use of org.eclipse.jetty.security.DefaultUserIdentity in project keycloak by keycloak.
the class AbstractKeycloakJettyAuthenticator method createIdentity.
public static UserIdentity createIdentity(KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal) {
Set<String> roles = AdapterUtils.getRolesFromSecurityContext(principal.getKeycloakSecurityContext());
if (roles == null) {
roles = new HashSet<String>();
}
Subject theSubject = new Subject();
String[] theRoles = new String[roles.size()];
roles.toArray(theRoles);
return new DefaultUserIdentity(theSubject, principal, theRoles);
}
use of org.eclipse.jetty.security.DefaultUserIdentity in project keycloak by keycloak.
the class AbstractSamlAuthenticator method createIdentity.
public static UserIdentity createIdentity(SamlSession samlSession) {
Set<String> roles = samlSession.getRoles();
if (roles == null) {
roles = new HashSet<String>();
}
Subject theSubject = new Subject();
String[] theRoles = new String[roles.size()];
roles.toArray(theRoles);
return new DefaultUserIdentity(theSubject, samlSession.getPrincipal(), theRoles);
}
use of org.eclipse.jetty.security.DefaultUserIdentity in project zm-mailbox by Zimbra.
the class SpnegoAuthenticator method authenticate.
/* =========================================================
*
* Based on org.eclipse.jetty.security.SpnegoAuthenticator
*
* =========================================================
*/
private ZimbraPrincipal authenticate(LoginService realm, Request request, HttpServletResponse response) throws ServiceException, IOException {
Principal user = null;
String header = request.getHeader(HttpHeader.AUTHORIZATION.toString());
/*
* if the header is null then we need to challenge...this is after the error page check
*/
if (header == null) {
sendChallenge(realm, request, response);
throw SSOAuthenticatorServiceException.SENT_CHALLENGE();
} else if (header != null && header.startsWith(HttpHeader.NEGOTIATE.toString())) {
/*
* we have gotten a negotiate header to try and authenticate
*/
// skip over "Negotiate "
String token = header.substring(10);
UserIdentity identity = realm.login(null, token, request);
if (identity == null) {
throw AuthFailedServiceException.AUTH_FAILED("SpnegoAuthenticator: unable to login", (Throwable) null);
}
user = identity.getUserPrincipal();
if (user != null) {
ZimbraLog.account.debug("SpnegoAuthenticator: obtained principal: " + user.getName());
Account acct = getAccountByPrincipal(user);
ZimbraPrincipal zimbraPrincipal = new ZimbraPrincipal(user.getName(), acct);
String clientName = ((SpnegoUserPrincipal) user).getName();
String role = clientName.substring(clientName.indexOf('@') + 1);
String[] roles = new String[] { role };
DefaultUserIdentity defaultUserIdentity = new DefaultUserIdentity(identity.getSubject(), zimbraPrincipal, roles);
SpnegoUserIdentity spnegoUserIdentity = new SpnegoUserIdentity(identity.getSubject(), zimbraPrincipal, defaultUserIdentity);
Authentication authentication = new UserAuthentication(getAuthType(), spnegoUserIdentity);
request.setAuthentication(authentication);
response.addHeader(HttpHeader.WWW_AUTHENTICATE.toString(), HttpHeader.NEGOTIATE.toString() + " " + ((SpnegoUserPrincipal) user).getToken());
return zimbraPrincipal;
} else {
/*
* no user was returned from the authentication which means something failed
* so process error logic
*/
ZimbraLog.account.debug("SpnegoAuthenticator: no user found, authentication failed");
throw AuthFailedServiceException.AUTH_FAILED("SpnegoAuthenticator: no user found, authentication failed", (Throwable) null);
}
} else {
/*
* the header was not null, but we didn't get a negotiate so process error logic
*/
throw AuthFailedServiceException.AUTH_FAILED("SpnegoAuthenticator: authentication failed, unknown header (browser is likely misconfigured for SPNEGO)", (Throwable) null);
}
}
Aggregations