigurationEntry[] copy = null; if( appConfig != null ) { copy = new AppConfigurationEntry[appConfig.length]; for(int c = 0; c < copy.length; c ++) { AppConfigurationEntry e0 = appConfig[c]; AppConfigurationEntry e1 = new AppConfigurationEntry( e0.getLoginModuleName(), e0.getControlFlag(), e0.getOptions() ); copy[c] = e1; } } return copy; } public PermissionCollection getPermissions(Subject subject, CodeSource codesource)
private void checkEntry(String loginModuleName, String name, String principal, String keytab) { AppConfigurationEntry entry = JaasConfiguration.getEntries().get(name); assertEquals(loginModuleName, entry.getLoginModuleName()); assertEquals(AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, entry.getControlFlag()); Map<String, ?> options = entry.getOptions(); assertEquals(principal, options.get("principal")); if (loginModuleName.equals("com.ibm.security.auth.module.Krb5LoginModule")){ assertEquals(keytab.startsWith("file://") ? keytab : "file://" + keytab, options.get("useKeytab")); assertEquals("both",options.get("credsType")); assertEquals(3, options.size()); } else{ assertEquals("true", options.get("useKeyTab")); assertEquals(keytab, options.get("keyTab")); assertEquals("true", options.get("storeKey")); assertEquals("false", options.get("useTicketCache")); assertEquals(5, options.size()); } } }
@Test public void test() throws Exception { String krb5LoginModuleName; if (System.getProperty("java.vendor").contains("IBM")) { krb5LoginModuleName = "com.ibm.security.auth.module.Krb5LoginModule"; } else { krb5LoginModuleName = "com.sun.security.auth.module.Krb5LoginModule"; } ZKSignerSecretProvider.JaasConfiguration jConf = new ZKSignerSecretProvider.JaasConfiguration("foo", "foo/localhost", "/some/location/foo.keytab"); AppConfigurationEntry[] entries = jConf.getAppConfigurationEntry("bar"); Assert.assertNull(entries); entries = jConf.getAppConfigurationEntry("foo"); Assert.assertEquals(1, entries.length); AppConfigurationEntry entry = entries[0]; Assert.assertEquals(AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, entry.getControlFlag()); Assert.assertEquals(krb5LoginModuleName, entry.getLoginModuleName()); Map<String, ?> options = entry.getOptions(); Assert.assertEquals("/some/location/foo.keytab", options.get("keyTab")); Assert.assertEquals("foo/localhost", options.get("principal")); Assert.assertEquals("true", options.get("useKeyTab")); Assert.assertEquals("true", options.get("storeKey")); Assert.assertEquals("false", options.get("useTicketCache")); Assert.assertEquals("true", options.get("refreshKrb5Config")); Assert.assertEquals(6, options.size()); } }
@Test public void test() throws Exception { String krb5LoginModuleName; if (System.getProperty("java.vendor").contains("IBM")) { krb5LoginModuleName = "com.ibm.security.auth.module.Krb5LoginModule"; } else { krb5LoginModuleName = "com.sun.security.auth.module.Krb5LoginModule"; } ZKSignerSecretProvider.JaasConfiguration jConf = new ZKSignerSecretProvider.JaasConfiguration("foo", "foo/localhost", "/some/location/foo.keytab"); AppConfigurationEntry[] entries = jConf.getAppConfigurationEntry("bar"); Assert.assertNull(entries); entries = jConf.getAppConfigurationEntry("foo"); Assert.assertEquals(1, entries.length); AppConfigurationEntry entry = entries[0]; Assert.assertEquals(AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, entry.getControlFlag()); Assert.assertEquals(krb5LoginModuleName, entry.getLoginModuleName()); Map<String, ?> options = entry.getOptions(); Assert.assertEquals("/some/location/foo.keytab", options.get("keyTab")); Assert.assertEquals("foo/localhost", options.get("principal")); Assert.assertEquals("true", options.get("useKeyTab")); Assert.assertEquals("true", options.get("storeKey")); Assert.assertEquals("false", options.get("useTicketCache")); Assert.assertEquals("true", options.get("refreshKrb5Config")); Assert.assertEquals(6, options.size()); } }