Search in sources :

Example 1 with ServerAuthenticationContext

use of org.wildfly.security.auth.server.ServerAuthenticationContext in project wildfly by wildfly.

the class ElytronSecurityDomainContextImpl method authenticate.

private SecurityIdentity authenticate(final String username, final String password) {
    ServerAuthenticationContext context = this.securityDomain.createNewAuthenticationContext();
    PasswordGuessEvidence evidence = new PasswordGuessEvidence(password != null ? password.toCharArray() : null);
    try {
        context.setAuthenticationName(username);
        if (context.verifyEvidence(evidence)) {
            if (context.authorize()) {
                context.succeed();
                return context.getAuthorizedIdentity();
            } else {
                context.fail();
                WSLogger.ROOT_LOGGER.failedAuthorization(username);
            }
        } else {
            context.fail();
            WSLogger.ROOT_LOGGER.failedAuthentication(username);
        }
    } catch (IllegalArgumentException | IllegalStateException | RealmUnavailableException e) {
        context.fail();
        WSLogger.ROOT_LOGGER.failedAuthenticationWithException(e, username, e.getMessage());
    } finally {
        //prevent leaks of RealmIdentity instances
        if (!context.isDone())
            context.fail();
        evidence.destroy();
    }
    return null;
}
Also used : ServerAuthenticationContext(org.wildfly.security.auth.server.ServerAuthenticationContext) PasswordGuessEvidence(org.wildfly.security.evidence.PasswordGuessEvidence) RealmUnavailableException(org.wildfly.security.auth.server.RealmUnavailableException)

Example 2 with ServerAuthenticationContext

use of org.wildfly.security.auth.server.ServerAuthenticationContext in project wildfly by wildfly.

the class EjbCorbaServant method authenticate.

/**
     * Authenticate the user with the given credential against the configured Elytron security domain.
     *
     * @param principal the principal representing the user being authenticated.
     * @param credential the credential used as evidence to verify the user's identity.
     * @return the authenticated and authorized {@link SecurityIdentity}.
     * @throws Exception if an error occurs while authenticating the user.
     */
private SecurityIdentity authenticate(final Principal principal, final char[] credential) throws Exception {
    final ServerAuthenticationContext context = this.securityDomain.createNewAuthenticationContext();
    final PasswordGuessEvidence evidence = new PasswordGuessEvidence(credential != null ? credential : null);
    try {
        context.setAuthenticationPrincipal(principal);
        if (context.verifyEvidence(evidence)) {
            if (context.authorize()) {
                context.succeed();
                return context.getAuthorizedIdentity();
            } else {
                context.fail();
                throw new SecurityException("Authorization failed");
            }
        } else {
            context.fail();
            throw new SecurityException("Authentication failed");
        }
    } catch (IllegalArgumentException | IllegalStateException | RealmUnavailableException e) {
        context.fail();
        throw e;
    } finally {
        evidence.destroy();
    }
}
Also used : ServerAuthenticationContext(org.wildfly.security.auth.server.ServerAuthenticationContext) PasswordGuessEvidence(org.wildfly.security.evidence.PasswordGuessEvidence) RealmUnavailableException(org.wildfly.security.auth.server.RealmUnavailableException)

Example 3 with ServerAuthenticationContext

use of org.wildfly.security.auth.server.ServerAuthenticationContext in project wildfly by wildfly.

the class ElytronCallbackHandler method authenticate.

/**
     * Authenticate the user with the given credential against the configured Elytron security domain.
     *
     * @param username the user being authenticated.
     * @param credential the credential used as evidence to verify the user's identity.
     * @return the authenticated and authorized {@link SecurityIdentity}.
     * @throws IOException if an error occurs while authenticating the user.
     */
private SecurityIdentity authenticate(final String username, final char[] credential) throws IOException {
    final ServerAuthenticationContext context = this.securityDomain.createNewAuthenticationContext();
    final PasswordGuessEvidence evidence = new PasswordGuessEvidence(credential != null ? credential : null);
    try {
        context.setAuthenticationName(username);
        if (context.verifyEvidence(evidence)) {
            if (context.authorize()) {
                context.succeed();
                return context.getAuthorizedIdentity();
            } else {
                context.fail();
                throw new SecurityException("Authorization failed");
            }
        } else {
            context.fail();
            throw new SecurityException("Authentication failed");
        }
    } catch (IllegalArgumentException | IllegalStateException | RealmUnavailableException e) {
        context.fail();
        throw e;
    } finally {
        if (!context.isDone()) {
            context.fail();
        }
        evidence.destroy();
    }
}
Also used : ServerAuthenticationContext(org.wildfly.security.auth.server.ServerAuthenticationContext) PasswordGuessEvidence(org.wildfly.security.evidence.PasswordGuessEvidence) RealmUnavailableException(org.wildfly.security.auth.server.RealmUnavailableException)

Example 4 with ServerAuthenticationContext

use of org.wildfly.security.auth.server.ServerAuthenticationContext in project wildfly by wildfly.

the class ElytronSecurityManager method authenticate.

/**
     * Attempt to authenticate and authorize an username with the specified password evidence.
     *
     * @param username the username being authenticated.
     * @param password the password to be verified.
     * @return a reference to the {@link SecurityIdentity} if the user was successfully authenticated and authorized;
     *  {@code null} otherwise.
     */
private SecurityIdentity authenticate(final String username, final String password) {
    ServerAuthenticationContext context = this.securityDomain.createNewAuthenticationContext();
    PasswordGuessEvidence evidence = null;
    try {
        if (password == null) {
            if (username == null) {
                if (context.authorizeAnonymous()) {
                    context.succeed();
                    return context.getAuthorizedIdentity();
                } else {
                    context.fail();
                    return null;
                }
            } else {
                // treat a non-null user name with a null password as a auth failure
                context.fail();
                return null;
            }
        }
        context.setAuthenticationName(username);
        evidence = new PasswordGuessEvidence(password.toCharArray());
        if (context.verifyEvidence(evidence)) {
            if (context.authorize()) {
                context.succeed();
                return context.getAuthorizedIdentity();
            } else {
                context.fail();
                MessagingLogger.ROOT_LOGGER.failedAuthorization(username);
            }
        } else {
            context.fail();
            MessagingLogger.ROOT_LOGGER.failedAuthentication(username);
        }
    } catch (IllegalArgumentException | IllegalStateException | RealmUnavailableException e) {
        context.fail();
        MessagingLogger.ROOT_LOGGER.failedAuthenticationWithException(e, username, e.getMessage());
    } finally {
        if (evidence != null) {
            evidence.destroy();
        }
    }
    return null;
}
Also used : ServerAuthenticationContext(org.wildfly.security.auth.server.ServerAuthenticationContext) PasswordGuessEvidence(org.wildfly.security.evidence.PasswordGuessEvidence) RealmUnavailableException(org.wildfly.security.auth.server.RealmUnavailableException)

Aggregations

RealmUnavailableException (org.wildfly.security.auth.server.RealmUnavailableException)4 ServerAuthenticationContext (org.wildfly.security.auth.server.ServerAuthenticationContext)4 PasswordGuessEvidence (org.wildfly.security.evidence.PasswordGuessEvidence)4