Search in sources :

Example 26 with Account

use of io.undertow.security.idm.Account in project undertow by undertow-io.

the class AsyncWebSocketHttpServerExchange method isUserInRole.

@Override
public boolean isUserInRole(String role) {
    SecurityContext sc = exchange.getSecurityContext();
    if (sc == null) {
        return false;
    }
    Account authenticatedAccount = sc.getAuthenticatedAccount();
    if (authenticatedAccount == null) {
        return false;
    }
    return authenticatedAccount.getRoles().contains(role);
}
Also used : Account(io.undertow.security.idm.Account) SecurityContext(io.undertow.security.api.SecurityContext)

Example 27 with Account

use of io.undertow.security.idm.Account in project openremote by openremote.

the class SimpleKeycloakServletExtension method handleDeployment.

@Override
@SuppressWarnings("UseSpecificCatch")
public void handleDeployment(DeploymentInfo deploymentInfo, ServletContext servletContext) {
    servletContext.setAttribute(AdapterDeploymentContext.class.getName(), deploymentContext);
    UndertowUserSessionManagement userSessionManagement = new UndertowUserSessionManagement();
    final NodesRegistrationManagement nodesRegistrationManagement = new NodesRegistrationManagement();
    final ServletKeycloakAuthMech mech = createAuthenticationMechanism(deploymentInfo, deploymentContext, userSessionManagement, nodesRegistrationManagement);
    UndertowAuthenticatedActionsHandler.Wrapper actions = new UndertowAuthenticatedActionsHandler.Wrapper(deploymentContext);
    // setup handlers
    deploymentInfo.addOuterHandlerChainWrapper(new ServletPreAuthActionsHandler.Wrapper(deploymentContext, userSessionManagement));
    deploymentInfo.addAuthenticationMechanism(AUTH_MECHANISM, new AuthenticationMechanismFactory() {

        @Override
        public AuthenticationMechanism create(String s, IdentityManager identityManager, FormParserFactory formParserFactory, Map<String, String> stringStringMap) {
            return mech;
        }
    });
    // authentication
    // handles authenticated actions and cors.
    deploymentInfo.addInnerHandlerChainWrapper(actions);
    deploymentInfo.setIdentityManager(new IdentityManager() {

        @Override
        public Account verify(Account account) {
            return account;
        }

        @Override
        public Account verify(String id, Credential credential) {
            throw new IllegalStateException("Should never be called in Keycloak flow");
        }

        @Override
        public Account verify(Credential credential) {
            throw new IllegalStateException("Should never be called in Keycloak flow");
        }
    });
    ServletSessionConfig cookieConfig = deploymentInfo.getServletSessionConfig();
    if (cookieConfig == null) {
        cookieConfig = new ServletSessionConfig();
    }
    if (cookieConfig.getPath() == null) {
        log.debug("Setting jsession cookie path to: " + deploymentInfo.getContextPath());
        cookieConfig.setPath(deploymentInfo.getContextPath());
        deploymentInfo.setServletSessionConfig(cookieConfig);
    }
    ChangeSessionId.turnOffChangeSessionIdOnLogin(deploymentInfo);
    deploymentInfo.addListener(new ListenerInfo(UndertowNodesRegistrationManagementWrapper.class, (InstanceFactory<UndertowNodesRegistrationManagementWrapper>) () -> {
        UndertowNodesRegistrationManagementWrapper listener = new UndertowNodesRegistrationManagementWrapper(nodesRegistrationManagement);
        return new ImmediateInstanceHandle<>(listener);
    }));
}
Also used : Account(io.undertow.security.idm.Account) IdentityManager(io.undertow.security.idm.IdentityManager) Credential(io.undertow.security.idm.Credential) NodesRegistrationManagement(org.keycloak.adapters.NodesRegistrationManagement) AuthenticationMechanism(io.undertow.security.api.AuthenticationMechanism) AdapterDeploymentContext(org.keycloak.adapters.AdapterDeploymentContext) FormParserFactory(io.undertow.server.handlers.form.FormParserFactory) ImmediateInstanceHandle(io.undertow.servlet.util.ImmediateInstanceHandle) AuthenticationMechanismFactory(io.undertow.security.api.AuthenticationMechanismFactory)

Example 28 with Account

use of io.undertow.security.idm.Account in project openremote by openremote.

the class BasicIdentityProvider method secureDeployment.

@Override
public void secureDeployment(DeploymentInfo deploymentInfo) {
    LoginConfig loginConfig = new LoginConfig("OpenRemote");
    // Make it silent to prevent 401 WWW-Authenticate modal dialog
    deploymentInfo.addAuthenticationMechanism("BASIC-FIX", BasicFixAuthenticationMechanism.FACTORY);
    loginConfig.addFirstAuthMethod(new AuthMethodConfig("BASIC-FIX", Collections.singletonMap("silent", "true")));
    deploymentInfo.setLoginConfig(loginConfig);
    deploymentInfo.setIdentityManager(new IdentityManager() {

        @Override
        public Account verify(Account account) {
            return null;
        }

        @Override
        public Account verify(String id, Credential credential) {
            if (credential instanceof PasswordCredential) {
                PasswordCredential passwordCredential = (PasswordCredential) credential;
                return verifyAccount(id, passwordCredential.getPassword());
            } else {
                LOG.fine("Verification of '" + id + "' failed, no password credentials found, but: " + credential);
                return null;
            }
        }

        @Override
        public Account verify(Credential credential) {
            return null;
        }
    });
}
Also used : Account(io.undertow.security.idm.Account) IdentityManager(io.undertow.security.idm.IdentityManager) Credential(io.undertow.security.idm.Credential) PasswordCredential(io.undertow.security.idm.PasswordCredential) AuthMethodConfig(io.undertow.servlet.api.AuthMethodConfig) LoginConfig(io.undertow.servlet.api.LoginConfig) PasswordCredential(io.undertow.security.idm.PasswordCredential)

Aggregations

Account (io.undertow.security.idm.Account)28 IdentityManager (io.undertow.security.idm.IdentityManager)8 AuthenticatedSession (io.undertow.security.api.AuthenticatedSessionManager.AuthenticatedSession)6 Test (org.junit.Test)6 PasswordCredential (io.undertow.security.idm.PasswordCredential)5 HashMap (java.util.HashMap)5 BatchContext (org.wildfly.clustering.ee.BatchContext)5 SecurityContext (io.undertow.security.api.SecurityContext)4 ServletRequestContext (io.undertow.servlet.handlers.ServletRequestContext)4 CachedAuthenticatedSessionHandler (io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler)4 Map (java.util.Map)4 Batch (org.wildfly.clustering.ee.Batch)4 Credential (io.undertow.security.idm.Credential)3 IOException (java.io.IOException)3 AuthenticatedSessionManager (io.undertow.security.api.AuthenticatedSessionManager)2 DigestAlgorithm (io.undertow.security.idm.DigestAlgorithm)2 Session (io.undertow.server.session.Session)2 HttpString (io.undertow.util.HttpString)2 ByteBuffer (java.nio.ByteBuffer)2 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2