public void credentials() { // tag::credentials[] Credentials credentials = Credentials.builder().secret("test").build(); // <1> credentials = Credentials.builder().secret("test").hashAlgorithm(Credentials.Encoder.HASH_MD5).build(); // <2> credentials = Credentials.builder().secret("test").hashAlgorithm(Credentials.Encoder.HASH_MD5).hashIterations(7) .salt(new byte[] { 1, 2, 3 }).build(); // <3> credentials = Credentials.builder().secret("test").hashAlgorithm(Credentials.Encoder.HASH_MD5).base64Encoded() .build(); // <4> credentials = Credentials.builder().secret("test").expireDate(new Date()).build(); // <5> // end::credentials[] }
public void encoder() { // tag::encoder[] String encoded = Credentials.encoder().secret("test").buildAndEncodeBase64(); // <1> byte[] bytes = Credentials.encoder().secret("test").hashSHA256().build(); // <2> encoded = Credentials.encoder().secret("test").hashSHA256().salt(new byte[] { 1, 2, 3 }).buildAndEncodeBase64(); // <3> encoded = Credentials.encoder().secret("test").hashSHA512().charset("UTF-8").buildAndEncodeBase64(); // <4> // end::encoder[] }
/** * Convert the given Object into a byte array. * @param o the Object to convert into a byte array * @return a byte array representation of the Object, or <code>null</code> if the object was <code>null</code> */ public static byte[] toBytes(Object o) { if (o != null) { if (o instanceof byte[]) { return (byte[]) o; } if (o instanceof char[]) { return ConversionUtils.toBytes((char[]) o); } if (o instanceof Credentials) { return ((Credentials) o).getSecret(); } if (o instanceof String) { return ConversionUtils.toBytes((String) o); } } return null; }
@Bean public AccountProvider accountProvider() { // <1> return id -> { if ("usr1".equals(id)) { return Optional.of(Account.builder(id).credentials(Credentials.builder().secret("pwd1").build()) .withPermission("view").build()); } if ("usr2".equals(id)) { return Optional.of(Account.builder(id).credentials(Credentials.builder().secret("pwd2").build()) .withPermission("view").withPermission("manage").build()); } return Optional.empty(); }; }
public void authContext2() { // tag::authcontext2[] final Realm realm = Realm.builder().withDefaultAuthorizer().withAuthenticator(Account.authenticator(id -> { // <1> if ("usr".equals(id)) { return Optional.of(Account.builder(id).credentials(Credentials.builder().secret("pwd").build()) .withPermission("role1").build()); } return Optional.empty(); })).build(); AuthContext authContext = SpringSecurity.authContext(realm); // <2> authContext.authenticate(Account.accountCredentialsToken("usr", "pwd")); // <3> org.springframework.security.core.Authentication authc = SecurityContextHolder.getContext().getAuthentication(); // <4> String name = authc.getName(); // <5> Collection<? extends GrantedAuthority> authorities = authc.getAuthorities(); // <6> // end::authcontext2[] }
@Bean // <3> @VaadinSessionScope public AuthContext authContext() { AccountProvider ap = id -> { // Only a user with username 'username1' is available if ("username1".equals(id)) { // setup the user password and assign the role 'role1' return Optional.of(Account.builder(id).credentials(Credentials.builder().secret("s3cr3t").build()) .withPermission("role1").build()); } return Optional.empty(); }; return AuthContext.create(Realm.builder() // authenticator using the AccountProvider .withAuthenticator(Account.authenticator(ap)) // default authorizer .withDefaultAuthorizer().build()); }
@Bean // <3> @VaadinSessionScope public AuthContext authContext() { AccountProvider ap = id -> { // Only a user with username 'username1' is available if ("username1".equals(id)) { // setup the user password and assign the role 'role1' return Optional.of(Account.builder(id).credentials(Credentials.builder().secret("s3cr3t").build()) .withPermission("role1").build()); } return Optional.empty(); }; return AuthContext.create(Realm.builder() // authenticator using the AccountProvider .withAuthenticator(Account.authenticator(ap)) // default authorizer .withDefaultAuthorizer().build()); }
public void auth() { // tag::auth[] AccountProvider provider = id -> Optional.of(Account.builder(id).enabled(true) .credentials(Credentials.builder().secret("pwd").base64Encoded().build()).withPermission("role1") .build()); // <1> Realm realm = Realm.builder() // .withAuthenticator(Account.authenticator(provider)) // <2> .withDefaultAuthorizer().build(); try { Authentication authc = realm.authenticate(AuthenticationToken.accountCredentials("test", "pwd")); // <3> } catch (AuthenticationException e) { // handle authentication failures } // end::auth[] }
public void configureJaxrsApplication() { AccountProvider provider = id -> { // <5> // a test provider wich always returns an Account with given id and s3cr3t as password return Optional.ofNullable(Account.builder(id).credentials(Credentials.builder().secret("s3cr3t").build()) .enabled(true).build()); }; Realm realm = Realm.builder() // <6> .withResolver(AuthenticationToken.httpBasicResolver()) // <7> .withAuthenticator(Account.authenticator(provider)) // <8> .withDefaultAuthorizer().build(); ContextResolver<Realm> realmContextResolver = new ContextResolver<Realm>() { // <9> @Override public Realm getContext(Class<?> type) { return realm; } }; register(realmContextResolver); // <10> } // end::auth[]
@SuppressWarnings("unused") public void authContext() { // tag::authctx[] AccountProvider provider = id -> Optional.of(Account.builder(id).enabled(true) .credentials(Credentials.builder().secret("pwd").base64Encoded().build()).withPermission("role1") .build()); // <1> Realm realm = Realm.builder().withAuthenticator(Account.authenticator(provider)).withDefaultAuthorizer() .build(); // <2> AuthContext context = AuthContext.create(realm); // <3> boolean notAlreadyAuthenticated = context.isAuthenticated(); // <4> context.authenticate(AuthenticationToken.accountCredentials("test", "pwd")); // <5> Authentication authc = context.requireAuthentication(); // <6> context.unauthenticate(); // <7> // end::authctx[] }
public void builder() { // tag::builder[] Account.builder("accountId") // <1> .enabled(true) // <2> .locked(false) // <3> .expired(false) // <4> .credentials(Credentials.builder().secret("pwd").hashAlgorithm(Credentials.Encoder.HASH_SHA_256) .base64Encoded().build()) // <5> .root(false) // <6> .withPermission(new MyPermission()) // <7> .withPermission("role1") // <8> .withDetail("name", "TheName").withDetail("surname", "TheSurname") // <9> .build(); // end::builder[] }