use of org.exist.security.internal.SubjectAccreditedImpl in project exist by eXist-db.
the class ActiveDirectoryRealm method authenticate.
/*
* (non-Javadoc)
*
* @see org.exist.security.Realm#authenticate(java.lang.String,
* java.lang.Object)
*/
@Override
public Subject authenticate(final String username, Object credentials) throws AuthenticationException {
String[] returnedAtts = { "sn", "givenName", "mail" };
String searchFilter = "(&(objectClass=user)(sAMAccountName=" + username + "))";
// Create the search controls
SearchControls searchCtls = new SearchControls();
searchCtls.setReturningAttributes(returnedAtts);
// Specify the search scope
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
LdapContext ctxGC = null;
boolean ldapUser = false;
try {
ctxGC = ensureContextFactory().getLdapContext(username, String.valueOf(credentials));
// Search objects in GC using filters
NamingEnumeration<SearchResult> answer = ctxGC.search(((ContextFactory) ensureContextFactory()).getSearchBase(), searchFilter, searchCtls);
while (answer.hasMoreElements()) {
SearchResult sr = answer.next();
Attributes attrs = sr.getAttributes();
Map<String, Object> amap = null;
if (attrs != null) {
amap = new HashMap<>();
NamingEnumeration<? extends Attribute> ne = attrs.getAll();
while (ne.hasMore()) {
Attribute attr = ne.next();
amap.put(attr.getID(), attr.get());
ldapUser = true;
}
ne.close();
}
}
} catch (NamingException e) {
e.printStackTrace();
throw new AuthenticationException(AuthenticationException.UNNOWN_EXCEPTION, e.getMessage());
}
if (ldapUser) {
AbstractAccount account = (AbstractAccount) getAccount(username);
if (account == null) {
try (final DBBroker broker = getDatabase().get(Optional.of(getSecurityManager().getSystemSubject()))) {
// perform as SYSTEM user
account = (AbstractAccount) getSecurityManager().addAccount(new UserAider(ID, username));
} catch (Exception e) {
throw new AuthenticationException(AuthenticationException.UNNOWN_EXCEPTION, e.getMessage(), e);
}
}
return new SubjectAccreditedImpl(account, ctxGC);
}
return null;
}
use of org.exist.security.internal.SubjectAccreditedImpl in project exist by eXist-db.
the class IPRangeRealm method authenticate.
@Override
public Subject authenticate(final String ipAddress, final Object credentials) throws AuthenticationException {
// Elevaste to system privileges
try (final DBBroker broker = getSecurityManager().database().get(Optional.of(getSecurityManager().getSystemSubject()))) {
// Convert IP address
final long ipToTest = ipToLong(InetAddress.getByName(ipAddress));
// Get xquery service
final XQuery queryService = broker.getBrokerPool().getXQueryService();
if (queryService == null) {
LOG.error("IPRange broker unable to retrieve XQueryService");
return null;
}
// Construct XQuery
final String query = "collection('/db/system/security/iprange/accounts')/account/" + "iprange[" + ipToTest + " ge number(start) and " + ipToTest + " le number(end)]/../name";
final XQueryContext context = new XQueryContext(broker.getBrokerPool());
final CompiledXQuery compiled = queryService.compile(context, query);
final Properties outputProperties = new Properties();
// Execute xQuery
final Sequence result = queryService.execute(broker, compiled, null, outputProperties);
final SequenceIterator i = result.iterate();
// Get FIRST username when present
final String username = i.hasNext() ? i.nextItem().getStringValue() : "";
if (i.hasNext()) {
LOG.warn("IP address {} matched multiple ipranges. Using first result only.", ipAddress);
}
if (!username.isEmpty()) {
final Account account = getSecurityManager().getAccount(username);
if (account != null) {
LOG.info("IPRangeRealm trying {}", account.getName());
return new SubjectAccreditedImpl((AbstractAccount) account, ipAddress);
} else {
LOG.info("IPRangeRealm couldn't resolve account for {}", username);
}
} else {
LOG.info("IPRangeRealm xquery found no matches");
}
return null;
} catch (final EXistException | UnknownHostException | XPathException | PermissionDeniedException e) {
throw new AuthenticationException(AuthenticationException.UNNOWN_EXCEPTION, e.getMessage());
}
}
use of org.exist.security.internal.SubjectAccreditedImpl in project exist by eXist-db.
the class DigestAuthenticator method authenticate.
@Override
public Subject authenticate(HttpServletRequest request, HttpServletResponse response, boolean sendChallenge) throws IOException {
final String credentials = request.getHeader("Authorization");
if (credentials == null) {
sendChallenge(request, response);
return null;
}
final Digest digest = new Digest(request.getMethod());
parseCredentials(digest, credentials);
final SecurityManager secman = pool.getSecurityManager();
final AccountImpl user = (AccountImpl) secman.getAccount(digest.username);
if (user == null) {
// If user does not exist then send a challenge request again
if (sendChallenge) {
sendChallenge(request, response);
}
return null;
}
if (!digest.check(user.getDigestPassword())) {
// If password is incorrect then send a challenge request again
if (sendChallenge) {
sendChallenge(request, response);
}
return null;
}
return new SubjectAccreditedImpl(user, this);
}
Aggregations