Examples with PasswordCredential io.undertow.security.idm.PasswordCredential used on opensource projects

Example 6 with PasswordCredential

use of io.undertow.security.idm.PasswordCredential in project sigla-main by consiglionazionaledellericerche.

the class WSSEAuthenticationMechanism method authenticate.

/**
 * @see io.undertow.server.HttpHandler#handleRequest(io.undertow.server.HttpServerExchange)
 */
@SuppressWarnings("unchecked")
@Override
public AuthenticationMechanismOutcome authenticate(HttpServerExchange exchange, SecurityContext securityContext) {
    try {
        if (!securityContext.isAuthenticationRequired() || !exchange.getRequestURI().endsWith("WS"))
            return AuthenticationMechanismOutcome.NOT_ATTEMPTED;
        final ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
        HttpServletRequestImpl req = servletRequestContext.getOriginalRequest();
        AuthenticationRequestWrapper authenticationRequestWrapper = new AuthenticationRequestWrapper(req);
        servletRequestContext.setServletRequest(authenticationRequestWrapper);
        if (!authenticationRequestWrapper.isRequestPresent())
            return AuthenticationMechanismOutcome.AUTHENTICATED;
        SOAPMessage message = MessageFactory.newInstance().createMessage(null, authenticationRequestWrapper.getInputStream());
        SOAPPart sp = message.getSOAPPart();
        SOAPEnvelope envelope = sp.getEnvelope();
        SOAPHeader header = envelope.getHeader();
        if (header != null) {
            Name sName;
            // variable for user name and password
            String userName = null;
            String password = null;
            // look for authentication header element inside the HEADER block
            Iterator<SOAPElement> childElems = header.getChildElements();
            SOAPElement child = extractUserNameInfo(childElems);
            // get an iterator on child elements of SOAP element
            Iterator<SOAPElement> childElemsUserNameToken = child.getChildElements();
            // loop through child elements
            while (childElemsUserNameToken.hasNext()) {
                // get next child element
                Object elem = childElemsUserNameToken.next();
                if (elem instanceof SOAPElement) {
                    child = (SOAPElement) elem;
                    // get the name of SOAP element
                    sName = child.getElementName();
                    // get the value of username element
                    if (USERNAME_STRING.equalsIgnoreCase(sName.getLocalName())) {
                        userName = child.getValue();
                    } else if (PASSWORD_STRING.equalsIgnoreCase(sName.getLocalName())) {
                        password = child.getValue();
                    }
                }
            }
            final AuthenticationMechanismOutcome result;
            IdentityManager idm = getIdentityManager(securityContext);
            if (password == null)
                return AuthenticationMechanismOutcome.NOT_ATTEMPTED;
            PasswordCredential credential = new PasswordCredential(password.toCharArray());
            Account account = idm.verify(userName, credential);
            if (account != null) {
                securityContext.authenticationComplete(account, name, false);
                result = AuthenticationMechanismOutcome.AUTHENTICATED;
            } else {
                securityContext.authenticationFailed(MESSAGES.authenticationFailed(userName), name);
                result = AuthenticationMechanismOutcome.NOT_AUTHENTICATED;
            }
            return result;
        }
    } catch (IOException | SOAPException e1) {
        return AuthenticationMechanismOutcome.NOT_AUTHENTICATED;
    }
    return AuthenticationMechanismOutcome.NOT_ATTEMPTED;
}

Example 7 with PasswordCredential

use of io.undertow.security.idm.PasswordCredential in project droolsjbpm-integration by kiegroup.

the class KieServerRouterCommandTest method testDefaultIdentityServiceFromMain.

@Test
public void testDefaultIdentityServiceFromMain() throws Exception {
    // add instance
    KieServerRouter.main(new String[] { "-" + KieServerRouter.CMD_ADD_USER, "mainId", "mainpw" });
    IdentityService service = router.getIdentityService();
    Assert.assertNotNull(service.verify("mainId", new PasswordCredential("mainpw".toCharArray())));
    // remove instance
    KieServerRouter.main(new String[] { "-" + KieServerRouter.CMD_REMOVE_USER, "mainId", "mainpw" });
    Assert.assertNull(service.verify("mainId", new PasswordCredential("mainpw".toCharArray())));
}

Example 8 with PasswordCredential

use of io.undertow.security.idm.PasswordCredential in project mangooio by svenkubiak.

the class IdentityTest method testValidVerify.

@Test
void testValidVerify() {
    // given
    Identity identity = new Identity("foo", "bar");
    PasswordCredential credential = new PasswordCredential(password);
    // when
    Account account = identity.verify("foo", credential);
    // then
    assertThat(account, not(nullValue()));
    assertThat(account.getPrincipal().getName(), equalTo("foo"));
}

Example 9 with PasswordCredential

use of io.undertow.security.idm.PasswordCredential in project org.ops4j.pax.web by ops4j.

the class PropertiesIdentityManager method verify.

@Override
public Account verify(String id, Credential credential) {
    if (credential instanceof PasswordCredential) {
        char[] password = ((PasswordCredential) credential).getPassword();
        String userData = config.get(id);
        if (userData != null) {
            List<String> pieces = Arrays.asList(userData.split(","));
            if (pieces.get(0).equals(new String(password))) {
                Principal principal = new SimplePrincipal(id);
                Set<String> roles = new HashSet<>(pieces.subList(1, pieces.size()));
                return new AccountImpl(principal, roles);
            }
        }
    }
    return null;
}

Example 10 with PasswordCredential

use of io.undertow.security.idm.PasswordCredential in project openremote by openremote.

the class BasicIdentityProvider method secureDeployment.

@Override
public void secureDeployment(DeploymentInfo deploymentInfo) {
    LoginConfig loginConfig = new LoginConfig("OpenRemote");
    // Make it silent to prevent 401 WWW-Authenticate modal dialog
    deploymentInfo.addAuthenticationMechanism("BASIC-FIX", BasicFixAuthenticationMechanism.FACTORY);
    loginConfig.addFirstAuthMethod(new AuthMethodConfig("BASIC-FIX", Collections.singletonMap("silent", "true")));
    deploymentInfo.setLoginConfig(loginConfig);
    deploymentInfo.setIdentityManager(new IdentityManager() {

        @Override
        public Account verify(Account account) {
            return null;
        }

        @Override
        public Account verify(String id, Credential credential) {
            if (credential instanceof PasswordCredential) {
                PasswordCredential passwordCredential = (PasswordCredential) credential;
                return verifyAccount(id, passwordCredential.getPassword());
            } else {
                LOG.fine("Verification of '" + id + "' failed, no password credentials found, but: " + credential);
                return null;
            }
        }

        @Override
        public Account verify(Credential credential) {
            return null;
        }
    });
}