/** * @deprecated Transition method; remove before GA. */ default SupportLevel getCredentialAcquireSupport(Class<? extends Credential> credentialType, String algorithmName) throws RealmUnavailableException { return getCredentialAcquireSupport(credentialType, algorithmName, null); }
@Override public SupportLevel getEvidenceVerifySupport(final Class<? extends Evidence> evidenceType, final String algorithmName) throws RealmUnavailableException { return authenticationRealm.getEvidenceVerifySupport(evidenceType, algorithmName); }
/** * Get a handle for to the identity for the given evidence in the context of this security realm. Any validation / name * mapping is an implementation detail for the realm. The identity may or may not exist. The returned handle <em>must</em> * be cleaned up by a call to {@link RealmIdentity#dispose()}. * * Where this method is used to obtain a {@link RealmIdentity} prior to evidence verification the method * {@link RealmIdentity#getEvidenceVerifySupport(Class, String)} will be used to verify if the identity is usable. * * @param evidence an evidence instance which identifies the identity within the realm (must not be {@code null}) * @return the {@link RealmIdentity} for the provided evidence (not {@code null}) */ default RealmIdentity getRealmIdentity(Evidence evidence) throws RealmUnavailableException { final Principal principal = evidence.getPrincipal(); return principal == null ? RealmIdentity.NON_EXISTENT : getRealmIdentity(principal); }
public void handleRealmEvent(final RealmEvent event) { if (event instanceof RealmAuthenticationEvent) { authenticationRealm.handleRealmEvent(event); } else if (event instanceof RealmAuthorizationEvent) { authorizationRealm.handleRealmEvent(event); } else { // use safe wrapper to ensure both are called SecurityRealm.safeHandleRealmEvent(authenticationRealm, event); SecurityRealm.safeHandleRealmEvent(authorizationRealm, event); } }
@Override void fail(final boolean requireInProgress) { final SecurityIdentity capturedIdentity = getSourceIdentity(); final AtomicReference<State> stateRef = getStateRef(); if (! stateRef.compareAndSet(this, FAILED)) { stateRef.get().fail(requireInProgress); return; } SecurityRealm.safeHandleRealmEvent(getRealmInfo().getSecurityRealm(), new RealmFailedAuthenticationEvent(realmIdentity, null, null)); SecurityDomain.safeHandleSecurityEvent(capturedIdentity.getSecurityDomain(), new SecurityAuthenticationFailedEvent(capturedIdentity, realmIdentity.getRealmIdentityPrincipal())); realmIdentity.dispose(); }
/** * Safely pass an event to a security realm, absorbing and logging any exception that occurs. * * @param realm the security realm to notify (not {@code null}) * @param event the event to send (not {@code null}) */ static void safeHandleRealmEvent(SecurityRealm realm, RealmEvent event) { Assert.checkNotNullParam("realm", realm); Assert.checkNotNullParam("event", event); try { realm.handleRealmEvent(event); } catch (Throwable t) { ElytronMessages.log.eventHandlerFailed(t); } }
@Override void fail(final boolean requireInProgress) { final SecurityIdentity authorizedIdentity = getSourceIdentity(); final AtomicReference<State> stateRef = getStateRef(); if (! stateRef.compareAndSet(this, FAILED)) { stateRef.get().fail(requireInProgress); return; } SecurityRealm.safeHandleRealmEvent(getRealmInfo().getSecurityRealm(), new RealmFailedAuthenticationEvent(realmIdentity, null, null)); SecurityDomain.safeHandleSecurityEvent(authorizedIdentity.getSecurityDomain(), new SecurityAuthenticationFailedEvent(authorizedIdentity, realmIdentity.getRealmIdentityPrincipal())); realmIdentity.dispose(); }
public void handleRealmEvent(final RealmEvent event) { if (event instanceof RealmAuthenticationEvent) { authenticationRealm.handleRealmEvent(event); } else if (event instanceof RealmAuthorizationEvent) { authorizationRealm.handleRealmEvent(event); } else { // use safe wrapper to ensure both are called SecurityRealm.safeHandleRealmEvent(authenticationRealm, event); SecurityRealm.safeHandleRealmEvent(authorizationRealm, event); } }
/** * Safely pass an event to a security realm, absorbing and logging any exception that occurs. * * @param realm the security realm to notify (not {@code null}) * @param event the event to send (not {@code null}) */ static void safeHandleRealmEvent(SecurityRealm realm, RealmEvent event) { Assert.checkNotNullParam("realm", realm); Assert.checkNotNullParam("event", event); try { realm.handleRealmEvent(event); } catch (Throwable t) { ElytronMessages.log.eventHandlerFailed(t); } }
public RealmIdentity getRealmIdentity(final Principal principal) throws RealmUnavailableException { boolean ok = false; final RealmIdentity authenticationIdentity = authenticationRealm.getRealmIdentity(principal); try { final RealmIdentity authorizationIdentity = authorizationRealm.getRealmIdentity(principal); try { final Identity identity = new Identity(authenticationIdentity, authorizationIdentity); ok = true; return identity; } finally { if (! ok) authorizationIdentity.dispose(); } } finally { if (! ok) authenticationIdentity.dispose(); } }
@Override public SupportLevel getCredentialAcquireSupport(final Class<? extends Credential> credentialType, final String algorithmName, final AlgorithmParameterSpec parameterSpec) throws RealmUnavailableException { return authenticationRealm.getCredentialAcquireSupport(credentialType, algorithmName, parameterSpec); }
@Override void succeed() { final SecurityIdentity authorizedIdentity = getSourceIdentity(); final AtomicReference<State> stateRef = getStateRef(); if (! stateRef.compareAndSet(this, new CompleteState(authorizedIdentity))) { stateRef.get().succeed(); return; } SecurityRealm.safeHandleRealmEvent(getRealmInfo().getSecurityRealm(), new RealmSuccessfulAuthenticationEvent(realmIdentity, authorizedIdentity.getAuthorizationIdentity(), null, null)); SecurityDomain.safeHandleSecurityEvent(authorizedIdentity.getSecurityDomain(), new SecurityAuthenticationSuccessfulEvent(authorizedIdentity)); realmIdentity.dispose(); }
public void handleRealmEvent(final RealmEvent event) { if (event instanceof RealmAuthenticationEvent) { authenticationRealm.handleRealmEvent(event); } else if (event instanceof RealmAuthorizationEvent) { authorizationRealm.handleRealmEvent(event); } else { // use safe wrapper to ensure both are called SecurityRealm.safeHandleRealmEvent(authenticationRealm, event); SecurityRealm.safeHandleRealmEvent(authorizationRealm, event); } }
/** * Determine whether a given type of evidence is definitely verifiable, possibly verifiable (for some identities), * or definitely not verifiable. * * Evidence is {@link SupportLevel#SUPPORTED}, if it is supported by all realms of the domain. * Evidence is {@link SupportLevel#POSSIBLY_SUPPORTED} if it is supported or possibly supported by at least one realm of the domain. * Otherwise it is {@link SupportLevel#UNSUPPORTED}. * * @param evidenceType the type of evidence to be verified (must not be {@code null}) * @param algorithmName the algorithm name, or {@code null} if any algorithm is acceptable or the evidence type does * not support algorithm names * @return the level of support for this evidence type */ public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> evidenceType, String algorithmName) { return getSupportLevel(r -> { try { return r.getEvidenceVerifySupport(evidenceType, algorithmName); } catch (RealmUnavailableException e) { log.trace("Failed to obtain evidence verify support from realm", e); return null; } }); }
/** * Safely pass an event to a security realm, absorbing and logging any exception that occurs. * * @param realm the security realm to notify (not {@code null}) * @param event the event to send (not {@code null}) */ static void safeHandleRealmEvent(SecurityRealm realm, RealmEvent event) { Assert.checkNotNullParam("realm", realm); Assert.checkNotNullParam("event", event); try { realm.handleRealmEvent(event); } catch (Throwable t) { ElytronMessages.log.eventHandlerFailed(t); } }
public RealmIdentity getRealmIdentity(final Evidence evidence) throws RealmUnavailableException { boolean ok = false; final RealmIdentity authenticationIdentity = authenticationRealm.getRealmIdentity(evidence); try { final RealmIdentity authorizationIdentity = authorizationRealm.getRealmIdentity(evidence); try { final Identity identity = new Identity(authenticationIdentity, authorizationIdentity); ok = true; return identity; } finally { if (! ok) authorizationIdentity.dispose(); } } finally { if (! ok) authenticationIdentity.dispose(); } }
/** * Determine whether a credential of the given type and algorithm is definitely obtainable, possibly obtainable (for * some identities), or definitely not obtainable. * * Credential is {@link SupportLevel#SUPPORTED}, if it is supported by all realms of the domain. * Credential is {@link SupportLevel#POSSIBLY_SUPPORTED} if it is supported or possibly supported by at least one realm of the domain. * Otherwise it is {@link SupportLevel#UNSUPPORTED}. * * @param credentialType the exact credential type (must not be {@code null}) * @param algorithmName the algorithm name, or {@code null} if any algorithm is acceptable or the credential type does * not support algorithm names * @param parameterSpec the algorithm parameters to match, or {@code null} if any parameters are acceptable or the credential type * does not support algorithm parameters * @return the level of support for this credential */ public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec) { return getSupportLevel(r -> { try { return r.getCredentialAcquireSupport(credentialType, algorithmName, parameterSpec); } catch (RealmUnavailableException e) { log.trace("Failed to obtain credential acquire support from realm", e); return null; } }); }
SecurityRealm.safeHandleRealmEvent(realmInfo.getSecurityRealm(), new RealmIdentityFailedAuthorizationEvent(authorizedIdentity.getAuthorizationIdentity(), authorizedIdentity.getPrincipal(), authenticationPrincipal)); ElytronMessages.log.trace("Authorization failed - identity does not have required LoginPermission"); return null; } else { SecurityRealm.safeHandleRealmEvent(realmInfo.getSecurityRealm(), new RealmIdentitySuccessfulAuthorizationEvent(authorizedIdentity.getAuthorizationIdentity(), authorizedIdentity.getPrincipal(), authenticationPrincipal));
public void handleRealmEvent(final RealmEvent event) { if (event instanceof RealmAuthenticationEvent) { authenticationRealm.handleRealmEvent(event); } else if (event instanceof RealmAuthorizationEvent) { authorizationRealm.handleRealmEvent(event); } else { // use safe wrapper to ensure both are called SecurityRealm.safeHandleRealmEvent(authenticationRealm, event); SecurityRealm.safeHandleRealmEvent(authorizationRealm, event); } }
@Override public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> evidenceType, String algorithmName) throws RealmUnavailableException { return wrapped.getEvidenceVerifySupport(evidenceType, algorithmName); }