use of org.wildfly.security.evidence.PasswordGuessEvidence in project wildfly by wildfly.
the class RealmDirectLoginModule method validatePassword.
@Override
protected boolean validatePassword(String inputPassword, String expectedPassword) {
if (digestCredential != null) {
return digestCredential.verifyHA1(expectedPassword.getBytes(UTF_8));
}
switch(validationMode) {
case DIGEST:
String inputHashed = hashUtil.generateHashedHexURP(getUsername(), securityRealm.getName(), inputPassword.toCharArray());
return expectedPassword.equals(inputHashed);
case PASSWORD:
return expectedPassword.equals(inputPassword);
case VALIDATION:
RealmCallback rcb = new RealmCallback("Realm", securityRealm.getName());
NameCallback ncb = new NameCallback("User Name", getUsername());
EvidenceVerifyCallback evc = new EvidenceVerifyCallback(new PasswordGuessEvidence(inputPassword.toCharArray()));
try {
handle(new Callback[] { rcb, ncb, evc });
return evc.isVerified();
} catch (LoginException e) {
return false;
}
default:
return false;
}
}
use of org.wildfly.security.evidence.PasswordGuessEvidence in project wildfly by wildfly.
the class EjbCorbaServant method authenticate.
/**
* Authenticate the user with the given credential against the configured Elytron security domain.
*
* @param principal the principal representing the user being authenticated.
* @param credential the credential used as evidence to verify the user's identity.
* @return the authenticated and authorized {@link SecurityIdentity}.
* @throws Exception if an error occurs while authenticating the user.
*/
private SecurityIdentity authenticate(final Principal principal, final char[] credential) throws Exception {
final ServerAuthenticationContext context = this.securityDomain.createNewAuthenticationContext();
final PasswordGuessEvidence evidence = new PasswordGuessEvidence(credential != null ? credential : null);
try {
context.setAuthenticationPrincipal(principal);
if (context.verifyEvidence(evidence)) {
if (context.authorize()) {
context.succeed();
return context.getAuthorizedIdentity();
} else {
context.fail();
throw new SecurityException("Authorization failed");
}
} else {
context.fail();
throw new SecurityException("Authentication failed");
}
} catch (IllegalArgumentException | IllegalStateException | RealmUnavailableException e) {
context.fail();
throw e;
} finally {
evidence.destroy();
}
}
use of org.wildfly.security.evidence.PasswordGuessEvidence in project wildfly by wildfly.
the class MixedSecurityAnnotationAuthorizationTestCase method runAsElytronIdentity.
private static <T> T runAsElytronIdentity(final String username, final String password, final Callable<T> callable) throws Exception {
if (username != null && password != null) {
final SecurityDomain securityDomain = SecurityDomain.getCurrent();
final SecurityIdentity securityIdentity = securityDomain.authenticate(username, new PasswordGuessEvidence(password.toCharArray()));
return securityIdentity.runAs(callable);
}
return callable.call();
}
use of org.wildfly.security.evidence.PasswordGuessEvidence in project wildfly by wildfly.
the class CheckIdentityPermissionServlet method doGet.
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
resp.setContentType("text/plain");
resp.setCharacterEncoding("UTF-8");
SecurityIdentity si = null;
final String user = req.getParameter(PARAM_USER);
if (user != null) {
final String password = req.getParameter(PARAM_PASSWORD);
try {
si = SecurityDomain.getCurrent().authenticate(user, new PasswordGuessEvidence(password.toCharArray()));
} catch (Exception e) {
e.printStackTrace();
resp.sendError(SC_FORBIDDEN, e.getMessage());
return;
}
} else {
si = SecurityDomain.getCurrent().getCurrentSecurityIdentity();
}
String className = req.getParameter(PARAM_CLASS);
if (className == null) {
resp.sendError(SC_BAD_REQUEST, "Parameter class has to be provided");
return;
}
String target = req.getParameter(PARAM_TARGET);
String action = req.getParameter(PARAM_ACTION);
Permission perm = null;
try {
if (target == null) {
perm = (Permission) Class.forName(className).newInstance();
} else if (action == null) {
perm = (Permission) Class.forName(className).getConstructor(String.class).newInstance(target);
} else {
perm = (Permission) Class.forName(className).getConstructor(String.class, String.class).newInstance(target, action);
}
} catch (Exception e) {
throw new ServletException("Unable to create permission instance", e);
}
final PrintWriter writer = resp.getWriter();
writer.print(si.implies(perm));
writer.close();
}
use of org.wildfly.security.evidence.PasswordGuessEvidence in project wildfly by wildfly.
the class Util method switchIdentity.
/**
* Switch the user's identity using Elytron.
*
* @param username the new username
* @param password the new password
* @param callable the callable task to execute under the new identity
* @param validateException whether or not to validate an exception thrown by the callable task
* {@code false} if {@link SecurityClientFactory} should be used for legacy security instead
* @param classLoader the class loader to use when checking for a security domain association
* @param <T> the result type of the callable task
* @return the result of the callable task
* @throws Exception if an error occurs while switching the user's identity or if an error occurs while executing the callable task
*/
public static <T> T switchIdentity(final String username, final String password, final Callable<T> callable, boolean validateException, final ClassLoader classLoader) throws Exception {
boolean initialAuthSucceeded = false;
try {
if (username != null && password != null) {
final SecurityDomain securityDomain;
if (classLoader != null) {
final ClassLoader current = Thread.currentThread().getContextClassLoader();
try {
Thread.currentThread().setContextClassLoader(classLoader);
securityDomain = SecurityDomain.getCurrent();
} finally {
Thread.currentThread().setContextClassLoader(current);
}
} else {
securityDomain = SecurityDomain.getCurrent();
}
if (securityDomain != null) {
// elytron is enabled, use the new way to switch the identity
final SecurityIdentity securityIdentity = securityDomain.authenticate(username, new PasswordGuessEvidence(password.toCharArray()));
initialAuthSucceeded = true;
return securityIdentity.runAs(callable);
} else {
// legacy security is enabled, use the ClientLoginModule or SecurityClientFactory to switch the identity
throw new IllegalStateException("Legacy security is no longer supported.");
}
}
return callable.call();
} catch (Exception e) {
if (validateException) {
validateException(e, initialAuthSucceeded);
} else {
throw e;
}
}
return null;
}
Aggregations