Search in sources :

Example 1 with PasswordGuessEvidence

use of org.wildfly.security.evidence.PasswordGuessEvidence in project wildfly by wildfly.

the class RealmDirectLoginModule method validatePassword.

@Override
protected boolean validatePassword(String inputPassword, String expectedPassword) {
    if (digestCredential != null) {
        return digestCredential.verifyHA1(expectedPassword.getBytes(UTF_8));
    }
    switch(validationMode) {
        case DIGEST:
            String inputHashed = hashUtil.generateHashedHexURP(getUsername(), securityRealm.getName(), inputPassword.toCharArray());
            return expectedPassword.equals(inputHashed);
        case PASSWORD:
            return expectedPassword.equals(inputPassword);
        case VALIDATION:
            RealmCallback rcb = new RealmCallback("Realm", securityRealm.getName());
            NameCallback ncb = new NameCallback("User Name", getUsername());
            EvidenceVerifyCallback evc = new EvidenceVerifyCallback(new PasswordGuessEvidence(inputPassword.toCharArray()));
            try {
                handle(new Callback[] { rcb, ncb, evc });
                return evc.isVerified();
            } catch (LoginException e) {
                return false;
            }
        default:
            return false;
    }
}
Also used : NameCallback(javax.security.auth.callback.NameCallback) PasswordGuessEvidence(org.wildfly.security.evidence.PasswordGuessEvidence) LoginException(javax.security.auth.login.LoginException) EvidenceVerifyCallback(org.wildfly.security.auth.callback.EvidenceVerifyCallback) RealmCallback(javax.security.sasl.RealmCallback)

Example 2 with PasswordGuessEvidence

use of org.wildfly.security.evidence.PasswordGuessEvidence in project wildfly by wildfly.

the class EjbCorbaServant method authenticate.

/**
 * Authenticate the user with the given credential against the configured Elytron security domain.
 *
 * @param principal the principal representing the user being authenticated.
 * @param credential the credential used as evidence to verify the user's identity.
 * @return the authenticated and authorized {@link SecurityIdentity}.
 * @throws Exception if an error occurs while authenticating the user.
 */
private SecurityIdentity authenticate(final Principal principal, final char[] credential) throws Exception {
    final ServerAuthenticationContext context = this.securityDomain.createNewAuthenticationContext();
    final PasswordGuessEvidence evidence = new PasswordGuessEvidence(credential != null ? credential : null);
    try {
        context.setAuthenticationPrincipal(principal);
        if (context.verifyEvidence(evidence)) {
            if (context.authorize()) {
                context.succeed();
                return context.getAuthorizedIdentity();
            } else {
                context.fail();
                throw new SecurityException("Authorization failed");
            }
        } else {
            context.fail();
            throw new SecurityException("Authentication failed");
        }
    } catch (IllegalArgumentException | IllegalStateException | RealmUnavailableException e) {
        context.fail();
        throw e;
    } finally {
        evidence.destroy();
    }
}
Also used : ServerAuthenticationContext(org.wildfly.security.auth.server.ServerAuthenticationContext) PasswordGuessEvidence(org.wildfly.security.evidence.PasswordGuessEvidence) RealmUnavailableException(org.wildfly.security.auth.server.RealmUnavailableException)

Example 3 with PasswordGuessEvidence

use of org.wildfly.security.evidence.PasswordGuessEvidence in project wildfly by wildfly.

the class MixedSecurityAnnotationAuthorizationTestCase method runAsElytronIdentity.

private static <T> T runAsElytronIdentity(final String username, final String password, final Callable<T> callable) throws Exception {
    if (username != null && password != null) {
        final SecurityDomain securityDomain = SecurityDomain.getCurrent();
        final SecurityIdentity securityIdentity = securityDomain.authenticate(username, new PasswordGuessEvidence(password.toCharArray()));
        return securityIdentity.runAs(callable);
    }
    return callable.call();
}
Also used : SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity) PasswordGuessEvidence(org.wildfly.security.evidence.PasswordGuessEvidence) SecurityDomain(org.wildfly.security.auth.server.SecurityDomain)

Example 4 with PasswordGuessEvidence

use of org.wildfly.security.evidence.PasswordGuessEvidence in project wildfly by wildfly.

the class CheckIdentityPermissionServlet method doGet.

@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
    resp.setContentType("text/plain");
    resp.setCharacterEncoding("UTF-8");
    SecurityIdentity si = null;
    final String user = req.getParameter(PARAM_USER);
    if (user != null) {
        final String password = req.getParameter(PARAM_PASSWORD);
        try {
            si = SecurityDomain.getCurrent().authenticate(user, new PasswordGuessEvidence(password.toCharArray()));
        } catch (Exception e) {
            e.printStackTrace();
            resp.sendError(SC_FORBIDDEN, e.getMessage());
            return;
        }
    } else {
        si = SecurityDomain.getCurrent().getCurrentSecurityIdentity();
    }
    String className = req.getParameter(PARAM_CLASS);
    if (className == null) {
        resp.sendError(SC_BAD_REQUEST, "Parameter class has to be provided");
        return;
    }
    String target = req.getParameter(PARAM_TARGET);
    String action = req.getParameter(PARAM_ACTION);
    Permission perm = null;
    try {
        if (target == null) {
            perm = (Permission) Class.forName(className).newInstance();
        } else if (action == null) {
            perm = (Permission) Class.forName(className).getConstructor(String.class).newInstance(target);
        } else {
            perm = (Permission) Class.forName(className).getConstructor(String.class, String.class).newInstance(target, action);
        }
    } catch (Exception e) {
        throw new ServletException("Unable to create permission instance", e);
    }
    final PrintWriter writer = resp.getWriter();
    writer.print(si.implies(perm));
    writer.close();
}
Also used : SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity) ServletException(javax.servlet.ServletException) Permission(java.security.Permission) PasswordGuessEvidence(org.wildfly.security.evidence.PasswordGuessEvidence) ServletException(javax.servlet.ServletException) IOException(java.io.IOException) PrintWriter(java.io.PrintWriter)

Example 5 with PasswordGuessEvidence

use of org.wildfly.security.evidence.PasswordGuessEvidence in project wildfly by wildfly.

the class Util method switchIdentity.

/**
 * Switch the user's identity using Elytron.
 *
 * @param username the new username
 * @param password the new password
 * @param callable the callable task to execute under the new identity
 * @param validateException whether or not to validate an exception thrown by the callable task
 * {@code false} if {@link SecurityClientFactory} should be used for legacy security instead
 * @param classLoader the class loader to use when checking for a security domain association
 * @param <T> the result type of the callable task
 * @return the result of the callable task
 * @throws Exception if an error occurs while switching the user's identity or if an error occurs while executing the callable task
 */
public static <T> T switchIdentity(final String username, final String password, final Callable<T> callable, boolean validateException, final ClassLoader classLoader) throws Exception {
    boolean initialAuthSucceeded = false;
    try {
        if (username != null && password != null) {
            final SecurityDomain securityDomain;
            if (classLoader != null) {
                final ClassLoader current = Thread.currentThread().getContextClassLoader();
                try {
                    Thread.currentThread().setContextClassLoader(classLoader);
                    securityDomain = SecurityDomain.getCurrent();
                } finally {
                    Thread.currentThread().setContextClassLoader(current);
                }
            } else {
                securityDomain = SecurityDomain.getCurrent();
            }
            if (securityDomain != null) {
                // elytron is enabled, use the new way to switch the identity
                final SecurityIdentity securityIdentity = securityDomain.authenticate(username, new PasswordGuessEvidence(password.toCharArray()));
                initialAuthSucceeded = true;
                return securityIdentity.runAs(callable);
            } else {
                // legacy security is enabled, use the ClientLoginModule or SecurityClientFactory to switch the identity
                throw new IllegalStateException("Legacy security is no longer supported.");
            }
        }
        return callable.call();
    } catch (Exception e) {
        if (validateException) {
            validateException(e, initialAuthSucceeded);
        } else {
            throw e;
        }
    }
    return null;
}
Also used : SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity) PasswordGuessEvidence(org.wildfly.security.evidence.PasswordGuessEvidence) EJBException(javax.ejb.EJBException) EJBAccessException(javax.ejb.EJBAccessException) NamingException(javax.naming.NamingException) SecurityDomain(org.wildfly.security.auth.server.SecurityDomain)

Aggregations

PasswordGuessEvidence (org.wildfly.security.evidence.PasswordGuessEvidence)10 RealmUnavailableException (org.wildfly.security.auth.server.RealmUnavailableException)4 ServerAuthenticationContext (org.wildfly.security.auth.server.ServerAuthenticationContext)4 SecurityDomain (org.wildfly.security.auth.server.SecurityDomain)3 SecurityIdentity (org.wildfly.security.auth.server.SecurityIdentity)3 IOException (java.io.IOException)2 NameCallback (javax.security.auth.callback.NameCallback)2 EvidenceVerifyCallback (org.wildfly.security.auth.callback.EvidenceVerifyCallback)2 PrintWriter (java.io.PrintWriter)1 Permission (java.security.Permission)1 EJBAccessException (javax.ejb.EJBAccessException)1 EJBException (javax.ejb.EJBException)1 NamingException (javax.naming.NamingException)1 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)1 LoginException (javax.security.auth.login.LoginException)1 AuthorizeCallback (javax.security.sasl.AuthorizeCallback)1 RealmCallback (javax.security.sasl.RealmCallback)1 ServletException (javax.servlet.ServletException)1 IdentityCredentialCallback (org.wildfly.security.auth.callback.IdentityCredentialCallback)1 AuthenticationConfiguration (org.wildfly.security.auth.client.AuthenticationConfiguration)1