Package org.rhq.core.domain.auth

Examples of org.rhq.core.domain.auth.Subject

228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
        boolean subjectToModifyIsSystemSuperuser = authorizationManager.isSystemSuperuser(subjectToModify);
        if (!subjectToModify.getFactive() && subjectToModifyIsSystemSuperuser) {
            throw new PermissionException("You cannot disable the system user [" + subjectToModify.getName() + "].");
        }

        Subject attachedSubject = getSubjectById(subjectToModify.getId());
        if (attachedSubject == null) {
            throw new IllegalArgumentException("No user exists with id [" + subjectToModify.getId() + "].");
        }
        if (!attachedSubject.getName().equals(subjectToModify.getName())) {
            throw new IllegalArgumentException("You cannot change a user's username.");
        }

        Set<Role> newRoles = subjectToModify.getRoles();
        if (newRoles != null) {
View Full Code Here
348
349
350
351
352
353
354
355
    /**
     * @see org.rhq.enterprise.server.auth.SubjectManagerLocal#getSubjectById(int)
     */
    public Subject getSubjectById(int id) {
        Subject subject = entityManager.find(Subject.class, id);
        return subject;
    }
View Full Code Here
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
        // Use the JAAS modules to perform the auth.
        _checkAuthentication(username, password);

        // User is authenticated!

        Subject subject = getSubjectByName(username);

        if (subject != null) {//regular JDBC user
            if (!subject.getFactive()) {
                throw new LoginException("User account has been disabled.");
            }

            if (checkRoles) {
                // fetch the roles
                int rolesNumber = subject.getRoles().size();
                if (rolesNumber == 0) {
                    if (systemManager.isLoginWithoutRolesEnabled()) {
                        if (log.isInfoEnabled()) {
                            log.info("Letting in user [" + subject.getName() + "]  without any assigned roles.");
                        }
                    } else {
                        throw new LoginException("There are no preconfigured roles for user [" + subject.getName()
                            + "]");
                    }
                }
            }
        } else {
            // There is no subject in the database yet.
            // If LDAP authentication is enabled and we cannot find the subject,
            // it means we must have authenticated via LDAP, not JDBC (otherwise,
            // how else can there be a Principal without a Subject?).  In the
            // case of LDAP authenticated without having a Subject, it means the
            // user is logging in for the first time and must go through a special
            // GUI workflow to create a subject record.  Let's create a dummy
            // placeholder subject in here for now.

            boolean isLdapAuthenticationEnabled = isLdapAuthenticationEnabled();
            if (isLdapAuthenticationEnabled) {
                if (remote) {
                    throw new IllegalStateException(
                        "Use the web UI for the first log in and fill all the necessary information.");
                }
                subject = new Subject();
                subject.setId(0);
                subject.setName(username);
                subject.setFactive(true);
                subject.setFsystem(false);
            } else {
                // LDAP is not enabled, so how in the world did we authenticate?  This should never happen
                throw new IllegalStateException(
                    "Somehow you authenticated with a principal that has no associated subject. Your account is invalid.");
            }
View Full Code Here
108
109
110
111
112
113
114
115
116
117
118
     * There are multiple rounds of sending with higher numbers of reports.
     * @throws Exception If anything goes wrong
     * @see #ROUNDS for the number of availability reports per round
     */
    public void testAlternating() throws Exception {
        Subject overlord = LookupUtil.getSubjectManager().getOverlord();

        Date now = new Date();

        Query q = em.createQuery("SELECT r FROM Resource r");
        List<Resource> resources = q.getResultList();
View Full Code Here
183
184
185
186
187
188
189
190
191
192
193
     * Like {@link #testAlternating}, but availabilities are now random per resource and report.
     * @throws Exception If anything goes wrong
     * @see #ROUNDS for the number of availability reports per round
     */
    public void testRandom() throws Exception {
        Subject overlord = LookupUtil.getSubjectManager().getOverlord();

        Query q = em.createQuery("SELECT r FROM Resource r");
        List<Resource> resources = q.getResultList();
        Resource res = resources.get(0);
        Agent agent = agentManager.getAgentByResourceId(overlord, res.getId());
View Full Code Here
249
250
251
252
253
254
255
256
257
258
259
     * Like {@link #testAlternating}, but availabilities are always up per resource and report.
     * @throws Exception If anything goes wrong
     * @see #ROUNDS for the number of availability reports per round
     */
    public void testAlwaysUp() throws Exception {
        Subject overlord = LookupUtil.getSubjectManager().getOverlord();

        Query q = em.createQuery("SELECT r FROM Resource r");
        List<Resource> resources = q.getResultList();
        Resource res = resources.get(0);
        Agent agent = agentManager.getAgentByResourceId(overlord, res.getId());
View Full Code Here
317
318
319
320
321
322
323
324
325
326
327
     * For one resource we set up an alert to fire every going down report.
     * @throws Exception If anything goes wrong
     * @see #ROUNDS for the number of availability reports per round
     */
    public void testAlternatingWithAlert() throws Exception {
        Subject overlord = LookupUtil.getSubjectManager().getOverlord();

        Query q = em.createQuery("SELECT r FROM Resource r");
        List<Resource> resources = q.getResultList();
        Resource res = resources.get(0);
        Agent agent = agentManager.getAgentByResourceId(overlord, res.getId());
View Full Code Here
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
                boolean isLdapAuthenticationEnabled = isLdapAuthenticationEnabled();
                if (isLdapAuthenticationEnabled) {//we can proceed with LDAP checking
                    //check that session is valid. RHQ auth has already occurred. Security check required to initiate following
                    //spinder BZ:682755: 3/10/11: can't use isValidSessionId() as it also compares subject.id which is changing during case insensitive
                    // and new registration. This worked before because HTTP get took longer to invalidate sessions.
                    Subject sessionSubject;
                    try {
                        sessionSubject = sessionManager.getSubject(subject.getSessionId());
                    } catch (SessionNotFoundException e) {
                        throw new LoginException("User session not valid. Login to proceed.");
                    } catch (SessionTimeoutException e) {
                        throw new LoginException("User session not valid. Login to proceed.");
                    }
                    if (!subject.getName().equals(sessionSubject.getName())) {
                        throw new LoginException("User session not valid. Login to proceed.");
                    }

                    //Subject.id == 0 then is registration or case insensitive check and subject update.
                    if (subject.getId() == 0) {
                        //i)case insensitive check or ii)ldap new user registration.
                        //BZ-586435: insert case insensitivity for usernames with ldap auth
                        // locate first matching subject and attach.
                        SubjectCriteria subjectCriteria = new SubjectCriteria();
                        subjectCriteria.setCaseSensitive(false);
                        subjectCriteria.setStrict(true);
                        subjectCriteria.fetchRoles(false);
                        subjectCriteria.fetchConfiguration(false);
                        subjectCriteria.addFilterName(subject.getName());
                        //BZ-798465: spinder 3/1/12 we now need to pass in overlord because of BZ-786159
                        // We've verified that this user has valid session, and is using ldap. Safe to elevate search here.
                        PageList<Subject> subjectsLocated = findSubjectsByCriteria(getOverlord(), subjectCriteria);
                        //if subject variants located then take the first one with a principal otherwise do nothing
                        //To defend against the case where they create an account with the same name but not
                        //case as an rhq sysadmin or higher perms, then make them relogin with same creds entered.
                        if ((!subjectsLocated.isEmpty())
                            && (!subjectsLocated.get(0).getName().equals(subject.getName()))) {//then case insensitive username matches found. Try to use instead.
                            Subject ldapSubject = subjectsLocated.get(0);
                            String msg = "Located existing ldap account with different case for ["
                                + ldapSubject.getName() + "]. "
                                + "Attempting to authenticate with that account instead.";
                            if (log.isInfoEnabled()) {
                                log.info(msg);
                            }
                            logout(subject.getSessionId().intValue());
                            subject = _login(ldapSubject.getName(), subjectPassword, false, false);
                            Integer sessionId = subject.getSessionId();
                            if (log.isDebugEnabled()) {
                                log.debug("Logged in as [" + ldapSubject.getName() + "] with session id [" + sessionId
                                    + "]");
                            }
                        } else {//then this is a registration request. insert overlord registration and login
                            //we've verified that this user has valid session, requires registration and that ldap is configured.
                            Subject superuser = getOverlord();

                            // create the subject, but don't add a principal since LDAP will handle authentication
                            if (log.isDebugEnabled()) {
                                log.debug("registering new LDAP-authenticated subject [" + subject.getName() + "]");
                            }
View Full Code Here
591
592
593
594
595
596
597
598
599
600
601
     * @see org.rhq.enterprise.server.auth.SubjectManagerRemote#logout(Subject)
     */
    public void logout(Subject subject) {
        try {
            // make sure the Subject is valid by pairing the name and sessionId
            Subject s = getSubjectByNameAndSessionId(subject.getName(), subject.getSessionId());
            sessionManager.invalidate(s.getSessionId());
        } catch (Exception e) {
            // ignore invalid logout request
        }
    }
View Full Code Here
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
        // requested.
        if ("admin".equals(username)) {
            return getOverlord();
        }

        Subject subject = getSubjectByName(username);

        if (subject == null) {
            throw new LoginException("User account does not exist. [" + username + "]");
        }

        if (!subject.getFactive()) {
            throw new LoginException("User account has been disabled. [" + username + "]");
        }

        // make sure we return the Subject returned from this call, which may differ from the one passed in
        subject = sessionManager.put(subject, 1000L * 60 * 2); // 2mins only
View Full Code Here
TOP

Related Classes of org.rhq.core.domain.auth.Subject

  • org.custom.SimpleReportsPluginComponent
  • org.rhq.coregui.client.LoginView
  • org.rhq.coregui.client.searchbar.EnhancedSearchBar
  • org.rhq.coregui.client.UserSessionManager
  • org.rhq.coregui.server.gwt.BundleGWTServiceImpl
  • org.rhq.coregui.server.gwt.ResourceGroupGWTServiceImpl
  • org.rhq.coregui.server.gwt.SubjectGWTServiceImpl
  • org.rhq.enterprise.client.security.test.JndiAccessTest
  • org.rhq.enterprise.client.security.test.ScriptingAPIServerTest
  • org.rhq.enterprise.gui.admin.LargeEnvironmentPreparationUIBean
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.