karaf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From gno...@apache.org
Subject [karaf] 02/05: [KARAF-5475] Add a ClientPrincipal containing the connection method / remote ip
Date Sun, 19 Nov 2017 20:36:19 GMT
This is an automated email from the ASF dual-hosted git repository.

gnodet pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/karaf.git

commit 3d57887b58745018808e2c2f67192201a8d0ef7d
Author: Guillaume Nodet <gnodet@gmail.com>
AuthorDate: Thu Nov 9 17:58:27 2017 +0100

    [KARAF-5475] Add a ClientPrincipal containing the connection method / remote ip
---
 .../karaf/jaas/boot/principal/ClientPrincipal.java | 54 ++++++++++++++++++++++
 .../apache/karaf/management/JaasAuthenticator.java |  7 +++
 .../impl/console/osgi/LocalConsoleManager.java     |  2 +
 .../karaf/shell/ssh/KarafJaasAuthenticator.java    |  2 +
 .../internal/servlet/JaasSecurityProvider.java     |  9 ++--
 5 files changed, 71 insertions(+), 3 deletions(-)

diff --git a/jaas/boot/src/main/java/org/apache/karaf/jaas/boot/principal/ClientPrincipal.java
b/jaas/boot/src/main/java/org/apache/karaf/jaas/boot/principal/ClientPrincipal.java
new file mode 100644
index 0000000..e76aec1
--- /dev/null
+++ b/jaas/boot/src/main/java/org/apache/karaf/jaas/boot/principal/ClientPrincipal.java
@@ -0,0 +1,54 @@
+/*
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *  under the License.
+ */
+package org.apache.karaf.jaas.boot.principal;
+
+import java.io.Serializable;
+import java.security.Principal;
+import java.util.Objects;
+
+public class ClientPrincipal implements Principal, Serializable {
+
+    private final String method;
+    private final String address;
+
+    public ClientPrincipal(String method, String address) {
+        this.method = method;
+        this.address = address;
+    }
+
+    @Override
+    public String getName() {
+        return method + "(" + address + ")";
+    }
+
+    public String getMethod() {
+        return method;
+    }
+
+    public String getAddress() {
+        return address;
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(getName());
+    }
+
+    @Override
+    public String toString() {
+        return "ClientPrincipal[" + getName() + "]";
+    }
+
+}
diff --git a/management/server/src/main/java/org/apache/karaf/management/JaasAuthenticator.java
b/management/server/src/main/java/org/apache/karaf/management/JaasAuthenticator.java
index 457d127..1dbab70 100644
--- a/management/server/src/main/java/org/apache/karaf/management/JaasAuthenticator.java
+++ b/management/server/src/main/java/org/apache/karaf/management/JaasAuthenticator.java
@@ -16,8 +16,10 @@
  */
 package org.apache.karaf.management;
 
+import org.apache.karaf.jaas.boot.principal.ClientPrincipal;
 import org.apache.karaf.jaas.boot.principal.RolePrincipal;
 
+import java.rmi.server.RemoteServer;
 import java.security.Principal;
 
 import javax.management.remote.JMXAuthenticator;
@@ -53,6 +55,11 @@ public class JaasAuthenticator implements JMXAuthenticator {
         }
         try {
             Subject subject = new Subject();
+            try {
+                subject.getPrincipals().add(new ClientPrincipal("jmx", RemoteServer.getClientHost()));
+            } catch (Throwable t) {
+                // Ignore
+            }
             LoginContext loginContext = new LoginContext(realm, subject, callbacks ->
{
                 for (int i = 0; i < callbacks.length; i++) {
                     if (callbacks[i] instanceof NameCallback) {
diff --git a/shell/core/src/main/java/org/apache/karaf/shell/impl/console/osgi/LocalConsoleManager.java
b/shell/core/src/main/java/org/apache/karaf/shell/impl/console/osgi/LocalConsoleManager.java
index 1bd3f20..e31d606 100644
--- a/shell/core/src/main/java/org/apache/karaf/shell/impl/console/osgi/LocalConsoleManager.java
+++ b/shell/core/src/main/java/org/apache/karaf/shell/impl/console/osgi/LocalConsoleManager.java
@@ -24,6 +24,7 @@ import java.security.PrivilegedAction;
 
 import javax.security.auth.Subject;
 
+import org.apache.karaf.jaas.boot.principal.ClientPrincipal;
 import org.apache.karaf.jaas.boot.principal.RolePrincipal;
 import org.apache.karaf.jaas.boot.principal.UserPrincipal;
 import org.apache.karaf.shell.api.console.Session;
@@ -134,6 +135,7 @@ public class LocalConsoleManager {
 
         final Subject subject = new Subject();
         subject.getPrincipals().add(new UserPrincipal(userName));
+        subject.getPrincipals().add(new ClientPrincipal("local", "localhost"));
 
         String roles = System.getProperty(KARAF_LOCAL_ROLES, KARAF_LOCAL_ROLES_DEFAULT);
         if (roles != null) {
diff --git a/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/KarafJaasAuthenticator.java
b/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/KarafJaasAuthenticator.java
index 3ab370d..8d4f88c 100644
--- a/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/KarafJaasAuthenticator.java
+++ b/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/KarafJaasAuthenticator.java
@@ -30,6 +30,7 @@ import javax.security.auth.callback.UnsupportedCallbackException;
 import javax.security.auth.login.FailedLoginException;
 import javax.security.auth.login.LoginContext;
 
+import org.apache.karaf.jaas.boot.principal.ClientPrincipal;
 import org.apache.karaf.jaas.boot.principal.RolePrincipal;
 import org.apache.karaf.jaas.modules.publickey.PublickeyCallback;
 import org.apache.sshd.common.session.Session;
@@ -85,6 +86,7 @@ public class KarafJaasAuthenticator implements PasswordAuthenticator, PublickeyA
     private boolean doLogin(final ServerSession session, CallbackHandler callbackHandler)
{
         try {
             Subject subject = new Subject();
+            subject.getPrincipals().add(new ClientPrincipal("ssh", session.getClientAddress().toString()));
             LoginContext loginContext = new LoginContext(realm, subject, callbackHandler);
             loginContext.login();
             assertRolePresent(subject);
diff --git a/webconsole/console/src/main/java/org/apache/felix/webconsole/internal/servlet/JaasSecurityProvider.java
b/webconsole/console/src/main/java/org/apache/felix/webconsole/internal/servlet/JaasSecurityProvider.java
index fd2cc9d..5676a90 100644
--- a/webconsole/console/src/main/java/org/apache/felix/webconsole/internal/servlet/JaasSecurityProvider.java
+++ b/webconsole/console/src/main/java/org/apache/felix/webconsole/internal/servlet/JaasSecurityProvider.java
@@ -36,6 +36,7 @@ import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
 import org.apache.felix.webconsole.WebConsoleSecurityProvider2;
+import org.apache.karaf.jaas.boot.principal.ClientPrincipal;
 import org.osgi.service.cm.ManagedService;
 import org.osgi.service.http.HttpContext;
 import org.slf4j.Logger;
@@ -77,7 +78,7 @@ public class JaasSecurityProvider implements WebConsoleSecurityProvider2,
Manage
 
     @Override
     public Object authenticate(final String username, final String password) {
-        return doAuthenticate( username, password );
+        return doAuthenticate( "?", username, password );
     }
 
     @Override
@@ -100,9 +101,10 @@ public class JaasSecurityProvider implements WebConsoleSecurityProvider2,
Manage
         return def;
     }
 
-    public Subject doAuthenticate(final String username, final String password) {
+    public Subject doAuthenticate(final String address, final String username, final String
password) {
         try {
             Subject subject = new Subject();
+            subject.getPrincipals().add(new ClientPrincipal("webconsole", address));
             LoginContext loginContext = new LoginContext(realm, subject, callbacks ->
{
                 for (Callback callback : callbacks) {
                     if (callback instanceof NameCallback) {
@@ -195,7 +197,8 @@ public class JaasSecurityProvider implements WebConsoleSecurityProvider2,
Manage
                         }
                         if ( subject == null )
                         {
-                            subject = doAuthenticate(username, password);
+                            String addr = request.getRemoteHost() + ":" + request.getRemotePort();
+                            subject = doAuthenticate( addr, username, password );
                         }
                         if ( subject != null )
                         {

-- 
To stop receiving notification emails like this one, please contact
"commits@karaf.apache.org" <commits@karaf.apache.org>.

Mime
View raw message