Merge pull request #8511 from eelhazati/master

BAEL-3583: JAAS

core-java-modules/core-java-security-2/pom.xml

@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <artifactId>core-java-security-2</artifactId>
+    <version>0.1.0-SNAPSHOT</version>
+    <name>core-java-security-2</name>
+    <packaging>jar</packaging>
+
+    <parent>
+        <groupId>com.baeldung</groupId>
+        <artifactId>parent-java</artifactId>
+        <version>0.0.1-SNAPSHOT</version>
+        <relativePath>../../parent-java</relativePath>
+    </parent>
+
+</project>

core-java-modules/core-java-security-2/src/main/java/com/baeldung/jaas/ConsoleCallbackHandler.java

@@ -0,0 +1,24 @@
+package com.baeldung.jaas;
+
+import javax.security.auth.callback.*;
+import java.io.Console;
+import java.io.IOException;
+
+public class ConsoleCallbackHandler implements CallbackHandler {
+
+    @Override
+    public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+        Console console = System.console();
+        for (Callback callback : callbacks) {
+            if (callback instanceof NameCallback) {
+                NameCallback nameCallback = (NameCallback) callback;
+                nameCallback.setName(console.readLine(nameCallback.getPrompt()));
+            } else if (callback instanceof PasswordCallback) {
+                PasswordCallback passwordCallback = (PasswordCallback) callback;
+                passwordCallback.setPassword(console.readPassword(passwordCallback.getPrompt()));
+            } else {
+                throw new UnsupportedCallbackException(callback);
+            }
+        }
+    }
+}

core-java-modules/core-java-security-2/src/main/java/com/baeldung/jaas/JaasAuthentication.java

@@ -0,0 +1,13 @@
+package com.baeldung.jaas;
+
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginException;
+
+public class JaasAuthentication {
+
+    public static void main(String[] args) throws LoginException {
+        LoginService loginService = new LoginService();
+        Subject subject = loginService.login();
+        System.out.println(subject.getPrincipals().iterator().next() + " sucessfully logeed in");
+    }
+}

core-java-modules/core-java-security-2/src/main/java/com/baeldung/jaas/JaasAuthorization.java

@@ -0,0 +1,17 @@
+package com.baeldung.jaas;
+
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginException;
+import java.security.PrivilegedAction;
+
+public class JaasAuthorization {
+
+    public static void main(String[] args) throws LoginException {
+
+        LoginService loginService = new LoginService();
+        Subject subject = loginService.login();
+
+        PrivilegedAction privilegedAction = new ResourceAction();
+        Subject.doAsPrivileged(subject, privilegedAction, null);
+    }
+}

core-java-modules/core-java-security-2/src/main/java/com/baeldung/jaas/LoginService.java

@@ -0,0 +1,14 @@
+package com.baeldung.jaas;
+
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
+
+public class LoginService {
+
+    public Subject login() throws LoginException {
+        LoginContext loginContext = new LoginContext("jaasApplication", new ConsoleCallbackHandler());
+        loginContext.login();
+        return loginContext.getSubject();
+    }
+}

core-java-modules/core-java-security-2/src/main/java/com/baeldung/jaas/ResourceAction.java

@@ -0,0 +1,15 @@
+package com.baeldung.jaas;
+
+import java.security.PrivilegedAction;
+
+public class ResourceAction implements PrivilegedAction {
+    @Override
+    public Object run() {
+        SecurityManager sm = System.getSecurityManager();
+        if (sm != null) {
+            sm.checkPermission(new ResourcePermission("test_resource"));
+        }
+        System.out.println("I have access to test_resource !");
+        return null;
+    }
+}

core-java-modules/core-java-security-2/src/main/java/com/baeldung/jaas/ResourcePermission.java

@@ -0,0 +1,9 @@
+package com.baeldung.jaas;
+
+import java.security.BasicPermission;
+
+public class ResourcePermission extends BasicPermission {
+    public ResourcePermission(String name) {
+        super(name);
+    }
+}

core-java-modules/core-java-security-2/src/main/java/com/baeldung/jaas/loginmodule/InMemoryLoginModule.java

@@ -0,0 +1,74 @@
+package com.baeldung.jaas.loginmodule;
+
+import com.sun.security.auth.UserPrincipal;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.*;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.spi.LoginModule;
+import java.io.IOException;
+import java.security.Principal;
+import java.util.Map;
+
+public class InMemoryLoginModule implements LoginModule {
+
+    private static final String USERNAME = "testuser";
+    private static final String PASSWORD = "testpassword";
+
+    private Subject subject;
+    private CallbackHandler callbackHandler;
+    private Map<String, ?> sharedState;
+    private Map<String, ?> options;
+
+    private String username;
+    private boolean loginSucceeded = false;
+    private Principal userPrincipal;
+
+    @Override
+    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
+                           Map<String, ?> options) {
+        this.subject = subject;
+        this.callbackHandler = callbackHandler;
+        this.sharedState = sharedState;
+        this.options = options;
+    }
+
+    @Override
+    public boolean login() throws LoginException {
+        NameCallback nameCallback = new NameCallback("username: ");
+        PasswordCallback passwordCallback = new PasswordCallback("password: ", false);
+        try {
+            callbackHandler.handle(new Callback[]{nameCallback, passwordCallback});
+            username = nameCallback.getName();
+            String password = new String(passwordCallback.getPassword());
+            if (USERNAME.equals(username) && PASSWORD.equals(password)) {
+                loginSucceeded = true;
+            }
+        } catch (IOException | UnsupportedCallbackException e) {
+            throw new LoginException("Can't login");
+        }
+        return loginSucceeded;
+    }
+
+    @Override
+    public boolean commit() throws LoginException {
+        if (!loginSucceeded) {
+            return false;
+        }
+        userPrincipal = new UserPrincipal(username);
+        subject.getPrincipals().add(userPrincipal);
+        return true;
+    }
+
+    @Override
+    public boolean abort() throws LoginException {
+        logout();
+        return true;
+    }
+
+    @Override
+    public boolean logout() throws LoginException {
+        subject.getPrincipals().remove(userPrincipal);
+        return false;
+    }
+}

core-java-modules/core-java-security-2/src/main/resources/jaas/jaas.login.config

@@ -0,0 +1,3 @@
+jaasApplication {
+   com.baeldung.jaas.loginmodule.InMemoryLoginModule required debug=true;
+};

core-java-modules/core-java-security-2/src/main/resources/jaas/jaas.policy

@@ -0,0 +1,14 @@
+grant codebase "file:./target/core-java-security-2-0.1.0-SNAPSHOT.jar" {
+    permission javax.security.auth.AuthPermission "createLoginContext.jaasApplication";
+    permission javax.security.auth.AuthPermission "doAsPrivileged";
+    permission java.lang.RuntimePermission "readFileDescriptor";
+    permission java.lang.RuntimePermission "writeFileDescriptor";
+};
+
+grant codebase "file:./target/core-java-security-2-0.1.0-SNAPSHOT.jar" {
+    permission javax.security.auth.AuthPermission "modifyPrincipals";
+};
+
+grant principal com.sun.security.auth.UserPrincipal "testuser" {
+    permission com.baeldung.jaas.ResourcePermission "test_resource";
+};