Search in sources :

Example 6 with UsernamePasswordCredentials

use of com.hazelcast.security.UsernamePasswordCredentials in project hazelcast by hazelcast.

the class HttpCommandProcessor method authenticate.

/**
 * Checks if the request is valid. If Hazelcast Security is not enabled,
 * then only the given user name is compared to cluster name in node
 * configuration. Otherwise member JAAS authentication (member login module
 * stack) is used to authenticate the command.
 *
 * @param command  the HTTP request
 * @param userName URL-encoded username
 * @param pass     URL-encoded password
 * @return if the request has been successfully authenticated
 * @throws UnsupportedEncodingException If character encoding needs to be consulted, but named character encoding
 *                                      is not supported
 */
private boolean authenticate(@Nonnull HttpPostCommand command, @Nullable String userName, @Nullable String pass) throws UnsupportedEncodingException {
    String decodedName = userName != null ? URLDecoder.decode(userName, "UTF-8") : null;
    SecurityContext securityContext = getNode().getNodeExtension().getSecurityContext();
    String clusterName = getNode().getConfig().getClusterName();
    if (securityContext == null) {
        if (pass != null && !pass.isEmpty()) {
            logger.fine("Password was provided but the Hazelcast Security is disabled.");
        }
        return clusterName.equals(decodedName);
    }
    String decodedPass = pass != null ? URLDecoder.decode(pass, "UTF-8") : null;
    UsernamePasswordCredentials credentials = new UsernamePasswordCredentials(decodedName, decodedPass);
    Boolean passed = Boolean.FALSE;
    try {
        // we don't have an argument for clusterName in HTTP request, so let's reuse the "username" here
        LoginContext lc = securityContext.createMemberLoginContext(decodedName, credentials, command.getConnection());
        lc.login();
        passed = Boolean.TRUE;
    } catch (LoginException e) {
        return false;
    } finally {
        textCommandService.getNode().getNodeExtension().getAuditlogService().eventBuilder(AuditlogTypeIds.AUTHENTICATION_REST).message("REST connection authentication.").addParameter("user", userName).addParameter("command", command).addParameter("passed", passed).log();
    }
    return true;
}
Also used : LoginContext(javax.security.auth.login.LoginContext) SecurityContext(com.hazelcast.security.SecurityContext) LoginException(javax.security.auth.login.LoginException) StringUtil.bytesToString(com.hazelcast.internal.util.StringUtil.bytesToString) UsernamePasswordCredentials(com.hazelcast.security.UsernamePasswordCredentials)

Aggregations

UsernamePasswordCredentials (com.hazelcast.security.UsernamePasswordCredentials)6 ClientConfig (com.hazelcast.client.config.ClientConfig)1 ClientNetworkConfig (com.hazelcast.client.config.ClientNetworkConfig)1 ClientSecurityConfig (com.hazelcast.client.config.ClientSecurityConfig)1 SocketOptions (com.hazelcast.client.config.SocketOptions)1 AddressProvider (com.hazelcast.client.impl.connection.AddressProvider)1 AuthenticationStatus (com.hazelcast.client.impl.protocol.AuthenticationStatus)1 ClientMessage (com.hazelcast.client.impl.protocol.ClientMessage)1 ClientAuthenticationCodec (com.hazelcast.client.impl.protocol.codec.ClientAuthenticationCodec)1 DefaultAddressProvider (com.hazelcast.client.impl.spi.impl.DefaultAddressProvider)1 RemoteAddressProvider (com.hazelcast.client.impl.spi.impl.discovery.RemoteAddressProvider)1 GroupConfig (com.hazelcast.config.GroupConfig)1 SSLConfig (com.hazelcast.config.SSLConfig)1 StaticCredentialsFactory (com.hazelcast.config.security.StaticCredentialsFactory)1 StringUtil.bytesToString (com.hazelcast.internal.util.StringUtil.bytesToString)1 ILogger (com.hazelcast.logging.ILogger)1 SocketInterceptor (com.hazelcast.nio.SocketInterceptor)1 Data (com.hazelcast.nio.serialization.Data)1 Credentials (com.hazelcast.security.Credentials)1 ICredentialsFactory (com.hazelcast.security.ICredentialsFactory)1