/** * Gets registered service jwt encryption secret. * * @param service the service * @return the registered service jwt secret */ private String getRegisteredServiceJwtEncryptionSecret(final RegisteredService service) { return getRegisteredServiceJwtSecret(service, TokenConstants.PROPERTY_NAME_TOKEN_SECRET_ENCRYPTION); }
/** * {@inheritDoc} **/ @Override public final HandlerResult authenticate(final Credential credential) throws GeneralSecurityException, PreventedException { if (!preAuthenticate(credential)) { throw new FailedLoginException(); } return postAuthenticate(credential, doAuthentication(credential)); }
@Override protected Authenticator getAuthenticator(final Credential credential) { final TokenCredential tokenCredential = (TokenCredential) credential; logger.debug("Locating token secret for service [{}]", tokenCredential.getService()); final RegisteredService service = this.servicesManager.findServiceBy(tokenCredential.getService()); final String signingSecret = getRegisteredServiceJwtSigningSecret(service); final String encryptionSecret = getRegisteredServiceJwtEncryptionSecret(service); if (StringUtils.isNotBlank(signingSecret)) { if (StringUtils.isBlank(encryptionSecret)) { logger.warn("JWT authentication is configured to share a single key for both signing/encryption"); return new JwtAuthenticator(signingSecret); } return new JwtAuthenticator(signingSecret, encryptionSecret); } logger.warn("No token signing secret is defined for service [{}]. Ensure [{}] property is defined for service", service.getServiceId(), TokenConstants.PROPERTY_NAME_TOKEN_SECRET_SIGNING); return null; }
final String password = getPasswordEncoder().encode(credential.getPassword()); final LoginContext lc = new LoginContext( this.realm, new UsernamePasswordCallbackHandler(username, password)); try { logger.debug("Attempting authentication for: {}", username); principal = this.principalFactory.createPrincipal(secPrincipal.getName()); return createHandlerResult(credential, principal, null);
@Override protected HandlerResult postAuthenticate(final Credential credential, final HandlerResult result) { final TokenCredential tokenCredential = (TokenCredential) credential; tokenCredential.setId(result.getPrincipal().getId()); return super.postAuthenticate(credential, result); }
/** * {@inheritDoc} **/ @Override protected final HandlerResult doAuthentication(final Credential credential) throws GeneralSecurityException, PreventedException { final UsernamePasswordCredential userPass = (UsernamePasswordCredential) credential; if (userPass.getUsername() == null) { throw new AccountNotFoundException("Username is null."); } final String transformedUsername= this.principalNameTransformer.transform(userPass.getUsername()); if (transformedUsername == null) { throw new AccountNotFoundException("Transformed username is null."); } userPass.setUsername(transformedUsername); return authenticateUsernamePasswordInternal(userPass); }
@Override protected Event doExecute(final RequestContext context) throws Exception { final HttpServletRequest request = WebUtils.getHttpServletRequest(context); final String authTokenValue = request.getParameter(TokenConstants.PARAMETER_NAME_TOKEN); final Service service = WebUtils.getService(context); if (StringUtils.isNotBlank(authTokenValue) && service != null) { try { final Credential credential = new TokenCredential(authTokenValue, service); LOGGER.debug("Received token authentication request {} ", credential); final AuthenticationContextBuilder builder = new DefaultAuthenticationContextBuilder( this.authenticationSystemSupport.getPrincipalElectionStrategy()); final AuthenticationTransaction transaction = AuthenticationTransaction.wrap(credential); this.authenticationSystemSupport.getAuthenticationTransactionManager().handle(transaction, builder); final AuthenticationContext authenticationContext = builder.build(service); final TicketGrantingTicket tgt = this.centralAuthenticationService.createTicketGrantingTicket(authenticationContext); WebUtils.putTicketGrantingTicketInScopes(context, tgt); return success(); } catch (final Exception e) { LOGGER.warn(e.getMessage(), e); } } return error(); }
(LdapPasswordPolicyConfiguration) super.getPasswordPolicyConfiguration(); if (ldapPasswordPolicyConfiguration != null) { logger.debug("Applying password policy to {}", response);
/** * Gets registered service jwt signing secret. * * @param service the service * @return the registered service jwt secret */ private String getRegisteredServiceJwtSigningSecret(final RegisteredService service) { return getRegisteredServiceJwtSecret(service, TokenConstants.PROPERTY_NAME_TOKEN_SECRET_SIGNING); }