Examples with AuthorizeCallback javax.security.sasl.AuthorizeCallback used on opensource projects

Search in sources :

Example 36 with AuthorizeCallback

use of javax.security.sasl.AuthorizeCallback in project quickstart by wildfly.

the class CustomHeaderHttpAuthenticationMechanism method evaluateRequest.

public void evaluateRequest(HttpServerRequest request) throws HttpAuthenticationException {
    final String username = request.getFirstRequestHeaderValue(USERNAME_HEADER);
    final String password = request.getFirstRequestHeaderValue(PASSWORD_HEADER);
    if (username == null || username.length() == 0 || password == null || password.length() == 0) {
        /*
             * This mechanism is not performing authentication at this time however other mechanisms may be in use concurrently and could succeed so we register
             */
        request.noAuthenticationInProgress(RESPONDER);
        return;
    }
    /*
         * The first two callbacks are used to authenticate a user using the supplied username and password.
         */
    NameCallback nameCallback = new NameCallback("Remote Authentication Name", username);
    nameCallback.setName(username);
    final PasswordGuessEvidence evidence = new PasswordGuessEvidence(password.toCharArray());
    EvidenceVerifyCallback evidenceVerifyCallback = new EvidenceVerifyCallback(evidence);
    try {
        callbackHandler.handle(new Callback[] { nameCallback, evidenceVerifyCallback });
    } catch (IOException | UnsupportedCallbackException e) {
        throw new HttpAuthenticationException(e);
    }
    if (evidenceVerifyCallback.isVerified() == false) {
        request.authenticationFailed("Username / Password Validation Failed", RESPONDER);
    }
    try {
        callbackHandler.handle(new Callback[] { new IdentityCredentialCallback(new PasswordCredential(ClearPassword.createRaw(ClearPassword.ALGORITHM_CLEAR, password.toCharArray())), true) });
    } catch (IOException | UnsupportedCallbackException e) {
        throw new HttpAuthenticationException(e);
    }
    /*
         * The next callback is important, although at this stage they are authenticated an authorization check is now needed to
         * ensure the user has the LoginPermission granted allowing them to login.
         */
    AuthorizeCallback authorizeCallback = new AuthorizeCallback(username, username);
    try {
        callbackHandler.handle(new Callback[] { authorizeCallback });
        if (authorizeCallback.isAuthorized()) {
            callbackHandler.handle(new Callback[] { AuthenticationCompleteCallback.SUCCEEDED });
            request.authenticationComplete();
        } else {
            callbackHandler.handle(new Callback[] { AuthenticationCompleteCallback.FAILED });
            request.authenticationFailed("Authorization check failed.", RESPONDER);
        }
        return;
    } catch (IOException | UnsupportedCallbackException e) {
        throw new HttpAuthenticationException(e);
    }
}
Also used : NameCallback(javax.security.auth.callback.NameCallback) IdentityCredentialCallback(org.wildfly.security.auth.callback.IdentityCredentialCallback) HttpAuthenticationException(org.wildfly.security.http.HttpAuthenticationException) PasswordCredential(org.wildfly.security.credential.PasswordCredential) PasswordGuessEvidence(org.wildfly.security.evidence.PasswordGuessEvidence) EvidenceVerifyCallback(org.wildfly.security.auth.callback.EvidenceVerifyCallback) IOException(java.io.IOException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) AuthorizeCallback(javax.security.sasl.AuthorizeCallback)

Aggregations

AuthorizeCallback (javax.security.sasl.AuthorizeCallback)36 Callback (javax.security.auth.callback.Callback)29 NameCallback (javax.security.auth.callback.NameCallback)28 PasswordCallback (javax.security.auth.callback.PasswordCallback)26 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)26 RealmCallback (javax.security.sasl.RealmCallback)16 IOException (java.io.IOException)12 SaslException (javax.security.sasl.SaslException)9 HashMap (java.util.HashMap)5 Map (java.util.Map)5 SaslServer (javax.security.sasl.SaslServer)3 TProtocolFactory (org.apache.thrift.protocol.TProtocolFactory)3 TSaslServerTransport (org.apache.thrift.transport.TSaslServerTransport)3 TTransportFactory (org.apache.thrift.transport.TTransportFactory)3 InetAddress (java.net.InetAddress)2 InetSocketAddress (java.net.InetSocketAddress)2 ArrayDeque (java.util.ArrayDeque)2 List (java.util.List)2 ExecutorService (java.util.concurrent.ExecutorService)2 LinkedBlockingQueue (java.util.concurrent.LinkedBlockingQueue)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial