use of org.wildfly.security.auth.callback.EvidenceVerifyCallback in project wildfly by wildfly.
the class RealmDirectLoginModule method validatePassword.
@Override
protected boolean validatePassword(String inputPassword, String expectedPassword) {
if (digestCredential != null) {
return digestCredential.verifyHA1(expectedPassword.getBytes(UTF_8));
}
switch(validationMode) {
case DIGEST:
String inputHashed = hashUtil.generateHashedHexURP(getUsername(), securityRealm.getName(), inputPassword.toCharArray());
return expectedPassword.equals(inputHashed);
case PASSWORD:
return expectedPassword.equals(inputPassword);
case VALIDATION:
RealmCallback rcb = new RealmCallback("Realm", securityRealm.getName());
NameCallback ncb = new NameCallback("User Name", getUsername());
EvidenceVerifyCallback evc = new EvidenceVerifyCallback(new PasswordGuessEvidence(inputPassword.toCharArray()));
try {
handle(new Callback[] { rcb, ncb, evc });
return evc.isVerified();
} catch (LoginException e) {
return false;
}
default:
return false;
}
}
use of org.wildfly.security.auth.callback.EvidenceVerifyCallback in project quickstart by wildfly.
the class CustomHeaderHttpAuthenticationMechanism method evaluateRequest.
public void evaluateRequest(HttpServerRequest request) throws HttpAuthenticationException {
final String username = request.getFirstRequestHeaderValue(USERNAME_HEADER);
final String password = request.getFirstRequestHeaderValue(PASSWORD_HEADER);
if (username == null || username.length() == 0 || password == null || password.length() == 0) {
/*
* This mechanism is not performing authentication at this time however other mechanisms may be in use concurrently and could succeed so we register
*/
request.noAuthenticationInProgress(RESPONDER);
return;
}
/*
* The first two callbacks are used to authenticate a user using the supplied username and password.
*/
NameCallback nameCallback = new NameCallback("Remote Authentication Name", username);
nameCallback.setName(username);
final PasswordGuessEvidence evidence = new PasswordGuessEvidence(password.toCharArray());
EvidenceVerifyCallback evidenceVerifyCallback = new EvidenceVerifyCallback(evidence);
try {
callbackHandler.handle(new Callback[] { nameCallback, evidenceVerifyCallback });
} catch (IOException | UnsupportedCallbackException e) {
throw new HttpAuthenticationException(e);
}
if (evidenceVerifyCallback.isVerified() == false) {
request.authenticationFailed("Username / Password Validation Failed", RESPONDER);
}
try {
callbackHandler.handle(new Callback[] { new IdentityCredentialCallback(new PasswordCredential(ClearPassword.createRaw(ClearPassword.ALGORITHM_CLEAR, password.toCharArray())), true) });
} catch (IOException | UnsupportedCallbackException e) {
throw new HttpAuthenticationException(e);
}
/*
* The next callback is important, although at this stage they are authenticated an authorization check is now needed to
* ensure the user has the LoginPermission granted allowing them to login.
*/
AuthorizeCallback authorizeCallback = new AuthorizeCallback(username, username);
try {
callbackHandler.handle(new Callback[] { authorizeCallback });
if (authorizeCallback.isAuthorized()) {
callbackHandler.handle(new Callback[] { AuthenticationCompleteCallback.SUCCEEDED });
request.authenticationComplete();
} else {
callbackHandler.handle(new Callback[] { AuthenticationCompleteCallback.FAILED });
request.authenticationFailed("Authorization check failed.", RESPONDER);
}
return;
} catch (IOException | UnsupportedCallbackException e) {
throw new HttpAuthenticationException(e);
}
}
Aggregations