Refine search
protected void authenticationComplete(Account account, String mechanism, boolean programatic, final boolean cachingRequired) { this.account = account; this.mechanismName = mechanism; UndertowLogger.SECURITY_LOGGER.debugf("Authenticated as %s, roles %s", account.getPrincipal().getName(), account.getRoles()); sendNoticiation(new SecurityNotification(exchange, EventType.AUTHENTICATED, account, mechanism, programatic, MESSAGES.userAuthenticated(account.getPrincipal().getName()), cachingRequired)); }
if (cachedAccount != null && cachedAccount.getPrincipal() == userPrincipal) { for (String role : cachedAccount.getRoles()) roleGroup.addRole(new SimpleRole(role)); jbossSct.getUtil().setRoles(roleGroup); Principal original = null; if(cachedAccount != null) { original = cachedAccount.getPrincipal();
private boolean verifyCredential(Account account, Credential credential) { if (credential instanceof PasswordCredential) { char[] password = ((PasswordCredential) credential).getPassword(); char[] expectedPassword = users.get(account.getPrincipal().getName()); return Arrays.equals(password, expectedPassword); } return false; }
@SuppressWarnings("unchecked") @Override public void handleRequest(HttpServerExchange exchange) throws Exception { exchange.getResponseHeaders().put(Headers.CONTENT_TYPE, "application/json"); Map<String, Deque<String>> pnames = exchange.getQueryParameters(); for (Map.Entry<String, Deque<String>> entry : pnames.entrySet()) { String pname = entry.getKey(); final SecurityContext context = exchange.getSecurityContext(); String userId = context.getAuthenticatedAccount().getPrincipal().getName(); Set<String> roles = context.getAuthenticatedAccount().getRoles(); Map<String, String> codeMap = new HashMap<>(); codeMap.put("userId", userId);
@Override public AuthenticationMechanismOutcome authenticate(final HttpServerExchange exchange, final SecurityContext securityContext) { ServerConnection connection = exchange.getConnection(); NegotiationContext negContext = connection.getAttachment(NegotiationContext.ATTACHMENT_KEY); if (negContext != null) { exchange.putAttachment(NegotiationContext.ATTACHMENT_KEY, negContext); if (negContext.isEstablished()) { IdentityManager identityManager = getIdentityManager(securityContext); final Account account = identityManager.verify(new GSSContextCredential(negContext.getGssContext())); if (account != null) { securityContext.authenticationComplete(account, name, false); UndertowLogger.SECURITY_LOGGER.debugf("Authenticated as user %s with existing GSSAPI negotiation context for %s", account.getPrincipal().getName(), exchange); return AuthenticationMechanismOutcome.AUTHENTICATED; } else { List<String> authHeaders = exchange.getRequestHeaders().get(AUTHORIZATION); if (authHeaders != null) { for (String current : authHeaders) {
@Override public String readAttribute(final HttpServerExchange exchange) { SecurityContext sc = exchange.getSecurityContext(); if (sc == null || !sc.isAuthenticated()) { return null; } return sc.getAuthenticatedAccount().getPrincipal().getName(); }
jdbcLogAttribute.pattern = pattern; jdbcLogAttribute.remoteHost = ((InetSocketAddress) exchange.getConnection().getPeerAddress()).getAddress().getHostAddress(); SecurityContext sc = exchange.getSecurityContext(); if (sc == null || !sc.isAuthenticated()) { jdbcLogAttribute.user = null; } else { jdbcLogAttribute.user = sc.getAuthenticatedAccount().getPrincipal().getName(); jdbcLogAttribute.query = exchange.getQueryString(); jdbcLogAttribute.bytes = exchange.getResponseContentLength();
Account account = identityManager.verify(userName, credential); if (account != null) { securityContext.authenticationComplete(account, name, true); UndertowLogger.SECURITY_LOGGER.debugf("Authenticated user %s using for auth for %s", account.getPrincipal().getName(), exchange); outcome = AuthenticationMechanismOutcome.AUTHENTICATED; } else { securityContext.authenticationFailed(MESSAGES.authenticationFailed(userName), name); exchange.endExchange();
@Override public void handleNotification(SecurityNotification notification) { EventType event = notification.getEventType(); if (event == EventType.AUTHENTICATED || event == EventType.FAILED_AUTHENTICATION) { AuditEvent auditEvent = new AuditEvent(event == EventType.AUTHENTICATED ? AuditLevel.SUCCESS : AuditLevel.FAILURE); Map<String, Object> ctxMap = new HashMap<String, Object>(); Account account = notification.getAccount(); if (account != null) { ctxMap.put("principal", account.getPrincipal().getName()); } ctxMap.put("message", notification.getMessage()); ServletRequestContext src = notification.getExchange().getAttachment(ServletRequestContext.ATTACHMENT_KEY); if(src != null) { ServletRequest hsr = src.getServletRequest(); if (hsr instanceof HttpServletRequest) { ctxMap.put("request", deriveUsefulInfo((HttpServletRequest) hsr)); } } ctxMap.put("Source", getClass().getCanonicalName()); auditEvent.setContextMap(ctxMap); auditManager.audit(auditEvent); } }
@Override public AuthenticationMechanismOutcome authenticate(HttpServerExchange exchange, SecurityContext securityContext) { Cookie cookie = exchange.getRequestCookies().get(cookieName); if (cookie != null) { final String ssoId = cookie.getValue(); securityContext.authenticationComplete(verified, sso.getMechanismName(), false); securityContext.registerNotificationReceiver(new NotificationReceiver() { @Override public void handleNotification(SecurityNotification notification) { log.tracef("Authenticated account %s using SSO", verified.getPrincipal().getName()); return AuthenticationMechanismOutcome.AUTHENTICATED; exchange.addResponseWrapper(responseListener); return AuthenticationMechanismOutcome.NOT_ATTEMPTED;
if (exchange.getRequestPath().startsWith("/_authtokens/") && exchange.getRequestPath().length() > 13 && Methods.OPTIONS.equals(exchange.getRequestMethod())) { exchange.getResponseHeaders() .put(HttpString.tryFromString("Access-Control-Allow-Methods"), "GET, DELETE") if (exchange.getSecurityContext() == null || exchange.getSecurityContext().getAuthenticatedAccount() == null || exchange.getSecurityContext().getAuthenticatedAccount().getPrincipal() == null || !(("/_authtokens/" + exchange.getSecurityContext().getAuthenticatedAccount().getPrincipal().getName()) .equals(exchange.getRequestURI()) || !(ESCAPER.escape("/_authtokens/" + exchange.getSecurityContext().getAuthenticatedAccount().getPrincipal().getName())) .equals(exchange.getRequestURI()))) { exchange.setStatusCode(HttpStatus.SC_FORBIDDEN); if (Methods.GET.equals(exchange.getRequestMethod())) { Representation rep = new Representation("/_authtokens/" + exchange.getSecurityContext().getAuthenticatedAccount().getPrincipal().getName()); } else if (Methods.DELETE.equals(exchange.getRequestMethod())) { AuthTokenIdentityManager.getInstance().getCachedAccounts() .invalidate(exchange.getSecurityContext().getAuthenticatedAccount().getPrincipal().getName()); removeAuthTokens(exchange); exchange.setStatusCode(HttpStatus.SC_NO_CONTENT);
private void addExchangeCompleteListener(HttpServerExchange exchange, Integer logLevel, final StringBuilder sb, final long start) { exchange.addExchangeCompleteListener((final HttpServerExchange exchange1, final ExchangeCompletionListener.NextListener nextListener) -> { if (logLevel < 1) { return; final SecurityContext sc = exchange1.getSecurityContext(); if (exchange.getStatusCode() >= 300 && exchange.getStatusCode() != 304) { sb.append(ansi().fg(RED).bold().a(exchange.getStatusCode()).reset().toString()); .append(" contentLength=").append(exchange1.getResponseContentLength()); if (sc != null && sc.getAuthenticatedAccount() != null) { sb.append(" username=").append(sc.getAuthenticatedAccount().getPrincipal().getName()) .append(" roles=").append(sc.getAuthenticatedAccount().getRoles()); if (sc.isAuthenticated()) { sb.append(" authType=").append(sc.getMechanismName()).append("\n"); sb.append(" username=").append(sc.getAuthenticatedAccount().getPrincipal().getName()) .append("\n"); sb.append(" roles=").append(sc.getAuthenticatedAccount().getRoles()).append("\n"); } else { sb.append(" authType=none" + "\n");
final StringBuilder sb = new StringBuilder(); final SecurityContext sc = exchange.getSecurityContext(); sb.append("\n----------------------------REQUEST---------------------------\n"); sb.append(" URI=" + exchange.getRequestURI() + "\n"); sb.append(" characterEncoding=" + exchange.getRequestHeaders().get(Headers.CONTENT_ENCODING) + "\n"); sb.append(" contentLength=" + exchange.getRequestContentLength() + "\n"); sb.append(" contentType=" + exchange.getRequestHeaders().get(Headers.CONTENT_TYPE) + "\n"); if (sc.isAuthenticated()) { sb.append(" authType=" + sc.getMechanismName() + "\n"); sb.append(" principle=" + sc.getAuthenticatedAccount().getPrincipal() + "\n"); } else { sb.append(" authType=none" + "\n");
if (sc.isAuthenticated()) { sb.append(" authType=" + sc.getMechanismName() + "\n"); sb.append(" principle=" + sc.getAuthenticatedAccount().getPrincipal() + "\n"); } else { sb.append(" authType=none" + "\n"); sb.append(" contentLength=" + exchange.getResponseContentLength() + "\n"); sb.append(" contentType=" + exchange.getResponseHeaders().getFirst(Headers.CONTENT_TYPE) + "\n"); Map<String, Cookie> cookies = exchange.getResponseCookies(); if (cookies != null) { for (Cookie cookie : cookies.values()) {
@Override public void handleRequest(HttpServerExchange httpExchange) throws Exception { if (shouldSkip(httpExchange.getRequestPath())) { super.handleRequest(httpExchange); return; if (httpExchange.isInIoThread()) { httpExchange.dispatch(this); return; return; } else { final Account authenticatedAccount = securityContext.getAuthenticatedAccount(); if (authenticatedAccount instanceof KeycloakUndertowAccount) { final KeycloakUndertowAccount kua = (KeycloakUndertowAccount) authenticatedAccount; .ofNullable(authenticatedAccount.getRoles()) .orElse((Set<String>) Collections.EMPTY_SET);
List<String> authHeaders = exchange.getRequestHeaders().get(AUTHORIZATION); if (authHeaders != null) { String bearerToken = null; identityManager = securityContext.getIdentityManager(); JWTCredential credential = new JWTCredential(bearerToken, authContextInfo); if (UndertowLogger.SECURITY_LOGGER.isTraceEnabled()) { JsonWebToken jwtPrincipal = (JsonWebToken) account.getPrincipal(); MPJWTProducer.setJWTPrincipal(jwtPrincipal); JWTAccount jwtAccount = new JWTAccount(jwtPrincipal, account); securityContext.authenticationComplete(jwtAccount, "MP-JWT", false); jbSC.getUtil().setRoles(roles); UndertowLogger.SECURITY_LOGGER.debugf("Authenticated caller(%s) for path(%s) with roles: %s", credential.getName(), exchange.getRequestPath(), account.getRoles()); return AuthenticationMechanismOutcome.AUTHENTICATED; } else {
@Override public void handleNotification(SecurityNotification notification) { if (notification.getEventType() == SecurityNotification.EventType.LOGGED_OUT) { Account account = notification.getAccount(); Principal principal = (account instanceof AccountImpl) ? ((AccountImpl) account).getOriginalPrincipal() : account.getPrincipal(); if (principal != null) { // perform the logout of the principal using the subject currently set in the security context. Subject subject = SecurityActions.getSubject(); this.manager.logout(principal, subject); } // Clear old context SecurityActions.clearSecurityContext(); SecurityActions.setSecurityRoles(null); // Set a new one in case re-authentication is done within the same thread org.jboss.security.SecurityContext securityContext = SecurityActions.createSecurityContext(securityDomain); notification.getExchange().putAttachment(UndertowSecurityAttachments.SECURITY_CONTEXT_ATTACHMENT, securityContext); SecurityActions.setSecurityContextOnAssociation(securityContext); } } }
@Override public Principal getUserPrincipal() { SecurityContext sc = exchange.getSecurityContext(); if(sc == null) { return null; } Account authenticatedAccount = sc.getAuthenticatedAccount(); if(authenticatedAccount == null) { return null; } return authenticatedAccount.getPrincipal(); }
@Override public boolean isUserInRole(String role) { SecurityContext sc = exchange.getSecurityContext(); if(sc == null) { return false; } Account authenticatedAccount = sc.getAuthenticatedAccount(); if(authenticatedAccount == null) { return false; } return authenticatedAccount.getRoles().contains(role); }
private Set<Principal> getPrincipalRoles(Account account) { final Set<Principal> roles = new HashSet<>(); for (String role : account.getRoles()) { roles.add(new SimplePrincipal(role)); } return roles; }