package com.ibm.ws.security.authentication.internal;

import com.ibm.ejs.ras.TraceNLS;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.ws.common.encoder.Base64Coder;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.authentication.AuthenticationData;
import com.ibm.ws.security.authentication.AuthenticationException;
import com.ibm.ws.security.authentication.AuthenticationService;
import com.ibm.ws.security.authentication.PasswordExpiredException;
import com.ibm.ws.security.authentication.UserRevokedException;
import com.ibm.ws.security.authentication.WSAuthenticationData;
import com.ibm.ws.security.authentication.cache.AuthCacheService;
import com.ibm.ws.security.authentication.internal.cache.keyproviders.BasicAuthCacheKeyProvider;
import com.ibm.ws.security.authentication.internal.cache.keyproviders.CustomCacheKeyProvider;
import com.ibm.ws.security.authentication.internal.jaas.JAASServiceImpl;
import com.ibm.ws.security.authentication.jaas.modules.CertificateLoginModule;
import com.ibm.ws.security.authentication.utility.SubjectHelper;
import com.ibm.ws.security.credentials.CredentialsService;
import com.ibm.ws.security.delegation.DefaultDelegationProvider;
import com.ibm.ws.security.delegation.DelegationProvider;
import com.ibm.ws.security.jaas.common.callback.CallbackHandlerAuthenticationData;
import com.ibm.ws.security.jwtsso.token.proxy.JwtSSOTokenHelper;
import com.ibm.ws.security.registry.RegistryException;
import com.ibm.ws.security.registry.UserRegistryService;
import com.ibm.wsspi.kernel.service.utils.AtomicServiceReference;
import java.security.cert.X509Certificate;
import java.util.Hashtable;
import java.util.Map;
import java.util.concurrent.locks.ReentrantLock;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.CredentialException;
import javax.security.auth.login.LoginException;
import org.osgi.framework.ServiceReference;
import org.osgi.service.component.ComponentContext;

@InjectedFFDC
@TraceOptions(messageBundle = "com.ibm.ws.security.authentication.internal.resources.AuthenticationMessages")
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:com/ibm/ws/security/authentication/internal/AuthenticationServiceImpl.class */
public class AuthenticationServiceImpl implements AuthenticationService {
    private static final TraceComponent tc = Tr.register(AuthenticationServiceImpl.class, "Authentication", "com.ibm.ws.security.authentication.internal.resources.AuthenticationMessages");
    static final String CFG_ALLOW_HASHTABLE_LOGIN_WITH_ID_ONLY = "allowHashtableLoginWithIdOnly";
    static final String CFG_CACHE_ENABLED = "cacheEnabled";
    static final String CFG_USE_DISPLAYNAME_FOR_SECURITYNAME = "useDisplayNameForSecurityName";
    static final String KEY_AUTH_CACHE_SERVICE = "authCacheService";
    static final String KEY_USER_REGISTRY_SERVICE = "userRegistryService";
    static final String KEY_DELEGATION_PROVIDER = "delegationProvider";
    static final String KEY_DEFAULT_DELEGATION_PROVIDER = "defaultDelegationProvider";
    static final String KEY_CREDENTIALS_SERVICE = "credentialsService";
    private static final String LTPA_OID = "oid:1.3.18.0.2.30.2";
    private static final String JWT_OID = "oid:1.3.18.0.2.30.3";
    private JAASService jaasService;
    private ComponentContext cc;
    static final long serialVersionUID = 4080651964745512256L;
    private final AtomicServiceReference<AuthCacheService> authCacheServiceRef = new AtomicServiceReference<>(KEY_AUTH_CACHE_SERVICE);
    private final AtomicServiceReference<UserRegistryService> userRegistryServiceRef = new AtomicServiceReference<>("userRegistryService");
    private final AtomicServiceReference<DelegationProvider> delegationProviderRef = new AtomicServiceReference<>(KEY_DELEGATION_PROVIDER);
    private final AtomicServiceReference<DefaultDelegationProvider> defaultDelegationProviderRef = new AtomicServiceReference<>(KEY_DEFAULT_DELEGATION_PROVIDER);
    private final AtomicServiceReference<CredentialsService> credentialsServiceRef = new AtomicServiceReference<>("credentialsService");
    private boolean cacheEnabled = true;
    private boolean allowHashtableLoginWithIdOnly = false;
    private boolean useDisplayNameForSecurityName = false;
    private String invalidDelegationUser = "";
    private final AuthenticationGuard authenticationGuard = new AuthenticationGuard();

    protected void setJaasService(JAASService jAASService) {
        this.jaasService = jAASService;
        if (jAASService instanceof JAASServiceImpl) {
            ((JAASServiceImpl) jAASService).setAuthenticationService(this);
        }
    }

    protected void unsetJaasService(JAASService jAASService) {
        if (this.jaasService == jAASService) {
            this.jaasService = null;
            ((JAASServiceImpl) jAASService).unsetAuthenticationService(this);
        }
    }

    protected void setAuthCacheService(ServiceReference<AuthCacheService> serviceReference) {
        this.authCacheServiceRef.setReference(serviceReference);
    }

    protected void unsetAuthCacheService(ServiceReference<AuthCacheService> serviceReference) {
        this.authCacheServiceRef.unsetReference(serviceReference);
    }

    protected void setUserRegistryService(ServiceReference<UserRegistryService> serviceReference) {
        this.userRegistryServiceRef.setReference(serviceReference);
    }

    protected void unsetUserRegistryService(ServiceReference<UserRegistryService> serviceReference) {
        this.userRegistryServiceRef.unsetReference(serviceReference);
    }

    protected void setDelegationProvider(ServiceReference<DelegationProvider> serviceReference) {
        this.delegationProviderRef.setReference(serviceReference);
    }

    protected void unsetDelegationProvider(ServiceReference<DelegationProvider> serviceReference) {
        this.delegationProviderRef.unsetReference(serviceReference);
    }

    protected void setDefaultDelegationProvider(ServiceReference<DefaultDelegationProvider> serviceReference) {
        this.defaultDelegationProviderRef.setReference(serviceReference);
    }

    protected void unsetDefaultDelegationProvider(ServiceReference<DefaultDelegationProvider> serviceReference) {
        this.defaultDelegationProviderRef.unsetReference(serviceReference);
    }

    protected void setCredentialsService(ServiceReference<CredentialsService> serviceReference) {
        this.credentialsServiceRef.setReference(serviceReference);
    }

    protected void unsetCredentialsService(ServiceReference<CredentialsService> serviceReference) {
        this.credentialsServiceRef.unsetReference(serviceReference);
    }

    private void updateCacheState(Map<String, Object> map) {
        getAuthenticationConfig(map);
        if (this.cacheEnabled) {
            this.authCacheServiceRef.activate(this.cc);
        } else {
            this.authCacheServiceRef.deactivate(this.cc);
        }
    }

    private void getAuthenticationConfig(Map<String, Object> map) {
        Boolean bool = (Boolean) map.get(CFG_ALLOW_HASHTABLE_LOGIN_WITH_ID_ONLY);
        if (bool != null) {
            this.allowHashtableLoginWithIdOnly = bool.booleanValue();
        }
        Boolean bool2 = (Boolean) map.get(CFG_CACHE_ENABLED);
        if (bool2 != null) {
            this.cacheEnabled = bool2.booleanValue();
        }
        Boolean bool3 = (Boolean) map.get(CFG_USE_DISPLAYNAME_FOR_SECURITYNAME);
        if (bool3 != null) {
            this.useDisplayNameForSecurityName = bool3.booleanValue();
        }
    }

    protected void activate(ComponentContext componentContext, Map<String, Object> map) {
        this.cc = componentContext;
        this.authCacheServiceRef.activate(componentContext);
        this.userRegistryServiceRef.activate(componentContext);
        this.delegationProviderRef.activate(componentContext);
        this.defaultDelegationProviderRef.activate(componentContext);
        this.credentialsServiceRef.activate(componentContext);
        updateCacheState(map);
    }

    protected void modified(Map<String, Object> map) {
        updateCacheState(map);
    }

    protected void deactivate() {
        this.authCacheServiceRef.deactivate(this.cc);
        this.userRegistryServiceRef.deactivate(this.cc);
        this.delegationProviderRef.deactivate(this.cc);
        this.defaultDelegationProviderRef.deactivate(this.cc);
        this.credentialsServiceRef.deactivate(this.cc);
        if (this.jaasService instanceof JAASServiceImpl) {
            ((JAASServiceImpl) this.jaasService).unsetAuthenticationService(this);
        }
        this.cc = null;
    }

    public Subject authenticate(String str, Subject subject) throws AuthenticationException {
        return authenticate(str, (AuthenticationData) new WSAuthenticationData(), subject);
    }

    public Subject authenticate(String str, AuthenticationData authenticationData, Subject subject) throws AuthenticationException {
        AuthenticationData hashtable = getHashtable(subject);
        ReentrantLock obtainCurrentLock = obtainCurrentLock(authenticationData, hashtable);
        try {
            if (isBasicAuthLogin(authenticationData)) {
                Subject createBasicAuthSubject = createBasicAuthSubject(authenticationData, subject);
                releaseLock(authenticationData, hashtable, obtainCurrentLock);
                CertificateLoginModule.collectiveCertificate.set(false);
                return createBasicAuthSubject;
            }
            Subject findSubjectInAuthCache = findSubjectInAuthCache(authenticationData, subject, hashtable);
            if (findSubjectInAuthCache == null) {
                findSubjectInAuthCache = performJAASLogin(str, authenticationData, subject);
                insertSubjectInAuthCache(authenticationData, findSubjectInAuthCache);
            }
            return findSubjectInAuthCache;
        } finally {
            releaseLock(authenticationData, hashtable, obtainCurrentLock);
            CertificateLoginModule.collectiveCertificate.set(Boolean.valueOf(false));
        }
    }

    private ReentrantLock obtainCurrentLock(AuthenticationData authenticationData, AuthenticationData authenticationData2) {
        return !authenticationData2.isEmpty() ? optionallyObtainLockedLock(authenticationData2) : optionallyObtainLockedLock(authenticationData);
    }

    private boolean isBasicAuthLogin(AuthenticationData authenticationData) {
        boolean z = false;
        if (authenticationData != null) {
            String realm = getRealm();
            String str = (String) authenticationData.get("REALM");
            z = (str == null || str.equals(realm) || str.equals("defaultRealm")) ? false : true;
        }
        return z;
    }

    private Subject createBasicAuthSubject(AuthenticationData authenticationData, Subject subject) throws AuthenticationException {
        Subject subject2 = subject != null ? subject : new Subject();
        String str = (String) authenticationData.get("REALM");
        String str2 = (String) authenticationData.get("USERNAME");
        String password = getPassword((char[]) authenticationData.get("PASSWORD"));
        CredentialsService credentialsService = (CredentialsService) this.credentialsServiceRef.getService();
        if (credentialsService != null) {
            try {
                credentialsService.setBasicAuthCredential(subject2, str, str2, password);
            } catch (CredentialException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.authentication.internal.AuthenticationServiceImpl", "275", this, new Object[]{authenticationData, subject});
                throw new AuthenticationException(e.getMessage());
            }
        }
        return subject2;
    }

    public Subject authenticate(String str, CallbackHandler callbackHandler, Subject subject) throws AuthenticationException {
        try {
            AuthenticationData createAuthenticationData = new CallbackHandlerAuthenticationData(callbackHandler).createAuthenticationData();
            AuthenticationData hashtable = getHashtable(subject);
            ReentrantLock obtainCurrentLock = obtainCurrentLock(createAuthenticationData, hashtable);
            try {
                if (isBasicAuthLogin(createAuthenticationData)) {
                    Subject createBasicAuthSubject = createBasicAuthSubject(createAuthenticationData, subject);
                    releaseLock(createAuthenticationData, hashtable, obtainCurrentLock);
                    return createBasicAuthSubject;
                }
                Subject findSubjectInAuthCache = findSubjectInAuthCache(createAuthenticationData, subject, hashtable);
                if (findSubjectInAuthCache == null) {
                    findSubjectInAuthCache = performJAASLogin(str, callbackHandler, subject);
                    insertSubjectInAuthCache(createAuthenticationData, findSubjectInAuthCache);
                }
                return findSubjectInAuthCache;
            } finally {
                releaseLock(createAuthenticationData, hashtable, obtainCurrentLock);
            }
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.authentication.internal.AuthenticationServiceImpl", "290", this, new Object[]{str, callbackHandler, subject});
            throw new AuthenticationException(e.getMessage());
        }
    }

    private ReentrantLock optionallyObtainLockedLock(AuthenticationData authenticationData) {
        ReentrantLock reentrantLock = null;
        if (isAuthCacheServiceAvailable()) {
            reentrantLock = this.authenticationGuard.requestAccess(authenticationData);
            reentrantLock.lock();
        }
        return reentrantLock;
    }

    private boolean isAuthCacheServiceAvailable() {
        return getAuthCacheService() != null;
    }

    private void releaseLock(AuthenticationData authenticationData, AuthenticationData authenticationData2, ReentrantLock reentrantLock) {
        if (authenticationData2.isEmpty()) {
            this.authenticationGuard.relinquishAccess(authenticationData, reentrantLock);
        } else {
            this.authenticationGuard.relinquishAccess(authenticationData2, reentrantLock);
        }
    }

    private Subject findSubjectInAuthCache(AuthenticationData authenticationData, Subject subject, AuthenticationData authenticationData2) throws AuthenticationException {
        Subject subject2 = null;
        AuthCacheService authCacheService = getAuthCacheService();
        if (authCacheService != null && authenticationData != null) {
            String str = (String) authenticationData.get("JWT_TOKEN");
            String str2 = (String) authenticationData.get("TOKEN64");
            if (str != null) {
                subject2 = findSubjectByTokenContents(authCacheService, str, null, authenticationData);
            } else if (str2 != null) {
                String str3 = (String) authenticationData.get("AUTHENTICATION_MECH_OID");
                if (str3 == null || str3.equals(LTPA_OID)) {
                    subject2 = findSubjectByTokenContents(authCacheService, str2, null, authenticationData);
                }
            } else {
                byte[] bArr = (byte[]) authenticationData.get("TOKEN");
                if (bArr != null) {
                    subject2 = findSubjectByTokenContents(authCacheService, null, bArr, authenticationData);
                } else {
                    X509Certificate[] x509CertificateArr = (X509Certificate[]) authenticationData.get("CERTCHAIN");
                    if (x509CertificateArr != null) {
                        subject2 = findSubjectByX509Cert(authCacheService, x509CertificateArr);
                    } else {
                        String str4 = (String) authenticationData.get("USERNAME");
                        String password = getPassword((char[]) authenticationData.get("PASSWORD"));
                        if (str4 != null && password != null) {
                            subject2 = findSubjectByUseridAndPassword(authCacheService, str4, password);
                        } else if (subject != null) {
                            subject2 = findSubjectBySubjectHashtable(authCacheService, subject, authenticationData2);
                        }
                    }
                }
            }
        }
        return subject2;
    }

    private Subject findSubjectByX509Cert(AuthCacheService authCacheService, X509Certificate[] x509CertificateArr) {
        return authCacheService.getSubject(Integer.valueOf(x509CertificateArr[0].hashCode()));
    }

    private Subject findSubjectByTokenContents(AuthCacheService authCacheService, String str, byte[] bArr, AuthenticationData authenticationData) throws AuthenticationException {
        Subject subject = null;
        String str2 = (String) authenticationData.get("AUTHENTICATION_MECH_OID");
        if (str != null) {
            if (str2 == null || str2.equals(LTPA_OID)) {
                subject = authCacheService.getSubject(str);
            } else if (str2 != null && str2.equals(JWT_OID)) {
                subject = authCacheService.getSubject(JwtSSOTokenHelper.getCacheKeyForJwtSSOToken((Subject) null, str));
            }
        }
        if (subject == null && bArr != null) {
            subject = authCacheService.getSubject(Base64Coder.base64EncodeToString(bArr));
        }
        if (subject == null) {
            String str3 = null;
            if (str2 == null || str2.equals(LTPA_OID)) {
                if (bArr == null && str != null) {
                    bArr = Base64Coder.base64DecodeString(str);
                }
                if (bArr == null) {
                    throw new AuthenticationException("Invalid LTPA Token");
                }
                str3 = CustomCacheKeyProvider.getCustomCacheKey(authCacheService, bArr, authenticationData);
            } else if (str2 != null && str2.equals(JWT_OID)) {
                str3 = JwtSSOTokenHelper.getCustomCacheKeyFromJwtSSOToken(str);
            }
            if (str3 != null) {
                subject = authCacheService.getSubject(str3);
                if (subject == null) {
                    throw new AuthenticationException("Custom cache key missed authentication cache. Need to re-challenge the user to login again.");
                }
            }
        }
        return subject;
    }

    private Subject findSubjectByUseridAndPassword(AuthCacheService authCacheService, String str, @Sensitive String str2) {
        return authCacheService.getSubject(BasicAuthCacheKeyProvider.createLookupKey(getRealm(), str, str2));
    }

    private Subject findSubjectBySubjectHashtable(AuthCacheService authCacheService, Subject subject, AuthenticationData authenticationData) {
        if (authenticationData.isEmpty()) {
            return null;
        }
        String str = (String) authenticationData.get("com.ibm.wsspi.security.cred.cacheKey");
        if (str != null) {
            return authCacheService.getSubject(str);
        }
        String str2 = (String) authenticationData.get("com.ibm.wsspi.security.cred.userId");
        String str3 = (String) authenticationData.get("com.ibm.wsspi.security.cred.password");
        return authCacheService.getSubject(str3 != null ? BasicAuthCacheKeyProvider.createLookupKey(getRealm(), str2, str3) : BasicAuthCacheKeyProvider.createLookupKey(getRealm(), str2));
    }

    private AuthenticationData getHashtable(Subject subject) {
        Boolean bool;
        String str;
        WSAuthenticationData wSAuthenticationData = new WSAuthenticationData();
        SubjectHelper subjectHelper = new SubjectHelper();
        Hashtable hashtableFromSubject = subjectHelper.getHashtableFromSubject(subject, new String[]{"com.ibm.wsspi.security.cred.cacheKey"});
        if (hashtableFromSubject != null && (str = (String) hashtableFromSubject.get("com.ibm.wsspi.security.cred.cacheKey")) != null) {
            wSAuthenticationData.set("com.ibm.wsspi.security.cred.cacheKey", str);
        }
        Hashtable hashtableFromSubject2 = subjectHelper.getHashtableFromSubject(subject, new String[]{"com.ibm.wsspi.security.cred.userId", "com.ibm.wsspi.security.cred.password"});
        if (hashtableFromSubject2 != null) {
            String str2 = (String) hashtableFromSubject2.get("com.ibm.wsspi.security.cred.userId");
            String str3 = (String) hashtableFromSubject2.get("com.ibm.wsspi.security.cred.password");
            if ((str2 != null) && (str3 != null)) {
                wSAuthenticationData.set("com.ibm.wsspi.security.cred.userId", str2);
                wSAuthenticationData.set("com.ibm.wsspi.security.cred.password", str3);
            } else if (str2 != null && (bool = (Boolean) hashtableFromSubject2.get("com.ibm.ws.authentication.internal.assertion")) != null && bool.equals(Boolean.TRUE)) {
                wSAuthenticationData.set("com.ibm.wsspi.security.cred.userId", str2);
            }
        }
        return wSAuthenticationData;
    }

    @Sensitive
    private String getPassword(@Sensitive char[] cArr) {
        String str = null;
        if (cArr != null) {
            str = String.valueOf(cArr);
        }
        return str;
    }

    public AuthCacheService getAuthCacheService() {
        return (AuthCacheService) this.authCacheServiceRef.getService();
    }

    @FFDCIgnore({RegistryException.class})
    private String getRealm() {
        String str = "defaultRealm";
        try {
            UserRegistryService userRegistryService = (UserRegistryService) this.userRegistryServiceRef.getService();
            if (userRegistryService.isUserRegistryConfigured()) {
                str = userRegistryService.getUserRegistry().getRealm();
            }
        } catch (RegistryException e) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "There was a problem getting the realm.", new Object[]{e});
            }
        }
        return str;
    }

    @FFDCIgnore({LoginException.class})
    private Subject performJAASLogin(String str, CallbackHandler callbackHandler, Subject subject) throws AuthenticationException {
        if (this.jaasService == null) {
            Tr.error(tc, "AUTHENTICATION_SERVICE_JAAS_UNAVAILABLE", new Object[0]);
            throw new AuthenticationException(TraceNLS.getFormattedMessage(getClass(), "com.ibm.ws.security.authentication.internal.resources.AuthenticationMessages", "AUTHENTICATION_SERVICE_JAAS_UNAVAILABLE", new Object[0], "CWWKS1000E: The JAAS Service is unavailable."));
        }
        try {
            return this.jaasService.performLogin(str, callbackHandler, subject);
        } catch (LoginException e) {
            throw new AuthenticationException(e.getLocalizedMessage());
        }
    }

    @FFDCIgnore({LoginException.class})
    private Subject performJAASLogin(String str, AuthenticationData authenticationData, Subject subject) throws AuthenticationException {
        if (this.jaasService == null) {
            Tr.error(tc, "AUTHENTICATION_SERVICE_JAAS_UNAVAILABLE", new Object[0]);
            throw new AuthenticationException(TraceNLS.getFormattedMessage(getClass(), "com.ibm.ws.security.authentication.internal.resources.AuthenticationMessages", "AUTHENTICATION_SERVICE_JAAS_UNAVAILABLE", new Object[0], "CWWKS1000E: The JAAS Service is unavailable."));
        }
        try {
            return this.jaasService.performLogin(str, authenticationData, subject);
        } catch (LoginException e) {
            if (e instanceof PasswordExpiredException) {
                throw new PasswordExpiredException(e.getLocalizedMessage());
            }
            if (e instanceof UserRevokedException) {
                throw new UserRevokedException(e.getLocalizedMessage());
            }
            throw new AuthenticationException(e.getLocalizedMessage());
        }
    }

    private void insertSubjectInAuthCache(AuthenticationData authenticationData, Subject subject) {
        AuthCacheService authCacheService = getAuthCacheService();
        if (authCacheService != null) {
            String str = (String) authenticationData.get("USERNAME");
            String password = getPassword((char[]) authenticationData.get("PASSWORD"));
            if (str != null && password != null) {
                authCacheService.insert(subject, str, password);
            } else if (authenticationData.get("CERTCHAIN") != null) {
                authCacheService.insert(subject, (X509Certificate[]) authenticationData.get("CERTCHAIN"));
            } else {
                authCacheService.insert(subject);
            }
        }
    }

    public void setInvalidDelegationUser(String str) {
        this.invalidDelegationUser = str;
    }

    public String getInvalidDelegationUser() {
        return this.invalidDelegationUser;
    }

    public Subject delegate(String str, String str2) {
        return getRunAsSubjectFromProvider(str, str2);
    }

    @FFDCIgnore({AuthenticationException.class})
    private Subject getRunAsSubjectFromProvider(String str, String str2) {
        Subject subject = null;
        DefaultDelegationProvider defaultDelegationProvider = null;
        DelegationProvider delegationProvider = (DelegationProvider) this.delegationProviderRef.getService();
        try {
            if (delegationProvider != null) {
                subject = delegationProvider.getRunAsSubject(str, str2);
            } else {
                defaultDelegationProvider = (DefaultDelegationProvider) this.defaultDelegationProviderRef.getService();
                subject = defaultDelegationProvider.getRunAsSubject(str, str2);
            }
        } catch (AuthenticationException e) {
            if (delegationProvider != null) {
                setInvalidDelegationUser(delegationProvider.getDelegationUser());
            } else {
                setInvalidDelegationUser(defaultDelegationProvider.getDelegationUser());
            }
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Caught an authentication exception, so will run as the invocation subject.", new Object[0]);
            }
        }
        return subject;
    }

    public Boolean isAllowHashTableLoginWithIdOnly() {
        return Boolean.valueOf(this.allowHashtableLoginWithIdOnly);
    }

    public Boolean isUseDisplayNameForSecurityName() {
        return Boolean.valueOf(this.useDisplayNameForSecurityName);
    }
}
