Examples of javax.security.auth.Subject

• javax.security.auth.Subject
  a Principal and credential to the Subject subject.getPrincipals().add(principal); subject.getPublicCredentials().add(credential);

  This {@code Subject} class implements {@code Serializable}. While the Principals associated with the {@code Subject} are serialized,the credentials associated with the {@code Subject} are not.Note that the {@code java.security.Principal} classdoes not implement {@code Serializable}. Therefore all concrete {@code Principal} implementations associated with Subjectsmust implement {@code Serializable}. @see java.security.Principal @see java.security.DomainCombiner

  public void handle(final Request request, final Response response, final Handler wrapped)
      throws HandlerException {
    if (request.getRequestURI().getPath().equals("/meta/account-manager")) {
      Subject subject = new Subject();
      subject.getPrincipals().add(SuperUserGVSPrincipal.instance);
      try {
        Subject.doAsPrivileged(subject, new PrivilegedExceptionAction() {
          public Object run() throws Exception {
            wrapped.handle(request, response);
            return null;
          }
        }, null);
      } catch (PrivilegedActionException e) {
        throw new RuntimeException(e);
      }
    } else {
      LoginContext loginContext;
      try {
        loginContext = new LoginContext("GVS-Auth", new CookieCallbackHandler(request));
        loginContext.login();
      } catch (LoginException e) {
        /*response.setResponseStatus(ResponseStatus.FORBIDDEN);
        log.info(e);
        response.setBody(new MessageBody2Read() {

          public ReadableByteChannel read() throws IOException {
            return Channels.newChannel(new ByteArrayInputStream("Login Failed".getBytes()));
          }

        });
        return;*/
        try {
          Cookie loginCookie = new Cookie("login", "-");
          loginCookie.setMaxAge(-1);
          response.setHeader(HeaderName.SET_COOKIE, loginCookie.toString());

          loginContext = new LoginContext("GVS-Auth", new CallbackHandler() {

            public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
              for (int i = 0; i < callbacks.length; i++) {
                if (callbacks[i] instanceof NameCallback) {
                  ((NameCallback) callbacks[i]).setName("");
                } else if (callbacks[i] instanceof PasswordCallback) {
                  ((PasswordCallback) callbacks[i]).setPassword(""
                      .toCharArray());
                } else {
                  throw new UnsupportedCallbackException(callbacks[i],
                      "Callback class not supported");
                }

              }

            }

          });
          loginContext.login();
        } catch (LoginException e1) {
          // TODO Auto-generated catch block
          throw new RuntimeException(e1);
        }

      }
      try {
        Subject subject = loginContext.getSubject();
        Subject.doAsPrivileged(subject, new PrivilegedExceptionAction() {
          public Object run() throws Exception {
            wrapped.handle(request, response);
            return null;
          }

                        if (!storedUser.equals(user)) throw new SecurityException("xmlBlaster responds: Unknown user " + user + ",  please try with user '" + storedUser + "'");
                        if (!storedPassword.equals(password)) throw new SecurityException("xmlBlaster responds: Bad password, please try again");

                        Set principals = new HashSet();
                        principals.add(new javax.management.remote.JMXPrincipal(user));
                        return new Subject(true, principals, Collections.EMPTY_SET, Collections.EMPTY_SET);
                     }
                  };
                  props.put("jmx.remote.authenticator", auth); // JMXConnectorServer.AUTHENTICATOR
               }
               else {

      if (password != null)
      {
         passwordChars = password.toCharArray();
      }

      Subject subject = new Subject();

      if (authenticationManager.isValid(principal, passwordChars, subject))
      {
         // Warning! This "taints" thread local. Make sure you pop it off the stack as soon as
         //          you're done with it.

     *        invocation
     * @return result of the next invocation (to chain interceptors)
     * @throws Exception if interceptor fails
     */
    public Object intercept(final EasyBeansInvocationContext invocationContext) throws Exception {
        Subject runAsSubject = invocationContext.getFactory().getBeanInfo().getSecurityInfo().getRunAsSubject();
        Subject previousSubject = SecurityCurrent.getCurrent().getSecurityContext().enterRunAs(runAsSubject);
        try {
            return invocationContext.proceed();
        } finally {
            SecurityCurrent.getCurrent().getSecurityContext().endsRunAs(previousSubject);
        }

     * Sets the name of the run-as security role.
     * @param runAsRole the name of the role.
     */
    public void setRunAsRole(final String runAsRole) {
        this.runAsRole = runAsRole;
        this.runAsSubject = new Subject();

        // Structure associating a principal with its roles
        Map<Principal, List<Principal>> principals = getRunAsPrincipals();

        // Add principal name

     * Gets the caller's principal.
     * @param runAsBean if true, the bean is a run-as bean.
     * @return principal of the caller.
     */
    public Principal getCallerPrincipal(final boolean runAsBean) {
        Subject subject = null;

        // in run-as mode, needs to return callerInRunAsModeSubject's principal.
        if (runAsBean && callerInRunAsModeSubject != null) {
            subject = callerInRunAsModeSubject;
        } else {
            subject = this.subject;
        }

        // Then, takes the first principal found. (which is not a role)
        for (Principal principal : subject.getPrincipals(Principal.class)) {
            if (!(principal instanceof Group)) {
                return principal;
            }
        }

     * Gets the caller's roles.
     * @param runAsBean if true, the bean is a run-as bean.
     * @return list of roles of the caller.
     */
    public List<? extends Principal> getCallerRolesList(final boolean runAsBean) {
        Subject subject = null;

        // in run-as mode, needs to return callerInRunAsModeSubject's principal.
        if (runAsBean && callerInRunAsModeSubject != null) {
            subject = callerInRunAsModeSubject;
        } else {
            subject = this.subject;
        }

        // Then, takes all the roles found in this principal.
        for (Principal principal : subject.getPrincipals(Principal.class)) {
            if (principal instanceof Group) {
                return Collections.list(((Group) principal).members());
            }
        }

     * @param userName given username
     * @param roleList given list of roles.
     * @return built subject.
     */
    public static Subject buildSubject(final String userName, final List<String> roleList) {
        Subject subject = new Subject();

        // Add principal name
        Principal principalName = new JPrincipal(userName);
        subject.getPrincipals().add(principalName);

        // Add roles for this principal
        Group roles = new JGroup("roles");
        if (roleList != null) {
            for (String role : roleList) {
                roles.addMember(new JPrincipal(role));
            }
        }
        subject.getPrincipals().add(roles);

        return subject;
    }

      if (simulateJBossJaasSecurityManager)
      {
         boolean hasRole = false;
         // check that the caller is authenticated to the current thread
         Subject subject = SecurityAssociation.getSubject();

         if (subject != null)
         {
            // Check the caller's roles
            Group subjectRoles = getSubjectRoles(subject);

      Queue queue = (Queue)ic.lookup("/queue/TestQueue");

      Principal nabopolassar = new SimplePrincipal("nabopolassar");
      Set principals = new HashSet();
      principals.add(nabopolassar);
      Subject subject =
         new Subject(false, principals, Collections.EMPTY_SET, Collections.EMPTY_SET);
      Principal nebuchadrezzar = new SimplePrincipal("nebuchadrezzar");

      SecurityAssociation.pushSubjectContext(subject, nebuchadrezzar, "xexe");

      Connection conn = null;

      try
      {
         conn = cf.createConnection();
         conn.start();

         Session session = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);

         MessageProducer prod = session.createProducer(queue);
         MessageConsumer cons = session.createConsumer(queue);

         TextMessage m = session.createTextMessage("floccinaucinihilipilification");

         prod.send(m);

         TextMessage rm = (TextMessage)cons.receive(5000);

         assertEquals("floccinaucinihilipilification", rm.getText());

         SecurityAssociation.SubjectContext context = SecurityAssociation.popSubjectContext();

         Subject s = context.getSubject();
         assertNotNull(s);
         Set ps = s.getPrincipals();
         assertNotNull(ps);
         assertEquals(1, ps.size());
         Principal p = (Principal)ps.iterator().next();
         assertTrue(p instanceof SimplePrincipal);
         assertEquals("nabopolassar", ((SimplePrincipal)p).getName());