Examples with CredentialValidationResult - javax.security.enterprise.identitystore.CredentialValidationResult

Example 1 with CredentialValidationResult

use of javax.security.enterprise.identitystore.CredentialValidationResult in project Payara by payara.

the class JWTAuthenticationMechanism method validateRequest.

@Override
public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext) throws AuthenticationException {
    if (httpMessageContext.isProtected()) {
        IdentityStoreHandler identityStoreHandler = CDI.current().select(IdentityStoreHandler.class).get();
        SignedJWTCredential credential = getCredential(request);
        if (credential != null) {
            CredentialValidationResult result = identityStoreHandler.validate(credential);
            if (result.getStatus() == VALID) {
                httpMessageContext.getClientSubject().getPrincipals().add(result.getCallerPrincipal());
            }
            return httpMessageContext.notifyContainerAboutLogin(result);
        }
    }
    return httpMessageContext.doNothing();
}

Also used : CredentialValidationResult(javax.security.enterprise.identitystore.CredentialValidationResult) IdentityStoreHandler(javax.security.enterprise.identitystore.IdentityStoreHandler)

Example 2 with CredentialValidationResult

use of javax.security.enterprise.identitystore.CredentialValidationResult in project Payara by payara.

the class SignedJWTIdentityStore method validate.

public CredentialValidationResult validate(SignedJWTCredential signedJWTCredential) {
    try {
        JsonWebTokenImpl jsonWebToken = jwtTokenParser.parse(signedJWTCredential.getSignedJWT(), acceptedIssuer, readPublicKey("/publicKey.pem"));
        List<String> groups = new ArrayList<String>(jsonWebToken.getClaim("groups"));
        return new CredentialValidationResult(jsonWebToken, new HashSet<>(groups));
    } catch (Exception e) {
        logger.log(FINEST, "Exception trying to parse JWT token.", e);
    }
    return INVALID_RESULT;
}

Also used : CredentialValidationResult(javax.security.enterprise.identitystore.CredentialValidationResult) JsonWebTokenImpl(fish.payara.microprofile.jwtauth.jwt.JsonWebTokenImpl) ArrayList(java.util.ArrayList) IOException(java.io.IOException)

Aggregations

CredentialValidationResult (javax.security.enterprise.identitystore.CredentialValidationResult)2 JsonWebTokenImpl (fish.payara.microprofile.jwtauth.jwt.JsonWebTokenImpl)1 IOException (java.io.IOException)1 ArrayList (java.util.ArrayList)1 IdentityStoreHandler (javax.security.enterprise.identitystore.IdentityStoreHandler)1