use of com.hazelcast.security.UsernamePasswordCredentials in project hazelcast by hazelcast.
the class HttpCommandProcessor method authenticate.
/**
* Checks if the request is valid. If Hazelcast Security is not enabled,
* then only the given user name is compared to cluster name in node
* configuration. Otherwise member JAAS authentication (member login module
* stack) is used to authenticate the command.
*
* @param command the HTTP request
* @param userName URL-encoded username
* @param pass URL-encoded password
* @return if the request has been successfully authenticated
* @throws UnsupportedEncodingException If character encoding needs to be consulted, but named character encoding
* is not supported
*/
private boolean authenticate(@Nonnull HttpPostCommand command, @Nullable String userName, @Nullable String pass) throws UnsupportedEncodingException {
String decodedName = userName != null ? URLDecoder.decode(userName, "UTF-8") : null;
SecurityContext securityContext = getNode().getNodeExtension().getSecurityContext();
String clusterName = getNode().getConfig().getClusterName();
if (securityContext == null) {
if (pass != null && !pass.isEmpty()) {
logger.fine("Password was provided but the Hazelcast Security is disabled.");
}
return clusterName.equals(decodedName);
}
String decodedPass = pass != null ? URLDecoder.decode(pass, "UTF-8") : null;
UsernamePasswordCredentials credentials = new UsernamePasswordCredentials(decodedName, decodedPass);
Boolean passed = Boolean.FALSE;
try {
// we don't have an argument for clusterName in HTTP request, so let's reuse the "username" here
LoginContext lc = securityContext.createMemberLoginContext(decodedName, credentials, command.getConnection());
lc.login();
passed = Boolean.TRUE;
} catch (LoginException e) {
return false;
} finally {
textCommandService.getNode().getNodeExtension().getAuditlogService().eventBuilder(AuditlogTypeIds.AUTHENTICATION_REST).message("REST connection authentication.").addParameter("user", userName).addParameter("command", command).addParameter("passed", passed).log();
}
return true;
}
Aggregations