use of org.wildfly.security.auth.server.ServerAuthenticationContext in project wildfly by wildfly.
the class ElytronSecurityDomainContextImpl method authenticate.
private SecurityIdentity authenticate(final String username, final String password) {
ServerAuthenticationContext context = this.securityDomain.createNewAuthenticationContext();
PasswordGuessEvidence evidence = new PasswordGuessEvidence(password != null ? password.toCharArray() : null);
try {
context.setAuthenticationName(username);
if (context.verifyEvidence(evidence)) {
if (context.authorize()) {
context.succeed();
return context.getAuthorizedIdentity();
} else {
context.fail();
WSLogger.ROOT_LOGGER.failedAuthorization(username);
}
} else {
context.fail();
WSLogger.ROOT_LOGGER.failedAuthentication(username);
}
} catch (IllegalArgumentException | IllegalStateException | RealmUnavailableException e) {
context.fail();
WSLogger.ROOT_LOGGER.failedAuthenticationWithException(e, username, e.getMessage());
} finally {
//prevent leaks of RealmIdentity instances
if (!context.isDone())
context.fail();
evidence.destroy();
}
return null;
}
use of org.wildfly.security.auth.server.ServerAuthenticationContext in project wildfly by wildfly.
the class EjbCorbaServant method authenticate.
/**
* Authenticate the user with the given credential against the configured Elytron security domain.
*
* @param principal the principal representing the user being authenticated.
* @param credential the credential used as evidence to verify the user's identity.
* @return the authenticated and authorized {@link SecurityIdentity}.
* @throws Exception if an error occurs while authenticating the user.
*/
private SecurityIdentity authenticate(final Principal principal, final char[] credential) throws Exception {
final ServerAuthenticationContext context = this.securityDomain.createNewAuthenticationContext();
final PasswordGuessEvidence evidence = new PasswordGuessEvidence(credential != null ? credential : null);
try {
context.setAuthenticationPrincipal(principal);
if (context.verifyEvidence(evidence)) {
if (context.authorize()) {
context.succeed();
return context.getAuthorizedIdentity();
} else {
context.fail();
throw new SecurityException("Authorization failed");
}
} else {
context.fail();
throw new SecurityException("Authentication failed");
}
} catch (IllegalArgumentException | IllegalStateException | RealmUnavailableException e) {
context.fail();
throw e;
} finally {
evidence.destroy();
}
}
use of org.wildfly.security.auth.server.ServerAuthenticationContext in project wildfly by wildfly.
the class ElytronCallbackHandler method authenticate.
/**
* Authenticate the user with the given credential against the configured Elytron security domain.
*
* @param username the user being authenticated.
* @param credential the credential used as evidence to verify the user's identity.
* @return the authenticated and authorized {@link SecurityIdentity}.
* @throws IOException if an error occurs while authenticating the user.
*/
private SecurityIdentity authenticate(final String username, final char[] credential) throws IOException {
final ServerAuthenticationContext context = this.securityDomain.createNewAuthenticationContext();
final PasswordGuessEvidence evidence = new PasswordGuessEvidence(credential != null ? credential : null);
try {
context.setAuthenticationName(username);
if (context.verifyEvidence(evidence)) {
if (context.authorize()) {
context.succeed();
return context.getAuthorizedIdentity();
} else {
context.fail();
throw new SecurityException("Authorization failed");
}
} else {
context.fail();
throw new SecurityException("Authentication failed");
}
} catch (IllegalArgumentException | IllegalStateException | RealmUnavailableException e) {
context.fail();
throw e;
} finally {
if (!context.isDone()) {
context.fail();
}
evidence.destroy();
}
}
use of org.wildfly.security.auth.server.ServerAuthenticationContext in project wildfly by wildfly.
the class ElytronSecurityManager method authenticate.
/**
* Attempt to authenticate and authorize an username with the specified password evidence.
*
* @param username the username being authenticated.
* @param password the password to be verified.
* @return a reference to the {@link SecurityIdentity} if the user was successfully authenticated and authorized;
* {@code null} otherwise.
*/
private SecurityIdentity authenticate(final String username, final String password) {
ServerAuthenticationContext context = this.securityDomain.createNewAuthenticationContext();
PasswordGuessEvidence evidence = null;
try {
if (password == null) {
if (username == null) {
if (context.authorizeAnonymous()) {
context.succeed();
return context.getAuthorizedIdentity();
} else {
context.fail();
return null;
}
} else {
// treat a non-null user name with a null password as a auth failure
context.fail();
return null;
}
}
context.setAuthenticationName(username);
evidence = new PasswordGuessEvidence(password.toCharArray());
if (context.verifyEvidence(evidence)) {
if (context.authorize()) {
context.succeed();
return context.getAuthorizedIdentity();
} else {
context.fail();
MessagingLogger.ROOT_LOGGER.failedAuthorization(username);
}
} else {
context.fail();
MessagingLogger.ROOT_LOGGER.failedAuthentication(username);
}
} catch (IllegalArgumentException | IllegalStateException | RealmUnavailableException e) {
context.fail();
MessagingLogger.ROOT_LOGGER.failedAuthenticationWithException(e, username, e.getMessage());
} finally {
if (evidence != null) {
evidence.destroy();
}
}
return null;
}
Aggregations