Example 6 with UsernamePasswordCredentials
use of com.hazelcast.security.UsernamePasswordCredentials in project hazelcast by hazelcast.
the class HttpCommandProcessor method authenticate.
/**
* Checks if the request is valid. If Hazelcast Security is not enabled,
* then only the given user name is compared to cluster name in node
* configuration. Otherwise member JAAS authentication (member login module
* stack) is used to authenticate the command.
*
* @param command the HTTP request
* @param userName URL-encoded username
* @param pass URL-encoded password
* @return if the request has been successfully authenticated
* @throws UnsupportedEncodingException If character encoding needs to be consulted, but named character encoding
* is not supported
*/
private boolean authenticate(@Nonnull HttpPostCommand command, @Nullable String userName, @Nullable String pass) throws UnsupportedEncodingException {
String decodedName = userName != null ? URLDecoder.decode(userName, "UTF-8") : null;
SecurityContext securityContext = getNode().getNodeExtension().getSecurityContext();
String clusterName = getNode().getConfig().getClusterName();
if (securityContext == null) {
if (pass != null && !pass.isEmpty()) {
logger.fine("Password was provided but the Hazelcast Security is disabled.");
}
return clusterName.equals(decodedName);
}
String decodedPass = pass != null ? URLDecoder.decode(pass, "UTF-8") : null;
UsernamePasswordCredentials credentials = new UsernamePasswordCredentials(decodedName, decodedPass);
Boolean passed = Boolean.FALSE;
try {
// we don't have an argument for clusterName in HTTP request, so let's reuse the "username" here
LoginContext lc = securityContext.createMemberLoginContext(decodedName, credentials, command.getConnection());
lc.login();
passed = Boolean.TRUE;
} catch (LoginException e) {
return false;
} finally {
textCommandService.getNode().getNodeExtension().getAuditlogService().eventBuilder(AuditlogTypeIds.AUTHENTICATION_REST).message("REST connection authentication.").addParameter("user", userName).addParameter("command", command).addParameter("passed", passed).log();
}
return true;
}
Also used :
LoginContext(javax.security.auth.login.LoginContext)
SecurityContext(com.hazelcast.security.SecurityContext)
LoginException(javax.security.auth.login.LoginException)
StringUtil.bytesToString(com.hazelcast.internal.util.StringUtil.bytesToString)
UsernamePasswordCredentials(com.hazelcast.security.UsernamePasswordCredentials)
Aggregations
UsernamePasswordCredentials (com.hazelcast.security.UsernamePasswordCredentials)6
ClientConfig (com.hazelcast.client.config.ClientConfig)1
ClientNetworkConfig (com.hazelcast.client.config.ClientNetworkConfig)1
ClientSecurityConfig (com.hazelcast.client.config.ClientSecurityConfig)1
SocketOptions (com.hazelcast.client.config.SocketOptions)1
AddressProvider (com.hazelcast.client.impl.connection.AddressProvider)1
AuthenticationStatus (com.hazelcast.client.impl.protocol.AuthenticationStatus)1
ClientMessage (com.hazelcast.client.impl.protocol.ClientMessage)1
ClientAuthenticationCodec (com.hazelcast.client.impl.protocol.codec.ClientAuthenticationCodec)1
DefaultAddressProvider (com.hazelcast.client.impl.spi.impl.DefaultAddressProvider)1
RemoteAddressProvider (com.hazelcast.client.impl.spi.impl.discovery.RemoteAddressProvider)1
GroupConfig (com.hazelcast.config.GroupConfig)1
SSLConfig (com.hazelcast.config.SSLConfig)1
StaticCredentialsFactory (com.hazelcast.config.security.StaticCredentialsFactory)1
StringUtil.bytesToString (com.hazelcast.internal.util.StringUtil.bytesToString)1
ILogger (com.hazelcast.logging.ILogger)1
SocketInterceptor (com.hazelcast.nio.SocketInterceptor)1
Data (com.hazelcast.nio.serialization.Data)1
Credentials (com.hazelcast.security.Credentials)1
ICredentialsFactory (com.hazelcast.security.ICredentialsFactory)1
