public boolean exists() throws RealmUnavailableException { return authenticationIdentity.exists(); }
public AuthorizationIdentity getAuthorizationIdentity() throws RealmUnavailableException { return authorizationIdentity.getAuthorizationIdentity(); }
private boolean runAsPrincipalExists(final SecurityDomain securityDomain, final String runAsPrincipal) throws RealmUnavailableException { RealmIdentity realmIdentity = null; try { realmIdentity = securityDomain.getIdentity(runAsPrincipal); return realmIdentity.exists(); } finally { if (realmIdentity != null) { realmIdentity.dispose(); } } } }
@Override public void updateCredential(Credential credential) throws RealmUnavailableException { log.tracef("updateCredential For principal='%s'", principal); try { identity.updateCredential(credential); } finally { removeFromCache(identity.getRealmIdentityPrincipal()); } }
if (! newState.verifyEvidence(evidence)) { if (newState.isNameAssigned()) { ((NameAssignedState)newState).realmIdentity.dispose(); ((NameAssignedState)newState).realmIdentity.dispose(); for (RealmInfo info : realmInfos) { realmIdentity = info.getSecurityRealm().getRealmIdentity(evidence); if (realmIdentity.getEvidenceVerifySupport(evidenceType, algorithm).mayBeSupported()) { realmInfo = info; break; } else { realmIdentity.dispose(); final Principal resolvedPrincipal = realmIdentity.getRealmIdentityPrincipal(); if (resolvedPrincipal == null) { realmIdentity.dispose(); return false; if (! realmIdentity.verifyEvidence(evidence)) { realmIdentity.dispose(); return false; realmIdentity.dispose(); return stateRef.get().verifyEvidence(evidence);
@Override void fail(final boolean requireInProgress) { final SecurityIdentity capturedIdentity = getSourceIdentity(); final AtomicReference<State> stateRef = getStateRef(); if (! stateRef.compareAndSet(this, FAILED)) { stateRef.get().fail(requireInProgress); return; } SecurityRealm.safeHandleRealmEvent(getRealmInfo().getSecurityRealm(), new RealmFailedAuthenticationEvent(realmIdentity, null, null)); SecurityDomain.safeHandleSecurityEvent(capturedIdentity.getSecurityDomain(), new SecurityAuthenticationFailedEvent(capturedIdentity, realmIdentity.getRealmIdentityPrincipal())); realmIdentity.dispose(); }
AuthorizedAuthenticationState doAuthorization(final boolean requireLoginPermission) throws RealmUnavailableException { final RealmIdentity realmIdentity = this.realmIdentity; if (! realmIdentity.exists()) { ElytronMessages.log.trace("Authorization failed - realm identity does not exists"); return null; final AuthorizationIdentity authorizationIdentity = realmIdentity.getAuthorizationIdentity(); final SecurityDomain domain = capturedIdentity.getSecurityDomain();
/** * @deprecated Transition method; remove before GA. */ default SupportLevel getCredentialAcquireSupport(Class<? extends Credential> credentialType, String algorithmName) throws RealmUnavailableException { return getCredentialAcquireSupport(credentialType, algorithmName, null); }
@Override public <C extends Credential> C getCredential(final Class<C> credentialType, final String algorithmName) throws RealmUnavailableException { return authenticationIdentity.getCredential(credentialType, algorithmName); }
@Override SupportLevel getEvidenceVerifySupport(final Class<? extends Evidence> evidenceType, final String algorithmName) throws RealmUnavailableException { return realmIdentity.getEvidenceVerifySupport(evidenceType, algorithmName); }
@Override boolean verifyEvidence(final Evidence evidence) throws RealmUnavailableException { return realmIdentity.verifyEvidence(evidence); }
@Override public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> evidenceType, String algorithmName) throws RealmUnavailableException { if (PasswordGuessEvidence.class.isAssignableFrom(evidenceType)) { if (credentials.canVerify(evidenceType, algorithmName)) { if (log.isTraceEnabled()) { log.tracef("getEvidenceVerifySupport evidenceType='%s' with algorithmName='%' can verify from cache for principal='%s'", evidenceType.getName(), algorithmName, principal.getName()); } return SupportLevel.SUPPORTED; } Credential credential = identity.getCredential(PasswordCredential.class); if (credential != null) { if (log.isTraceEnabled()) { log.tracef("getEvidenceVerifySupport evidenceType='%s' with algorithmName='%' credential obtained from identity and cached for principal='%s'", evidenceType.getName(), algorithmName, principal.getName()); } credentials = credentials.withCredential(credential); if (credential.canVerify(evidenceType, algorithmName)) { return SupportLevel.SUPPORTED; } } } if (log.isTraceEnabled()) { log.tracef("getEvidenceVerifySupport evidenceType='%s' with algorithmName='%' falling back to direct support of identity for principal='%s'", evidenceType.getName(), algorithmName, principal.getName()); } return identity.getEvidenceVerifySupport(evidenceType, algorithmName); }
@Override void updateCredential(Credential credential) throws RealmUnavailableException { realmIdentity.updateCredential(credential); }
@Override public boolean verifyEvidence(Evidence evidence) throws RealmUnavailableException { if (evidence instanceof PasswordGuessEvidence) { if (credentials.canVerify(evidence)) { log.tracef("verifyEvidence For principal='%s' using cached credential", principal); return credentials.verify(evidence); } Credential credential = identity.getCredential(PasswordCredential.class); if (credential != null) { log.tracef("verifyEvidence Credential obtained from identity and cached for principal='%s'", principal); credentials = credentials.withCredential(credential); if (credential.canVerify(evidence)) { return credential.verify(evidence); } } char[] guess = ((PasswordGuessEvidence) evidence).getGuess(); Password password = ClearPassword.createRaw(ClearPassword.ALGORITHM_CLEAR, guess); log.tracef("verifyEvidence Falling back to direct support of identity for principal='%s'", principal); if (identity.verifyEvidence(evidence)) { credentials = credentials.withCredential(new PasswordCredential(password)); return true; } return false; } return identity.verifyEvidence(evidence); }
@Override public Principal getRealmIdentityPrincipal() { return authenticationIdentity.getRealmIdentityPrincipal(); }
@Override public Attributes getAttributes() throws RealmUnavailableException { if (attributes == null) { log.tracef("getAttributes Caching Attributes for principal='%s'", principal); attributes = identity.getAttributes(); } return attributes; }
@Override void fail(final boolean requireInProgress) { final SecurityIdentity authorizedIdentity = getSourceIdentity(); final AtomicReference<State> stateRef = getStateRef(); if (! stateRef.compareAndSet(this, FAILED)) { stateRef.get().fail(requireInProgress); return; } SecurityRealm.safeHandleRealmEvent(getRealmInfo().getSecurityRealm(), new RealmFailedAuthenticationEvent(realmIdentity, null, null)); SecurityDomain.safeHandleSecurityEvent(authorizedIdentity.getSecurityDomain(), new SecurityAuthenticationFailedEvent(authorizedIdentity, realmIdentity.getRealmIdentityPrincipal())); realmIdentity.dispose(); }
AuthorizedAuthenticationState doAuthorization(final boolean requireLoginPermission) throws RealmUnavailableException { final RealmIdentity realmIdentity = this.realmIdentity; if (! realmIdentity.exists()) { ElytronMessages.log.trace("Authorization failed - realm identity does not exists"); return null; final AuthorizationIdentity authorizationIdentity = realmIdentity.getAuthorizationIdentity(); final SecurityDomain domain = capturedIdentity.getSecurityDomain();
@Override public void updateCredential(Credential credential) throws RealmUnavailableException { log.tracef("updateCredential For principal='%s'", principal); try { identity.updateCredential(credential); } finally { removeFromCache(identity.getRealmIdentityPrincipal()); } }