use of javax.security.enterprise.credential.UsernamePasswordCredential in project tomee by apache.
the class FormAuthenticationMechanism method validateRequest.
@Override
public AuthenticationStatus validateRequest(final HttpServletRequest request, final HttpServletResponse response, final HttpMessageContext httpMessageContext) throws AuthenticationException {
final String username = request.getParameter("j_username");
final String password = request.getParameter("j_password");
if (validateForm(httpMessageContext.getRequest(), username, password)) {
final UsernamePasswordCredential credential = new UsernamePasswordCredential(username, password);
return httpMessageContext.notifyContainerAboutLogin(identityStoreHandler.validate(credential));
}
return httpMessageContext.doNothing();
}
use of javax.security.enterprise.credential.UsernamePasswordCredential in project tomee by apache.
the class TomEEDatabaseIdentityStore method validate.
@Override
public CredentialValidationResult validate(final Credential credential) {
if (!(credential instanceof UsernamePasswordCredential)) {
return CredentialValidationResult.NOT_VALIDATED_RESULT;
}
final UsernamePasswordCredential usernamePasswordCredential = (UsernamePasswordCredential) credential;
final List<String> passwords = query(definition.callerQuery(), usernamePasswordCredential.getCaller());
if (passwords.isEmpty()) {
return CredentialValidationResult.INVALID_RESULT;
}
if (passwordHash.verify(usernamePasswordCredential.getPassword().getValue(), passwords.get(0))) {
Set<String> groups = emptySet();
if (validationTypes.contains(ValidationType.PROVIDE_GROUPS)) {
groups = new HashSet<>(getGroups(usernamePasswordCredential.getCaller()));
}
return new CredentialValidationResult(usernamePasswordCredential.getCaller(), groups);
}
return CredentialValidationResult.INVALID_RESULT;
}
use of javax.security.enterprise.credential.UsernamePasswordCredential in project tomee by apache.
the class TomEEDefaultIdentityStore method validate.
@Override
public CredentialValidationResult validate(final Credential credential) {
if (!(credential instanceof UsernamePasswordCredential)) {
return CredentialValidationResult.NOT_VALIDATED_RESULT;
}
final UsernamePasswordCredential usernamePasswordCredential = (UsernamePasswordCredential) credential;
final User user = getUser(usernamePasswordCredential.getCaller());
if (user == null) {
return CredentialValidationResult.INVALID_RESULT;
}
// deal with hashed passwords in tomcat-users.xml
if (user.getPassword().equals(usernamePasswordCredential.getPasswordAsString())) {
Set<String> groups = emptySet();
if (validationTypes().contains(ValidationType.PROVIDE_GROUPS)) {
groups = new HashSet<>(getUserRoles(user));
}
return new CredentialValidationResult(usernamePasswordCredential.getCaller(), groups);
}
return CredentialValidationResult.NOT_VALIDATED_RESULT;
}
use of javax.security.enterprise.credential.UsernamePasswordCredential in project tomee by apache.
the class TomEELDAPIdentityStore method validate.
@Override
public CredentialValidationResult validate(final Credential credential) {
if (!(credential instanceof UsernamePasswordCredential)) {
return CredentialValidationResult.NOT_VALIDATED_RESULT;
}
final UsernamePasswordCredential usernamePasswordCredential = (UsernamePasswordCredential) credential;
LdapContext ldapContext = null;
try {
// init ldap context for future searches
ldapContext = lookup(definition.url(), definition.bindDn(), definition.bindDnPassword());
// retrieve the caller DN based on the user login (credentials)
final String callerName = usernamePasswordCredential.getCaller();
final String callerDn = getCallerDn(ldapContext, callerName);
// if not found
if (callerDn == null) {
return INVALID_RESULT;
}
// do a direct bind with the caller DN we found and the provided password
if (!authenticateWithCallerDn(usernamePasswordCredential, callerDn)) {
return INVALID_RESULT;
}
// find the groups
Set<String> groups = null;
if (validationTypes().contains(ValidationType.PROVIDE_GROUPS)) {
groups = getGroupsWithCallerDn(ldapContext, callerDn);
}
return new CredentialValidationResult(null, callerName, callerDn, null, groups);
} finally {
silentlyCloseLdapContext(ldapContext);
}
}
use of javax.security.enterprise.credential.UsernamePasswordCredential in project Payara by payara.
the class TestAuthenticationMechanism method validateRequest.
@Override
public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext) throws AuthenticationException {
String name = request.getParameter("username");
String password = request.getParameter("password");
if (name == null && password == null) {
return httpMessageContext.doNothing();
} else {
CredentialValidationResult loginResult = identityStoreTest.validate(new UsernamePasswordCredential(name, password));
if (loginResult.getStatus() == VALID) {
return httpMessageContext.notifyContainerAboutLogin(loginResult.getCallerPrincipal(), loginResult.getCallerGroups());
} else {
return httpMessageContext.responseUnauthorized();
}
}
}
Aggregations