Search in sources :

Example 1 with UsernamePasswordCredential

use of javax.security.enterprise.credential.UsernamePasswordCredential in project tomee by apache.

the class FormAuthenticationMechanism method validateRequest.

@Override
public AuthenticationStatus validateRequest(final HttpServletRequest request, final HttpServletResponse response, final HttpMessageContext httpMessageContext) throws AuthenticationException {
    final String username = request.getParameter("j_username");
    final String password = request.getParameter("j_password");
    if (validateForm(httpMessageContext.getRequest(), username, password)) {
        final UsernamePasswordCredential credential = new UsernamePasswordCredential(username, password);
        return httpMessageContext.notifyContainerAboutLogin(identityStoreHandler.validate(credential));
    }
    return httpMessageContext.doNothing();
}
Also used : UsernamePasswordCredential(javax.security.enterprise.credential.UsernamePasswordCredential)

Example 2 with UsernamePasswordCredential

use of javax.security.enterprise.credential.UsernamePasswordCredential in project tomee by apache.

the class TomEEDatabaseIdentityStore method validate.

@Override
public CredentialValidationResult validate(final Credential credential) {
    if (!(credential instanceof UsernamePasswordCredential)) {
        return CredentialValidationResult.NOT_VALIDATED_RESULT;
    }
    final UsernamePasswordCredential usernamePasswordCredential = (UsernamePasswordCredential) credential;
    final List<String> passwords = query(definition.callerQuery(), usernamePasswordCredential.getCaller());
    if (passwords.isEmpty()) {
        return CredentialValidationResult.INVALID_RESULT;
    }
    if (passwordHash.verify(usernamePasswordCredential.getPassword().getValue(), passwords.get(0))) {
        Set<String> groups = emptySet();
        if (validationTypes.contains(ValidationType.PROVIDE_GROUPS)) {
            groups = new HashSet<>(getGroups(usernamePasswordCredential.getCaller()));
        }
        return new CredentialValidationResult(usernamePasswordCredential.getCaller(), groups);
    }
    return CredentialValidationResult.INVALID_RESULT;
}
Also used : CredentialValidationResult(javax.security.enterprise.identitystore.CredentialValidationResult) UsernamePasswordCredential(javax.security.enterprise.credential.UsernamePasswordCredential)

Example 3 with UsernamePasswordCredential

use of javax.security.enterprise.credential.UsernamePasswordCredential in project tomee by apache.

the class TomEEDefaultIdentityStore method validate.

@Override
public CredentialValidationResult validate(final Credential credential) {
    if (!(credential instanceof UsernamePasswordCredential)) {
        return CredentialValidationResult.NOT_VALIDATED_RESULT;
    }
    final UsernamePasswordCredential usernamePasswordCredential = (UsernamePasswordCredential) credential;
    final User user = getUser(usernamePasswordCredential.getCaller());
    if (user == null) {
        return CredentialValidationResult.INVALID_RESULT;
    }
    // deal with hashed passwords in tomcat-users.xml
    if (user.getPassword().equals(usernamePasswordCredential.getPasswordAsString())) {
        Set<String> groups = emptySet();
        if (validationTypes().contains(ValidationType.PROVIDE_GROUPS)) {
            groups = new HashSet<>(getUserRoles(user));
        }
        return new CredentialValidationResult(usernamePasswordCredential.getCaller(), groups);
    }
    return CredentialValidationResult.NOT_VALIDATED_RESULT;
}
Also used : User(org.apache.catalina.User) CredentialValidationResult(javax.security.enterprise.identitystore.CredentialValidationResult) UsernamePasswordCredential(javax.security.enterprise.credential.UsernamePasswordCredential)

Example 4 with UsernamePasswordCredential

use of javax.security.enterprise.credential.UsernamePasswordCredential in project tomee by apache.

the class TomEELDAPIdentityStore method validate.

@Override
public CredentialValidationResult validate(final Credential credential) {
    if (!(credential instanceof UsernamePasswordCredential)) {
        return CredentialValidationResult.NOT_VALIDATED_RESULT;
    }
    final UsernamePasswordCredential usernamePasswordCredential = (UsernamePasswordCredential) credential;
    LdapContext ldapContext = null;
    try {
        // init ldap context for future searches
        ldapContext = lookup(definition.url(), definition.bindDn(), definition.bindDnPassword());
        // retrieve the caller DN based on the user login (credentials)
        final String callerName = usernamePasswordCredential.getCaller();
        final String callerDn = getCallerDn(ldapContext, callerName);
        // if not found
        if (callerDn == null) {
            return INVALID_RESULT;
        }
        // do a direct bind with the caller DN we found and the provided password
        if (!authenticateWithCallerDn(usernamePasswordCredential, callerDn)) {
            return INVALID_RESULT;
        }
        // find the groups
        Set<String> groups = null;
        if (validationTypes().contains(ValidationType.PROVIDE_GROUPS)) {
            groups = getGroupsWithCallerDn(ldapContext, callerDn);
        }
        return new CredentialValidationResult(null, callerName, callerDn, null, groups);
    } finally {
        silentlyCloseLdapContext(ldapContext);
    }
}
Also used : CredentialValidationResult(javax.security.enterprise.identitystore.CredentialValidationResult) UsernamePasswordCredential(javax.security.enterprise.credential.UsernamePasswordCredential) InitialLdapContext(javax.naming.ldap.InitialLdapContext) LdapContext(javax.naming.ldap.LdapContext)

Example 5 with UsernamePasswordCredential

use of javax.security.enterprise.credential.UsernamePasswordCredential in project Payara by payara.

the class TestAuthenticationMechanism method validateRequest.

@Override
public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext) throws AuthenticationException {
    String name = request.getParameter("username");
    String password = request.getParameter("password");
    if (name == null && password == null) {
        return httpMessageContext.doNothing();
    } else {
        CredentialValidationResult loginResult = identityStoreTest.validate(new UsernamePasswordCredential(name, password));
        if (loginResult.getStatus() == VALID) {
            return httpMessageContext.notifyContainerAboutLogin(loginResult.getCallerPrincipal(), loginResult.getCallerGroups());
        } else {
            return httpMessageContext.responseUnauthorized();
        }
    }
}
Also used : CredentialValidationResult(javax.security.enterprise.identitystore.CredentialValidationResult) UsernamePasswordCredential(javax.security.enterprise.credential.UsernamePasswordCredential)

Aggregations

UsernamePasswordCredential (javax.security.enterprise.credential.UsernamePasswordCredential)11 CredentialValidationResult (javax.security.enterprise.identitystore.CredentialValidationResult)9 PasswordCredential (com.sun.enterprise.security.auth.login.common.PasswordCredential)2 Subject (javax.security.auth.Subject)2 WebAndEjbToJaasBridge (com.sun.enterprise.security.auth.WebAndEjbToJaasBridge)1 LoginContextDriver.getValidRealm (com.sun.enterprise.security.auth.login.LoginContextDriver.getValidRealm)1 LoginException (com.sun.enterprise.security.auth.login.common.LoginException)1 AppservAccessController.privileged (com.sun.enterprise.security.common.AppservAccessController.privileged)1 RealmIdentityStoreDefinition (fish.payara.security.annotations.RealmIdentityStoreDefinition)1 CertificateCredential (fish.payara.security.api.CertificateCredential)1 RealmIdentityStoreConfiguration (fish.payara.security.realm.config.RealmIdentityStoreConfiguration)1 HashSet (java.util.HashSet)1 Set (java.util.Set)1 Collectors.toSet (java.util.stream.Collectors.toSet)1 Typed (javax.enterprise.inject.Typed)1 InitialLdapContext (javax.naming.ldap.InitialLdapContext)1 LdapContext (javax.naming.ldap.LdapContext)1 CallerPrincipal (javax.security.enterprise.CallerPrincipal)1 Credential (javax.security.enterprise.credential.Credential)1 INVALID_RESULT (javax.security.enterprise.identitystore.CredentialValidationResult.INVALID_RESULT)1