Example 1 with Evidence
use of org.wildfly.security.evidence.Evidence in project keycloak by keycloak.
the class SecurityIdentityUtil method authorize.
static final SecurityIdentity authorize(CallbackHandler callbackHandler, SamlPrincipal principal) {
try {
EvidenceVerifyCallback evidenceVerifyCallback = new EvidenceVerifyCallback(new Evidence() {
@Override
public Principal getPrincipal() {
return principal;
}
});
callbackHandler.handle(new Callback[] { evidenceVerifyCallback });
if (evidenceVerifyCallback.isVerified()) {
AuthorizeCallback authorizeCallback = new AuthorizeCallback(null, null);
try {
callbackHandler.handle(new Callback[] { authorizeCallback });
} catch (Exception e) {
throw new HttpAuthenticationException(e);
}
if (authorizeCallback.isAuthorized()) {
SecurityIdentityCallback securityIdentityCallback = new SecurityIdentityCallback();
callbackHandler.handle(new Callback[] { AuthenticationCompleteCallback.SUCCEEDED, securityIdentityCallback });
SecurityIdentity securityIdentity = securityIdentityCallback.getSecurityIdentity();
return securityIdentity;
}
}
} catch (UnsupportedCallbackException e) {
throw new RuntimeException(e);
} catch (IOException e) {
throw new RuntimeException(e);
}
return null;
}
Also used :
SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity)
SecurityIdentityCallback(org.wildfly.security.auth.callback.SecurityIdentityCallback)
HttpAuthenticationException(org.wildfly.security.http.HttpAuthenticationException)
Evidence(org.wildfly.security.evidence.Evidence)
EvidenceVerifyCallback(org.wildfly.security.auth.callback.EvidenceVerifyCallback)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
IOException(java.io.IOException)
SamlPrincipal(org.keycloak.adapters.saml.SamlPrincipal)
Principal(java.security.Principal)
AuthorizeCallback(javax.security.sasl.AuthorizeCallback)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
IOException(java.io.IOException)
HttpAuthenticationException(org.wildfly.security.http.HttpAuthenticationException)
Example 2 with Evidence
use of org.wildfly.security.evidence.Evidence in project keycloak by keycloak.
the class SecurityIdentityUtil method authorize.
static final SecurityIdentity authorize(CallbackHandler callbackHandler, Principal principal) {
try {
EvidenceVerifyCallback evidenceVerifyCallback = new EvidenceVerifyCallback(new Evidence() {
@Override
public Principal getPrincipal() {
return principal;
}
});
callbackHandler.handle(new Callback[] { evidenceVerifyCallback });
if (evidenceVerifyCallback.isVerified()) {
AuthorizeCallback authorizeCallback = new AuthorizeCallback(null, null);
try {
callbackHandler.handle(new Callback[] { authorizeCallback });
authorizeCallback.isAuthorized();
} catch (Exception e) {
throw new HttpAuthenticationException(e);
}
SecurityIdentityCallback securityIdentityCallback = new SecurityIdentityCallback();
IdentityCredentialCallback credentialCallback = new IdentityCredentialCallback(new BearerTokenCredential(KeycloakPrincipal.class.cast(principal).getKeycloakSecurityContext().getTokenString()), true);
callbackHandler.handle(new Callback[] { credentialCallback, AuthenticationCompleteCallback.SUCCEEDED, securityIdentityCallback });
SecurityIdentity securityIdentity = securityIdentityCallback.getSecurityIdentity();
return securityIdentity;
}
} catch (UnsupportedCallbackException e) {
throw new RuntimeException(e);
} catch (IOException e) {
throw new RuntimeException(e);
}
return null;
}
Also used :
SecurityIdentityCallback(org.wildfly.security.auth.callback.SecurityIdentityCallback)
HttpAuthenticationException(org.wildfly.security.http.HttpAuthenticationException)
BearerTokenCredential(org.wildfly.security.credential.BearerTokenCredential)
IOException(java.io.IOException)
AuthorizeCallback(javax.security.sasl.AuthorizeCallback)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
IOException(java.io.IOException)
HttpAuthenticationException(org.wildfly.security.http.HttpAuthenticationException)
SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity)
IdentityCredentialCallback(org.wildfly.security.auth.callback.IdentityCredentialCallback)
Evidence(org.wildfly.security.evidence.Evidence)
EvidenceVerifyCallback(org.wildfly.security.auth.callback.EvidenceVerifyCallback)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
KeycloakPrincipal(org.keycloak.KeycloakPrincipal)
Principal(java.security.Principal)
Example 3 with Evidence
use of org.wildfly.security.evidence.Evidence in project keycloak by keycloak.
the class KeycloakSecurityRealm method createRealmIdentity.
private RealmIdentity createRealmIdentity(KeycloakPrincipal principal) {
return new RealmIdentity() {
@Override
public Principal getRealmIdentityPrincipal() {
return principal;
}
@Override
public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec) throws RealmUnavailableException {
return SupportLevel.UNSUPPORTED;
}
@Override
public <C extends Credential> C getCredential(Class<C> credentialType) throws RealmUnavailableException {
return null;
}
@Override
public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> evidenceType, String algorithmName) throws RealmUnavailableException {
return SupportLevel.SUPPORTED;
}
@Override
public boolean verifyEvidence(Evidence evidence) throws RealmUnavailableException {
return principal != null;
}
@Override
public boolean exists() throws RealmUnavailableException {
return principal != null;
}
@Override
public AuthorizationIdentity getAuthorizationIdentity() throws RealmUnavailableException {
RefreshableKeycloakSecurityContext securityContext = (RefreshableKeycloakSecurityContext) principal.getKeycloakSecurityContext();
Attributes attributes = new MapAttributes();
Set<String> roles = AdapterUtils.getRolesFromSecurityContext(securityContext);
attributes.addAll(RoleDecoder.KEY_ROLES, roles);
return AuthorizationIdentity.basicIdentity(attributes);
}
};
}
Also used :
Credential(org.wildfly.security.credential.Credential)
RefreshableKeycloakSecurityContext(org.keycloak.adapters.RefreshableKeycloakSecurityContext)
MapAttributes(org.wildfly.security.authz.MapAttributes)
MapAttributes(org.wildfly.security.authz.MapAttributes)
Attributes(org.wildfly.security.authz.Attributes)
Evidence(org.wildfly.security.evidence.Evidence)
RealmIdentity(org.wildfly.security.auth.server.RealmIdentity)
AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec)
Aggregations
Evidence (org.wildfly.security.evidence.Evidence)3
IOException (java.io.IOException)2
Principal (java.security.Principal)2
UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)2
AuthorizeCallback (javax.security.sasl.AuthorizeCallback)2
EvidenceVerifyCallback (org.wildfly.security.auth.callback.EvidenceVerifyCallback)2
SecurityIdentityCallback (org.wildfly.security.auth.callback.SecurityIdentityCallback)2
SecurityIdentity (org.wildfly.security.auth.server.SecurityIdentity)2
HttpAuthenticationException (org.wildfly.security.http.HttpAuthenticationException)2
AlgorithmParameterSpec (java.security.spec.AlgorithmParameterSpec)1
KeycloakPrincipal (org.keycloak.KeycloakPrincipal)1
RefreshableKeycloakSecurityContext (org.keycloak.adapters.RefreshableKeycloakSecurityContext)1
SamlPrincipal (org.keycloak.adapters.saml.SamlPrincipal)1
IdentityCredentialCallback (org.wildfly.security.auth.callback.IdentityCredentialCallback)1
RealmIdentity (org.wildfly.security.auth.server.RealmIdentity)1
Attributes (org.wildfly.security.authz.Attributes)1
MapAttributes (org.wildfly.security.authz.MapAttributes)1
BearerTokenCredential (org.wildfly.security.credential.BearerTokenCredential)1
Credential (org.wildfly.security.credential.Credential)1
