use of org.jboss.as.domain.management.AuthMechanism in project wildfly-swarm by wildfly-swarm.
the class SecureHttpContexts method secureHandler.
/**
* Wraps the target handler and makes it inheritSecurity.
* Includes a predicate for relevant web contexts.
*/
private HttpHandler secureHandler(final HttpHandler toWrap, SecurityRealm securityRealm) {
HttpHandler handler = toWrap;
handler = new AuthenticationCallHandler(handler);
handler = new AuthenticationConstraintHandler(handler);
RealmIdentityManager idm = new RealmIdentityManager(securityRealm);
Set<AuthMechanism> mechanisms = securityRealm.getSupportedAuthenticationMechanisms();
List<AuthenticationMechanism> undertowMechanisms = new ArrayList<AuthenticationMechanism>(mechanisms.size());
undertowMechanisms.add(wrap(new CachedAuthenticatedSessionMechanism(), null));
for (AuthMechanism current : mechanisms) {
switch(current) {
case DIGEST:
List<DigestAlgorithm> digestAlgorithms = Collections.singletonList(DigestAlgorithm.MD5);
List<DigestQop> digestQops = Collections.singletonList(DigestQop.AUTH);
undertowMechanisms.add(wrap(new DigestAuthenticationMechanism(digestAlgorithms, digestQops, securityRealm.getName(), "Monitor", new SimpleNonceManager()), current));
break;
case PLAIN:
undertowMechanisms.add(wrap(new BasicAuthenticationMechanism(securityRealm.getName()), current));
break;
case LOCAL:
break;
default:
}
}
handler = new AuthenticationMechanismsHandler(handler, undertowMechanisms);
handler = new SecurityInitialHandler(AuthenticationMode.PRO_ACTIVE, idm, handler);
// the predicate handler takes care that all of the above
// will only be enacted on relevant web contexts
handler = new PredicateHandler(exchange -> {
if (!monitor.getSecurityRealm().isPresent()) {
return false;
}
if (Queries.isAggregatorEndpoint(monitor, exchange.getRelativePath())) {
return true;
}
if (Queries.isDirectAccessToHealthEndpoint(monitor, exchange.getRelativePath())) {
if (!hasTokenAuth(exchange)) {
return true;
}
return false;
}
if (HttpContexts.getDefaultContextNames().contains(exchange.getRelativePath())) {
return true;
}
return false;
}, handler, toWrap);
return handler;
}
use of org.jboss.as.domain.management.AuthMechanism in project wildfly-swarm by wildfly-swarm.
the class SecureHttpContexts method secureHandler.
/**
* Wraps the target handler and makes it inheritSecurity.
* Includes a predicate for relevant web contexts.
*/
@SuppressWarnings("deprecation")
private HttpHandler secureHandler(final HttpHandler toWrap, SecurityRealm securityRealm) {
HttpHandler handler = toWrap;
handler = new AuthenticationCallHandler(handler);
handler = new AuthenticationConstraintHandler(handler);
RealmIdentityManager idm = new RealmIdentityManager(securityRealm);
Set<AuthMechanism> mechanisms = securityRealm.getSupportedAuthenticationMechanisms();
List<AuthenticationMechanism> undertowMechanisms = new ArrayList<AuthenticationMechanism>(mechanisms.size());
undertowMechanisms.add(wrap(new CachedAuthenticatedSessionMechanism(), null));
for (AuthMechanism current : mechanisms) {
switch(current) {
case DIGEST:
List<DigestAlgorithm> digestAlgorithms = Collections.singletonList(DigestAlgorithm.MD5);
List<DigestQop> digestQops = Collections.singletonList(DigestQop.AUTH);
undertowMechanisms.add(wrap(new DigestAuthenticationMechanism(digestAlgorithms, digestQops, securityRealm.getName(), "Monitor", new SimpleNonceManager()), current));
break;
case PLAIN:
undertowMechanisms.add(wrap(new BasicAuthenticationMechanism(securityRealm.getName()), current));
break;
case LOCAL:
break;
default:
}
}
handler = new AuthenticationMechanismsHandler(handler, undertowMechanisms);
handler = new SecurityInitialHandler(AuthenticationMode.PRO_ACTIVE, idm, handler);
// the predicate handler takes care that all of the above
// will only be enacted on relevant web contexts
handler = new PredicateHandler(exchange -> {
if (!monitor.getSecurityRealm().isPresent()) {
return false;
}
if (Queries.isAggregatorEndpoint(monitor, exchange.getRelativePath())) {
return true;
}
if (Queries.isDirectAccessToHealthEndpoint(monitor, exchange.getRelativePath())) {
if (!hasTokenAuth(exchange)) {
return true;
}
return false;
}
if (HttpContexts.getDefaultContextNames().contains(exchange.getRelativePath())) {
return true;
}
return false;
}, handler, toWrap);
return handler;
}
use of org.jboss.as.domain.management.AuthMechanism in project wildfly by wildfly.
the class RealmDirectLoginModule method initialize.
@Override
public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options) {
addValidOptions(ALL_VALID_OPTIONS);
super.initialize(subject, callbackHandler, sharedState, options);
final String realm = options.containsKey(REALM_OPTION) ? (String) options.get(REALM_OPTION) : DEFAULT_REALM;
final ServiceController<?> controller = currentServiceContainer().getService(SecurityRealm.ServiceUtil.createServiceName(realm));
if (controller != null) {
securityRealm = (SecurityRealm) controller.getValue();
}
if (securityRealm == null) {
throw SecurityLogger.ROOT_LOGGER.realmNotFound(realm);
}
Set<AuthMechanism> authMechs = securityRealm.getSupportedAuthenticationMechanisms();
if (authMechs.contains(AuthMechanism.DIGEST)) {
chosenMech = AuthMechanism.DIGEST;
} else if (authMechs.contains(AuthMechanism.PLAIN)) {
chosenMech = AuthMechanism.PLAIN;
} else {
chosenMech = authMechs.iterator().next();
}
if (chosenMech == AuthMechanism.DIGEST || chosenMech == AuthMechanism.PLAIN) {
Map<String, String> mechOpts = securityRealm.getMechanismConfig(chosenMech);
if (mechOpts.containsKey(VERIFY_PASSWORD_CALLBACK_SUPPORTED) && Boolean.parseBoolean(mechOpts.get(VERIFY_PASSWORD_CALLBACK_SUPPORTED))) {
// We give this mode priority as even if digest is supported the realm supplied
// callback handler can handle the conversion comparison itself.
validationMode = ValidationMode.VALIDATION;
} else {
if (chosenMech == AuthMechanism.DIGEST) {
if (mechOpts.containsKey(DIGEST_PLAIN_TEXT) && Boolean.parseBoolean(mechOpts.get(DIGEST_PLAIN_TEXT))) {
validationMode = ValidationMode.PASSWORD;
} else {
validationMode = ValidationMode.DIGEST;
try {
hashUtil = new UsernamePasswordHashUtil();
} catch (NoSuchAlgorithmException e) {
throw new IllegalStateException(e);
}
}
} else {
validationMode = ValidationMode.PASSWORD;
}
}
} else {
validationMode = ValidationMode.NONE;
}
}
Aggregations