@Override public SecurityContext createSecurityContext(final HttpServerExchange exchange, final AuthenticationMode mode, final IdentityManager identityManager, final String programmaticMechName) { SecurityContextImpl securityContext = SecurityActions.createSecurityContextImpl(exchange, mode, identityManager); if (programmaticMechName != null) securityContext.setProgramaticMechName(programmaticMechName); return securityContext; } }
@Override public SecurityContextImpl run() { return new SecurityContextImpl(exchange, authenticationMode, identityManager); } });
@Override public void registerNotificationReceiver(NotificationReceiver receiver) { if(notificationReceivers == null) { notificationReceivers = new Node<>(receiver); } else { Node<NotificationReceiver> cur = notificationReceivers; while (cur.next != null) { cur = cur.next; } cur.next = new Node<>(receiver); } }
public DigestAuthenticationMechanism(final String realmName, final String domain, final String mechanismName, final IdentityManager identityManager) { this(Collections.singletonList(DigestAlgorithm.MD5), Collections.singletonList(DigestQop.AUTH), realmName, domain, new SimpleNonceManager(), DEFAULT_NAME, identityManager); }
@Override public void logout() { Account authenticatedAccount = getAuthenticatedAccount(); if(authenticatedAccount != null) { UndertowLogger.SECURITY_LOGGER.debugf("Logging out user %s for %s", authenticatedAccount.getPrincipal().getName(), exchange); } else { UndertowLogger.SECURITY_LOGGER.debugf("Logout called with no authenticated user in exchange %s", exchange); } super.logout(); this.authenticationState = AuthenticationState.NOT_ATTEMPTED; }
@Override public AuthenticationMechanism create(String mechanismName,IdentityManager identityManager, FormParserFactory formParserFactory, Map<String, String> properties) { return new DigestAuthenticationMechanism(properties.get(REALM), properties.get(CONTEXT_PATH), mechanismName, identityManager); } }
/** * <p> * Overrides the parent method to return the cached authenticated account (that is, the account that was set in the * session as a result of a SAM setting the {@code javax.servlet.http.registerSession} property) when the regular * account is null. This allows a SAM to retrieve the cached account principal by calling {@code getUserPrincipal()} * on {@code HttpServletRequest}. * </p> * * @return the authenticated account (or cached account when it is null). */ @Override public Account getAuthenticatedAccount() { Account account = super.getAuthenticatedAccount(); if (account == null) account = this.cachedAuthenticatedAccount; return account; }
@Override public String getQop() { return context.getQop().getToken(); }
@Override public AuthenticationMechanism create(String mechanismName,IdentityManager identityManager, FormParserFactory formParserFactory, Map<String, String> properties) { return new ExternalAuthenticationMechanism(mechanismName, identityManager); } }
@Override public boolean verifyHA1(byte[] ha1) { context.setHa1(ha1); // Cache for subsequent use. return validateRequest(context, ha1); }
@Override public void authenticationComplete(Account account, String mechanism, final boolean cachingRequired) { authenticationComplete(account, mechanism, false, cachingRequired); }
protected Integer servePage(final HttpServerExchange exchange, final String location) { sendRedirect(exchange, location); return StatusCodes.TEMPORARY_REDIRECT; }
@Override public DigestAlgorithm getAlgorithm() { return context.getAlgorithm(); }
@Override public void addAuthenticationMechanism(final AuthenticationMechanism handler) { // TODO - Do we want to change this so we can ensure the mechanisms are not modifiable mid request? if(authMechanisms == null) { authMechanisms = new Node<>(handler); } else { Node<AuthenticationMechanism> cur = authMechanisms; while (cur.next != null) { cur = cur.next; } cur.next = new Node<>(handler); } }
private String createNewNonceString() { return createNewNonce(null).nonce; }
private AuthenticationState attemptAuthentication() { return new AuthAttempter(authMechanisms,exchange).transition(); }
private boolean authTransitionRequired() { switch (authenticationState) { case NOT_ATTEMPTED: // There has been no attempt to authenticate the current request so do so either if required or if we are set to // be pro-active. return isAuthenticationRequired() || authenticationMode == AuthenticationMode.PRO_ACTIVE; case ATTEMPTED: // To be ATTEMPTED we know it was not AUTHENTICATED so if it is required we need to transition to send the // challenges. return isAuthenticationRequired(); default: // At this point the state would either be AUTHENTICATED or CHALLENGE_SENT - either of which mean no further // transitions applicable for this request. return false; } }
@Override public AuthenticationMechanismOutcome authenticate(HttpServerExchange exchange, SecurityContext securityContext) { AuthenticatedSessionManager sessionManager = exchange.getAttachment(AuthenticatedSessionManager.ATTACHMENT_KEY); if (sessionManager != null) { return runCached(exchange, securityContext, sessionManager); } else { return AuthenticationMechanismOutcome.NOT_ATTEMPTED; } }
@Override public void handleNotification(SecurityNotification notification) { if (notification.getEventType() == SecurityNotification.EventType.LOGGED_OUT) { singleSignOnManager.removeSingleSignOn(sso); } } });
private AuthenticationState sendChallenges() { UndertowLogger.SECURITY_LOGGER.debugf("Sending authentication challenge for %s", exchange); return new ChallengeSender(authMechanisms, exchange).transition(); }