Examples with UsernamePasswordAuthenticationProvider - org.apache.qpid.server.security.auth.manager.UsernamePasswordAuthenticationProvider

Example 1 with UsernamePasswordAuthenticationProvider

use of org.apache.qpid.server.security.auth.manager.UsernamePasswordAuthenticationProvider in project qpid-broker-j by apache.

the class BasicAuthPreemptiveAuthenticator method attemptAuthentication.

@Override
public Subject attemptAuthentication(final HttpServletRequest request, final HttpManagementConfiguration managementConfiguration) {
    String header = request.getHeader("Authorization");
    final Port<?> port = managementConfiguration.getPort(request);
    final AuthenticationProvider<?> authenticationProvider = managementConfiguration.getAuthenticationProvider(request);
    SubjectCreator subjectCreator = port.getSubjectCreator(request.isSecure(), request.getServerName());
    if (header != null && authenticationProvider instanceof UsernamePasswordAuthenticationProvider) {
        UsernamePasswordAuthenticationProvider<?> namePasswdAuthProvider = (UsernamePasswordAuthenticationProvider<?>) authenticationProvider;
        String[] tokens = header.split("\\s");
        if (tokens.length >= 2 && "BASIC".equalsIgnoreCase(tokens[0])) {
            boolean isBasicAuthSupported = false;
            if (request.isSecure()) {
                isBasicAuthSupported = managementConfiguration.isHttpsBasicAuthenticationEnabled();
            } else {
                isBasicAuthSupported = managementConfiguration.isHttpBasicAuthenticationEnabled();
            }
            if (isBasicAuthSupported) {
                String base64UsernameAndPassword = tokens[1];
                String[] credentials = (new String(Strings.decodeBase64(base64UsernameAndPassword), StandardCharsets.UTF_8)).split(":", 2);
                if (credentials.length == 2) {
                    String username = credentials[0];
                    String password = credentials[1];
                    AuthenticationResult authenticationResult = namePasswdAuthProvider.authenticate(username, password);
                    SubjectAuthenticationResult result = subjectCreator.createResultWithGroups(authenticationResult);
                    return result.getSubject();
                }
            }
        }
    }
    return null;
}

Also used : SubjectCreator(org.apache.qpid.server.security.SubjectCreator) UsernamePasswordAuthenticationProvider(org.apache.qpid.server.security.auth.manager.UsernamePasswordAuthenticationProvider) SubjectAuthenticationResult(org.apache.qpid.server.security.auth.SubjectAuthenticationResult) SubjectAuthenticationResult(org.apache.qpid.server.security.auth.SubjectAuthenticationResult) AuthenticationResult(org.apache.qpid.server.security.auth.AuthenticationResult)

Aggregations

SubjectCreator (org.apache.qpid.server.security.SubjectCreator)1 AuthenticationResult (org.apache.qpid.server.security.auth.AuthenticationResult)1 SubjectAuthenticationResult (org.apache.qpid.server.security.auth.SubjectAuthenticationResult)1 UsernamePasswordAuthenticationProvider (org.apache.qpid.server.security.auth.manager.UsernamePasswordAuthenticationProvider)1