Refine search
private AuthenticationMechanismOutcome handleDigestHeader(HttpServerExchange exchange, final SecurityContext securityContext) { DigestContext context = exchange.getAttachment(DigestContext.ATTACHMENT_KEY); Map<DigestAuthorizationToken, String> parsedHeader = context.getParsedHeader(); String requestURI = exchange.getRequestURI(); if(!exchange.getQueryString().isEmpty()) { requestURI = requestURI + "?" + exchange.getQueryString(); } else { final DigestCredential credential = new DigestCredentialImpl(context); account = identityManager.verify(userName, credential); securityContext.authenticationFailed(MESSAGES.authenticationFailed(userName), mechanismName); return AuthenticationMechanismOutcome.NOT_AUTHENTICATED; securityContext.authenticationComplete(account, mechanismName, false); return AuthenticationMechanismOutcome.AUTHENTICATED;
public AuthenticationMechanismOutcome run() throws GSSException { NegotiationContext negContext = exchange.getAttachment(NegotiationContext.ATTACHMENT_KEY); if (negContext == null) { negContext = new NegotiationContext(); exchange.putAttachment(NegotiationContext.ATTACHMENT_KEY, negContext); exchange.getConnection().putAttachment(NegotiationContext.ATTACHMENT_KEY, negContext); NEGOTIATE_PREFIX + FlexBase64.encodeString(respToken, false)); IdentityManager identityManager = securityContext.getIdentityManager(); final Account account = identityManager.verify(new GSSContextCredential(negContext.getGssContext())); if (account != null) { securityContext.authenticationComplete(account, name, false); return AuthenticationMechanismOutcome.AUTHENTICATED; } else {
@Override public AuthenticationMechanismOutcome authenticate(final HttpServerExchange exchange, final SecurityContext securityContext) { ServerConnection connection = exchange.getConnection(); NegotiationContext negContext = connection.getAttachment(NegotiationContext.ATTACHMENT_KEY); if (negContext != null) { exchange.putAttachment(NegotiationContext.ATTACHMENT_KEY, negContext); if (negContext.isEstablished()) { IdentityManager identityManager = getIdentityManager(securityContext); final Account account = identityManager.verify(new GSSContextCredential(negContext.getGssContext())); if (account != null) { securityContext.authenticationComplete(account, name, false); UndertowLogger.SECURITY_LOGGER.debugf("Authenticated as user %s with existing GSSAPI negotiation context for %s", account.getPrincipal().getName(), exchange); return AuthenticationMechanismOutcome.AUTHENTICATED; List<String> authHeaders = exchange.getRequestHeaders().get(AUTHORIZATION); if (authHeaders != null) { for (String current : authHeaders) {
public AuthenticationMechanismOutcome authenticate(HttpServerExchange exchange, SecurityContext securityContext) { List<String> authHeaders = exchange.getRequestHeaders().get(AUTHORIZATION); if (authHeaders != null) { for (String current : authHeaders) { String ua = exchange.getRequestHeaders().getFirst(Headers.USER_AGENT); if(ua != null) { for (Map.Entry<Pattern, Charset> entry : userAgentCharsets.entrySet()) { try { final AuthenticationMechanismOutcome result; Account account = idm.verify(userName, credential); if (account != null) { securityContext.authenticationComplete(account, name, false); result = AuthenticationMechanismOutcome.AUTHENTICATED; } else { securityContext.authenticationFailed(MESSAGES.authenticationFailed(userName), name); result = AuthenticationMechanismOutcome.NOT_AUTHENTICATED;
ServiceProviderSAMLWorkflow serviceProviderSAMLWorkflow = new ServiceProviderSAMLWorkflow(); final ServletRequestContext servletRequestContext = httpServerExchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY); ServletContext servletContext = servletRequestContext.getCurrentServletContext(); HttpServletRequest request = (HttpServletRequest) servletRequestContext.getServletRequest(); IdentityManager identityManager = securityContext.getIdentityManager(); account = identityManager.verify(account); httpServerExchange.endExchange();
List<String> authHeaders = exchange.getRequestHeaders().get(AUTHORIZATION); if (authHeaders != null) { String bearerToken = null; identityManager = securityContext.getIdentityManager(); JWTCredential credential = new JWTCredential(bearerToken, authContextInfo); if (UndertowLogger.SECURITY_LOGGER.isTraceEnabled()) { Account account = identityManager.verify(credential.getName(), credential); if (account != null) { JsonWebToken jwtPrincipal = (JsonWebToken) account.getPrincipal(); MPJWTProducer.setJWTPrincipal(jwtPrincipal); JWTAccount jwtAccount = new JWTAccount(jwtPrincipal, account); securityContext.authenticationComplete(jwtAccount, "MP-JWT", false); jbSC.getUtil().setRoles(roles); UndertowLogger.SECURITY_LOGGER.debugf("Authenticated caller(%s) for path(%s) with roles: %s", credential.getName(), exchange.getRequestPath(), account.getRoles()); return AuthenticationMechanismOutcome.AUTHENTICATED; } else {
@Override public AuthenticationMechanismOutcome authenticate(HttpServerExchange exchange, SecurityContext securityContext) { String principal = exchange.getAttachment(EXTERNAL_PRINCIPAL); if(principal == null) { return AuthenticationMechanismOutcome.NOT_ATTEMPTED; } Account account = getIdentityManager(securityContext).verify(principal, ExternalCredential.INSTANCE); if(account == null) { return AuthenticationMechanismOutcome.NOT_AUTHENTICATED; } String name = exchange.getAttachment(EXTERNAL_AUTHENTICATION_TYPE); securityContext.authenticationComplete(account, name != null ? name: this.name, false); return AuthenticationMechanismOutcome.AUTHENTICATED; }
try { IdentityManager identityManager = getIdentityManager(securityContext); Account account = identityManager.verify(userName, credential); if (account != null) { securityContext.authenticationComplete(account, name, true); UndertowLogger.SECURITY_LOGGER.debugf("Authenticated user %s using for auth for %s", account.getPrincipal().getName(), exchange); outcome = AuthenticationMechanismOutcome.AUTHENTICATED; } else { securityContext.authenticationFailed(MESSAGES.authenticationFailed(userName), name); exchange.endExchange();
@Override public AuthenticationMechanismOutcome authenticate(HttpServerExchange exchange, SecurityContext securityContext) { List<String> authHeaders = exchange.getRequestHeaders().get(AUTHORIZATION); if (authHeaders != null) { for (String current : authHeaders) { try { final AuthenticationMechanismOutcome result; Account account = idm.verify(userName, credential); if (account != null) { securityContext.authenticationComplete(account, mechanismName, false); result = AuthenticationMechanismOutcome.AUTHENTICATED; } else {
String proxiedIssuers; try { proxiedEntities = getSingleHeader(exchange.getRequestHeaders(), PROXIED_ENTITIES_HEADER); proxiedIssuers = getSingleHeader(exchange.getRequestHeaders(), PROXIED_ISSUERS_HEADER); if (proxiedEntities != null && proxiedIssuers == null) { return notAuthenticated(exchange, securityContext, PROXIED_ENTITIES_HEADER + " supplied, but missing " + PROXIED_ISSUERS_HEADER SSLSessionInfo sslSession = exchange.getConnection().getSslSessionInfo(); if (sslSession != null) { try { Account account = idm.verify(username, credential); if (account != null) { return authenticated(exchange, securityContext, account);
@Override public AuthenticationMechanismOutcome authenticate(HttpServerExchange exchange, SecurityContext securityContext) { Cookie cookie = exchange.getRequestCookies().get(cookieName); if (cookie != null) { final String ssoId = cookie.getValue(); log.tracef("SSO session with ID: %s found.", ssoId); Account verified = getIdentityManager(securityContext).verify(sso.getAccount()); if (verified == null) { if(log.isTraceEnabled()) { securityContext.authenticationComplete(verified, sso.getMechanismName(), false); securityContext.registerNotificationReceiver(new NotificationReceiver() { @Override public void handleNotification(SecurityNotification notification) { exchange.addResponseWrapper(responseListener); return AuthenticationMechanismOutcome.NOT_ATTEMPTED;
public AuthenticationMechanismOutcome authenticate(final HttpServerExchange exchange, final SecurityContext securityContext) { SSLSessionInfo sslSession = exchange.getConnection().getSslSessionInfo(); if (sslSession != null) { try { Certificate[] clientCerts = getPeerCertificates(exchange, sslSession, securityContext); if (clientCerts[0] instanceof X509Certificate) { Credential credential = new X509CertificateCredential((X509Certificate) clientCerts[0]); IdentityManager idm = getIdentityManager(securityContext); Account account = idm.verify(credential); if (account != null) { securityContext.authenticationComplete(account, name, false); return AuthenticationMechanismOutcome.AUTHENTICATED; } } } catch (SSLPeerUnverifiedException e) { // No action - this mechanism can not attempt authentication without peer certificates so allow it to drop out // to NOT_ATTEMPTED. } } /* * For ClientCert we do not have a concept of a failed authentication, if the client did use a key then it was deemed * acceptable for the connection to be established, this mechanism then just 'attempts' to use it for authentication but * does not mandate success. */ return AuthenticationMechanismOutcome.NOT_ATTEMPTED; }
@Override public AuthenticationMechanismOutcome authenticate(HttpServerExchange exchange, SecurityContext securityContext) { final String principal = principalResolver.get(exchange.getSourceAddress().getAddress()); if (principal == null) return AuthenticationMechanismOutcome.NOT_ATTEMPTED; final Account account = identityManager.verify(principal, ExternalCredential.INSTANCE); if (account == null) return AuthenticationMechanismOutcome.NOT_AUTHENTICATED; securityContext.authenticationComplete(account, NAME, false); return AuthenticationMechanismOutcome.AUTHENTICATED; }
@Override public AuthenticationMechanismOutcome authenticate(HttpServerExchange exchange, SecurityContext securityContext) { String principal = getPrincipal(exchange); if(principal == null) { return NOT_ATTEMPTED; } String session = getSession(exchange); if(session == null) { return NOT_ATTEMPTED; } Account account = identityManager.verify(principal, new PasswordCredential(session.toCharArray())); if(account == null) { securityContext.authenticationFailed(UndertowMessages.MESSAGES.authenticationFailed(principal), mechanismName); return NOT_AUTHENTICATED; } securityContext.authenticationComplete(account, mechanismName, false); return AUTHENTICATED; }
public AuthenticationMechanismOutcome runCached(final HttpServerExchange exchange, final SecurityContext securityContext, final AuthenticatedSessionManager sessionManager) { AuthenticatedSession authSession = sessionManager.lookupSession(exchange); if (authSession != null) { Account account = getIdentityManager(securityContext).verify(authSession.getAccount()); if (account != null) { securityContext.authenticationComplete(account, authSession.getMechanism(), false); return AuthenticationMechanismOutcome.AUTHENTICATED; } else { sessionManager.clearSession(exchange); // We know we had a previously authenticated account but for some reason the IdentityManager is no longer // accepting it, we now return AuthenticationMechanismOutcome.NOT_ATTEMPTED; } } else { // It is possible an AuthenticatedSessionManager could have been available even if there was no chance of it // loading a session. return AuthenticationMechanismOutcome.NOT_ATTEMPTED; } }
@Override public Account run() { return identityManager.verify(username, new PasswordCredential(password.toCharArray())); } });
IdentityManager identityManager = securityContext.getIdentityManager(); account = identityManager.verify(account);
public AuthenticationMechanismOutcome run() throws GSSException { NegotiationContext negContext = exchange.getAttachment(NegotiationContext.ATTACHMENT_KEY); if (negContext == null) { negContext = new NegotiationContext(); exchange.putAttachment(NegotiationContext.ATTACHMENT_KEY, negContext); exchange.getConnection().putAttachment(NegotiationContext.ATTACHMENT_KEY, negContext); NEGOTIATE_PREFIX + FlexBase64.encodeString(respToken, false)); IdentityManager identityManager = securityContext.getIdentityManager(); final Account account = identityManager.verify(new GSSContextCredential(negContext.getGssContext())); if (account != null) { securityContext.authenticationComplete(account, name, false); return AuthenticationMechanismOutcome.AUTHENTICATED; } else {
@Override public AuthenticationMechanismOutcome authenticate(final HttpServerExchange exchange, final SecurityContext securityContext) { ServerConnection connection = exchange.getConnection(); NegotiationContext negContext = connection.getAttachment(NegotiationContext.ATTACHMENT_KEY); if (negContext != null) { exchange.putAttachment(NegotiationContext.ATTACHMENT_KEY, negContext); if (negContext.isEstablished()) { IdentityManager identityManager = getIdentityManager(securityContext); Map<String, Deque<String>> params = exchange.getQueryParameters(); Deque<String> clientIdDeque = params.get("client_id"); if(clientIdDeque != null) { final Account account = identityManager.verify(new LightGSSContextCredential(negContext.getGssContext(), clientAuthClass, userType)); if (account != null) { securityContext.authenticationComplete(account, name, false); if(logger.isDebugEnabled()) logger.debug("Authenticated as user %s with existing GSSAPI negotiation context for %s", account.getPrincipal().getName(), exchange); return AuthenticationMechanismOutcome.AUTHENTICATED;
public AuthenticationMechanismOutcome authenticate(HttpServerExchange exchange, SecurityContext securityContext) { List<String> authHeaders = exchange.getRequestHeaders().get(AUTHORIZATION); if (authHeaders != null) { for (String current : authHeaders) { String ua = exchange.getRequestHeaders().getFirst(Headers.USER_AGENT); if(ua != null) { for (Map.Entry<Pattern, Charset> entry : userAgentCharsets.entrySet()) { try { final AuthenticationMechanismOutcome result; Account account = idm.verify(userName, credential); if (account != null) { securityContext.authenticationComplete(account, name, false); result = AuthenticationMechanismOutcome.AUTHENTICATED; } else { securityContext.authenticationFailed(MESSAGES.authenticationFailed(userName), name); result = AuthenticationMechanismOutcome.NOT_AUTHENTICATED;