Examples of javax.security.auth.login.Configuration

• javax.security.auth.login.Configuration
  A Configuration object is responsible for specifying which LoginModules should be used for a particular application, and in what order the LoginModules should be invoked.

  A login configuration contains the following information. Note that this example only represents the default syntax for the {@code Configuration}. Subclass implementations of this class may implement alternative syntaxes and may retrieve the {@code Configuration} from any source such as files, databases,or servers.

   Name { ModuleClass  Flag    ModuleOptions; ModuleClass  Flag    ModuleOptions; ModuleClass  Flag    ModuleOptions; }; Name { ModuleClass  Flag    ModuleOptions; ModuleClass  Flag    ModuleOptions; }; other { ModuleClass  Flag    ModuleOptions; ModuleClass  Flag    ModuleOptions; }; 

  Each entry in the {@code Configuration} is indexed via anapplication name, Name, and contains a list of LoginModules configured for that application. Each {@code LoginModule}is specified via its fully qualified class name. Authentication proceeds down the module list in the exact order specified. If an application does not have a specific entry, it defaults to the specific entry for "other".

  The Flag value controls the overall behavior as authentication proceeds down the stack. The following represents a description of the valid values for Flag and their respective semantics:

   1) Required     - The  {@code LoginModule} is required to succeed.If it succeeds or fails, authentication still continues to proceed down the  {@code LoginModule} list.2) Requisite    - The  {@code LoginModule} is required to succeed.If it succeeds, authentication continues down the {@code LoginModule} list.  If it fails,control immediately returns to the application (authentication does not proceed down the {@code LoginModule} list).3) Sufficient   - The  {@code LoginModule} is not required tosucceed.  If it does succeed, control immediately returns to the application (authentication does not proceed down the  {@code LoginModule} list).If it fails, authentication continues down the {@code LoginModule} list.4) Optional     - The  {@code LoginModule} is not required tosucceed.  If it succeeds or fails, authentication still continues to proceed down the {@code LoginModule} list.

  The overall authentication succeeds only if all Required and Requisite LoginModules succeed. If a Sufficient {@code LoginModule} is configured and succeeds,then only the Required and Requisite LoginModules prior to that Sufficient {@code LoginModule} need to have succeeded forthe overall authentication to succeed. If no Required or Requisite LoginModules are configured for an application, then at least one Sufficient or Optional {@code LoginModule} must succeed.

  ModuleOptions is a space separated list of {@code LoginModule}-specific values which are passed directly to the underlying LoginModules. Options are defined by the {@code LoginModule} itself, and control the behavior within it.For example, a {@code LoginModule} may define options to supportdebugging/testing capabilities. The correct way to specify options in the {@code Configuration} is by using the following key-value pairing:debug="true". The key and value should be separated by an 'equals' symbol, and the value should be surrounded by double quotes. If a String in the form, ${system.property}, occurs in the value, it will be expanded to the value of the system property. Note that there is no limit to the number of options a {@code LoginModule} may define.

  The following represents an example {@code Configuration} entrybased on the syntax above:

   Login { com.sun.security.auth.module.UnixLoginModule required; com.sun.security.auth.module.Krb5LoginModule optional useTicketCache="true" ticketCache="${user.home}${/}tickets"; }; 

  This {@code Configuration} specifies that an application named,"Login", requires users to first authenticate to the com.sun.security.auth.module.UnixLoginModule, which is required to succeed. Even if the UnixLoginModule authentication fails, the com.sun.security.auth.module.Krb5LoginModule still gets invoked. This helps hide the source of failure. Since the Krb5LoginModule is Optional, the overall authentication succeeds only if the UnixLoginModule (Required) succeeds.

  Also note that the LoginModule-specific options, useTicketCache="true" and ticketCache=${user.home}${/}tickets", are passed to the Krb5LoginModule. These options instruct the Krb5LoginModule to use the ticket cache at the specified location. The system properties, user.home and / (file.separator), are expanded to their respective values.

  There is only one Configuration object installed in the runtime at any given time. A Configuration object can be installed by calling the {@code setConfiguration} method. The installed Configuration objectcan be obtained by calling the {@code getConfiguration} method.

  If no Configuration object has been installed in the runtime, a call to {@code getConfiguration} installs an instance of the defaultConfiguration implementation (a default subclass implementation of this abstract class). The default Configuration implementation can be changed by setting the value of the {@code login.configuration.provider} security property to the fullyqualified name of the desired Configuration subclass implementation.

  Application code can directly subclass Configuration to provide a custom implementation. In addition, an instance of a Configuration object can be constructed by invoking one of the {@code getInstance} factory methodswith a standard type. The default policy type is "JavaLoginConfig". See the Configuration section in the Java Cryptography Architecture Standard Algorithm Name Documentation for a list of standard Configuration types. @see javax.security.auth.login.LoginContext @see java.security.Security security properties

    private LoginException loginException;


    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
                           Map<String, ?> options) {
        Configuration config = null;
        try{
            config = Configuration.getInstance(JAAS_CONFIG_ALGO_NAME, null, providerName);
        }catch (NoSuchProviderException e){
            logger.debug("No provider "+providerName+"found so far",e);
        } catch (NoSuchAlgorithmException e) {

        Subject subject = new Subject();
        final ClassLoader cl = Thread.currentThread().getContextClassLoader();
        try
        {
            Configuration config = Configuration.getInstance("JavaLoginConfig", null,
                "FelixJaasProvider");
            Thread.currentThread().setContextClassLoader(getClass().getClassLoader());
            LoginContext lc = new LoginContext("sample", subject, handler, config);
            lc.login();

                        throw new UnsupportedCallbackException(current);
                    }
                }
            }
        };
        Configuration config = new Configuration() {

            @Override
            public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
                if (configurationName.equals(name) == false) {
                    throw new IllegalArgumentException("Unexpected configuration name '" + name + "'");

    }

    public ThriftClient(Map storm_conf, String host, int port, Integer timeout) throws TTransportException {
        try {
            //locate login configuration
            Configuration login_conf = AuthUtils.GetConfiguration(storm_conf);

            //construct a transport plugin
            ITransportPlugin  transportPlugin = AuthUtils.GetTransportPlugin(storm_conf, login_conf);

            //create a socket with server

     */
    @Nonnull
    @Override
    public LoginContextProvider getLoginContextProvider(ContentRepository contentRepository) {
        String appName = getParameters().getConfigValue(PARAM_APP_NAME, DEFAULT_APP_NAME);
        Configuration loginConfig = null;
        try {
            loginConfig = Configuration.getConfiguration();
            // NOTE: workaround for Java7 behavior (see OAK-497)
            if (loginConfig.getAppConfigurationEntry(appName) == null) {
                loginConfig = null;
            }
        } catch (SecurityException e) {
            log.info("Failed to retrieve login configuration: using default. " + e);
        }

            LOG.debug("Cannot set URLStreamHandlerFactory due " + e.getMessage() + ". This exception will be ignored.", e);
        }
    }

    static Configuration getJAASConfiguration() {
        Configuration auth = null;
        try {
            auth = Configuration.getConfiguration();
            LOG.trace("Existing JAAS Configuration {}", auth);
        } catch (SecurityException e) {
            LOG.trace("Cannot load existing JAAS configuration", e);

        try {
            oldConfiguration = Configuration.getConfiguration();
        } catch (SecurityException e) {
            oldConfiguration = null;
        }
        Configuration loginConfig = new MockConfiguration();
        Configuration.setConfiguration(loginConfig);

        authenticator = new Authenticator(CONFIG_NAME, getClass().getClassLoader());
    }

        try {
            oldConfiguration = Configuration.getConfiguration();
        } catch (SecurityException e) {
            oldConfiguration = null;
        }
        Configuration loginConfig = new MockConfiguration();
        Configuration.setConfiguration(loginConfig);

        authenticator = new Authenticator(CONFIG_NAME, getClass().getClassLoader());
    }

                                .addDependency(SecurityManagementService.SERVICE_NAME, ISecurityManagement.class,
                                        subjectFactoryService.getSecurityManagementInjector())
                                .setInitialMode(ServiceController.Mode.ACTIVE).install();

                        // add jaas configuration service
                        Configuration loginConfig = XMLLoginConfigImpl.getInstance();
                        final JaasConfigurationService jaasConfigurationService = new JaasConfigurationService(loginConfig);
                        target.addService(JaasConfigurationService.SERVICE_NAME, jaasConfigurationService)
                                .addListener(verificationHandler)
                                .setInitialMode(ServiceController.Mode.ACTIVE)
                                .install();

                        subjectFactoryService.getSecurityManagementInjector())
                .addListener(verificationHandler)
                .setInitialMode(ServiceController.Mode.ACTIVE).install());

            // add jaas configuration service
            Configuration loginConfig = XMLLoginConfigImpl.getInstance();
            final JaasConfigurationService jaasConfigurationService = new JaasConfigurationService(loginConfig);
            newControllers.add(target.addService(JaasConfigurationService.SERVICE_NAME, jaasConfigurationService)
                .addListener(verificationHandler).setInitialMode(ServiceController.Mode.ACTIVE).install());

            //add Simple Security Manager Service