io.undertow.security.idm.IdentityManager Java Examples

The following examples show how to use io.undertow.security.idm.IdentityManager. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source Project: quarkus-http   Author: quarkusio   File: BasicAuthServer.java    License: Apache License 2.0 6 votes vote down vote up
public static void main(final String[] args) {

        System.out.println("You can login with the following credentials:");
        System.out.println("User: userOne Password: passwordOne");
        System.out.println("User: userTwo Password: passwordTwo");

        final Map<String, char[]> users = new HashMap<>(2);
        users.put("userOne", "passwordOne".toCharArray());
        users.put("userTwo", "passwordTwo".toCharArray());

        final IdentityManager identityManager = new MapIdentityManager(users);

        Undertow server = Undertow.builder()
                .addHttpListener(8080, "localhost")
                .setHandler(addSecurity(new HttpHandler() {
                    @Override
                    public void handleRequest(final HttpServerExchange exchange) throws Exception {
                        final SecurityContext context = exchange.getSecurityContext();
                        exchange.writeAsync("Hello " + context.getAuthenticatedAccount().getPrincipal().getName(), IoCallback.END_EXCHANGE);
                    }
                }, identityManager))
                .build();
        server.start();
    }
 
Example #2
Source Project: quarkus-http   Author: quarkusio   File: DigestAuthenticationMechanism.java    License: Apache License 2.0 6 votes vote down vote up
public DigestAuthenticationMechanism(final List<DigestAlgorithm> supportedAlgorithms, final List<DigestQop> supportedQops,
        final String realmName, final String domain, final NonceManager nonceManager, final String mechanismName, final IdentityManager identityManager) {
    this.supportedAlgorithms = supportedAlgorithms;
    this.supportedQops = supportedQops;
    this.realmName = realmName;
    this.domain = domain;
    this.nonceManager = nonceManager;
    this.mechanismName = mechanismName;
    this.identityManager = identityManager;

    if (!supportedQops.isEmpty()) {
        StringBuilder sb = new StringBuilder();
        Iterator<DigestQop> it = supportedQops.iterator();
        sb.append(it.next().getToken());
        while (it.hasNext()) {
            sb.append(",").append(it.next().getToken());
        }
        qopString = sb.toString();
    } else {
        qopString = null;
    }
}
 
Example #3
Source Project: lams   Author: lamsfoundation   File: BasicAuthenticationMechanism.java    License: GNU General Public License v2.0 6 votes vote down vote up
@Override
public AuthenticationMechanism create(String mechanismName,IdentityManager identityManager, FormParserFactory formParserFactory, Map<String, String> properties) {
    String realm = properties.get(REALM);
    String silent = properties.get(SILENT);
    String charsetString = properties.get(CHARSET);
    Charset charset = charsetString == null ? StandardCharsets.UTF_8 : Charset.forName(charsetString);
    Map<Pattern, Charset> userAgentCharsets = new HashMap<>();
    String userAgentString = properties.get(USER_AGENT_CHARSETS);
    if(userAgentString != null) {
        String[] parts = userAgentString.split(",");
        if(parts.length % 2 != 0) {
            throw UndertowMessages.MESSAGES.userAgentCharsetMustHaveEvenNumberOfItems(userAgentString);
        }
        for(int i = 0; i < parts.length; i += 2) {
            Pattern pattern = Pattern.compile(parts[i]);
            Charset c = Charset.forName(parts[i + 1]);
            userAgentCharsets.put(pattern, c);
        }
    }

    return new BasicAuthenticationMechanism(realm, mechanismName, silent != null && silent.equals("true"), identityManager, charset, userAgentCharsets);
}
 
Example #4
Source Project: light-oauth2   Author: networknt   File: LightBasicAuthenticationMechanism.java    License: Apache License 2.0 5 votes vote down vote up
public LightBasicAuthenticationMechanism(final String realmName, final String mechanismName, final boolean silent, final IdentityManager identityManager, Charset charset, Map<Pattern, Charset> userAgentCharsets) {
    this.challenge = BASIC_PREFIX + "realm=\"" + realmName + "\"";
    this.name = mechanismName;
    this.silent = silent;
    this.identityManager = identityManager;
    this.charset = charset;
    this.userAgentCharsets = Collections.unmodifiableMap(new LinkedHashMap<>(userAgentCharsets));
}
 
Example #5
Source Project: quarkus-http   Author: quarkusio   File: SecurityInitialHandler.java    License: Apache License 2.0 5 votes vote down vote up
public SecurityInitialHandler(final AuthenticationMode authenticationMode, final IdentityManager identityManager,
        final String programaticMechName, final SecurityContextFactory contextFactory, final HttpHandler next) {
    super(next);
    this.authenticationMode = authenticationMode;
    this.identityManager = identityManager;
    this.programaticMechName = programaticMechName;
    this.contextFactory = contextFactory;
}
 
Example #6
Source Project: lams   Author: lamsfoundation   File: SecurityContextFactoryImpl.java    License: GNU General Public License v2.0 5 votes vote down vote up
@Override
public SecurityContext createSecurityContext(final HttpServerExchange exchange, final AuthenticationMode mode,
    final IdentityManager identityManager, final String programmaticMechName) {
    SecurityContextImpl securityContext = SecurityActions.createSecurityContextImpl(exchange, mode, identityManager);
    if (programmaticMechName != null)
        securityContext.setProgramaticMechName(programmaticMechName);
    return securityContext;
}
 
Example #7
Source Project: quarkus-http   Author: quarkusio   File: FormAuthenticationMechanism.java    License: Apache License 2.0 5 votes vote down vote up
public FormAuthenticationMechanism(final FormParserFactory formParserFactory, final String name, final String loginPage, final String errorPage, final String postLocation, final IdentityManager identityManager) {
    this.name = name;
    this.loginPage = loginPage;
    this.errorPage = errorPage;
    this.postLocation = postLocation;
    this.formParserFactory = formParserFactory;
    this.identityManager = identityManager;
}
 
Example #8
Source Project: quarkus-http   Author: quarkusio   File: SecurityContextFactoryImpl.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public SecurityContext createSecurityContext(final HttpServerExchange exchange, final AuthenticationMode mode,
    final IdentityManager identityManager, final String programmaticMechName) {
    SecurityContextImpl securityContext = SecurityActions.createSecurityContextImpl(exchange, mode, identityManager);
    if (programmaticMechName != null)
        securityContext.setProgramaticMechName(programmaticMechName);
    return securityContext;
}
 
Example #9
Source Project: quarkus-http   Author: quarkusio   File: BasicAuthenticationMechanism.java    License: Apache License 2.0 5 votes vote down vote up
public BasicAuthenticationMechanism(final String realmName, final String mechanismName, final boolean silent, final IdentityManager identityManager, Charset charset, Map<Pattern, Charset> userAgentCharsets) {
    this.challenge = BASIC_PREFIX + "realm=\"" + realmName + "\"";
    this.name = mechanismName;
    this.silent = silent;
    this.identityManager = identityManager;
    this.charset = charset;
    this.userAgentCharsets = Collections.unmodifiableMap(new LinkedHashMap<>(userAgentCharsets));
}
 
Example #10
Source Project: tutorials   Author: eugenp   File: SecureServer.java    License: MIT License 5 votes vote down vote up
public static void main(String[] args) {
    final Map<String, char[]> users = new HashMap<>(2);
    users.put("root", "password".toCharArray());
    users.put("admin", "password".toCharArray());

    final IdentityManager idm = new CustomIdentityManager(users);

    Undertow server = Undertow.builder()
      .addHttpListener(8080, "localhost")
      .setHandler(addSecurity(SecureServer::setExchange, idm)).build();

    server.start();
}
 
Example #11
Source Project: quarkus-http   Author: quarkusio   File: ClientCertAuthenticationMechanism.java    License: Apache License 2.0 5 votes vote down vote up
public AuthenticationMechanismOutcome authenticate(final HttpServerExchange exchange, final SecurityContext securityContext) {
    SSLSessionInfo sslSession = exchange.getSslSessionInfo();
    if (sslSession != null) {
        try {
            Certificate[] clientCerts = getPeerCertificates(exchange, sslSession, securityContext);
            if (clientCerts[0] instanceof X509Certificate) {
                Credential credential = new X509CertificateCredential((X509Certificate) clientCerts[0]);

                IdentityManager idm = getIdentityManager(securityContext);
                Account account = idm.verify(credential);
                if (account != null) {
                    securityContext.authenticationComplete(account, name, false);
                    return AuthenticationMechanismOutcome.AUTHENTICATED;
                }
            }
        } catch (SSLPeerUnverifiedException e) {
            // No action - this mechanism can not attempt authentication without peer certificates so allow it to drop out
            // to NOT_ATTEMPTED.
        }
    }

    /*
     * For ClientCert we do not have a concept of a failed authentication, if the client did use a key then it was deemed
     * acceptable for the connection to be established, this mechanism then just 'attempts' to use it for authentication but
     * does not mandate success.
     */

    return AuthenticationMechanismOutcome.NOT_ATTEMPTED;
}
 
Example #12
Source Project: quarkus-http   Author: quarkusio   File: SecurityActions.java    License: Apache License 2.0 5 votes vote down vote up
static SecurityContextImpl createSecurityContextImpl(final HttpServerExchange exchange, final AuthenticationMode authenticationMode, final IdentityManager identityManager) {
    if (System.getSecurityManager() == null) {
        return new SecurityContextImpl(exchange, authenticationMode, identityManager);
    } else {
        return AccessController.doPrivileged(new PrivilegedAction<SecurityContextImpl>() {
            @Override
            public SecurityContextImpl run() {
                return new SecurityContextImpl(exchange, authenticationMode, identityManager);
            }
        });
    }
}
 
Example #13
Source Project: datawave   Author: NationalSecurityAgency   File: DatawaveAuthenticationMechanism.java    License: Apache License 2.0 5 votes vote down vote up
public DatawaveAuthenticationMechanism(String mechanismName, boolean forceRenegotiation, IdentityManager identityManager) {
    this.name = mechanismName;
    this.forceRenegotiation = forceRenegotiation;
    this.identityManager = identityManager;
    trustedHeaderAuthentication = Boolean.valueOf(System.getProperty("dw.trusted.header.authentication", "false"));
    jwtHeaderAuthentication = Boolean.valueOf(System.getProperty("dw.jwt.header.authentication", "false"));
    SUBJECT_DN_HEADER = System.getProperty("dw.trusted.header.subjectDn", "X-SSL-ClientCert-Subject".toLowerCase());
    ISSUER_DN_HEADER = System.getProperty("dw.trusted.header.issuerDn", "X-SSL-ClientCert-Issuer".toLowerCase());
}
 
Example #14
Source Project: light-oauth2   Author: networknt   File: PathHandlerProvider.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public HttpHandler getHandler() {
    IMap<String, User> users = CacheStartupHookProvider.hz.getMap("users");
    final IdentityManager identityManager = new MapIdentityManager(users);

    HttpHandler handler = Handlers.routing()
        .add(Methods.GET, "/health", new HealthGetHandler())
        .add(Methods.GET, "/server/info", new ServerInfoGetHandler())
        .add(Methods.GET, "/oauth2/authorize", addBasicSecurity(new Oauth2AuthorizeGetHandler(), identityManager))
        .add(Methods.POST, "/oauth2/authorize", addFormSecurity(new Oauth2AuthorizePostHandler(), identityManager))
    ;
    return handler;
}
 
Example #15
Source Project: lams   Author: lamsfoundation   File: BasicAuthenticationMechanism.java    License: GNU General Public License v2.0 5 votes vote down vote up
public BasicAuthenticationMechanism(final String realmName, final String mechanismName, final boolean silent, final IdentityManager identityManager, Charset charset, Map<Pattern, Charset> userAgentCharsets) {
    this.challenge = BASIC_PREFIX + "realm=\"" + realmName + "\"";
    this.name = mechanismName;
    this.silent = silent;
    this.identityManager = identityManager;
    this.charset = charset;
    this.userAgentCharsets = Collections.unmodifiableMap(new LinkedHashMap<>(userAgentCharsets));
}
 
Example #16
Source Project: light-oauth2   Author: networknt   File: PathHandlerProvider.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public HttpHandler getHandler() {
    final IdentityManager basicIdentityManager = new LightIdentityManager();

    HttpHandler handler = Handlers.routing()
        .add(Methods.GET, "/health/"+server.get("serviceId"), new HealthGetHandler())
        .add(Methods.GET, "/server/info", new ServerInfoGetHandler())
        .add(Methods.GET, "/oauth2/code", addGetSecurity(new Oauth2CodeGetHandler(), basicIdentityManager))
        .add(Methods.POST, "/oauth2/code", addFormSecurity(new Oauth2CodePostHandler(), basicIdentityManager))
    ;
    return handler;
}
 
Example #17
Source Project: lams   Author: lamsfoundation   File: SecurityContextImpl.java    License: GNU General Public License v2.0 5 votes vote down vote up
public SecurityContextImpl(final HttpServerExchange exchange, final AuthenticationMode authenticationMode, final IdentityManager identityManager) {
    super(exchange);
    this.authenticationMode = authenticationMode;
    this.identityManager = identityManager;
    if (System.getSecurityManager() != null) {
        System.getSecurityManager().checkPermission(PERMISSION);
    }
}
 
Example #18
Source Project: lams   Author: lamsfoundation   File: ClientCertAuthenticationMechanism.java    License: GNU General Public License v2.0 5 votes vote down vote up
public AuthenticationMechanismOutcome authenticate(final HttpServerExchange exchange, final SecurityContext securityContext) {
    SSLSessionInfo sslSession = exchange.getConnection().getSslSessionInfo();
    if (sslSession != null) {
        try {
            Certificate[] clientCerts = getPeerCertificates(exchange, sslSession, securityContext);
            if (clientCerts[0] instanceof X509Certificate) {
                Credential credential = new X509CertificateCredential((X509Certificate) clientCerts[0]);

                IdentityManager idm = getIdentityManager(securityContext);
                Account account = idm.verify(credential);
                if (account != null) {
                    securityContext.authenticationComplete(account, name, false);
                    return AuthenticationMechanismOutcome.AUTHENTICATED;
                }
            }
        } catch (SSLPeerUnverifiedException e) {
            // No action - this mechanism can not attempt authentication without peer certificates so allow it to drop out
            // to NOT_ATTEMPTED.
        }
    }

    /*
     * For ClientCert we do not have a concept of a failed authentication, if the client did use a key then it was deemed
     * acceptable for the connection to be established, this mechanism then just 'attempts' to use it for authentication but
     * does not mandate success.
     */

    return AuthenticationMechanismOutcome.NOT_ATTEMPTED;
}
 
Example #19
Source Project: lams   Author: lamsfoundation   File: FormAuthenticationMechanism.java    License: GNU General Public License v2.0 5 votes vote down vote up
public FormAuthenticationMechanism(final FormParserFactory formParserFactory, final String name, final String loginPage, final String errorPage, final String postLocation, final IdentityManager identityManager) {
    this.name = name;
    this.loginPage = loginPage;
    this.errorPage = errorPage;
    this.postLocation = postLocation;
    this.formParserFactory = formParserFactory;
    this.identityManager = identityManager;
}
 
Example #20
Source Project: light-oauth2   Author: networknt   File: LightFormAuthenticationMechanism.java    License: Apache License 2.0 4 votes vote down vote up
public LightFormAuthenticationMechanism(final FormParserFactory formParserFactory, final String name, final String loginPage, final String errorPage, final IdentityManager identityManager) {
    this(formParserFactory, name, loginPage, errorPage, DEFAULT_POST_LOCATION, identityManager);
}
 
Example #21
Source Project: quarkus-http   Author: quarkusio   File: DeploymentInfo.java    License: Apache License 2.0 4 votes vote down vote up
public DeploymentInfo setIdentityManager(IdentityManager identityManager) {
    this.identityManager = identityManager;
    return this;
}
 
Example #22
Source Project: quarkus-http   Author: quarkusio   File: ServletFormAuthenticationMechanism.java    License: Apache License 2.0 4 votes vote down vote up
public ServletFormAuthenticationMechanism(FormParserFactory formParserFactory, String name, String loginPage, String errorPage, IdentityManager identityManager, boolean saveOriginalRequest) {
    super(formParserFactory, name, loginPage, errorPage, identityManager);
    this.saveOriginalRequest = saveOriginalRequest;
}
 
Example #23
Source Project: lams   Author: lamsfoundation   File: BasicAuthenticationMechanism.java    License: GNU General Public License v2.0 4 votes vote down vote up
@Deprecated
public Factory(IdentityManager identityManager) {}
 
Example #24
Source Project: lams   Author: lamsfoundation   File: FormAuthenticationMechanism.java    License: GNU General Public License v2.0 4 votes vote down vote up
public AuthenticationMechanismOutcome runFormAuth(final HttpServerExchange exchange, final SecurityContext securityContext) {
    final FormDataParser parser = formParserFactory.createParser(exchange);
    if (parser == null) {
        UndertowLogger.SECURITY_LOGGER.debug("Could not authenticate as no form parser is present");
        // TODO - May need a better error signaling mechanism here to prevent repeated attempts.
        return AuthenticationMechanismOutcome.NOT_AUTHENTICATED;
    }

    try {
        final FormData data = parser.parseBlocking();
        final FormData.FormValue jUsername = data.getFirst("j_username");
        final FormData.FormValue jPassword = data.getFirst("j_password");
        if (jUsername == null || jPassword == null) {
            UndertowLogger.SECURITY_LOGGER.debugf("Could not authenticate as username or password was not present in the posted result for %s", exchange);
            return AuthenticationMechanismOutcome.NOT_AUTHENTICATED;
        }
        final String userName = jUsername.getValue();
        final String password = jPassword.getValue();
        AuthenticationMechanismOutcome outcome = null;
        PasswordCredential credential = new PasswordCredential(password.toCharArray());
        try {
            IdentityManager identityManager = getIdentityManager(securityContext);
            Account account = identityManager.verify(userName, credential);
            if (account != null) {
                securityContext.authenticationComplete(account, name, true);
                UndertowLogger.SECURITY_LOGGER.debugf("Authenticated user %s using for auth for %s", account.getPrincipal().getName(), exchange);
                outcome = AuthenticationMechanismOutcome.AUTHENTICATED;
            } else {
                securityContext.authenticationFailed(MESSAGES.authenticationFailed(userName), name);
            }
        } finally {
            if (outcome == AuthenticationMechanismOutcome.AUTHENTICATED) {
                handleRedirectBack(exchange);
                exchange.endExchange();
            }
            return outcome != null ? outcome : AuthenticationMechanismOutcome.NOT_AUTHENTICATED;
        }
    } catch (IOException e) {
        throw new RuntimeException(e);
    }
}
 
Example #25
Source Project: quarkus-http   Author: quarkusio   File: CustomAuthenticationMechanism.java    License: Apache License 2.0 4 votes vote down vote up
@Override
public AuthenticationMechanism create(String mechanismName, IdentityManager identityManager, FormParserFactory formParserFactory, Map<String, String> properties) {
    return new CustomAuthenticationMechanism(mechanismName, properties.get(LOGIN_PAGE), properties.get(ERROR_PAGE));
}
 
Example #26
Source Project: lams   Author: lamsfoundation   File: DeploymentInfo.java    License: GNU General Public License v2.0 4 votes vote down vote up
public IdentityManager getIdentityManager() {
    return identityManager;
}
 
Example #27
Source Project: lams   Author: lamsfoundation   File: ServletFormAuthenticationMechanism.java    License: GNU General Public License v2.0 4 votes vote down vote up
public ServletFormAuthenticationMechanism(FormParserFactory formParserFactory, String name, String loginPage, String errorPage, IdentityManager identityManager) {
    super(formParserFactory, name, loginPage, errorPage, identityManager);
    this.saveOriginalRequest = true;
}
 
Example #28
Source Project: quarkus-http   Author: quarkusio   File: SecurityInitialHandler.java    License: Apache License 2.0 4 votes vote down vote up
public SecurityInitialHandler(final AuthenticationMode authenticationMode, final IdentityManager identityManager,
        final String programaticMechName, final HttpHandler next) {
    this(authenticationMode, identityManager, programaticMechName, SecurityContextFactoryImpl.INSTANCE, next);
}
 
Example #29
Source Project: quarkus-http   Author: quarkusio   File: SecurityInitialHandler.java    License: Apache License 2.0 4 votes vote down vote up
public SecurityInitialHandler(final AuthenticationMode authenticationMode, final IdentityManager identityManager,
        final HttpHandler next) {
    this(authenticationMode, identityManager, null, SecurityContextFactoryImpl.INSTANCE, next);
}
 
Example #30
Source Project: quarkus-http   Author: quarkusio   File: SecurityContextImpl.java    License: Apache License 2.0 4 votes vote down vote up
public SecurityContextImpl(final HttpServerExchange exchange, final IdentityManager identityManager) {
    this(exchange, AuthenticationMode.PRO_ACTIVE, identityManager);
}