use of org.wildfly.security.auth.callback.IdentityCredentialCallback in project quickstart by wildfly.
the class CustomHeaderHttpAuthenticationMechanism method evaluateRequest.
public void evaluateRequest(HttpServerRequest request) throws HttpAuthenticationException {
final String username = request.getFirstRequestHeaderValue(USERNAME_HEADER);
final String password = request.getFirstRequestHeaderValue(PASSWORD_HEADER);
if (username == null || username.length() == 0 || password == null || password.length() == 0) {
/*
* This mechanism is not performing authentication at this time however other mechanisms may be in use concurrently and could succeed so we register
*/
request.noAuthenticationInProgress(RESPONDER);
return;
}
/*
* The first two callbacks are used to authenticate a user using the supplied username and password.
*/
NameCallback nameCallback = new NameCallback("Remote Authentication Name", username);
nameCallback.setName(username);
final PasswordGuessEvidence evidence = new PasswordGuessEvidence(password.toCharArray());
EvidenceVerifyCallback evidenceVerifyCallback = new EvidenceVerifyCallback(evidence);
try {
callbackHandler.handle(new Callback[] { nameCallback, evidenceVerifyCallback });
} catch (IOException | UnsupportedCallbackException e) {
throw new HttpAuthenticationException(e);
}
if (evidenceVerifyCallback.isVerified() == false) {
request.authenticationFailed("Username / Password Validation Failed", RESPONDER);
}
try {
callbackHandler.handle(new Callback[] { new IdentityCredentialCallback(new PasswordCredential(ClearPassword.createRaw(ClearPassword.ALGORITHM_CLEAR, password.toCharArray())), true) });
} catch (IOException | UnsupportedCallbackException e) {
throw new HttpAuthenticationException(e);
}
/*
* The next callback is important, although at this stage they are authenticated an authorization check is now needed to
* ensure the user has the LoginPermission granted allowing them to login.
*/
AuthorizeCallback authorizeCallback = new AuthorizeCallback(username, username);
try {
callbackHandler.handle(new Callback[] { authorizeCallback });
if (authorizeCallback.isAuthorized()) {
callbackHandler.handle(new Callback[] { AuthenticationCompleteCallback.SUCCEEDED });
request.authenticationComplete();
} else {
callbackHandler.handle(new Callback[] { AuthenticationCompleteCallback.FAILED });
request.authenticationFailed("Authorization check failed.", RESPONDER);
}
return;
} catch (IOException | UnsupportedCallbackException e) {
throw new HttpAuthenticationException(e);
}
}
use of org.wildfly.security.auth.callback.IdentityCredentialCallback in project keycloak by keycloak.
the class SecurityIdentityUtil method authorize.
static final SecurityIdentity authorize(CallbackHandler callbackHandler, Principal principal) {
try {
EvidenceVerifyCallback evidenceVerifyCallback = new EvidenceVerifyCallback(new Evidence() {
@Override
public Principal getPrincipal() {
return principal;
}
});
callbackHandler.handle(new Callback[] { evidenceVerifyCallback });
if (evidenceVerifyCallback.isVerified()) {
AuthorizeCallback authorizeCallback = new AuthorizeCallback(null, null);
try {
callbackHandler.handle(new Callback[] { authorizeCallback });
authorizeCallback.isAuthorized();
} catch (Exception e) {
throw new HttpAuthenticationException(e);
}
SecurityIdentityCallback securityIdentityCallback = new SecurityIdentityCallback();
IdentityCredentialCallback credentialCallback = new IdentityCredentialCallback(new BearerTokenCredential(KeycloakPrincipal.class.cast(principal).getKeycloakSecurityContext().getTokenString()), true);
callbackHandler.handle(new Callback[] { credentialCallback, AuthenticationCompleteCallback.SUCCEEDED, securityIdentityCallback });
SecurityIdentity securityIdentity = securityIdentityCallback.getSecurityIdentity();
return securityIdentity;
}
} catch (UnsupportedCallbackException e) {
throw new RuntimeException(e);
} catch (IOException e) {
throw new RuntimeException(e);
}
return null;
}
Aggregations