Examples with Account io.undertow.security.idm.Account used on opensource projects

Example 11 with Account

use of io.undertow.security.idm.Account in project undertow by undertow-io.

the class SingleSignOnAuthenticationMechanism method authenticate.

@Override
public AuthenticationMechanismOutcome authenticate(HttpServerExchange exchange, SecurityContext securityContext) {
    Cookie cookie = null;
    for (Cookie c : exchange.requestCookies()) {
        if (cookieName.equals(c.getName())) {
            cookie = c;
        }
    }
    if (cookie != null) {
        final String ssoId = cookie.getValue();
        log.tracef("Found SSO cookie %s", ssoId);
        try (SingleSignOn sso = this.singleSignOnManager.findSingleSignOn(ssoId)) {
            if (sso != null) {
                if (log.isTraceEnabled()) {
                    log.tracef("SSO session with ID: %s found.", ssoId);
                }
                Account verified = getIdentityManager(securityContext).verify(sso.getAccount());
                if (verified == null) {
                    if (log.isTraceEnabled()) {
                        log.tracef("Account not found. Returning 'not attempted' here.");
                    }
                    // we return not attempted here to allow other mechanisms to proceed as normal
                    return AuthenticationMechanismOutcome.NOT_ATTEMPTED;
                }
                final Session session = getSession(exchange);
                registerSessionIfRequired(sso, session);
                securityContext.authenticationComplete(verified, sso.getMechanismName(), false);
                securityContext.registerNotificationReceiver(new NotificationReceiver() {

                    @Override
                    public void handleNotification(SecurityNotification notification) {
                        if (notification.getEventType() == SecurityNotification.EventType.LOGGED_OUT) {
                            singleSignOnManager.removeSingleSignOn(sso);
                        }
                    }
                });
                log.tracef("Authenticated account %s using SSO", verified.getPrincipal().getName());
                return AuthenticationMechanismOutcome.AUTHENTICATED;
            }
        }
        clearSsoCookie(exchange);
    }
    exchange.addResponseWrapper(responseListener);
    return AuthenticationMechanismOutcome.NOT_ATTEMPTED;
}

Example 12 with Account

use of io.undertow.security.idm.Account in project undertow by undertow-io.

the class SecurityContextImpl method logout.

@Override
public void logout() {
    Account authenticatedAccount = getAuthenticatedAccount();
    if (authenticatedAccount != null) {
        UndertowLogger.SECURITY_LOGGER.debugf("Logging out user %s for %s", authenticatedAccount.getPrincipal().getName(), exchange);
    } else {
        UndertowLogger.SECURITY_LOGGER.debugf("Logout called with no authenticated user in exchange %s", exchange);
    }
    super.logout();
    this.authenticationState = AuthenticationState.NOT_ATTEMPTED;
}

Example 13 with Account

use of io.undertow.security.idm.Account in project undertow by undertow-io.

the class SecurityContextImpl method login.

@Override
public boolean login(final String username, final String password) {
    UndertowLogger.SECURITY_LOGGER.debugf("Attempting programatic login for user %s for request %s", username, exchange);
    final Account account;
    if (System.getSecurityManager() == null) {
        account = identityManager.verify(username, new PasswordCredential(password.toCharArray()));
    } else {
        account = AccessController.doPrivileged(new PrivilegedAction<Account>() {

            @Override
            public Account run() {
                return identityManager.verify(username, new PasswordCredential(password.toCharArray()));
            }
        });
    }
    if (account == null) {
        return false;
    }
    authenticationComplete(account, programaticMechName, true);
    this.authenticationState = AuthenticationState.AUTHENTICATED;
    return true;
}

Example 14 with Account

use of io.undertow.security.idm.Account in project undertow by undertow-io.

the class HttpServletRequestImpl method isUserInRole.

@Override
public boolean isUserInRole(final String role) {
    if (role == null) {
        return false;
    }
    // according to the servlet spec this aways returns false
    if (role.equals("*")) {
        return false;
    }
    SecurityContext sc = exchange.getSecurityContext();
    Account account = sc != null ? sc.getAuthenticatedAccount() : null;
    if (account == null) {
        return false;
    }
    ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
    if (role.equals("**")) {
        Set<String> roles = servletRequestContext.getDeployment().getDeploymentInfo().getSecurityRoles();
        if (!roles.contains("**")) {
            return true;
        }
    }
    final ServletChain servlet = servletRequestContext.getCurrentServlet();
    final Deployment deployment = servletContext.getDeployment();
    final AuthorizationManager authorizationManager = deployment.getDeploymentInfo().getAuthorizationManager();
    return authorizationManager.isUserInRole(role, account, servlet.getManagedServlet().getServletInfo(), this, deployment);
}

Example 15 with Account

use of io.undertow.security.idm.Account in project undertow by undertow-io.

the class HttpServletRequestImpl method getUserPrincipal.

@Override
public Principal getUserPrincipal() {
    SecurityContext securityContext = exchange.getSecurityContext();
    Principal result = null;
    Account account = null;
    if (securityContext != null && (account = securityContext.getAuthenticatedAccount()) != null) {
        result = account.getPrincipal();
    }
    return result;
}