Examples of javax.security.auth.Subject

• javax.security.auth.Subject
  a Principal and credential to the Subject subject.getPrincipals().add(principal); subject.getPublicCredentials().add(credential);

  This {@code Subject} class implements {@code Serializable}. While the Principals associated with the {@code Subject} are serialized,the credentials associated with the {@code Subject} are not.Note that the {@code java.security.Principal} classdoes not implement {@code Serializable}. Therefore all concrete {@code Principal} implementations associated with Subjectsmust implement {@code Serializable}. @see java.security.Principal @see java.security.DomainCombiner

            if (_logRef.isDebugEnabled())
                _logRef.debug("authenticating: Name:" + _principal);

            // Authenticate using the cert as the credential
            Subject subjectCopy = new Subject();
            if (_realm._subjSecMgr != null && _realm._subjSecMgr.isValid(_principal, _certs, subjectCopy))
            {
                if (_logRef.isDebugEnabled())
                    _logRef.debug("authenticated: " + _principal);

      _lastValidCheckTime = Long.MAX_VALUE / 2;
    }

    // recover any resources on startup
    if (_isEnableXA) {
      Subject subject = null;
      ManagedConnection mConn = mcf.createManagedConnection(subject, null);

      try {
        XAResource xa = mConn.getXAResource();

  @Override
  public Object allocateConnection(ManagedConnectionFactory mcf,
                                   ConnectionRequestInfo info)
    throws ResourceException
  {
    Subject subject = null;

    Object conn = allocateConnection(mcf, subject, info);

    _connectionCountTotal.incrementAndGet();

  private Set<Principal> getPrincipals(String userName,
                                       String password)
  {
    try {
      LoginModule login = (LoginModule) _loginModuleClass.newInstance();
      Subject subject = new Subject();

      HashMap<String,String> state = new HashMap<String,String>();

      state.put("javax.security.auth.login.name", userName);
      state.put("javax.security.auth.login.password", password);

      login.initialize(subject,
                       new Handler(userName, password),
                       state, _options);

      try {
        login.login();
      } catch (Exception e) {
        login.abort();
      }

      login.commit();

      Set<Principal> principals = subject.getPrincipals();

      return principals;
    } catch (LoginException e) {
      log.log(Level.FINE, e.toString(), e);

        String password = (aCredentials[1] != null ? aCredentials[1] : "");

        // perform authentication
        if (secretInformation.getUser().equals(username) &&
                password.equals(secretInformation.getResolvedSecret())) {
            return new Subject(true,
                Collections.singleton(new JMXPrincipal(username)),
                Collections.EMPTY_SET,
                Collections.EMPTY_SET);
        } else {
            throw new SecurityException("Username and/or password are incorrect, " +

        this.role = role;
    }

    public boolean authenticate(final String username, final String password, final ServerSession session) {
        try {
            Subject subject = new Subject();
            LoginContext loginContext = new LoginContext(realm, subject, new CallbackHandler() {
                public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
                    for (Callback callback : callbacks) {
                        if (callback instanceof NameCallback) {
                            ((NameCallback) callback).setName(username);
                        } else if (callback instanceof PasswordCallback) {
                            ((PasswordCallback) callback).setPassword(password.toCharArray());
                        } else {
                            throw new UnsupportedCallbackException(callback);
                        }
                    }
                }
            });
            loginContext.login();
            if (role != null && role.length() > 0) {
                String clazz = "org.apache.karaf.jaas.modules.RolePrincipal";
                String name = role;
                int idx = role.indexOf(':');
                if (idx > 0) {
                    clazz = role.substring(0, idx);
                    name = role.substring(idx + 1);
                }
                boolean found = false;
                for (Principal p : subject.getPrincipals()) {
                    if (p.getClass().getName().equals(clazz)
                            && p.getName().equals(name)) {
                        found = true;
                        break;
                    }

                if (log.isDebugEnabled())
                    log.debug("Login context created " + principalName);

                // Negotiate a login via this LoginContext
                Subject subject = loginContext.getSubject();
                ContextManager.setCallers(subject, subject);

                if (log.isDebugEnabled())
                    log.debug(sm.getString("jaasRealm.loginContextCreated", principalName));

        session.removeAttribute("TestLoginPrincipals");
        session.removeAttribute("TestLoginError");
        Map options = new HashMap();
        try {
            LoginModule module = loadModule(request, data, options);
            Subject sub = PortletManager.testLoginModule(request, module, options, username, password);
            session.setAttribute("TestLoginPrincipals", sub.getPrincipals());
        } catch (Exception e) {
            log.warn("Test login failed", e);
            session.setAttribute("TestLoginError", "Login Failed: " + (e.getMessage() == null ? "no message" : e.getMessage()));
        }
    }

            Integer loadOnStartup,
            Set<String> servletMappings,
            String runAsRole,
            JettyServletRegistration context) throws Exception {
        servletRegistration = context;
        Subject runAsSubject = context == null? null: context.getSubjectForRole(runAsRole);
        servletHolder = new InternalJettyServletHolder(context == null? null: context.getLifecycleChain(), runAsSubject, servletRegistration);
        servletHolder.setName(servletName);
        servletHolder.setClassName(servletClassName);
        //context will be null only for use as "default servlet info holder" in deployer.

        //TODO track resource ref shared and app managed security
        Thread thread = Thread.currentThread();

        ClassLoader oldClassLoader = thread.getContextClassLoader();
        Callers oldCallers = ContextManager.getCallers();
        Subject clientSubject = defaultSubject;
        try {
            thread.setContextClassLoader(classLoader);
            jndiContext.startClient(appClientModuleName, kernel, classLoader);
            Context componentContext = jndiContext.getJndiContext();