Search in sources :

Example 1 with IdentityCredentialCallback

use of org.wildfly.security.auth.callback.IdentityCredentialCallback in project quickstart by wildfly.

the class CustomHeaderHttpAuthenticationMechanism method evaluateRequest.

public void evaluateRequest(HttpServerRequest request) throws HttpAuthenticationException {
    final String username = request.getFirstRequestHeaderValue(USERNAME_HEADER);
    final String password = request.getFirstRequestHeaderValue(PASSWORD_HEADER);
    if (username == null || username.length() == 0 || password == null || password.length() == 0) {
        /*
             * This mechanism is not performing authentication at this time however other mechanisms may be in use concurrently and could succeed so we register
             */
        request.noAuthenticationInProgress(RESPONDER);
        return;
    }
    /*
         * The first two callbacks are used to authenticate a user using the supplied username and password.
         */
    NameCallback nameCallback = new NameCallback("Remote Authentication Name", username);
    nameCallback.setName(username);
    final PasswordGuessEvidence evidence = new PasswordGuessEvidence(password.toCharArray());
    EvidenceVerifyCallback evidenceVerifyCallback = new EvidenceVerifyCallback(evidence);
    try {
        callbackHandler.handle(new Callback[] { nameCallback, evidenceVerifyCallback });
    } catch (IOException | UnsupportedCallbackException e) {
        throw new HttpAuthenticationException(e);
    }
    if (evidenceVerifyCallback.isVerified() == false) {
        request.authenticationFailed("Username / Password Validation Failed", RESPONDER);
    }
    try {
        callbackHandler.handle(new Callback[] { new IdentityCredentialCallback(new PasswordCredential(ClearPassword.createRaw(ClearPassword.ALGORITHM_CLEAR, password.toCharArray())), true) });
    } catch (IOException | UnsupportedCallbackException e) {
        throw new HttpAuthenticationException(e);
    }
    /*
         * The next callback is important, although at this stage they are authenticated an authorization check is now needed to
         * ensure the user has the LoginPermission granted allowing them to login.
         */
    AuthorizeCallback authorizeCallback = new AuthorizeCallback(username, username);
    try {
        callbackHandler.handle(new Callback[] { authorizeCallback });
        if (authorizeCallback.isAuthorized()) {
            callbackHandler.handle(new Callback[] { AuthenticationCompleteCallback.SUCCEEDED });
            request.authenticationComplete();
        } else {
            callbackHandler.handle(new Callback[] { AuthenticationCompleteCallback.FAILED });
            request.authenticationFailed("Authorization check failed.", RESPONDER);
        }
        return;
    } catch (IOException | UnsupportedCallbackException e) {
        throw new HttpAuthenticationException(e);
    }
}
Also used : NameCallback(javax.security.auth.callback.NameCallback) IdentityCredentialCallback(org.wildfly.security.auth.callback.IdentityCredentialCallback) HttpAuthenticationException(org.wildfly.security.http.HttpAuthenticationException) PasswordCredential(org.wildfly.security.credential.PasswordCredential) PasswordGuessEvidence(org.wildfly.security.evidence.PasswordGuessEvidence) EvidenceVerifyCallback(org.wildfly.security.auth.callback.EvidenceVerifyCallback) IOException(java.io.IOException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) AuthorizeCallback(javax.security.sasl.AuthorizeCallback)

Example 2 with IdentityCredentialCallback

use of org.wildfly.security.auth.callback.IdentityCredentialCallback in project keycloak by keycloak.

the class SecurityIdentityUtil method authorize.

static final SecurityIdentity authorize(CallbackHandler callbackHandler, Principal principal) {
    try {
        EvidenceVerifyCallback evidenceVerifyCallback = new EvidenceVerifyCallback(new Evidence() {

            @Override
            public Principal getPrincipal() {
                return principal;
            }
        });
        callbackHandler.handle(new Callback[] { evidenceVerifyCallback });
        if (evidenceVerifyCallback.isVerified()) {
            AuthorizeCallback authorizeCallback = new AuthorizeCallback(null, null);
            try {
                callbackHandler.handle(new Callback[] { authorizeCallback });
                authorizeCallback.isAuthorized();
            } catch (Exception e) {
                throw new HttpAuthenticationException(e);
            }
            SecurityIdentityCallback securityIdentityCallback = new SecurityIdentityCallback();
            IdentityCredentialCallback credentialCallback = new IdentityCredentialCallback(new BearerTokenCredential(KeycloakPrincipal.class.cast(principal).getKeycloakSecurityContext().getTokenString()), true);
            callbackHandler.handle(new Callback[] { credentialCallback, AuthenticationCompleteCallback.SUCCEEDED, securityIdentityCallback });
            SecurityIdentity securityIdentity = securityIdentityCallback.getSecurityIdentity();
            return securityIdentity;
        }
    } catch (UnsupportedCallbackException e) {
        throw new RuntimeException(e);
    } catch (IOException e) {
        throw new RuntimeException(e);
    }
    return null;
}
Also used : SecurityIdentityCallback(org.wildfly.security.auth.callback.SecurityIdentityCallback) HttpAuthenticationException(org.wildfly.security.http.HttpAuthenticationException) BearerTokenCredential(org.wildfly.security.credential.BearerTokenCredential) IOException(java.io.IOException) AuthorizeCallback(javax.security.sasl.AuthorizeCallback) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) IOException(java.io.IOException) HttpAuthenticationException(org.wildfly.security.http.HttpAuthenticationException) SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity) IdentityCredentialCallback(org.wildfly.security.auth.callback.IdentityCredentialCallback) Evidence(org.wildfly.security.evidence.Evidence) EvidenceVerifyCallback(org.wildfly.security.auth.callback.EvidenceVerifyCallback) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) KeycloakPrincipal(org.keycloak.KeycloakPrincipal) Principal(java.security.Principal)

Aggregations

IOException (java.io.IOException)2 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)2 AuthorizeCallback (javax.security.sasl.AuthorizeCallback)2 EvidenceVerifyCallback (org.wildfly.security.auth.callback.EvidenceVerifyCallback)2 IdentityCredentialCallback (org.wildfly.security.auth.callback.IdentityCredentialCallback)2 HttpAuthenticationException (org.wildfly.security.http.HttpAuthenticationException)2 Principal (java.security.Principal)1 NameCallback (javax.security.auth.callback.NameCallback)1 KeycloakPrincipal (org.keycloak.KeycloakPrincipal)1 SecurityIdentityCallback (org.wildfly.security.auth.callback.SecurityIdentityCallback)1 SecurityIdentity (org.wildfly.security.auth.server.SecurityIdentity)1 BearerTokenCredential (org.wildfly.security.credential.BearerTokenCredential)1 PasswordCredential (org.wildfly.security.credential.PasswordCredential)1 Evidence (org.wildfly.security.evidence.Evidence)1 PasswordGuessEvidence (org.wildfly.security.evidence.PasswordGuessEvidence)1