/** * Returns a valid {@link CredentialValidationResult}. * <p> * If further validation is required this method should be overridden in a sub-class * or alternative {@link IdentityStore}. Calling {@link RememberMeCredential#getToken()} * on the credential passed in will get the authorisation token which can be used to get * more information about the user from the OAuth provider by sending a GET request to * an endpoint i.e. https://oauthprovider/user&token=exampletoken. * @param credential * @return */ public CredentialValidationResult validate(RememberMeCredential credential){ return new CredentialValidationResult(credential.toString()); }
@Override public String generateLoginToken(CallerPrincipal callerPrincipal, Set<String> groups) { String token = UUID.randomUUID().toString(); loginTokens.put(token, new CredentialValidationResult(callerPrincipal, groups)); return token; }
public CredentialValidationResult validate(UsernamePasswordCredential credential) { if (!(credential.getCaller().equals("test") && credential.getPassword().compareTo("pass"))) { return INVALID_RESULT; } return new CredentialValidationResult("test", new HashSet<>(asList("architect", "admin"))); }
@Override public CredentialValidationResult validate(Credential credential) { CredentialValidationResult result; if (credential instanceof UsernamePasswordCredential) { UsernamePasswordCredential usernamePassword = (UsernamePasswordCredential) credential; String expectedPW = callerToPassword.get(usernamePassword.getCaller()); if (expectedPW != null && expectedPW.equals(usernamePassword.getPasswordAsString())) { result = new CredentialValidationResult(usernamePassword.getCaller()); } else { result = INVALID_RESULT; } } else { result = NOT_VALIDATED_RESULT; } return result; }
public CredentialValidationResult validate(UsernamePasswordCredential usernamePasswordCredential) { Credentials credentials = callerToCredentials.get(usernamePasswordCredential.getCaller()); if (credentials != null && usernamePasswordCredential.getPassword().compareTo(credentials.password())) { return new CredentialValidationResult( new CallerPrincipal(credentials.callerName()), new HashSet<>(asList(credentials.groups())) ); } return INVALID_RESULT; }
public CredentialValidationResult validate(UsernamePasswordCredential usernamePasswordCredential) { Credentials credentials = callerToCredentials.get(usernamePasswordCredential.getCaller()); if (credentials != null && usernamePasswordCredential.getPassword().compareTo(credentials.password())) { return new CredentialValidationResult( new CallerPrincipal(credentials.callerName()), new HashSet<>(asList(credentials.groups())) ); } return INVALID_RESULT; }
@Override public CredentialValidationResult validate(Credential credential) { if (!(credential instanceof SignedJWTCredential)) { return NOT_VALIDATED_RESULT; } SignedJWTCredential signedJWTCredential = (SignedJWTCredential) credential; try { DecodedJWT decodedJWT = tokenService.validateToken(signedJWTCredential.getSignedJWT()); String principalName = decodedJWT.getClaim(AuthenticatorConstants.MP_JWT_USER_PRINCIPAL_CLAIM_NAME) .asString(); List<String> groupsNameList = decodedJWT.getClaim(AuthenticatorConstants.MP_JWT_GROUPS_CLAIM_NAME) .asList(String.class); Set<String> groupNames = new HashSet<>(groupsNameList); LOG.debug(MARKER, "JWT validated: {}", signedJWTCredential.getSignedJWT()); return new CredentialValidationResult(principalName, groupNames); } catch (Exception e) { LOG.info(MARKER, "JWT validation error", e); return INVALID_RESULT; } } }
private CredentialValidationResult validateCallerAndGetGroups(LdapContext searchContext, String callerDn, UsernamePasswordCredential usernamePasswordCredential) { if (callerDn == null) { return INVALID_RESULT; } LdapContext callerContext = createCallerLdapContext(callerDn, new String(usernamePasswordCredential.getPassword().getValue())); if (callerContext == null) { return INVALID_RESULT; // either bindDn or bindPassword was invalid } closeContext(callerContext); Set<String> groups = null; if (validationTypes().contains(ValidationType.PROVIDE_GROUPS)) { groups = retrieveGroupsForCallerDn(searchContext, callerDn); } return new CredentialValidationResult( null, // store id usernamePasswordCredential.getCaller(), callerDn, null, // caller unique id groups); }
public CredentialValidationResult validate(UsernamePasswordCredential usernamePasswordCredential) { DataSource dataSource = getDataSource(); List<String> passwords = executeQuery( dataSource, dataBaseIdentityStoreDefinition.callerQuery(), usernamePasswordCredential.getCaller() ); if (passwords.isEmpty()) { return INVALID_RESULT; } if (hashAlgorithm.verify(usernamePasswordCredential.getPassword().getValue(), passwords.get(0))) { Set<String> groups = emptySet(); if (validationTypes.contains(ValidationType.PROVIDE_GROUPS)) { groups = new HashSet<>(executeQuery(dataSource, dataBaseIdentityStoreDefinition.groupsQuery(), usernamePasswordCredential.getCaller())); } return new CredentialValidationResult(new CallerPrincipal(usernamePasswordCredential.getCaller()), groups); } return INVALID_RESULT; }
public CredentialValidationResult validate(UsernamePasswordCredential usernamePasswordCredential) { DataSource dataSource = getDataSource(); List<String> passwords = executeQuery( dataSource, dataBaseIdentityStoreDefinition.callerQuery(), usernamePasswordCredential.getCaller() ); if (passwords.isEmpty()) { return INVALID_RESULT; } if (hashAlgorithm.verify(usernamePasswordCredential.getPassword().getValue(), passwords.get(0))) { Set<String> groups = emptySet(); if (validationTypes.contains(ValidationType.PROVIDE_GROUPS)) { groups = new HashSet<>(executeQuery(dataSource, dataBaseIdentityStoreDefinition.groupsQuery(), usernamePasswordCredential.getCaller())); } return new CredentialValidationResult(new CallerPrincipal(usernamePasswordCredential.getCaller()), groups); } return INVALID_RESULT; }
private CredentialValidationResult validateCallerAndGetGroups(LdapContext searchContext, String callerDn, UsernamePasswordCredential usernamePasswordCredential) { if (callerDn == null) { return INVALID_RESULT; } LdapContext callerContext = createCallerLdapContext(callerDn, new String(usernamePasswordCredential.getPassword().getValue())); if (callerContext == null) { return INVALID_RESULT; // either bindDn or bindPassword was invalid } closeContext(callerContext); Set<String> groups = null; if (validationTypes().contains(ValidationType.PROVIDE_GROUPS)) { groups = retrieveGroupsForCallerDn(searchContext, callerDn); } return new CredentialValidationResult( null, // store id usernamePasswordCredential.getCaller(), callerDn, null, // caller unique id groups); }
return new CredentialValidationResult( validationResult.getIdentityStoreId(), validationResult.getCallerPrincipal(),
@Override public CredentialValidationResult validate(RememberMeCredential rememberMeCredential) { try { if (tokenProvider.validateToken(rememberMeCredential.getToken())) { JWTCredential credential = tokenProvider.getCredential(rememberMeCredential.getToken()); return new CredentialValidationResult(credential.getPrincipal(), credential.getAuthorities()); } // if token invalid, response with invalid result status return INVALID_RESULT; } catch (ExpiredJwtException eje) { LOGGER.log(Level.INFO, "Security exception for user {0} - {1}", new Object[]{eje.getClaims().getSubject(), eje.getMessage()}); return INVALID_RESULT; } }
return new CredentialValidationResult( validationResult.getIdentityStoreId(), validationResult.getCallerPrincipal(),