io.undertow.security.idm.Credential Java Examples
The following examples show how to use
io.undertow.security.idm.Credential.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: ServletClientCertAuthTestCase.java From quarkus-http with Apache License 2.0 | 6 votes |
|
@Override
public Account verify(Credential credential) {
if (credential instanceof X509CertificateCredential) {
final Principal p = ((X509CertificateCredential) credential).getCertificate().getSubjectX500Principal();
if (certUsers.contains(p.getName())) {
return new Account() {
@Override
public Principal getPrincipal() {
return p;
}
@Override
public Set<String> getRoles() {
return Collections.singleton("role1");
}
};
}
}
return null;
}
Example #2
| Source File: MapIdentityManager.java From light-oauth2 with Apache License 2.0 | 6 votes |
|
@SuppressWarnings("unchecked")
private boolean verifyCredential(Account account, Credential credential) {
boolean match = false;
if (credential instanceof PasswordCredential) {
char[] password = ((PasswordCredential) credential).getPassword();
User user = users.get(account.getPrincipal().getName());
String expectedPassword = user.getPassword();
try {
match = HashUtil.validatePassword(password, expectedPassword);
Arrays.fill(password, ' ');
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
logger.error("Exception:", e);
}
}
if(logger.isDebugEnabled()) logger.debug("verfifyCredential = " + match);
return match;
}
Example #3
| Source File: DatawaveAuthenticationMechanismTest.java From datawave with Apache License 2.0 | 6 votes |
|
@Test
public void testNonSSLSimpleLogin() throws Exception {
httpRequestHeaders.add(SUBJECT_DN_HEADER, testUserCert.getSubjectDN().toString());
httpRequestHeaders.add(ISSUER_DN_HEADER, testUserCert.getIssuerDN().toString());
String expectedID = normalizeDN(testUserCert.getSubjectDN().getName()) + "<" + normalizeDN(testUserCert.getIssuerDN().getName()) + ">";
expect(httpServerExchange.getConnection()).andReturn(serverConnection);
expect(serverConnection.getSslSessionInfo()).andReturn(null);
expect(httpServerExchange.getRequestHeaders()).andReturn(httpRequestHeaders).times(2);
expect(securityContext.getIdentityManager()).andReturn(identityManager);
expect(identityManager.verify(eq(expectedID), isA(Credential.class))).andReturn(account);
securityContext.authenticationComplete(account, "DATAWAVE-AUTH", false);
long requestStartTime = System.nanoTime();
expect(httpServerExchange.getRequestHeaders()).andReturn(httpRequestHeaders);
expect(httpServerExchange.getRequestStartTime()).andReturn(requestStartTime);
expect(httpServerExchange.getRequestHeaders()).andReturn(httpRequestHeaders);
replayAll();
AuthenticationMechanismOutcome outcome = datawaveAuthenticationMechanism.authenticate(httpServerExchange, securityContext);
assertEquals(AuthenticationMechanismOutcome.AUTHENTICATED, outcome);
verifyAll();
}
Example #4
| Source File: LightIdentityManager.java From light-oauth2 with Apache License 2.0 | 6 votes |
|
@Override
public Account verify(String id, Credential credential) {
if (credential instanceof LightPasswordCredential) {
LightPasswordCredential passwordCredential = (LightPasswordCredential) credential;
String clientAuthClass = passwordCredential.getClientAuthClass();
if(logger.isDebugEnabled()) logger.debug("LightPasswordCredential with clientAuthClass = " + clientAuthClass);
// get authenticator object.
Class clazz = DefaultAuth.class;
if(clientAuthClass != null && clientAuthClass.trim().length() > 0) {
try {
clazz = Class.forName(clientAuthClass);
} catch (ClassNotFoundException e) {
logger.error("Authenticate Class " + clientAuthClass + " not found.", e);
return null;
}
}
if(logger.isDebugEnabled()) logger.debug("Get Authenticator implementation from service factory with clazz = " + clazz);
Authenticator authenticator = SingletonServiceFactory.getBean(Authenticator.class, clazz);
return authenticator.authenticate(id, credential);
}
return null;
}
Example #5
| Source File: DatawaveAuthenticationMechanismTest.java From datawave with Apache License 2.0 | 6 votes |
|
@Test
public void testJWTHeaderAuthentication() throws Exception {
Whitebox.setInternalState(datawaveAuthenticationMechanism, "trustedHeaderAuthentication", false);
Whitebox.setInternalState(datawaveAuthenticationMechanism, "jwtHeaderAuthentication", true);
httpRequestHeaders.add(new HttpString("Authorization"), "Bearer 1234");
String expectedID = "1234";
expect(httpServerExchange.getConnection()).andReturn(serverConnection);
expect(serverConnection.getSslSessionInfo()).andReturn(null);
expect(httpServerExchange.getRequestHeaders()).andReturn(httpRequestHeaders);
expect(httpServerExchange.getRequestHeaders()).andReturn(httpRequestHeaders);
expect(securityContext.getIdentityManager()).andReturn(identityManager);
expect(identityManager.verify(eq(expectedID), isA(Credential.class))).andReturn(account);
securityContext.authenticationComplete(account, "DATAWAVE-AUTH", false);
expect(httpServerExchange.getRequestStartTime()).andReturn(System.nanoTime());
expect(httpServerExchange.getRequestHeaders()).andReturn(httpRequestHeaders);
replayAll();
AuthenticationMechanismOutcome outcome = datawaveAuthenticationMechanism.authenticate(httpServerExchange, securityContext);
assertEquals(AuthenticationMechanismOutcome.AUTHENTICATED, outcome);
verifyAll();
}
Example #6
| Source File: MapIdentityManager.java From proteus with Apache License 2.0 | 5 votes |
|
@Override
public Account verify(String id, Credential credential)
{
Account account = getAccount(id);
if ((account != null) && verifyCredential(account, credential)) {
return account;
}
return null;
}
Example #7
| Source File: RealmIdentityManager.java From wildfly-core with GNU Lesser General Public License v2.1 | 5 votes |
|
@Override
public Account verify(String id, Credential credential) {
if (id == null || id.length() == 0) {
HttpServerLogger.ROOT_LOGGER.debug("Missing or empty username received, aborting account verification.");
return null;
}
if (credential instanceof PasswordCredential) {
return verify(id, (PasswordCredential) credential);
} else if (credential instanceof DigestCredential) {
return verify(id, (DigestCredential) credential);
}
throw HttpServerLogger.ROOT_LOGGER.invalidCredentialType(credential.getClass().getName());
}
Example #8
| Source File: Identity.java From mangooio with Apache License 2.0 | 5 votes |
|
private boolean verifyCredential(Credential credential) {
if (credential instanceof PasswordCredential) {
return Arrays.equals(((PasswordCredential) credential).getPassword(), this.password);
}
return false;
}
Example #9
| Source File: Identity.java From mangooio with Apache License 2.0 | 5 votes |
|
@Override
public Account verify(String username, Credential credential) {
Account account = null;
if (this.username.equals(username) && verifyCredential(credential)) {
account = getAccount(username);
}
return account;
}
Example #10
| Source File: MapIdentityManager.java From cxf with Apache License 2.0 | 5 votes |
|
@Override
public Account verify(String id, Credential credential) {
Account account = getAccount(id);
if (account != null && verifyCredential(account, credential)) {
return account;
}
return null;
}
Example #11
| Source File: AuthConfiguration.java From haven-platform with Apache License 2.0 | 5 votes |
|
@Override
public Account verify(String id, Credential credential) {
if(!(credential instanceof PasswordCredential)) {
return null;
}
PasswordCredential pc = (PasswordCredential) credential;
char[] pwdArr = pc.getPassword();
if(pwdArr != null && passwordEncoder.matches(new String(pwdArr), encodedPass)) {
return new AccountImpl(id);
}
return null;
}
Example #12
| Source File: MapIdentityManager.java From light-oauth2 with Apache License 2.0 | 5 votes |
|
@Override
public Account verify(String id, Credential credential) {
Account account = getAccount(id);
if (account != null && verifyCredential(account, credential)) {
return account;
}
return null;
}
Example #13
| Source File: CustomIdentityManager.java From tutorials with MIT License | 5 votes |
|
@Override
public Account verify(String id, Credential credential) {
Account account = getAccount(id);
if (account != null && verifyCredential(account, credential)) {
return account;
}
return null;
}
Example #14
| Source File: DefaultAuthenticator.java From light-oauth2 with Apache License 2.0 | 5 votes |
|
@Override
public Account authenticate(String id, Credential credential) {
IMap<String, User> users = CacheStartupHookProvider.hz.getMap("users");
Account account = getAccount(id);
if (credential instanceof LightPasswordCredential) {
LightPasswordCredential passwordCredential = (LightPasswordCredential)credential;
char[] password = passwordCredential.getPassword();
String clientAuthClass = passwordCredential.getClientAuthClass();
String userType = passwordCredential.getUserType();
User user = users.get(account.getPrincipal().getName());
String expectedPassword = user.getPassword();
boolean match = false;
try {
match = HashUtil.validatePassword(password, expectedPassword);
Arrays.fill(password, ' ');
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
logger.error("Exception:", e);
return null;
}
if(!match) return null;
} else if(credential instanceof LightGSSContextCredential) {
return new Account() {
private Set<String> roles = LdapUtil.authorize(id);
private final Principal principal = () -> id;
@Override
public Principal getPrincipal() {
return principal;
}
@Override
public Set<String> getRoles() { return roles; }
};
}
return account;
}
Example #15
| Source File: ClientCertAuthenticationMechanism.java From lams with GNU General Public License v2.0 | 5 votes |
|
public AuthenticationMechanismOutcome authenticate(final HttpServerExchange exchange, final SecurityContext securityContext) {
SSLSessionInfo sslSession = exchange.getConnection().getSslSessionInfo();
if (sslSession != null) {
try {
Certificate[] clientCerts = getPeerCertificates(exchange, sslSession, securityContext);
if (clientCerts[0] instanceof X509Certificate) {
Credential credential = new X509CertificateCredential((X509Certificate) clientCerts[0]);
IdentityManager idm = getIdentityManager(securityContext);
Account account = idm.verify(credential);
if (account != null) {
securityContext.authenticationComplete(account, name, false);
return AuthenticationMechanismOutcome.AUTHENTICATED;
}
}
} catch (SSLPeerUnverifiedException e) {
// No action - this mechanism can not attempt authentication without peer certificates so allow it to drop out
// to NOT_ATTEMPTED.
}
}
/*
* For ClientCert we do not have a concept of a failed authentication, if the client did use a key then it was deemed
* acceptable for the connection to be established, this mechanism then just 'attempts' to use it for authentication but
* does not mandate success.
*/
return AuthenticationMechanismOutcome.NOT_ATTEMPTED;
}
Example #16
| Source File: MapIdentityManager.java From proteus with Apache License 2.0 | 5 votes |
|
private boolean verifyCredential(Account account, Credential credential)
{
if (credential instanceof PasswordCredential) {
char[] password = ((PasswordCredential) credential).getPassword();
char[] expectedPassword = identities.get(account.getPrincipal().getName());
return Arrays.equals(password, expectedPassword);
}
return false;
}
Example #17
| Source File: CustomIdentityManager.java From tutorials with MIT License | 5 votes |
|
private boolean verifyCredential(Account account, Credential credential) {
if (credential instanceof PasswordCredential) {
char[] password = ((PasswordCredential) credential).getPassword();
char[] expectedPassword = users.get(account.getPrincipal().getName());
return Arrays.equals(password, expectedPassword);
}
return false;
}
Example #18
| Source File: DatawaveAuthenticationMechanismTest.java From datawave with Apache License 2.0 | 5 votes |
|
@Test
public void testNonSSLProxiedLogin() throws Exception {
httpRequestHeaders.add(PROXIED_ENTITIES_HEADER, testUserCert.getSubjectDN().toString());
httpRequestHeaders.add(PROXIED_ISSUERS_HEADER, testUserCert.getIssuerDN().toString());
httpRequestHeaders.add(SUBJECT_DN_HEADER, testServerCert.getSubjectDN().toString());
httpRequestHeaders.add(ISSUER_DN_HEADER, testServerCert.getIssuerDN().toString());
String expectedID = normalizeDN(testServerCert.getSubjectDN().getName()) + "<" + normalizeDN(testServerCert.getIssuerDN().getName()) + "><"
+ normalizeDN(testUserCert.getSubjectDN().getName()) + "><" + normalizeDN(testUserCert.getIssuerDN().getName()) + ">";
expect(httpServerExchange.getConnection()).andReturn(serverConnection);
expect(serverConnection.getSslSessionInfo()).andReturn(null);
expect(httpServerExchange.getRequestHeaders()).andReturn(httpRequestHeaders).times(2);
expect(securityContext.getIdentityManager()).andReturn(identityManager);
expect(identityManager.verify(eq(expectedID), isA(Credential.class))).andReturn(account);
securityContext.authenticationComplete(account, "DATAWAVE-AUTH", false);
long requestStartTime = System.nanoTime();
expect(httpServerExchange.getRequestHeaders()).andReturn(httpRequestHeaders);
expect(httpServerExchange.getResponseHeaders()).andReturn(httpResponseHeaders);
expect(httpServerExchange.getRequestStartTime()).andReturn(requestStartTime);
expect(httpServerExchange.getRequestHeaders()).andReturn(httpRequestHeaders);
replayAll();
AuthenticationMechanismOutcome outcome = datawaveAuthenticationMechanism.authenticate(httpServerExchange, securityContext);
assertEquals(AuthenticationMechanismOutcome.AUTHENTICATED, outcome);
assertEquals("true", httpResponseHeaders.getFirst(DatawaveAuthenticationMechanism.HEADER_PROXIED_ENTITIES_ACCEPTED));
verifyAll();
}
Example #19
| Source File: DatawaveAuthenticationMechanismTest.java From datawave with Apache License 2.0 | 5 votes |
|
@Test
public void testSSLWithoutPeerCerts() throws Exception {
httpRequestHeaders.add(SUBJECT_DN_HEADER, testUserCert.getSubjectDN().toString());
httpRequestHeaders.add(ISSUER_DN_HEADER, testUserCert.getIssuerDN().toString());
String expectedID = normalizeDN(testUserCert.getSubjectDN().getName()) + "<" + normalizeDN(testUserCert.getIssuerDN().getName()) + ">";
expect(httpServerExchange.getConnection()).andReturn(serverConnection);
expect(serverConnection.getSslSessionInfo()).andReturn(sslSessionInfo);
expect(sslSessionInfo.getPeerCertificates()).andThrow(new SSLPeerUnverifiedException("no client cert"));
expect(httpServerExchange.getRequestHeaders()).andReturn(httpRequestHeaders).times(2);
expect(securityContext.getIdentityManager()).andReturn(identityManager);
expect(identityManager.verify(eq(expectedID), isA(Credential.class))).andReturn(account);
securityContext.authenticationComplete(account, "DATAWAVE-AUTH", false);
long requestStartTime = System.nanoTime();
expect(httpServerExchange.getRequestHeaders()).andReturn(httpRequestHeaders);
expect(httpServerExchange.getRequestStartTime()).andReturn(requestStartTime);
expect(httpServerExchange.getRequestHeaders()).andReturn(httpRequestHeaders);
replayAll();
AuthenticationMechanismOutcome outcome = datawaveAuthenticationMechanism.authenticate(httpServerExchange, securityContext);
assertEquals(AuthenticationMechanismOutcome.AUTHENTICATED, outcome);
assertFalse(httpResponseHeaders.contains(DatawaveAuthenticationMechanism.HEADER_PROXIED_ENTITIES_ACCEPTED));
verifyAll();
}
Example #20
| Source File: AuthenticationTestBase.java From quarkus-http with Apache License 2.0 | 5 votes |
|
@Override
public Account verify(String id, Credential credential) {
Account account = getAccount(id);
if (account != null && verifyCredential(account, credential)) {
return account;
}
return null;
}
Example #21
| Source File: ClientCertAuthenticationMechanism.java From quarkus-http with Apache License 2.0 | 5 votes |
|
public AuthenticationMechanismOutcome authenticate(final HttpServerExchange exchange, final SecurityContext securityContext) {
SSLSessionInfo sslSession = exchange.getSslSessionInfo();
if (sslSession != null) {
try {
Certificate[] clientCerts = getPeerCertificates(exchange, sslSession, securityContext);
if (clientCerts[0] instanceof X509Certificate) {
Credential credential = new X509CertificateCredential((X509Certificate) clientCerts[0]);
IdentityManager idm = getIdentityManager(securityContext);
Account account = idm.verify(credential);
if (account != null) {
securityContext.authenticationComplete(account, name, false);
return AuthenticationMechanismOutcome.AUTHENTICATED;
}
}
} catch (SSLPeerUnverifiedException e) {
// No action - this mechanism can not attempt authentication without peer certificates so allow it to drop out
// to NOT_ATTEMPTED.
}
}
/*
* For ClientCert we do not have a concept of a failed authentication, if the client did use a key then it was deemed
* acceptable for the connection to be established, this mechanism then just 'attempts' to use it for authentication but
* does not mandate success.
*/
return AuthenticationMechanismOutcome.NOT_ATTEMPTED;
}
Example #22
| Source File: ServletIdentityManager.java From quarkus-http with Apache License 2.0 | 5 votes |
|
@Override
public Account verify(String id, Credential credential) {
Account account = users.get(id);
if (account != null && verifyCredential(account, credential)) {
return account;
}
return null;
}
Example #23
| Source File: MapIdentityManager.java From quarkus-http with Apache License 2.0 | 5 votes |
|
private boolean verifyCredential(Account account, Credential credential) {
if (credential instanceof PasswordCredential) {
char[] password = ((PasswordCredential) credential).getPassword();
char[] expectedPassword = users.get(account.getPrincipal().getName());
return Arrays.equals(password, expectedPassword);
}
return false;
}
Example #24
| Source File: MapIdentityManager.java From quarkus-http with Apache License 2.0 | 5 votes |
|
@Override
public Account verify(String id, Credential credential) {
Account account = getAccount(id);
if (account != null && verifyCredential(account, credential)) {
return account;
}
return null;
}
Example #25
| Source File: CxfKeycloakAuthHandler.java From keycloak with Apache License 2.0 | 4 votes |
|
@Override
public Account verify(Credential credential) {
throw new IllegalStateException("Should never be called in Keycloak flow");
}
Example #26
| Source File: UndertowKeycloakConsumer.java From keycloak with Apache License 2.0 | 4 votes |
|
@Override
public Account verify(String id, Credential credential) {
throw new IllegalStateException("Should never be called in Keycloak flow");
}
Example #27
| Source File: CustomIdentityManager.java From tutorials with MIT License | 4 votes |
|
@Override
public Account verify(Credential credential) {
return null;
}
Example #28
| Source File: UndertowKeycloakConsumer.java From keycloak with Apache License 2.0 | 4 votes |
|
@Override
public Account verify(Credential credential) {
throw new IllegalStateException("Should never be called in Keycloak flow");
}
Example #29
| Source File: MapIdentityManager.java From cxf with Apache License 2.0 | 4 votes |
|
@Override
public Account verify(Credential credential) {
return null;
}
Example #30
| Source File: CxfKeycloakAuthHandler.java From keycloak with Apache License 2.0 | 4 votes |
|
@Override
public Account verify(String id, Credential credential) {
throw new IllegalStateException("Should never be called in Keycloak flow");
}
