public static String authenticatedUser(HttpServletRequest request, AuthorityList authorities) { Principal principal = authenticate(request, authorities); return principal.getFullName(); }
private static String authenticatingCredentials(HttpServletRequest request, Authority authority) { final String header = authority.getHeader(); if (header == null) { return null; } return header.startsWith("Cookie.") ? getCookieValue(request, header.substring(7)) : request.getHeader(header); }
void loadServicePrivateKey() { String pkeyFactoryClass = System.getProperty(AthenzConsts.ATHENZ_PROP_PRIVATE_KEY_STORE_FACTORY_CLASS, AthenzConsts.ATHENZ_PKEY_STORE_FACTORY_CLASS); PrivateKeyStoreFactory pkeyFactory; try { pkeyFactory = (PrivateKeyStoreFactory) Class.forName(pkeyFactoryClass).newInstance(); } catch (InstantiationException | IllegalAccessException | ClassNotFoundException e) { LOG.error("Invalid PrivateKeyStoreFactory class: " + pkeyFactoryClass + " error: " + e.getMessage()); throw new IllegalArgumentException("Invalid private key store"); } this.privateKeyStore = pkeyFactory.create(); }
Principal principal = null; StringBuilder errMsg = new StringBuilder(512); switch (authority.getCredSource()) { case HEADER: String creds = authenticatingCredentials(request, authority); if (creds != null) { principal = authority.authenticate(creds, ServletRequestUtil.getRemoteAddress(request), request.getMethod(), errMsg); X509Certificate[] certs = (X509Certificate[]) request.getAttribute(JAVAX_CERT_ATTR); if (certs != null && certs[0] != null) { principal = authority.authenticate(certs, errMsg); principal = authority.authenticate(request, errMsg); break;
public static Principal authorize(Authorizer authorizer, Principal principal, String action, String resource, String otherDomain) { if (action == null || resource == null) { throw new ResourceException(ResourceException.BAD_REQUEST, "Missing 'action' and/or 'resource' parameters"); } if (authorizer != null) { if (!authorizer.access(action, resource, principal, otherDomain)) { throw new ResourceException(ResourceException.FORBIDDEN, "Forbidden"); } } else { throw new ResourceException(ResourceException.INTERNAL_SERVER_ERROR, "No authorizer configured in service"); } return principal; } }
sslContextFactory.setKeyStorePassword(this.privateKeyStore.getApplicationSecret(keyStorePasswordAppName, keyStorePassword)); sslContextFactory.setKeyManagerPassword(this.privateKeyStore.getApplicationSecret(keyManagerPasswordAppName, keyManagerPassword)); sslContextFactory.setTrustStorePassword(this.privateKeyStore.getApplicationSecret(trustStorePasswordAppName, trustStorePassword));
public static String authorizedUser(HttpServletRequest request, AuthorityList authorities, Authorizer authorizer, String action, String resource, String otherDomain) { Principal principal = authenticate(request, authorities); authorize(authorizer, principal, action, resource, otherDomain); if (principal == null) { return null; } return principal.getFullName(); }