@Override public void addNotificationListener( String connectionId, ObjectName name, Subject subject) throws SecurityException { echo("addNotificationListener:"); echo("\tconnectionId: " + connectionId); echo("\tname: " + name); echo("\tsubject: " + (subject == null ? null : subject.getPrincipals())); if (throwException) if (name.getCanonicalName().equals("domain:name=1,type=NB") && subject != null && subject.getPrincipals().contains(new JMXPrincipal("role"))) throw new SecurityException(); }
@Override public void removeNotificationListener( String connectionId, ObjectName name, Subject subject) throws SecurityException { echo("removeNotificationListener:"); echo("\tconnectionId: " + connectionId); echo("\tname: " + name); echo("\tsubject: " + (subject == null ? null : subject.getPrincipals())); if (throwException) if (name.getCanonicalName().equals("domain:name=2,type=NB") && subject != null && subject.getPrincipals().contains(new JMXPrincipal("role"))) throw new SecurityException(); }
@Override public void fetchNotification( String connectionId, ObjectName name, Notification notification, Subject subject) throws SecurityException { echo("fetchNotification:"); echo("\tconnectionId: " + connectionId); echo("\tname: " + name); echo("\tnotification: " + notification); echo("\tsubject: " + (subject == null ? null : subject.getPrincipals())); if (!throwException) if (name.getCanonicalName().equals("domain:name=2,type=NB") && subject != null && subject.getPrincipals().contains(new JMXPrincipal("role"))) throw new SecurityException(); }
@Before public void setUp() throws Exception { MockitoAnnotations.initMocks(this); helper.setUp(); // Set up some fake HTTP requests // If the user isn't logged in, use this request when(mockRequestNotLoggedIn.getRequestURI()).thenReturn(FAKE_URL); when(mockRequestNotLoggedIn.getUserPrincipal()).thenReturn(null); // If the user is logged in, use this request when(mockRequestLoggedIn.getRequestURI()).thenReturn(FAKE_URL); // Most of the classes that implement Principal have been // deprecated. JMXPrincipal seems like a safe choice. when(mockRequestLoggedIn.getUserPrincipal()).thenReturn(new JMXPrincipal(FAKE_NAME)); // Set up a fake HTTP response. responseWriter = new StringWriter(); when(mockResponse.getWriter()).thenReturn(new PrintWriter(responseWriter)); servletUnderTest = new UsersServlet(); }
public void addNotificationListener( String connectionId, ObjectName name, Subject subject) throws SecurityException { echo("addNotificationListener:"); echo("\tconnectionId: " + connectionId); echo("\tname: " + name); echo("\tsubject: " + (subject == null ? null : subject.getPrincipals())); if (throwException) if (name.getCanonicalName().equals("domain:name=1,type=NB") && subject.getPrincipals().contains(new JMXPrincipal("role"))) throw new SecurityException(); }
public void removeNotificationListener( String connectionId, ObjectName name, Subject subject) throws SecurityException { echo("removeNotificationListener:"); echo("\tconnectionId: " + connectionId); echo("\tname: " + name); echo("\tsubject: " + (subject == null ? null : subject.getPrincipals())); if (throwException) if (name.getCanonicalName().equals("domain:name=2,type=NB") && subject.getPrincipals().contains(new JMXPrincipal("role"))) throw new SecurityException(); }
public void fetchNotification( String connectionId, ObjectName name, Notification notification, Subject subject) throws SecurityException { echo("fetchNotification:"); echo("\tconnectionId: " + connectionId); echo("\tname: " + name); echo("\tnotification: " + notification); echo("\tsubject: " + (subject == null ? null : subject.getPrincipals())); if (!throwException) if (name.getCanonicalName().equals("domain:name=2,type=NB") && subject.getPrincipals().contains(new JMXPrincipal("role"))) throw new SecurityException(); }
private JaasCallbackHandler getJaasCertificateCallbackHandler(String user) { JMXPrincipal principal = new JMXPrincipal(user); X509Certificate cert = new StubX509Certificate(principal); return new JaasCallbackHandler(null, null, null) { @Override public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { for (Callback callback : callbacks) { if (callback instanceof CertificateCallback) { CertificateCallback certCallback = (CertificateCallback) callback; certCallback.setCertificates(new X509Certificate[]{cert}); } else { throw new UnsupportedCallbackException(callback); } } } }; }
/** * Get the current user name connected to JMX server * * @return the current user name if any, null otherwise */ public static String getSubjectUser() { AccessControlContext ctx = AccessController.getContext(); Subject subj = Subject.getSubject(ctx); String result = null; if (subj == null) { subj = LocalSubject.getSubject(); } logger.trace("getSubjectUser; subject: {}", subj); if (subj != null) { Set<JMXPrincipal> sjp = subj.getPrincipals(JMXPrincipal.class); if (sjp != null && sjp.size() > 0) { result = sjp.iterator().next().getName(); } else { Set<Principal> sp = subj.getPrincipals(); if (sp != null && sp.size() > 0) { result = sp.iterator().next().getName(); } } } logger.trace("getSubjectUser.exit; returning: {}", result); return result; }
@Override public UserIdentity getUserIdentity() { // TODO: need to return the correct identity for this user. // Permitting specific logins for now with no passwords if (this.user.equals("tenant")) { return new DefaultUserIdentity(new Subject(), new JMXPrincipal( this.user), new String[] {"user"}); } else if (this.user.equals("ui")) { return new DefaultUserIdentity(new Subject(), new JMXPrincipal( this.user), new String[] {"ui"}); } else if (this.user.equals("admin")) { return new DefaultUserIdentity(new Subject(), new JMXPrincipal( this.user), new String[] {"user", "admin", "ui"}); } else { return null; } }
@Override public Subject authenticate(Object credentials) { if (credentials == null) { throw new SecurityException("Credentials required"); } if (!(credentials instanceof String[])) { throw new SecurityException("Credentials should be String[]"); } CallbackHandler callbackHandler = new CarbonJMXCallbackHandler(credentials); try { LoginContext loginContext = new LoginContext(Constants.LOGIN_MODULE_ENTRY, callbackHandler); loginContext.login(); return new Subject(true, Collections.singleton(new JMXPrincipal(((String[]) credentials)[0])), Collections.EMPTY_SET, Collections.EMPTY_SET); } catch (LoginException e) { throw new SecurityException("Invalid credentials", e); } }
/** * Tests a successful authentication. Ensures that a populated read-only subject it returned. */ public void testAuthenticationSuccess() { final Subject expectedSubject = new Subject(true, Collections.singleton(new JMXPrincipal(USERNAME)), Collections.EMPTY_SET, Collections.EMPTY_SET); _rmipa.setAuthenticationManager(createTestAuthenticationManager(true, null)); Subject newSubject = _rmipa.authenticate(_credentials); assertTrue("Subject must be readonly", newSubject.isReadOnly()); assertTrue("Returned subject does not equal expected value", newSubject.equals(expectedSubject)); }
