@Override public void validate(Credentials credentials, IdentityStore<?> identityStore) { CredentialStore store = validateCredentialStore(identityStore); if (!UsernamePasswordCredentials.class.isInstance(credentials)) { throw new IllegalArgumentException("Credentials class [" + credentials.getClass().getName() + "] not supported by this handler."); } UsernamePasswordCredentials usernamePassword = (UsernamePasswordCredentials) credentials; usernamePassword.setStatus(Status.INVALID); Agent agent = identityStore.getAgent(usernamePassword.getUsername()); // If the user for the provided username cannot be found we fail validation if (agent != null) { SHASaltedPasswordStorage hash = store.retrieveCurrentCredential(agent, SHASaltedPasswordStorage.class); // If the stored hash is null we automatically fail validation if (hash != null) { SHASaltedPasswordEncoder encoder = new SHASaltedPasswordEncoder(512); String encoded = encoder.encodePassword(hash.getSalt(), new String(usernamePassword.getPassword().getValue())); if (hash.getEncodedHash().equals(encoded)) { usernamePassword.setStatus(Status.VALID); usernamePassword.setValidatedAgent(agent); } } else if (isLastCredentialExpired(agent, store, SHASaltedPasswordStorage.class)) { usernamePassword.setStatus(Status.EXPIRED); } } }
@Override protected boolean validateCredential(IdentityContext context, CredentialStorage credentialStorage, UsernamePasswordCredentials credentials, LDAPIdentityStore ldapIdentityStore) { Account account = getAccount(context, credentials.getUsername()); LDAPOperationManager operationManager = ldapIdentityStore.getOperationManager(); String bindingDN = ldapIdentityStore.getBindingDN(account); char[] password = credentials.getPassword().getValue(); if (operationManager.authenticate(bindingDN, new String(password))) { return true; } return false; }
@Override public void validate(Credentials credentials, IdentityStore<?> identityStore) { checkIdentityStoreInstance(identityStore); if (!UsernamePasswordCredentials.class.isInstance(credentials)) { throw new IllegalArgumentException("Credentials class [" + credentials.getClass().getName() + "] not supported by this handler."); } UsernamePasswordCredentials usernamePassword = (UsernamePasswordCredentials) credentials; usernamePassword.setStatus(Status.INVALID); Agent agent = identityStore.getAgent(usernamePassword.getUsername()); // If the user for the provided username cannot be found we fail validation if (agent != null) { LDAPIdentityStore ldapIdentityStore = (LDAPIdentityStore) identityStore; LDAPUser ldapUser = (LDAPUser) ldapIdentityStore.getUser(agent.getId()); char[] password = usernamePassword.getPassword().getValue(); boolean isValid = ldapIdentityStore.getLdapManager().authenticate(ldapUser.getDN(), new String(password)); if (isValid) { usernamePassword.setStatus(Status.VALID); } } }
/** * <p> * Tests a unsuccessful validation. * </p> * * @throws Exception */ @Test public void testUnsuccessfulValidation() throws Exception { IdentityManager identityManager = getIdentityManager(); User user = loadOrCreateUser("someUser", true); Password plainTextPassword = new Password("updated_password".toCharArray()); identityManager.updateCredential(user, plainTextPassword, new Date(), null); UsernamePasswordCredentials badUserName = new UsernamePasswordCredentials(); badUserName.setUsername("Bad" + user.getId()); badUserName.setPassword(plainTextPassword); identityManager.validateCredentials(badUserName); Assert.assertEquals(Status.INVALID, badUserName.getStatus()); UsernamePasswordCredentials badPassword = new UsernamePasswordCredentials(); plainTextPassword = new Password("bad_password".toCharArray()); badPassword.setUsername(user.getId()); badPassword.setPassword(plainTextPassword); identityManager.validateCredentials(badPassword); Assert.assertEquals(Status.INVALID, badPassword.getStatus()); }
String password = accessTokenRequest.getPassword(); UsernamePasswordCredentials usernamePasswordCredentials = new UsernamePasswordCredentials(); usernamePasswordCredentials.setUsername(username); usernamePasswordCredentials.setPassword(new Password(password.toCharArray())); try { identityManager.validateCredentials(usernamePasswordCredentials);
/** * Validate if the credential provided matches * * @param user * @param password * @return builder implementation */ public void validate(Agent user, String password) { Credentials credential = new UsernamePasswordCredentials(user.getLoginName(), new Password(password)); identityManager.validateCredentials(credential); this.credential = credential; } }
@Override protected Account getAccount(IdentityContext context, UsernamePasswordCredentials credentials) { return getAccount(context, credentials.getUsername()); }
UsernamePasswordCredentials firstCredential = new UsernamePasswordCredentials(user.getId(), firstPassword); Assert.assertEquals(Status.VALID, firstCredential.getStatus()); UsernamePasswordCredentials secondCredential = new UsernamePasswordCredentials(user.getId(), secondPassword); Assert.assertEquals(Status.VALID, secondCredential.getStatus()); Assert.assertEquals(Status.INVALID, firstCredential.getStatus());
@Override protected boolean validateCredential(IdentityContext context, final CredentialStorage storage, final V credentials, S store) { EncodedPasswordStorage hash = (EncodedPasswordStorage) storage; if (hash != null) { String rawPassword = new String(credentials.getPassword().getValue()); return this.passwordEncoder.verify(saltPassword(rawPassword, hash.getSalt()), hash.getEncodedHash()); } return false; }
@Override public void invalidate() { setStatus(Status.INVALID); password.clear(); } }
/** * <p> * Tests a successful validation. * </p> * * @throws Exception */ @Test public void testSuccessfulValidation() throws Exception { IdentityManager identityManager = getIdentityManager(); User user = loadOrCreateUser("someUser", true); Password plainTextPassword = new Password("updated_password".toCharArray()); identityManager.updateCredential(user, plainTextPassword, new Date(), null); UsernamePasswordCredentials credential = new UsernamePasswordCredentials(); credential.setUsername(user.getId()); credential.setPassword(plainTextPassword); identityManager.validateCredentials(credential); Assert.assertEquals(Status.VALID, credential.getStatus()); }
@Override protected boolean validateCredential(IdentityContext context, CredentialStorage credentialStorage, UsernamePasswordCredentials credentials, LDAPIdentityStore ldapIdentityStore) { Account account = getAccount(context, credentials.getUsername()); LDAPOperationManager operationManager = ldapIdentityStore.getOperationManager(); String bindingDN = ldapIdentityStore.getBindingDN(account); char[] password = credentials.getPassword().getValue(); if (operationManager.authenticate(bindingDN, new String(password))) { return true; } return false; }
creds = new UsernamePasswordCredentials(credentials.getUserId(), (Password) credentials.getCredential()); } else if (isDigestCredential()) {
@Override protected Account getAccount(final IdentityContext context, final V credentials) { return getAccount(context, credentials.getUsername()); }
@Override protected boolean validateCredential(IdentityContext context, final CredentialStorage storage, final V credentials, S store) { EncodedPasswordStorage hash = (EncodedPasswordStorage) storage; if (hash != null) { String rawPassword = new String(credentials.getPassword().getValue()); return this.passwordEncoder.verify(saltPassword(rawPassword, hash.getSalt()), hash.getEncodedHash()); } return false; }
@Override public void invalidate() { setStatus(Status.INVALID); password.clear(); } }
UsernamePasswordCredentials credential = new UsernamePasswordCredentials(); credential.setUsername(user.getId()); credential.setPassword(plainTextPassword); Assert.assertEquals(Status.EXPIRED, credential.getStatus()); credential = new UsernamePasswordCredentials(user.getId(), newPassword); Assert.assertEquals(Status.VALID, credential.getStatus());
@Override protected boolean validateCredential(IdentityContext context, CredentialStorage credentialStorage, UsernamePasswordCredentials credentials, LDAPIdentityStore ldapIdentityStore) { Account account = getAccount(context, credentials.getUsername()); char[] password = credentials.getPassword().getValue(); String userDN = (String) account.getAttribute(LDAPIdentityStore.ENTRY_DN_ATTRIBUTE_NAME).getValue(); if (CREDENTIAL_LOGGER.isDebugEnabled()) { CREDENTIAL_LOGGER.debugf("Using DN [%s] for authentication of user [%s]", userDN, credentials.getUsername()); } if (ldapIdentityStore.getOperationManager().authenticate(userDN, new String(password))) { return true; } return false; } }
creds = new UsernamePasswordCredentials(credentials.getUserId(), (Password) credentials.getCredential()); } else if (isDigestCredential()) {
@Override protected Account getAccount(final IdentityContext context, final V credentials) { return getAccount(context, credentials.getUsername()); }