SecurityIdentity(final SecurityIdentity old, final Credential credential, final boolean isPrivate) { this.securityDomain = old.securityDomain; this.principal = old.principal; this.realmInfo = old.realmInfo; this.authorizationIdentity = old.authorizationIdentity; this.defaultRoles = old.defaultRoles; this.roleMappers = old.roleMappers; this.creationTime = old.creationTime; this.verifier = old.verifier; this.publicCredentials = isPrivate ? old.publicCredentials : old.publicCredentials.withCredential(credential); this.privateCredentials = isPrivate ? old.privateCredentials.withCredential(credential) : old.privateCredentials; this.withSuppliedIdentities = old.withSuppliedIdentities; this.withIdentities = old.withIdentities; }
@Override public <C extends Credential> C getCredential(Class<C> credentialType) throws RealmUnavailableException { if (credentials.contains(credentialType)) { if (log.isTraceEnabled()) { log.tracef("getCredential credentialType='%s' cached, returning cached credential for principal='%s'", credentialType.getName(), principal.getName()); } return credentials.getCredential(credentialType); } Credential credential = identity.getCredential(credentialType); if (credential != null) { if (log.isTraceEnabled()) { log.tracef("getCredential credentialType='%s' obtained from identity - caching for principal='%s'", credentialType.getName(), principal.getName()); } credentials = credentials.withCredential(credential); } return credentials.getCredential(credentialType); }
SecurityIdentity(final SecurityIdentity old, final IdentityCredentials credentials, final boolean isPrivate) { this.securityDomain = old.securityDomain; this.principal = old.principal; this.realmInfo = old.realmInfo; this.authorizationIdentity = old.authorizationIdentity; this.defaultRoles = old.defaultRoles; this.roleMappers = old.roleMappers; this.creationTime = old.creationTime; this.verifier = old.verifier; this.publicCredentials = isPrivate ? old.publicCredentials : old.publicCredentials.with(credentials); this.privateCredentials = isPrivate ? old.privateCredentials.with(credentials) : old.privateCredentials; this.withSuppliedIdentities = old.withSuppliedIdentities; this.withIdentities = old.withIdentities; }
/** * Get a {@link Spliterator} for this credential set. * * @return the spliterator (not {@code null}) */ public Spliterator<Credential> spliterator() { return Spliterators.spliterator(iterator(), size(), Spliterator.IMMUTABLE | Spliterator.DISTINCT | Spliterator.NONNULL | Spliterator.ORDERED | Spliterator.SIZED); }
@Override public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> credentialType, String algorithmName, final AlgorithmParameterSpec parameterSpec) throws RealmUnavailableException { if (credentials.contains(credentialType, algorithmName, parameterSpec)) { if (log.isTraceEnabled()) { log.tracef("getCredentialAcquireSupport credentialType='%s' with algorithmName='%' known for pincipal='%s'", credentialType.getName(), algorithmName, principal.getName()); } return credentials.getCredentialAcquireSupport(credentialType, algorithmName, parameterSpec); } Credential credential = identity.getCredential(credentialType, algorithmName, parameterSpec); if (credential != null) { if (log.isTraceEnabled()) { log.tracef("getCredentialAcquireSupport Credential for credentialType='%s' with algorithmName='%' obtained from identity - caching for principal='%s'", credentialType.getName(), algorithmName, principal.getName()); } credentials = credentials.withCredential(credential); } return credentials.getCredentialAcquireSupport(credentialType, algorithmName, parameterSpec); }
@Override public boolean verifyEvidence(Evidence evidence) throws RealmUnavailableException { if (evidence instanceof PasswordGuessEvidence) { if (credentials.canVerify(evidence)) { log.tracef("verifyEvidence For principal='%s' using cached credential", principal); return credentials.verify(evidence); } Credential credential = identity.getCredential(PasswordCredential.class); if (credential != null) { log.tracef("verifyEvidence Credential obtained from identity and cached for principal='%s'", principal); credentials = credentials.withCredential(credential); if (credential.canVerify(evidence)) { return credential.verify(evidence); } } char[] guess = ((PasswordGuessEvidence) evidence).getGuess(); Password password = ClearPassword.createRaw(ClearPassword.ALGORITHM_CLEAR, guess); log.tracef("verifyEvidence Falling back to direct support of identity for principal='%s'", principal); if (identity.verifyEvidence(evidence)) { credentials = credentials.withCredential(new PasswordCredential(password)); return true; } return false; } return identity.verifyEvidence(evidence); }
@Override public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> evidenceType, String algorithmName) throws RealmUnavailableException { if (PasswordGuessEvidence.class.isAssignableFrom(evidenceType)) { if (credentials.canVerify(evidenceType, algorithmName)) { if (log.isTraceEnabled()) { log.tracef("getEvidenceVerifySupport evidenceType='%s' with algorithmName='%' can verify from cache for principal='%s'", evidenceType.getName(), algorithmName, principal.getName()); } return SupportLevel.SUPPORTED; } Credential credential = identity.getCredential(PasswordCredential.class); if (credential != null) { if (log.isTraceEnabled()) { log.tracef("getEvidenceVerifySupport evidenceType='%s' with algorithmName='%' credential obtained from identity and cached for principal='%s'", evidenceType.getName(), algorithmName, principal.getName()); } credentials = credentials.withCredential(credential); if (credential.canVerify(evidenceType, algorithmName)) { return SupportLevel.SUPPORTED; } } } if (log.isTraceEnabled()) { log.tracef("getEvidenceVerifySupport evidenceType='%s' with algorithmName='%' falling back to direct support of identity for principal='%s'", evidenceType.getName(), algorithmName, principal.getName()); } return identity.getEvidenceVerifySupport(evidenceType, algorithmName); }
/** * Acquire a credential of the given type. * * @param credentialType the credential type class (must not be {@code null}) * @param <C> the credential type * @return the credential, or {@code null} if no such credential exists */ @Override public final <C extends Credential> C getCredential(Class<C> credentialType) { return getCredential(credentialType, null, null); }
/** * Determine whether a credential of the given type is present in this set. * * @param credentialType the credential type class (must not be {@code null}) * @return {@code true} if a matching credential is contained in this set, {@code false} otherwise */ public final boolean contains(Class<? extends Credential> credentialType) { return contains(credentialType, null); }
@Override public boolean verifyEvidence(final Evidence evidence) throws RealmUnavailableException { Assert.checkNotNullParam("evidence", evidence); JdbcIdentity identity = getIdentity(); if (identity != null) { return identity.identityCredentials.verify(evidence); } return false; }
@Override public SupportLevel getCredentialAcquireSupport(final Class<? extends Credential> credentialType, final String algorithmName, final AlgorithmParameterSpec parameterSpec) throws RealmUnavailableException { Assert.checkNotNullParam("credentialType", credentialType); JdbcIdentity identity = getIdentity(); if (identity != null) { return identity.identityCredentials.getCredentialAcquireSupport(credentialType, algorithmName, parameterSpec); } return SupportLevel.UNSUPPORTED; }
@Override public SupportLevel getEvidenceVerifySupport(final Class<? extends Evidence> evidenceType, final String algorithmName) throws RealmUnavailableException { Assert.checkNotNullParam("evidenceType", evidenceType); JdbcIdentity identity = getIdentity(); if (identity != null) { return identity.identityCredentials.canVerify(evidenceType, algorithmName) ? SupportLevel.SUPPORTED : SupportLevel.UNSUPPORTED; } return SupportLevel.UNSUPPORTED; }
@Override public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> credentialType, String algorithmName, final AlgorithmParameterSpec parameterSpec) throws RealmUnavailableException { if (credentials.contains(credentialType, algorithmName, parameterSpec)) { if (log.isTraceEnabled()) { log.tracef("getCredentialAcquireSupport credentialType='%s' with algorithmName='%' known for pincipal='%s'", credentialType.getName(), algorithmName, principal.getName()); } return credentials.getCredentialAcquireSupport(credentialType, algorithmName, parameterSpec); } Credential credential = identity.getCredential(credentialType, algorithmName, parameterSpec); if (credential != null) { if (log.isTraceEnabled()) { log.tracef("getCredentialAcquireSupport Credential for credentialType='%s' with algorithmName='%' obtained from identity - caching for principal='%s'", credentialType.getName(), algorithmName, principal.getName()); } credentials = credentials.withCredential(credential); } return credentials.getCredentialAcquireSupport(credentialType, algorithmName, parameterSpec); }
@Override public boolean verifyEvidence(Evidence evidence) throws RealmUnavailableException { if (evidence instanceof PasswordGuessEvidence) { if (credentials.canVerify(evidence)) { log.tracef("verifyEvidence For principal='%s' using cached credential", principal); return credentials.verify(evidence); } Credential credential = identity.getCredential(PasswordCredential.class); if (credential != null) { log.tracef("verifyEvidence Credential obtained from identity and cached for principal='%s'", principal); credentials = credentials.withCredential(credential); if (credential.canVerify(evidence)) { return credential.verify(evidence); } } char[] guess = ((PasswordGuessEvidence) evidence).getGuess(); Password password = ClearPassword.createRaw(ClearPassword.ALGORITHM_CLEAR, guess); log.tracef("verifyEvidence Falling back to direct support of identity for principal='%s'", principal); if (identity.verifyEvidence(evidence)) { credentials = credentials.withCredential(new PasswordCredential(password)); return true; } return false; } return identity.verifyEvidence(evidence); }
@Override public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> evidenceType, String algorithmName) throws RealmUnavailableException { if (PasswordGuessEvidence.class.isAssignableFrom(evidenceType)) { if (credentials.canVerify(evidenceType, algorithmName)) { if (log.isTraceEnabled()) { log.tracef("getEvidenceVerifySupport evidenceType='%s' with algorithmName='%' can verify from cache for principal='%s'", evidenceType.getName(), algorithmName, principal.getName()); } return SupportLevel.SUPPORTED; } Credential credential = identity.getCredential(PasswordCredential.class); if (credential != null) { if (log.isTraceEnabled()) { log.tracef("getEvidenceVerifySupport evidenceType='%s' with algorithmName='%' credential obtained from identity and cached for principal='%s'", evidenceType.getName(), algorithmName, principal.getName()); } credentials = credentials.withCredential(credential); if (credential.canVerify(evidenceType, algorithmName)) { return SupportLevel.SUPPORTED; } } } if (log.isTraceEnabled()) { log.tracef("getEvidenceVerifySupport evidenceType='%s' with algorithmName='%' falling back to direct support of identity for principal='%s'", evidenceType.getName(), algorithmName, principal.getName()); } return identity.getEvidenceVerifySupport(evidenceType, algorithmName); }
/** * Acquire a credential of the given type and algorithm name. * * @param credentialType the credential type class (must not be {@code null}) * @param algorithmName the algorithm name, or {@code null} if any algorithm is acceptable or the credential type * does not support algorithm names * @param <C> the credential type * @return the credential, or {@code null} if no such credential exists */ @Override public final <C extends Credential> C getCredential(final Class<C> credentialType, final String algorithmName) { return getCredential(credentialType, algorithmName, null); }
@Override public final SupportLevel getCredentialAcquireSupport(final Class<? extends Credential> credentialType, final String algorithmName) { return contains(credentialType, algorithmName) ? SupportLevel.SUPPORTED : SupportLevel.UNSUPPORTED; }
/** * Get a {@link Spliterator} for this credential set. * * @return the spliterator (not {@code null}) */ public Spliterator<Credential> spliterator() { return Spliterators.spliterator(iterator(), size(), Spliterator.IMMUTABLE | Spliterator.DISTINCT | Spliterator.NONNULL | Spliterator.ORDERED | Spliterator.SIZED); }
@Override public boolean verifyEvidence(final Evidence evidence) throws RealmUnavailableException { Assert.checkNotNullParam("evidence", evidence); JdbcIdentity identity = getIdentity(); if (identity != null) { return identity.identityCredentials.verify(evidence); } return false; }
@Override public SupportLevel getCredentialAcquireSupport(final Class<? extends Credential> credentialType, final String algorithmName, final AlgorithmParameterSpec parameterSpec) throws RealmUnavailableException { Assert.checkNotNullParam("credentialType", credentialType); JdbcIdentity identity = getIdentity(); if (identity != null) { return identity.identityCredentials.getCredentialAcquireSupport(credentialType, algorithmName, parameterSpec); } return SupportLevel.UNSUPPORTED; }