if (validationResult.getStatus() == VALID) { identityStore = authenticationIdentityStore; break; else if (validationResult.getStatus() == INVALID) { isGotAnInvalidResult = true; if (validationResult == null || validationResult.getStatus() != VALID) { groups.addAll(validationResult.getCallerGroups()); return new CredentialValidationResult( validationResult.getIdentityStoreId(), validationResult.getCallerPrincipal(), validationResult.getCallerDn(), validationResult.getCallerUniqueId(), groups);
@Override public AuthenticationStatus notifyContainerAboutLogin(CredentialValidationResult result) { if (result.getStatus() == VALID) { return notifyContainerAboutLogin( result.getCallerPrincipal(), result.getCallerGroups()); } return SEND_FAILURE; }
/** * Create the JWT using CredentialValidationResult received from * IdentityStoreHandler * * @param result the result from validation of UsernamePasswordCredential * @param context * @return the AuthenticationStatus to notify the container */ private AuthenticationStatus createToken(CredentialValidationResult result, HttpMessageContext context) { if (!isRememberMe(context)) { String jwt = tokenProvider.createToken(result.getCallerPrincipal().getName(), result.getCallerGroups(), false); context.getResponse().setHeader(AUTHORIZATION_HEADER, BEARER + jwt); } return context.notifyContainerAboutLogin(result.getCallerPrincipal(), result.getCallerGroups()); }
/** * Returns a valid {@link CredentialValidationResult}. * <p> * If further validation is required this method should be overridden in a sub-class * or alternative {@link IdentityStore}. Calling {@link RememberMeCredential#getToken()} * on the credential passed in will get the authorisation token which can be used to get * more information about the user from the OAuth provider by sending a GET request to * an endpoint i.e. https://oauthprovider/user&token=exampletoken. * @param credential * @return */ public CredentialValidationResult validate(RememberMeCredential credential){ return new CredentialValidationResult(credential.toString()); }
@Override public Set<String> getCallerGroups(CredentialValidationResult validationResult) { Set<String> result = groupsPerCaller.get(validationResult.getCallerPrincipal().getName()); if (result == null) { result = emptySet(); } return result; }
@Override public Set<String> getCallerGroups(CredentialValidationResult validationResult) { // Make sure caller has permission to invoke this method SecurityManager securityManager = System.getSecurityManager(); if (securityManager != null) { securityManager.checkPermission(new IdentityStorePermission("getGroups")); } LdapContext searchContext = createSearchLdapContext(); try { String callerDn = validationResult.getCallerDn(); if (callerDn == null || callerDn.isEmpty()) { callerDn = getCallerDn(searchContext, validationResult.getCallerPrincipal().getName()); } return retrieveGroupsForCallerDn(searchContext, callerDn); } finally { closeContext(searchContext); } }
if (result.getStatus() == CredentialValidationResult.Status.VALID) {
@Override public String generateLoginToken(CallerPrincipal callerPrincipal, Set<String> groups) { String token = UUID.randomUUID().toString(); loginTokens.put(token, new CredentialValidationResult(callerPrincipal, groups)); return token; }
@Override public AuthenticationStatus notifyContainerAboutLogin(CredentialValidationResult result) { if (result.getStatus() == VALID) { return notifyContainerAboutLogin( result.getCallerPrincipal(), result.getCallerGroups()); } return SEND_FAILURE; }
@Override public Set<String> getCallerGroups(CredentialValidationResult validationResult) { SecurityManager securityManager = System.getSecurityManager(); if (securityManager != null) { securityManager.checkPermission(new IdentityStorePermission("getGroups")); } Credentials credentials = callerToCredentials.get(validationResult.getCallerPrincipal().getName()); return credentials != null ? new HashSet<>(asList(credentials.groups())) : emptySet(); }
@Override public Set<String> getCallerGroups(CredentialValidationResult validationResult) { // Make sure caller has permission to invoke this method SecurityManager securityManager = System.getSecurityManager(); if (securityManager != null) { securityManager.checkPermission(new IdentityStorePermission("getGroups")); } LdapContext searchContext = createSearchLdapContext(); try { String callerDn = validationResult.getCallerDn(); if (callerDn == null || callerDn.isEmpty()) { callerDn = getCallerDn(searchContext, validationResult.getCallerPrincipal().getName()); } return retrieveGroupsForCallerDn(searchContext, callerDn); } finally { closeContext(searchContext); } }
if (validationResult.getStatus() == VALID) { identityStore = authenticationIdentityStore; break; else if (validationResult.getStatus() == INVALID) { isGotAnInvalidResult = true; if (validationResult == null || validationResult.getStatus() != VALID) { groups.addAll(validationResult.getCallerGroups()); return new CredentialValidationResult( validationResult.getIdentityStoreId(), validationResult.getCallerPrincipal(), validationResult.getCallerDn(), validationResult.getCallerUniqueId(), groups);
public CredentialValidationResult validate(UsernamePasswordCredential credential) { if (!(credential.getCaller().equals("test") && credential.getPassword().compareTo("pass"))) { return INVALID_RESULT; } return new CredentialValidationResult("test", new HashSet<>(asList("architect", "admin"))); }
@Override public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMsgContext) throws AuthenticationException { String[] credentials = getCredentials(request); if (!isEmpty(credentials)) { IdentityStoreHandler identityStoreHandler = CDI.current().select(IdentityStoreHandler.class).get(); CredentialValidationResult result = identityStoreHandler.validate( new UsernamePasswordCredential(credentials[0], new Password(credentials[1]))); if (result.getStatus() == VALID) { return httpMsgContext.notifyContainerAboutLogin( result.getCallerPrincipal(), result.getCallerGroups()); } } if (httpMsgContext.isProtected()) { response.setHeader("WWW-Authenticate", format("Basic realm=\"%s\"", basicAuthenticationMechanismDefinition.realmName())); return httpMsgContext.responseUnauthorized(); } return httpMsgContext.doNothing(); }
@Override public Set<String> getCallerGroups(CredentialValidationResult validationResult) { SecurityManager securityManager = System.getSecurityManager(); if (securityManager != null) { securityManager.checkPermission(new IdentityStorePermission("getGroups")); } Credentials credentials = callerToCredentials.get(validationResult.getCallerPrincipal().getName()); return credentials != null ? new HashSet<>(asList(credentials.groups())) : emptySet(); }
@Override public CredentialValidationResult validate(Credential credential) { CredentialValidationResult result; if (credential instanceof UsernamePasswordCredential) { UsernamePasswordCredential usernamePassword = (UsernamePasswordCredential) credential; String expectedPW = callerToPassword.get(usernamePassword.getCaller()); if (expectedPW != null && expectedPW.equals(usernamePassword.getPasswordAsString())) { result = new CredentialValidationResult(usernamePassword.getCaller()); } else { result = INVALID_RESULT; } } else { result = NOT_VALIDATED_RESULT; } return result; }
@Override public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMsgContext) throws AuthenticationException { String[] credentials = getCredentials(request); if (!isEmpty(credentials)) { IdentityStoreHandler identityStoreHandler = CDI.current().select(IdentityStoreHandler.class).get(); CredentialValidationResult result = identityStoreHandler.validate( new UsernamePasswordCredential(credentials[0], new Password(credentials[1]))); if (result.getStatus() == VALID) { return httpMsgContext.notifyContainerAboutLogin( result.getCallerPrincipal(), result.getCallerGroups()); } } if (httpMsgContext.isProtected()) { response.setHeader("WWW-Authenticate", format("Basic realm=\"%s\"", basicAuthenticationMechanismDefinition.realmName())); return httpMsgContext.responseUnauthorized(); } return httpMsgContext.doNothing(); }
@Override public Set<String> getCallerGroups(CredentialValidationResult validationResult) { SecurityManager securityManager = System.getSecurityManager(); if (securityManager != null) { securityManager.checkPermission(new IdentityStorePermission("getGroups")); } DataSource dataSource = getDataSource(); return new HashSet<>(executeQuery( dataSource, dataBaseIdentityStoreDefinition.groupsQuery(), validationResult.getCallerPrincipal().getName()) ); }
public CredentialValidationResult validate(UsernamePasswordCredential usernamePasswordCredential) { Credentials credentials = callerToCredentials.get(usernamePasswordCredential.getCaller()); if (credentials != null && usernamePasswordCredential.getPassword().compareTo(credentials.password())) { return new CredentialValidationResult( new CallerPrincipal(credentials.callerName()), new HashSet<>(asList(credentials.groups())) ); } return INVALID_RESULT; }
); if (result.getStatus() == VALID) { result.getCallerPrincipal(), result.getCallerGroups()); } else {