Example 1 with INVALID_RESULT
use of javax.security.enterprise.identitystore.CredentialValidationResult.INVALID_RESULT in project Payara by payara.
the class SignedJWTIdentityStore method validate.
public CredentialValidationResult validate(SignedJWTCredential signedJWTCredential) {
final JwtTokenParser jwtTokenParser = new JwtTokenParser(enabledNamespace, customNamespace, disableTypeVerification);
try {
JsonWebTokenImpl jsonWebToken = jwtTokenParser.parse(signedJWTCredential.getSignedJWT(), isEncryptionRequired, publicKeyStore, acceptedIssuer, privateKeyStore);
// verifyAndParseEncryptedJWT audience
final Set<String> recipientsOfThisJWT = jsonWebToken.getAudience();
// find if any recipient is in the allowed audience
Boolean recipientInAudience = allowedAudience.map(recipient -> recipient.stream().anyMatch(a -> recipientsOfThisJWT != null && recipientsOfThisJWT.contains(a))).orElse(true);
if (!recipientInAudience) {
throw new Exception("The intended audience " + recipientsOfThisJWT + " is not a part of allowed audience.");
}
Set<String> groups = new HashSet<>();
Collection<String> groupClaims = jsonWebToken.getClaim("groups");
if (groupClaims != null) {
groups.addAll(groupClaims);
}
return new CredentialValidationResult(jsonWebToken, groups);
} catch (Exception e) {
LOGGER.log(INFO, "Exception trying to parse JWT token.", e);
}
return INVALID_RESULT;
}
Also used :
Arrays(java.util.Arrays)
Properties(java.util.Properties)
JwtTokenParser(fish.payara.microprofile.jwtauth.jwt.JwtTokenParser)
URL(java.net.URL)
Collection(java.util.Collection)
Set(java.util.Set)
INFO(java.util.logging.Level.INFO)
IdentityStore(javax.security.enterprise.identitystore.IdentityStore)
IOException(java.io.IOException)
Thread.currentThread(java.lang.Thread.currentThread)
Config(org.eclipse.microprofile.config.Config)
Logger(java.util.logging.Logger)
JsonWebTokenImpl(fish.payara.microprofile.jwtauth.jwt.JsonWebTokenImpl)
HashSet(java.util.HashSet)
List(java.util.List)
CredentialValidationResult(javax.security.enterprise.identitystore.CredentialValidationResult)
ISSUER(org.eclipse.microprofile.jwt.config.Names.ISSUER)
INVALID_RESULT(javax.security.enterprise.identitystore.CredentialValidationResult.INVALID_RESULT)
ConfigProvider(org.eclipse.microprofile.config.ConfigProvider)
Duration(java.time.Duration)
Optional(java.util.Optional)
Names(org.eclipse.microprofile.jwt.config.Names)
CredentialValidationResult(javax.security.enterprise.identitystore.CredentialValidationResult)
JwtTokenParser(fish.payara.microprofile.jwtauth.jwt.JwtTokenParser)
JsonWebTokenImpl(fish.payara.microprofile.jwtauth.jwt.JsonWebTokenImpl)
IOException(java.io.IOException)
HashSet(java.util.HashSet)
Example 2 with INVALID_RESULT
use of javax.security.enterprise.identitystore.CredentialValidationResult.INVALID_RESULT in project Payara by payara.
the class RealmIdentityStore method validate.
protected CredentialValidationResult validate(UsernamePasswordCredential credential, String realmName) {
try {
Subject subject = login(credential, realmName);
Set<String> groups = subject.getPrincipals(Group.class).stream().map(g -> g.getName()).collect(toSet());
if (!groups.isEmpty()) {
return new CredentialValidationResult(new CallerPrincipal(credential.getCaller()), groups);
}
} catch (LoginException ex) {
return INVALID_RESULT;
}
return INVALID_RESULT;
}
Also used :
RealmIdentityStoreDefinition(fish.payara.security.annotations.RealmIdentityStoreDefinition)
RealmIdentityStoreConfiguration(fish.payara.security.realm.config.RealmIdentityStoreConfiguration)
NOT_VALIDATED_RESULT(javax.security.enterprise.identitystore.CredentialValidationResult.NOT_VALIDATED_RESULT)
PasswordCredential(com.sun.enterprise.security.auth.login.common.PasswordCredential)
LoginException(com.sun.enterprise.security.auth.login.common.LoginException)
Set(java.util.Set)
Typed(javax.enterprise.inject.Typed)
IdentityStore(javax.security.enterprise.identitystore.IdentityStore)
Group(org.glassfish.security.common.Group)
CallerPrincipal(javax.security.enterprise.CallerPrincipal)
AppservAccessController.privileged(com.sun.enterprise.security.common.AppservAccessController.privileged)
Subject(javax.security.auth.Subject)
CredentialValidationResult(javax.security.enterprise.identitystore.CredentialValidationResult)
INVALID_RESULT(javax.security.enterprise.identitystore.CredentialValidationResult.INVALID_RESULT)
Credential(javax.security.enterprise.credential.Credential)
WebAndEjbToJaasBridge(com.sun.enterprise.security.auth.WebAndEjbToJaasBridge)
LoginContextDriver.getValidRealm(com.sun.enterprise.security.auth.login.LoginContextDriver.getValidRealm)
UsernamePasswordCredential(javax.security.enterprise.credential.UsernamePasswordCredential)
CertificateCredential(fish.payara.security.api.CertificateCredential)
Collectors.toSet(java.util.stream.Collectors.toSet)
Group(org.glassfish.security.common.Group)
CredentialValidationResult(javax.security.enterprise.identitystore.CredentialValidationResult)
LoginException(com.sun.enterprise.security.auth.login.common.LoginException)
CallerPrincipal(javax.security.enterprise.CallerPrincipal)
Subject(javax.security.auth.Subject)
Example 3 with INVALID_RESULT
use of javax.security.enterprise.identitystore.CredentialValidationResult.INVALID_RESULT in project Payara by payara.
the class CertificateRealmIdentityStore method validate.
public static CredentialValidationResult validate(CertificateCredential credential, String realmName) {
try {
Subject subject = login(credential, realmName);
Set<String> groups = subject.getPrincipals(Group.class).stream().map(g -> g.getName()).collect(toSet());
return new CredentialValidationResult(credential.getPrincipal(), groups);
} catch (LoginException ex) {
return INVALID_RESULT;
}
}
Also used :
X509Certificate(java.security.cert.X509Certificate)
Properties(java.util.Properties)
NOT_VALIDATED_RESULT(javax.security.enterprise.identitystore.CredentialValidationResult.NOT_VALIDATED_RESULT)
LoginException(com.sun.enterprise.security.auth.login.common.LoginException)
Set(java.util.Set)
Typed(javax.enterprise.inject.Typed)
IdentityStore(javax.security.enterprise.identitystore.IdentityStore)
Group(org.glassfish.security.common.Group)
ClientCertificateLoginModule(com.sun.enterprise.security.auth.login.ClientCertificateLoginModule)
CertificateRealmIdentityStoreConfiguration(fish.payara.security.realm.config.CertificateRealmIdentityStoreConfiguration)
CertificateIdentityStoreDefinition(fish.payara.security.annotations.CertificateIdentityStoreDefinition)
Subject(javax.security.auth.Subject)
Realm(com.sun.enterprise.security.auth.realm.Realm)
CredentialValidationResult(javax.security.enterprise.identitystore.CredentialValidationResult)
INVALID_RESULT(javax.security.enterprise.identitystore.CredentialValidationResult.INVALID_RESULT)
Arrays.asList(java.util.Arrays.asList)
ASSIGN_GROUPS(fish.payara.security.realm.RealmUtil.ASSIGN_GROUPS)
Credential(javax.security.enterprise.credential.Credential)
WebAndEjbToJaasBridge(com.sun.enterprise.security.auth.WebAndEjbToJaasBridge)
CertificateCredential(fish.payara.security.api.CertificateCredential)
CertificateRealm(com.sun.enterprise.security.auth.realm.certificate.CertificateRealm)
Collectors.toSet(java.util.stream.Collectors.toSet)
RealmUtil(fish.payara.security.realm.RealmUtil)
Group(org.glassfish.security.common.Group)
CredentialValidationResult(javax.security.enterprise.identitystore.CredentialValidationResult)
LoginException(com.sun.enterprise.security.auth.login.common.LoginException)
Subject(javax.security.auth.Subject)
Aggregations
Set (java.util.Set)3
CredentialValidationResult (javax.security.enterprise.identitystore.CredentialValidationResult)3
INVALID_RESULT (javax.security.enterprise.identitystore.CredentialValidationResult.INVALID_RESULT)3
IdentityStore (javax.security.enterprise.identitystore.IdentityStore)3
WebAndEjbToJaasBridge (com.sun.enterprise.security.auth.WebAndEjbToJaasBridge)2
LoginException (com.sun.enterprise.security.auth.login.common.LoginException)2
CertificateCredential (fish.payara.security.api.CertificateCredential)2
Properties (java.util.Properties)2
Collectors.toSet (java.util.stream.Collectors.toSet)2
Typed (javax.enterprise.inject.Typed)2
Subject (javax.security.auth.Subject)2
Credential (javax.security.enterprise.credential.Credential)2
NOT_VALIDATED_RESULT (javax.security.enterprise.identitystore.CredentialValidationResult.NOT_VALIDATED_RESULT)2
Group (org.glassfish.security.common.Group)2
ClientCertificateLoginModule (com.sun.enterprise.security.auth.login.ClientCertificateLoginModule)1
LoginContextDriver.getValidRealm (com.sun.enterprise.security.auth.login.LoginContextDriver.getValidRealm)1
PasswordCredential (com.sun.enterprise.security.auth.login.common.PasswordCredential)1
Realm (com.sun.enterprise.security.auth.realm.Realm)1
CertificateRealm (com.sun.enterprise.security.auth.realm.certificate.CertificateRealm)1
AppservAccessController.privileged (com.sun.enterprise.security.common.AppservAccessController.privileged)1
