private boolean verifyCredential(Account account, Credential credential) { if (credential instanceof PasswordCredential) { char[] password = ((PasswordCredential) credential).getPassword(); char[] expectedPassword = users.get(account.getPrincipal().getName()); return Arrays.equals(password, expectedPassword); } return false; }
@Override public Account run() { return identityManager.verify(username, new PasswordCredential(password.toCharArray())); } });
@Override public Account verify(String id, Credential credential) { AccountImpl account = getAccount(id); if (credential instanceof DigestCredential) { DigestCredential digestCredential = (DigestCredential) credential; DigestCallbackHandler handler = new DigestCallbackHandler(id, digestCredential.getNonce(), digestCredential.getNonceCount(), digestCredential.getClientNonce(), digestCredential.getQop(), digestCredential.getRealm(), digestCredential.getHA2()); CallbackHandlerPolicyContextHandler.setCallbackHandler(handler); return verifyCredential(account, digestCredential.getClientDigest()); } else if(credential instanceof PasswordCredential) { final char[] password = ((PasswordCredential) credential).getPassword(); // The original array may be cleared, this integration relies on it being cached for use later. final char[] duplicate = Arrays.copyOf(password, password.length); return verifyCredential(account, duplicate); } else { return verifyCredential(account, credential); } }
@Override public boolean login(final String username, final String password) { UndertowLogger.SECURITY_LOGGER.debugf("Attempting programatic login for user %s for request %s", username, exchange); final Account account; if(System.getSecurityManager() == null) { account = identityManager.verify(username, new PasswordCredential(password.toCharArray())); } else { account = AccessController.doPrivileged(new PrivilegedAction<Account>() { @Override public Account run() { return identityManager.verify(username, new PasswordCredential(password.toCharArray())); } }); } if (account == null) { return false; } authenticationComplete(account, programaticMechName, true); this.authenticationState = AuthenticationState.AUTHENTICATED; return true; }
@Override protected Account check(final Credential credential) { if (!(credential instanceof PasswordCredential)) return null; final PasswordCredential passwordCredential = (PasswordCredential) credential; return Arrays.equals(password, passwordCredential.getPassword()) ? this : null; } }
PasswordCredential credential = new PasswordCredential(password); try { final AuthenticationMechanismOutcome result;
@Override public Account verify(String id, Credential credential) { if (id == null || id.trim().length() == 0) { return null; } FakeAccount account = accounts.get(id); if ((credential instanceof PasswordCredential) && String.valueOf(((PasswordCredential) credential).getPassword()).equals(account.password)) { account.roles.add( LightblueRestTestHarness.SECURITY_ROLE_AUTHENTICATED); return account; } return null; }
@Override public AuthenticationMechanismOutcome authenticate(HttpServerExchange exchange, SecurityContext securityContext) { String principal = getPrincipal(exchange); if(principal == null) { return NOT_ATTEMPTED; } String session = getSession(exchange); if(session == null) { return NOT_ATTEMPTED; } Account account = identityManager.verify(principal, new PasswordCredential(session.toCharArray())); if(account == null) { securityContext.authenticationFailed(UndertowMessages.MESSAGES.authenticationFailed(principal), mechanismName); return NOT_AUTHENTICATED; } securityContext.authenticationComplete(account, mechanismName, false); return AUTHENTICATED; }
private boolean verifyCredential(Account account, Credential credential) { if (credential instanceof PasswordCredential && account instanceof SimpleAccount) { char[] password = ((PasswordCredential) credential).getPassword(); char[] expectedPassword = accounts.get(account.getPrincipal().getName()).getCredentials().getPassword(); return Arrays.equals(password, expectedPassword); } return false; } }
final String password = jPassword.getValue(); AuthenticationMechanismOutcome outcome = null; PasswordCredential credential = new PasswordCredential(password.toCharArray()); try { IdentityManager identityManager = getIdentityManager(securityContext);
private boolean verifyCredential(Account account, Credential credential) { if (credential instanceof PasswordCredential) { char[] password = ((PasswordCredential) credential).getPassword(); char[] expectedPassword = identities.get(account.getPrincipal().getName()); return Arrays.equals(password, expectedPassword); } return false; }
@Override public Account run() { return identityManager.verify(username, new PasswordCredential(password.toCharArray())); } });
@Override public Account verify(String username, Credential credential) { if (username == null || credential == null || !(credential instanceof PasswordCredential)) { return null; } PasswordCredential pwc = (PasswordCredential) credential; try { Set<String> roles = getRoles(username, new String(pwc.getPassword())); Account acct = new SimpleAccount(username, pwc.getPassword(), roles); return acct; } catch (NamingException e) { LOGGER.error(e.getMessage(), e); } return null; }
@Override public Account run() { return identityManager.verify(username, new PasswordCredential(password.toCharArray())); } });
private boolean verifyToken(Account account, Credential credential) { if (credential instanceof PasswordCredential && account instanceof SimpleAccount) { char[] token = ((PasswordCredential) credential).getPassword(); char[] expectedToken = cachedAccounts.get(account.getPrincipal().getName()).get().getCredentials().getPassword(); return Arrays.equals(token, expectedToken); } return false; }
/** * * @param name * @param password * @param roles */ public SimpleAccount(String name, char[] password, Set<String> roles) { if (name == null) { throw new IllegalArgumentException("argument principal cannot be null"); } if (password == null) { throw new IllegalArgumentException("argument password cannot be null"); } if (roles == null || roles.isEmpty()) { roles = Sets.newHashSet(); } this.principal = new SimplePrincipal(name); this.credential = new PasswordCredential(password); this.roles = roles; }
@Override public Account verify(String id, Credential credential) { if(!(credential instanceof PasswordCredential)) { return null; } PasswordCredential pc = (PasswordCredential) credential; char[] pwdArr = pc.getPassword(); if(pwdArr != null && passwordEncoder.matches(new String(pwdArr), encodedPass)) { return new AccountImpl(id); } return null; }
@Override public boolean login(final String username, final String password) { UndertowLogger.SECURITY_LOGGER.debugf("Attempting programatic login for user %s for request %s", username, exchange); final Account account; if(System.getSecurityManager() == null) { account = identityManager.verify(username, new PasswordCredential(password.toCharArray())); } else { account = AccessController.doPrivileged(new PrivilegedAction<Account>() { @Override public Account run() { return identityManager.verify(username, new PasswordCredential(password.toCharArray())); } }); } if (account == null) { return false; } authenticationComplete(account, programaticMechName, true); this.authenticationState = AuthenticationState.AUTHENTICATED; return true; }
@SuppressWarnings("unchecked") private boolean verifyCredential(Account account, Credential credential) { boolean match = false; if (credential instanceof PasswordCredential) { char[] password = ((PasswordCredential) credential).getPassword(); User user = users.get(account.getPrincipal().getName()); String expectedPassword = user.getPassword(); try { match = HashUtil.validatePassword(password, expectedPassword); Arrays.fill(password, ' '); } catch (NoSuchAlgorithmException | InvalidKeySpecException e) { logger.error("Exception:", e); } } if(logger.isDebugEnabled()) logger.debug("verfifyCredential = " + match); return match; }
@Override public boolean login(final String username, final String password) { UndertowLogger.SECURITY_LOGGER.debugf("Attempting programatic login for user %s for request %s", username, exchange); final Account account; if(System.getSecurityManager() == null) { account = identityManager.verify(username, new PasswordCredential(password.toCharArray())); } else { account = AccessController.doPrivileged(new PrivilegedAction<Account>() { @Override public Account run() { return identityManager.verify(username, new PasswordCredential(password.toCharArray())); } }); } if (account == null) { return false; } authenticationComplete(account, programaticMechName, true); this.authenticationState = AuthenticationState.AUTHENTICATED; return true; }