@Override protected boolean validatePassword(String inputPassword, String expectedPassword) { if (digestCredential != null) { return digestCredential.verifyHA1(expectedPassword.getBytes(UTF_8)); } switch (validationMode) { case DIGEST: String inputHashed = hashUtil.generateHashedHexURP(getUsername(), securityRealm.getName(), inputPassword.toCharArray()); return expectedPassword.equals(inputHashed); case PASSWORD: return expectedPassword.equals(inputPassword); case VALIDATION: RealmCallback rcb = new RealmCallback("Realm", securityRealm.getName()); NameCallback ncb = new NameCallback("User Name", getUsername()); EvidenceVerifyCallback evc = new EvidenceVerifyCallback(new PasswordGuessEvidence(inputPassword.toCharArray())); try { handle(new Callback[]{rcb, ncb, evc}); return evc.isVerified(); } catch (LoginException e) { return false; } default: return false; } }
if(evidenceVerifyCallback.isVerified()) { IdentityCredentialCallback credentialUpdateCallback = new IdentityCredentialCallback(new PasswordCredential(ClearPassword.createRaw(ClearPassword.ALGORITHM_CLEAR, password)), true); callbackHandler.handle(new Callback[]{credentialUpdateCallback});
if (evidenceVerifyCallback.isVerified()) { AuthorizeCallback authorizeCallback = new AuthorizeCallback(null, null);
@Override public void evaluateRequest(HttpServerRequest request) throws HttpAuthenticationException { List<String> authorizationValues = request.getRequestHeaderValues(HttpConstants.AUTHORIZATION); if (authorizationValues != null) { Matcher matcher; for (String current : authorizationValues) { if ((matcher = BEARER_TOKEN_PATTERN.matcher(current)).matches()) { BearerTokenEvidence tokenEvidence = new BearerTokenEvidence(matcher.group(1)); EvidenceVerifyCallback verifyCallback = new EvidenceVerifyCallback(tokenEvidence); handleCallback(verifyCallback); if (verifyCallback.isVerified()) { AuthorizeCallback authorizeCallback = new AuthorizeCallback(null, null); handleCallback(authorizeCallback); if (authorizeCallback.isAuthorized()) { httpBearer.debugf("Token authentication successful."); handleCallback(new IdentityCredentialCallback(new BearerTokenCredential(tokenEvidence.getToken()), true)); handleCallback(AuthenticationCompleteCallback.SUCCEEDED); request.authenticationComplete(); return; } } httpBearer.debugf("Token authentication failed."); request.authenticationFailed("Invalid bearer token", response -> response.setStatusCode(FORBIDDEN)); return; } } } request.noAuthenticationInProgress(this::unauthorizedResponse); }
if (evc.isVerified() == false) { throw saslPlain.mechPasswordNotVerified().toSaslException();
boolean verified = callback.isVerified(); httpClientCert.tracef("X509PeerCertificateChainEvidence was verified by EvidenceVerifyCallback handler: %b verification skipped: %b", verified, skipVerification);
if (! evidenceVerifyCallback.isVerified()) { throw saslEntity.mechServerAuthenticityCannotBeVerified().toSaslException();
if (! evidenceVerifyCallback.isVerified()) { throw saslEntity.mechAuthenticationFailed().toSaslException();
public Principal authenticate(String username, String password) throws SecurityException { AuthorizingCallbackHandler handler = securityRealm.getAuthorizingCallbackHandler(AuthMechanism.PLAIN); NameCallback ncb = new NameCallback("name", username); ncb.setName(username); EvidenceVerifyCallback evcb = new EvidenceVerifyCallback(new PasswordGuessEvidence(password.toCharArray())); try { handler.handle(new Callback[] { ncb, evcb }); } catch (Exception e) { ROOT_LOGGER.authenticationError(e); } if (evcb.isVerified()) { try { SubjectUserInfo subjectUserInfo = handler.createSubjectUserInfo(Collections.singletonList(new SimpleUserPrincipal(username))); return Security.getSubjectUserPrincipal(subjectUserInfo.getSubject()); } catch (IOException e) { throw new SecurityException("Invalid credentials", e); } } else throw new SecurityException("Invalid credentials"); } }
@Override protected boolean validatePassword(String inputPassword, String expectedPassword) { if (digestCredential != null) { return digestCredential.verifyHA1(expectedPassword.getBytes(UTF_8)); } switch (validationMode) { case DIGEST: String inputHashed = hashUtil.generateHashedHexURP(getUsername(), securityRealm.getName(), inputPassword.toCharArray()); return expectedPassword.equals(inputHashed); case PASSWORD: return expectedPassword.equals(inputPassword); case VALIDATION: RealmCallback rcb = new RealmCallback("Realm", securityRealm.getName()); NameCallback ncb = new NameCallback("User Name", getUsername()); EvidenceVerifyCallback evc = new EvidenceVerifyCallback(new PasswordGuessEvidence(inputPassword.toCharArray())); try { handle(new Callback[]{rcb, ncb, evc}); return evc.isVerified(); } catch (LoginException e) { return false; } default: return false; } }
if(evidenceVerifyCallback.isVerified()) { IdentityCredentialCallback credentialUpdateCallback = new IdentityCredentialCallback(new PasswordCredential(ClearPassword.createRaw(ClearPassword.ALGORITHM_CLEAR, password)), true); callbackHandler.handle(new Callback[]{credentialUpdateCallback});
if(evidenceVerifyCallback.isVerified()) { IdentityCredentialCallback credentialUpdateCallback = new IdentityCredentialCallback(new PasswordCredential(ClearPassword.createRaw(ClearPassword.ALGORITHM_CLEAR, password)), true); callbackHandler.handle(new Callback[]{credentialUpdateCallback});
if(evidenceVerifyCallback.isVerified()) { IdentityCredentialCallback credentialUpdateCallback = new IdentityCredentialCallback(new PasswordCredential(ClearPassword.createRaw(ClearPassword.ALGORITHM_CLEAR, password)), true); callbackHandler.handle(new Callback[]{credentialUpdateCallback});
private Account verify(String id, PasswordCredential credential) { assertMechanism(AuthMechanism.PLAIN); if (credential == null) { return null; } AuthorizingCallbackHandler ach = securityRealm.getAuthorizingCallbackHandler(AuthMechanism.PLAIN); Callback[] callbacks = new Callback[3]; callbacks[0] = new RealmCallback("Realm", securityRealm.getName()); callbacks[1] = new NameCallback("Username", id); callbacks[2] = new EvidenceVerifyCallback(new PasswordGuessEvidence(credential.getPassword())); try { ach.handle(callbacks); } catch (Exception e) { ROOT_LOGGER.debug("Failure handling Callback(s) for BASIC authentication.", e); return null; } if (((EvidenceVerifyCallback) callbacks[2]).isVerified() == false) { return null; } Principal user = new SimplePrincipal(id); Collection<Principal> userCol = Collections.singleton(user); SubjectUserInfo supplemental; try { supplemental = ach.createSubjectUserInfo(userCol); } catch (IOException e) { return null; } addInetPrincipal(supplemental.getSubject().getPrincipals()); return new RealmIdentityAccount(supplemental.getSubject(), user); }
if (evidenceVerifyCallback.isVerified()) { AuthorizeCallback authorizeCallback = new AuthorizeCallback(null, null);
if (evidenceVerifyCallback.isVerified()) { AuthorizeCallback authorizeCallback = new AuthorizeCallback(null, null);
@Override public void evaluateRequest(HttpServerRequest request) throws HttpAuthenticationException { List<String> authorizationValues = request.getRequestHeaderValues(HttpConstants.AUTHORIZATION); if (authorizationValues != null) { Matcher matcher; for (String current : authorizationValues) { if ((matcher = BEARER_TOKEN_PATTERN.matcher(current)).matches()) { BearerTokenEvidence tokenEvidence = new BearerTokenEvidence(matcher.group(1)); EvidenceVerifyCallback verifyCallback = new EvidenceVerifyCallback(tokenEvidence); handleCallback(verifyCallback); if (verifyCallback.isVerified()) { AuthorizeCallback authorizeCallback = new AuthorizeCallback(null, null); handleCallback(authorizeCallback); if (authorizeCallback.isAuthorized()) { httpBearer.debugf("Token authentication successful."); handleCallback(new IdentityCredentialCallback(new BearerTokenCredential(tokenEvidence.getToken()), true)); handleCallback(AuthenticationCompleteCallback.SUCCEEDED); request.authenticationComplete(); return; } } httpBearer.debugf("Token authentication failed."); request.authenticationFailed("Invalid bearer token", response -> response.setStatusCode(FORBIDDEN)); return; } } } request.noAuthenticationInProgress(this::unauthorizedResponse); }
@Override public void evaluateRequest(HttpServerRequest request) throws HttpAuthenticationException { List<String> authorizationValues = request.getRequestHeaderValues(HttpConstants.AUTHORIZATION); if (authorizationValues != null) { Matcher matcher; for (String current : authorizationValues) { if ((matcher = BEARER_TOKEN_PATTERN.matcher(current)).matches()) { BearerTokenEvidence tokenEvidence = new BearerTokenEvidence(matcher.group(1)); EvidenceVerifyCallback verifyCallback = new EvidenceVerifyCallback(tokenEvidence); handleCallback(verifyCallback); if (verifyCallback.isVerified()) { AuthorizeCallback authorizeCallback = new AuthorizeCallback(null, null); handleCallback(authorizeCallback); if (authorizeCallback.isAuthorized()) { httpBearer.debugf("Token authentication successful."); handleCallback(new IdentityCredentialCallback(new BearerTokenCredential(tokenEvidence.getToken()), true)); handleCallback(AuthenticationCompleteCallback.SUCCEEDED); request.authenticationComplete(); return; } } httpBearer.debugf("Token authentication failed."); request.authenticationFailed("Invalid bearer token", response -> response.setStatusCode(FORBIDDEN)); return; } } } request.noAuthenticationInProgress(this::unauthorizedResponse); }
if (evidenceVerifyCallback.isVerified()) { AuthorizeCallback authorizeCallback = new AuthorizeCallback(null, null);
@Override public void evaluateRequest(HttpServerRequest request) throws HttpAuthenticationException { List<String> authorizationValues = request.getRequestHeaderValues(HttpConstants.AUTHORIZATION); if (authorizationValues != null) { Matcher matcher; for (String current : authorizationValues) { if ((matcher = BEARER_TOKEN_PATTERN.matcher(current)).matches()) { BearerTokenEvidence tokenEvidence = new BearerTokenEvidence(matcher.group(1)); EvidenceVerifyCallback verifyCallback = new EvidenceVerifyCallback(tokenEvidence); handleCallback(verifyCallback); if (verifyCallback.isVerified()) { AuthorizeCallback authorizeCallback = new AuthorizeCallback(null, null); handleCallback(authorizeCallback); if (authorizeCallback.isAuthorized()) { httpBearer.debugf("Token authentication successful."); handleCallback(new IdentityCredentialCallback(new BearerTokenCredential(tokenEvidence.getToken()), true)); handleCallback(AuthenticationCompleteCallback.SUCCEEDED); request.authenticationComplete(); return; } } httpBearer.debugf("Token authentication failed."); request.authenticationFailed("Invalid bearer token", response -> response.setStatusCode(FORBIDDEN)); return; } } } request.noAuthenticationInProgress(this::unauthorizedResponse); }