Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

added support for JACC authetnication to allow delegation to applicat…

…ion server security mechanism
  • Loading branch information...
commit a389801387d61486ee17e3c14436afe9d91d514e 1 parent add5192
@mswiderski mswiderski authored manstis committed
View
9 pom.xml
@@ -60,7 +60,7 @@
<gwt-dnd.version>3.1.2</gwt-dnd.version>
<hamcrest.version>1.3</hamcrest.version>
<jasypt.version>1.9.0</jasypt.version>
- <jacc.version>1.4.0</jacc.version>
+ <jacc.version>1.4</jacc.version>
</properties>
<scm>
@@ -725,6 +725,13 @@
<version>${jasypt.version}</version>
</dependency>
+ <dependency>
+ <groupId>javax.security.jacc</groupId>
+ <artifactId>javax.security.jacc-api</artifactId>
+ <version>${jacc.version}</version>
+ <scope>provided</scope>
+ </dependency>
+
</dependencies>
</dependencyManagement>
View
15 ...erfire-security-api/src/main/java/org/uberfire/security/impl/auth/UserNameCredential.java
@@ -0,0 +1,15 @@
+package org.uberfire.security.impl.auth;
+
+import org.uberfire.security.auth.Credential;
+
+public class UserNameCredential implements Credential {
+ private final String userName;
+
+ public UserNameCredential(final String userName) {
+ this.userName = userName;
+ }
+
+ public String getUserName() {
+ return userName;
+ }
+}
View
9 ...ecurity-api/src/main/java/org/uberfire/security/impl/auth/UsernamePasswordCredential.java
@@ -18,20 +18,15 @@
import org.uberfire.security.auth.Credential;
-public class UsernamePasswordCredential implements Credential {
+public class UsernamePasswordCredential extends UserNameCredential {
- private final String userName;
private final Object passwd;
public UsernamePasswordCredential(final String userName, final Object passwd) {
- this.userName = userName;
+ super(userName);
this.passwd = passwd;
}
- public String getUserName() {
- return userName;
- }
-
public Object getPassword() {
return passwd;
}
View
5 uberfire-security/uberfire-security-server/pom.xml
@@ -69,6 +69,11 @@
<artifactId>slf4j-api</artifactId>
</dependency>
+ <dependency>
+ <groupId>javax.security.jacc</groupId>
+ <artifactId>javax.security.jacc-api</artifactId>
+ </dependency>
+
</dependencies>
</project>
View
3  ...berfire-security-server/src/main/java/org/uberfire/security/server/SecurityConstants.java
@@ -57,4 +57,7 @@
final String LOGOUT_URI = "/uf_logout";
final String SUBJECT_ON_SESSION_KEY = "org.uf.subject";
+
+ final String ROLES_IN_CONTEXT_KEY = "org.uf.context.roles";
+
}
View
9 ...re-security-server/src/main/java/org/uberfire/security/server/UberFireSecurityFilter.java
@@ -188,15 +188,18 @@ private AuthenticationManager getAuthenticationManager( final Map<String, String
private AuthenticationScheme getAuthenticationScheme( final Map<String, String> options ) {
final String authScheme = options.get( AUTH_SCHEME_KEY );
+ AuthenticationScheme scheme = null;
if ( authScheme == null || authScheme.isEmpty() ) {
return new FormAuthenticationScheme();
+ } else {
+ scheme = loadConfigClazz( authScheme, AuthenticationScheme.class );
}
- if ( authScheme.equalsIgnoreCase( FORM ) ) {
+ if ( scheme == null && authScheme.equalsIgnoreCase( FORM ) ) {
return new FormAuthenticationScheme();
}
- return null;
+ return scheme;
}
@Override
@@ -296,7 +299,7 @@ private void authorize( final SecurityContext context,
try {
final Class<?> clazz = Class.forName( clazzName );
- if ( !clazz.isAssignableFrom( typeOf ) ) {
+ if ( !typeOf.isAssignableFrom( clazz ) ) {
LOG.error( "Invalid class type '" + typeOf.getName() + "'" );
return null;
}
View
3  ...server/src/main/java/org/uberfire/security/server/auth/DefaultAuthenticationProvider.java
@@ -27,6 +27,7 @@
import org.uberfire.security.auth.AuthenticationStatus;
import org.uberfire.security.auth.Credential;
import org.uberfire.security.auth.Principal;
+import org.uberfire.security.impl.auth.UserNameCredential;
import org.uberfire.security.impl.auth.UsernamePasswordCredential;
import static java.util.Collections.*;
@@ -74,7 +75,7 @@ public Principal getPrincipal() {
};
}
- final UsernamePasswordCredential realCredential = UsernamePasswordCredential.class.cast(credential);
+ final UserNameCredential realCredential = UserNameCredential.class.cast(credential);
if (!authenticationSource.authenticate(realCredential)) {
return new AuthenticationResult() {
View
4 ...ity-server/src/main/java/org/uberfire/security/server/auth/HttpAuthenticationManager.java
@@ -163,7 +163,7 @@ public String getName() {
}
final String originalRequest = requestCache.remove(httpContext.getRequest().getSession().getId());
- if (originalRequest != null && !originalRequest.isEmpty()) {
+ if (originalRequest != null && !originalRequest.isEmpty() && !httpContext.getResponse().isCommitted()) {
try {
httpContext.getResponse().sendRedirect(originalRequest);
} catch (IOException e) {
@@ -179,5 +179,7 @@ public void logout(final SecurityContext context) throws AuthenticationException
for (final AuthenticatedStorageProvider storeProvider : authStorageProviders) {
storeProvider.cleanup(context);
}
+ final HttpSecurityContext httpContext = checkInstanceOf("context", context, HttpSecurityContext.class);
+ httpContext.getRequest().getSession().invalidate();
}
}
View
26 ...rity-server/src/main/java/org/uberfire/security/server/auth/JACCAuthenticationScheme.java
@@ -0,0 +1,26 @@
+package org.uberfire.security.server.auth;
+
+import org.uberfire.security.SecurityContext;
+import org.uberfire.security.auth.AuthenticationScheme;
+import org.uberfire.security.auth.Credential;
+import org.uberfire.security.impl.auth.UserNameCredential;
+import org.uberfire.security.server.HttpSecurityContext;
+
+import static org.kie.commons.validation.Preconditions.checkInstanceOf;
+
+public class JACCAuthenticationScheme extends FormAuthenticationScheme implements AuthenticationScheme {
+
+ @Override
+ public void challengeClient(SecurityContext context) {
+
+ }
+
+ @Override
+ public Credential buildCredential(SecurityContext context) {
+
+ final HttpSecurityContext httpSecurityContext = checkInstanceOf("context", context, HttpSecurityContext.class);
+
+ final String userName = httpSecurityContext.getRequest().getUserPrincipal().getName();
+ return new UserNameCredential(userName);
+ }
+}
View
100 ...rver/src/main/java/org/uberfire/security/server/auth/source/JACCAuthenticationSource.java
@@ -0,0 +1,100 @@
+package org.uberfire.security.server.auth.source;
+
+import java.security.acl.Group;
+import java.util.ArrayList;
+import java.util.Enumeration;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import javax.security.auth.Subject;
+import javax.security.jacc.PolicyContext;
+
+import org.uberfire.security.Role;
+import org.uberfire.security.auth.AuthenticationSource;
+import org.uberfire.security.auth.Credential;
+import org.uberfire.security.auth.Principal;
+import org.uberfire.security.auth.RoleProvider;
+import org.uberfire.security.impl.auth.UserNameCredential;
+
+import static org.kie.commons.validation.Preconditions.checkInstanceOf;
+import static org.uberfire.security.server.SecurityConstants.*;
+
+public class JACCAuthenticationSource implements AuthenticationSource, RoleProvider{
+
+ public static final String DEFAULT_ROLE_PRINCIPLE_NAME = "Roles";
+ private String rolePrincipleName = DEFAULT_ROLE_PRINCIPLE_NAME;
+
+ @Override
+ public void initialize(Map<String, ?> options) {
+ if (options.containsKey(ROLES_IN_CONTEXT_KEY)) {
+ rolePrincipleName = (String) options.get(ROLES_IN_CONTEXT_KEY);
+ }
+ }
+
+ @Override public boolean supportsCredential(Credential credential) {
+ if (credential == null) {
+ return false;
+ }
+ return credential instanceof UserNameCredential;
+ }
+
+ @Override public boolean authenticate(Credential credential) {
+ final UserNameCredential userNameCredential = checkInstanceOf("credential", credential, UserNameCredential.class);
+ try {
+ Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container");
+
+ if (subject != null) {
+ Set<java.security.Principal> principals = subject.getPrincipals();
+
+ if (principals != null) {
+ for (java.security.Principal p : principals) {
+ if (p.getName().equals(userNameCredential.getUserName())) {
+ return true;
+ }
+ }
+ }
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ return false;
+ }
+
+ @Override
+ public List<Role> loadRoles(Principal principal) {
+ List<Role> roles = null;
+ try {
+ Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container");
+
+ if (subject != null) {
+ Set<java.security.Principal> principals = subject.getPrincipals();
+
+ if (principals != null) {
+ roles = new ArrayList<Role>();
+ for (java.security.Principal p : principals) {
+ if (p instanceof Group && rolePrincipleName.equalsIgnoreCase(p.getName())) {
+ Enumeration<? extends java.security.Principal> groups = ((Group) p).members();
+
+ while (groups.hasMoreElements()) {
+ final java.security.Principal groupPrincipal = (java.security.Principal) groups.nextElement();
+ roles.add(new Role() {
+ @Override
+ public String getName() {
+ return groupPrincipal.getName();
+ }
+ });
+
+ }
+ break;
+
+ }
+
+ }
+ }
+ }
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ return roles;
+ }
+}
Please sign in to comment.
Something went wrong with that request. Please try again.