@Override public AuthenticationMechanismOutcome authenticate(HttpServerExchange exchange, SecurityContext securityContext) { Cookie cookie = exchange.getRequestCookies().get(cookieName); if (cookie != null) { final String ssoId = cookie.getValue(); log.tracef("SSO session with ID: %s found.", ssoId); Account verified = getIdentityManager(securityContext).verify(sso.getAccount()); if (verified == null) { if(log.isTraceEnabled()) { securityContext.authenticationComplete(verified, sso.getMechanismName(), false); securityContext.registerNotificationReceiver(new NotificationReceiver() { @Override public void handleNotification(SecurityNotification notification) { log.tracef("Authenticated account %s using SSO", verified.getPrincipal().getName()); return AuthenticationMechanismOutcome.AUTHENTICATED; exchange.addResponseWrapper(responseListener); return AuthenticationMechanismOutcome.NOT_ATTEMPTED;
@Override public String readAttribute(final HttpServerExchange exchange) { SecurityContext sc = exchange.getSecurityContext(); if (sc == null || !sc.isAuthenticated()) { return null; } return sc.getAuthenticatedAccount().getPrincipal().getName(); }
public AuthenticationMechanismOutcome run() throws GSSException { NegotiationContext negContext = exchange.getAttachment(NegotiationContext.ATTACHMENT_KEY); if (negContext == null) { negContext = new NegotiationContext(); exchange.putAttachment(NegotiationContext.ATTACHMENT_KEY, negContext); exchange.getConnection().putAttachment(NegotiationContext.ATTACHMENT_KEY, negContext); exchange.getResponseHeaders().add(WWW_AUTHENTICATE, NEGOTIATE_PREFIX + FlexBase64.encodeString(respToken, false)); IdentityManager identityManager = securityContext.getIdentityManager(); final Account account = identityManager.verify(new GSSContextCredential(negContext.getGssContext())); if (account != null) { securityContext.authenticationComplete(account, name, false); return AuthenticationMechanismOutcome.AUTHENTICATED; } else {
jdbcLogAttribute.pattern = pattern; jdbcLogAttribute.remoteHost = ((InetSocketAddress) exchange.getConnection().getPeerAddress()).getAddress().getHostAddress(); SecurityContext sc = exchange.getSecurityContext(); if (sc == null || !sc.isAuthenticated()) { jdbcLogAttribute.user = null; } else { jdbcLogAttribute.user = sc.getAuthenticatedAccount().getPrincipal().getName(); jdbcLogAttribute.query = exchange.getQueryString(); jdbcLogAttribute.bytes = exchange.getResponseContentLength(); jdbcLogAttribute.virtualHost = exchange.getRequestHeaders().getFirst(Headers.HOST); jdbcLogAttribute.method = exchange.getRequestMethod().toString(); jdbcLogAttribute.referer = exchange.getRequestHeaders().getFirst(Headers.REFERER); jdbcLogAttribute.userAgent = exchange.getRequestHeaders().getFirst(Headers.USER_AGENT);
@Override public AuthenticationMechanismOutcome authenticate(HttpServerExchange exchange, SecurityContext securityContext) { String principal = getPrincipal(exchange); if(principal == null) { return NOT_ATTEMPTED; } String session = getSession(exchange); if(session == null) { return NOT_ATTEMPTED; } Account account = identityManager.verify(principal, new PasswordCredential(session.toCharArray())); if(account == null) { securityContext.authenticationFailed(UndertowMessages.MESSAGES.authenticationFailed(principal), mechanismName); return NOT_AUTHENTICATED; } securityContext.authenticationComplete(account, mechanismName, false); return AUTHENTICATED; }
try { IdentityManager identityManager = getIdentityManager(securityContext); Account account = identityManager.verify(userName, credential); if (account != null) { securityContext.authenticationComplete(account, name, true); UndertowLogger.SECURITY_LOGGER.debugf("Authenticated user %s using for auth for %s", account.getPrincipal().getName(), exchange); outcome = AuthenticationMechanismOutcome.AUTHENTICATED; } else { securityContext.authenticationFailed(MESSAGES.authenticationFailed(userName), name); exchange.endExchange();
@Override public AuthenticationMechanismOutcome authenticate(final HttpServerExchange exchange, final SecurityContext securityContext) { ServerConnection connection = exchange.getConnection(); NegotiationContext negContext = connection.getAttachment(NegotiationContext.ATTACHMENT_KEY); if (negContext != null) { exchange.putAttachment(NegotiationContext.ATTACHMENT_KEY, negContext); if (negContext.isEstablished()) { IdentityManager identityManager = getIdentityManager(securityContext); final Account account = identityManager.verify(new GSSContextCredential(negContext.getGssContext())); if (account != null) { securityContext.authenticationComplete(account, name, false); UndertowLogger.SECURITY_LOGGER.debugf("Authenticated as user %s with existing GSSAPI negotiation context for %s", account.getPrincipal().getName(), exchange); return AuthenticationMechanismOutcome.AUTHENTICATED; } else { List<String> authHeaders = exchange.getRequestHeaders().get(AUTHORIZATION); if (authHeaders != null) { for (String current : authHeaders) {
final StringBuilder sb = new StringBuilder(); final SecurityContext sc = exchange.getSecurityContext(); sb.append("\n----------------------------REQUEST---------------------------\n"); sb.append(" URI=" + exchange.getRequestURI() + "\n"); sb.append(" characterEncoding=" + exchange.getRequestHeaders().get(Headers.CONTENT_ENCODING) + "\n"); sb.append(" contentLength=" + exchange.getRequestContentLength() + "\n"); sb.append(" contentType=" + exchange.getRequestHeaders().get(Headers.CONTENT_TYPE) + "\n"); if (sc.isAuthenticated()) { sb.append(" authType=" + sc.getMechanismName() + "\n"); sb.append(" principle=" + sc.getAuthenticatedAccount().getPrincipal() + "\n"); } else { sb.append(" authType=none" + "\n"); sb.append(" locale=" + LocaleUtils.getLocalesFromHeader(exchange.getRequestHeaders().get(Headers.ACCEPT_LANGUAGE)) + "\n"); sb.append(" method=" + exchange.getRequestMethod() + "\n"); Map<String, Deque<String>> pnames = exchange.getQueryParameters();
if (sc.isAuthenticated()) { sb.append(" authType=" + sc.getMechanismName() + "\n"); sb.append(" principle=" + sc.getAuthenticatedAccount().getPrincipal() + "\n"); } else { sb.append(" authType=none" + "\n"); sb.append(" contentLength=" + exchange.getResponseContentLength() + "\n"); sb.append(" contentType=" + exchange.getResponseHeaders().getFirst(Headers.CONTENT_TYPE) + "\n"); Map<String, Cookie> cookies = exchange.getResponseCookies(); if (cookies != null) { for (Cookie cookie : cookies.values()) {
public AuthenticationMechanismOutcome handleDigestHeader(HttpServerExchange exchange, final SecurityContext securityContext) { DigestContext context = exchange.getAttachment(DigestContext.ATTACHMENT_KEY); Map<DigestAuthorizationToken, String> parsedHeader = context.getParsedHeader(); if (parsedHeader.containsKey(DigestAuthorizationToken.DIGEST_URI)) { String uri = parsedHeader.get(DigestAuthorizationToken.DIGEST_URI); String requestURI = exchange.getRequestURI(); if (!exchange.getQueryString().isEmpty()) { requestURI = requestURI + "?" + exchange.getQueryString(); } else { final DigestCredential credential = new DigestCredentialImpl(context); account = identityManager.verify(userName, credential); securityContext.authenticationFailed(MESSAGES.authenticationFailed(userName), mechanismName); return AuthenticationMechanismOutcome.NOT_AUTHENTICATED; securityContext.authenticationComplete(account, mechanismName, true); return AuthenticationMechanismOutcome.AUTHENTICATED;
public AuthenticationMechanismOutcome authenticate(HttpServerExchange exchange, SecurityContext securityContext) { List<String> authHeaders = exchange.getRequestHeaders().get(AUTHORIZATION); if (authHeaders != null) { for (String current : authHeaders) { String ua = exchange.getRequestHeaders().getFirst(Headers.USER_AGENT); if(ua != null) { for (Map.Entry<Pattern, Charset> entry : userAgentCharsets.entrySet()) { try { final AuthenticationMechanismOutcome result; Account account = idm.verify(userName, credential); if (account != null) { securityContext.authenticationComplete(account, name, false); result = AuthenticationMechanismOutcome.AUTHENTICATED; } else { securityContext.authenticationFailed(MESSAGES.authenticationFailed(userName), name); result = AuthenticationMechanismOutcome.NOT_AUTHENTICATED;
/** * Only allow the request through if successfully authenticated or if authentication is not required. * * @see io.undertow.server.HttpHandler#handleRequest(io.undertow.server.HttpServerExchange) */ @Override public void handleRequest(final HttpServerExchange exchange) throws Exception { if(exchange.isInIoThread()) { exchange.dispatch(this); return; } SecurityContext context = exchange.getSecurityContext(); if (context.authenticate()) { if(!exchange.isComplete()) { next.handleRequest(exchange); } } else { exchange.endExchange(); } }
private AuthenticationMechanismOutcome authenticated(HttpServerExchange exchange, SecurityContext securityContext, Account account) { if (exchange.getRequestHeaders().contains(HEADER_PROXIED_ENTITIES)) { exchange.getResponseHeaders().add(HEADER_PROXIED_ENTITIES_ACCEPTED, "true"); } securityContext.authenticationComplete(account, name, false); addTimingRequestHeaders(exchange); return AuthenticationMechanismOutcome.AUTHENTICATED; }
/** * Only allow the request through if successfully authenticated or if authentication is not required. * * @see io.undertow.server.HttpHandler#handleRequest(io.undertow.server.HttpServerExchange) */ @Override public void handleRequest(final HttpServerExchange exchange) throws Exception { if(exchange.isInIoThread()) { exchange.dispatch(this); return; } SecurityContext context = exchange.getSecurityContext(); if (context.authenticate()) { if(!exchange.isComplete()) { next.handleRequest(exchange); } } else { if(exchange.getStatusCode() >= StatusCodes.BAD_REQUEST && !exchange.isComplete()) { ServletRequestContext src = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY); src.getOriginalResponse().sendError(exchange.getStatusCode()); } else { exchange.endExchange(); } } }
@Override public void handleRequest(HttpServerExchange exchange) throws Exception { log.debugv("ConstraintMatcherHandler: {0}", exchange.getRelativePath()); SingleConstraintMatch match = matcher.getSecurityInfo(exchange.getRelativePath(), exchange.getRequestMethod().toString()); if (match == null || (match.getRequiredRoles().isEmpty() && match.getEmptyRoleSemantic() == SecurityInfo.EmptyRoleSemantic.PERMIT)) { unsecuredHandler.handleRequest(exchange); exchange.getSecurityContext().setAuthenticationRequired(); exchange.putAttachment(CONSTRAINT_KEY, match); securedHandler.handleRequest(exchange);
@Override public void handleRequest(HttpServerExchange exchange) throws Exception { SecurityContext securityContext = exchange.getSecurityContext(); securityContext.registerNotificationReceiver(NOTIFICATION_RECEIVER); SessionManager sessionManager = exchange.getAttachment(SessionManager.ATTACHMENT_KEY); SessionConfig sessionConfig = exchange.getAttachment(SessionConfig.ATTACHMENT_KEY); if (sessionManager == null || sessionConfig == null) { next.handleRequest(exchange); return; } Session session = sessionManager.getSession(exchange, sessionConfig); // If there was no existing HttpSession then there could not be a cached AuthenticatedSession so don't bother setting // the AuthenticatedSessionManager. if (session != null) { exchange.putAttachment(AuthenticatedSessionManager.ATTACHMENT_KEY, SESSION_MANAGER); } next.handleRequest(exchange); }
@Override public AuthenticationMechanismOutcome authenticate(final HttpServerExchange exchange, final SecurityContext sc) { exchange.putAttachment(AUTH_RUN, true); final ServletRequestContext requestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY); final JASPIServerAuthenticationManager sam = createJASPIAuthenticationManager(); final GenericMessageInfo messageInfo = createMessageInfo(exchange, sc); final String applicationIdentifier = buildApplicationIdentifier(requestContext); final JASPICallbackHandler cbh = new JASPICallbackHandler(); exchange.putAttachment(JASPICContext.ATTACHMENT_KEY, new JASPICContext(messageInfo, sam, cbh)); UndertowLogger.ROOT_LOGGER.debugf("validateRequest for layer [%s] and applicationContextIdentifier [%s]", JASPI_HTTP_SERVLET_LAYER, applicationIdentifier); cache = Boolean.valueOf((String)registerObj); sc.authenticationComplete(authenticatedAccount, authType, cache); } else if (isValid && authenticatedAccount == null && !isMandatory(requestContext)) { outcome = AuthenticationMechanismOutcome.NOT_ATTEMPTED; } else { outcome = AuthenticationMechanismOutcome.NOT_AUTHENTICATED; sc.authenticationFailed("JASPIC authentication failed.", authType);
@Override public AuthenticationMechanismOutcome authenticate(HttpServerExchange exchange, SecurityContext securityContext) { String principal = exchange.getAttachment(EXTERNAL_PRINCIPAL); if(principal == null) { return AuthenticationMechanismOutcome.NOT_ATTEMPTED; } Account account = getIdentityManager(securityContext).verify(principal, ExternalCredential.INSTANCE); if(account == null) { return AuthenticationMechanismOutcome.NOT_AUTHENTICATED; } String name = exchange.getAttachment(EXTERNAL_AUTHENTICATION_TYPE); securityContext.authenticationComplete(account, name != null ? name: this.name, false); return AuthenticationMechanismOutcome.AUTHENTICATED; }
@Override public AuthenticationMechanismOutcome authenticate(HttpServerExchange exchange, SecurityContext securityContext) { List<String> authHeaders = exchange.getRequestHeaders().get(AUTHORIZATION); if (authHeaders != null) { for (String current : authHeaders) { try { final AuthenticationMechanismOutcome result; Account account = idm.verify(userName, credential); if (account != null) { securityContext.authenticationComplete(account, mechanismName, false); result = AuthenticationMechanismOutcome.AUTHENTICATED; } else {
public AuthenticationMechanismOutcome authenticate(final HttpServerExchange exchange, final SecurityContext securityContext) { SSLSessionInfo sslSession = exchange.getConnection().getSslSessionInfo(); if (sslSession != null) { try { Certificate[] clientCerts = getPeerCertificates(exchange, sslSession, securityContext); if (clientCerts[0] instanceof X509Certificate) { Credential credential = new X509CertificateCredential((X509Certificate) clientCerts[0]); IdentityManager idm = getIdentityManager(securityContext); Account account = idm.verify(credential); if (account != null) { securityContext.authenticationComplete(account, name, false); return AuthenticationMechanismOutcome.AUTHENTICATED; } } } catch (SSLPeerUnverifiedException e) { // No action - this mechanism can not attempt authentication without peer certificates so allow it to drop out // to NOT_ATTEMPTED. } } /* * For ClientCert we do not have a concept of a failed authentication, if the client did use a key then it was deemed * acceptable for the connection to be established, this mechanism then just 'attempts' to use it for authentication but * does not mandate success. */ return AuthenticationMechanismOutcome.NOT_ATTEMPTED; }