Example 1 with EvidenceVerifyCallback
use of org.wildfly.security.auth.callback.EvidenceVerifyCallback in project wildfly by wildfly.
the class RealmDirectLoginModule method validatePassword.
@Override
protected boolean validatePassword(String inputPassword, String expectedPassword) {
if (digestCredential != null) {
return digestCredential.verifyHA1(expectedPassword.getBytes(UTF_8));
}
switch(validationMode) {
case DIGEST:
String inputHashed = hashUtil.generateHashedHexURP(getUsername(), securityRealm.getName(), inputPassword.toCharArray());
return expectedPassword.equals(inputHashed);
case PASSWORD:
return expectedPassword.equals(inputPassword);
case VALIDATION:
RealmCallback rcb = new RealmCallback("Realm", securityRealm.getName());
NameCallback ncb = new NameCallback("User Name", getUsername());
EvidenceVerifyCallback evc = new EvidenceVerifyCallback(new PasswordGuessEvidence(inputPassword.toCharArray()));
try {
handle(new Callback[] { rcb, ncb, evc });
return evc.isVerified();
} catch (LoginException e) {
return false;
}
default:
return false;
}
}
Also used :
NameCallback(javax.security.auth.callback.NameCallback)
PasswordGuessEvidence(org.wildfly.security.evidence.PasswordGuessEvidence)
LoginException(javax.security.auth.login.LoginException)
EvidenceVerifyCallback(org.wildfly.security.auth.callback.EvidenceVerifyCallback)
RealmCallback(javax.security.sasl.RealmCallback)
Example 2 with EvidenceVerifyCallback
use of org.wildfly.security.auth.callback.EvidenceVerifyCallback in project quickstart by wildfly.
the class CustomHeaderHttpAuthenticationMechanism method evaluateRequest.
public void evaluateRequest(HttpServerRequest request) throws HttpAuthenticationException {
final String username = request.getFirstRequestHeaderValue(USERNAME_HEADER);
final String password = request.getFirstRequestHeaderValue(PASSWORD_HEADER);
if (username == null || username.length() == 0 || password == null || password.length() == 0) {
/*
* This mechanism is not performing authentication at this time however other mechanisms may be in use concurrently and could succeed so we register
*/
request.noAuthenticationInProgress(RESPONDER);
return;
}
/*
* The first two callbacks are used to authenticate a user using the supplied username and password.
*/
NameCallback nameCallback = new NameCallback("Remote Authentication Name", username);
nameCallback.setName(username);
final PasswordGuessEvidence evidence = new PasswordGuessEvidence(password.toCharArray());
EvidenceVerifyCallback evidenceVerifyCallback = new EvidenceVerifyCallback(evidence);
try {
callbackHandler.handle(new Callback[] { nameCallback, evidenceVerifyCallback });
} catch (IOException | UnsupportedCallbackException e) {
throw new HttpAuthenticationException(e);
}
if (evidenceVerifyCallback.isVerified() == false) {
request.authenticationFailed("Username / Password Validation Failed", RESPONDER);
}
try {
callbackHandler.handle(new Callback[] { new IdentityCredentialCallback(new PasswordCredential(ClearPassword.createRaw(ClearPassword.ALGORITHM_CLEAR, password.toCharArray())), true) });
} catch (IOException | UnsupportedCallbackException e) {
throw new HttpAuthenticationException(e);
}
/*
* The next callback is important, although at this stage they are authenticated an authorization check is now needed to
* ensure the user has the LoginPermission granted allowing them to login.
*/
AuthorizeCallback authorizeCallback = new AuthorizeCallback(username, username);
try {
callbackHandler.handle(new Callback[] { authorizeCallback });
if (authorizeCallback.isAuthorized()) {
callbackHandler.handle(new Callback[] { AuthenticationCompleteCallback.SUCCEEDED });
request.authenticationComplete();
} else {
callbackHandler.handle(new Callback[] { AuthenticationCompleteCallback.FAILED });
request.authenticationFailed("Authorization check failed.", RESPONDER);
}
return;
} catch (IOException | UnsupportedCallbackException e) {
throw new HttpAuthenticationException(e);
}
}
Also used :
NameCallback(javax.security.auth.callback.NameCallback)
IdentityCredentialCallback(org.wildfly.security.auth.callback.IdentityCredentialCallback)
HttpAuthenticationException(org.wildfly.security.http.HttpAuthenticationException)
PasswordCredential(org.wildfly.security.credential.PasswordCredential)
PasswordGuessEvidence(org.wildfly.security.evidence.PasswordGuessEvidence)
EvidenceVerifyCallback(org.wildfly.security.auth.callback.EvidenceVerifyCallback)
IOException(java.io.IOException)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
AuthorizeCallback(javax.security.sasl.AuthorizeCallback)
Aggregations
NameCallback (javax.security.auth.callback.NameCallback)2
EvidenceVerifyCallback (org.wildfly.security.auth.callback.EvidenceVerifyCallback)2
PasswordGuessEvidence (org.wildfly.security.evidence.PasswordGuessEvidence)2
IOException (java.io.IOException)1
UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)1
LoginException (javax.security.auth.login.LoginException)1
AuthorizeCallback (javax.security.sasl.AuthorizeCallback)1
RealmCallback (javax.security.sasl.RealmCallback)1
IdentityCredentialCallback (org.wildfly.security.auth.callback.IdentityCredentialCallback)1
PasswordCredential (org.wildfly.security.credential.PasswordCredential)1
HttpAuthenticationException (org.wildfly.security.http.HttpAuthenticationException)1
