@Override protected boolean validateCredential(IdentityContext context, final CredentialStorage storage, final V credentials, S store) { EncodedPasswordStorage hash = (EncodedPasswordStorage) storage; if (hash != null) { String rawPassword = new String(credentials.getPassword().getValue()); return this.passwordEncoder.verify(saltPassword(rawPassword, hash.getSalt()), hash.getEncodedHash()); } return false; }
@Override protected boolean validateCredential(IdentityContext context, final CredentialStorage storage, final V credentials, S store) { EncodedPasswordStorage hash = (EncodedPasswordStorage) storage; if (hash != null) { String rawPassword = new String(credentials.getPassword().getValue()); return this.passwordEncoder.verify(saltPassword(rawPassword, hash.getSalt()), hash.getEncodedHash()); } return false; }
@Override protected boolean validateCredential(IdentityContext context, CredentialStorage credentialStorage, UsernamePasswordCredentials credentials, LDAPIdentityStore ldapIdentityStore) { Account account = getAccount(context, credentials.getUsername()); LDAPOperationManager operationManager = ldapIdentityStore.getOperationManager(); String bindingDN = ldapIdentityStore.getBindingDN(account); char[] password = credentials.getPassword().getValue(); if (operationManager.authenticate(bindingDN, new String(password))) { return true; } return false; }
@Override protected boolean validateCredential(IdentityContext context, CredentialStorage credentialStorage, UsernamePasswordCredentials credentials, LDAPIdentityStore ldapIdentityStore) { Account account = getAccount(context, credentials.getUsername()); LDAPOperationManager operationManager = ldapIdentityStore.getOperationManager(); String bindingDN = ldapIdentityStore.getBindingDN(account); char[] password = credentials.getPassword().getValue(); if (operationManager.authenticate(bindingDN, new String(password))) { return true; } return false; }
@Override public void validate(Credentials credentials, IdentityStore<?> identityStore) { checkIdentityStoreInstance(identityStore); if (!UsernamePasswordCredentials.class.isInstance(credentials)) { throw new IllegalArgumentException("Credentials class [" + credentials.getClass().getName() + "] not supported by this handler."); } UsernamePasswordCredentials usernamePassword = (UsernamePasswordCredentials) credentials; usernamePassword.setStatus(Status.INVALID); Agent agent = identityStore.getAgent(usernamePassword.getUsername()); // If the user for the provided username cannot be found we fail validation if (agent != null) { LDAPIdentityStore ldapIdentityStore = (LDAPIdentityStore) identityStore; LDAPUser ldapUser = (LDAPUser) ldapIdentityStore.getUser(agent.getId()); char[] password = usernamePassword.getPassword().getValue(); boolean isValid = ldapIdentityStore.getLdapManager().authenticate(ldapUser.getDN(), new String(password)); if (isValid) { usernamePassword.setStatus(Status.VALID); } } }
@Override public void validate(Credentials credentials, IdentityStore<?> identityStore) { CredentialStore store = validateCredentialStore(identityStore); if (!UsernamePasswordCredentials.class.isInstance(credentials)) { throw new IllegalArgumentException("Credentials class [" + credentials.getClass().getName() + "] not supported by this handler."); } UsernamePasswordCredentials usernamePassword = (UsernamePasswordCredentials) credentials; usernamePassword.setStatus(Status.INVALID); Agent agent = identityStore.getAgent(usernamePassword.getUsername()); // If the user for the provided username cannot be found we fail validation if (agent != null) { SHASaltedPasswordStorage hash = store.retrieveCurrentCredential(agent, SHASaltedPasswordStorage.class); // If the stored hash is null we automatically fail validation if (hash != null) { SHASaltedPasswordEncoder encoder = new SHASaltedPasswordEncoder(512); String encoded = encoder.encodePassword(hash.getSalt(), new String(usernamePassword.getPassword().getValue())); if (hash.getEncodedHash().equals(encoded)) { usernamePassword.setStatus(Status.VALID); usernamePassword.setValidatedAgent(agent); } } else if (isLastCredentialExpired(agent, store, SHASaltedPasswordStorage.class)) { usernamePassword.setStatus(Status.EXPIRED); } } }
@Override protected boolean validateCredential(IdentityContext context, CredentialStorage credentialStorage, UsernamePasswordCredentials credentials, LDAPIdentityStore ldapIdentityStore) { Account account = getAccount(context, credentials.getUsername()); char[] password = credentials.getPassword().getValue(); String userDN = (String) account.getAttribute(LDAPIdentityStore.ENTRY_DN_ATTRIBUTE_NAME).getValue(); if (CREDENTIAL_LOGGER.isDebugEnabled()) { CREDENTIAL_LOGGER.debugf("Using DN [%s] for authentication of user [%s]", userDN, credentials.getUsername()); } if (ldapIdentityStore.getOperationManager().authenticate(userDN, new String(password))) { return true; } return false; } }