try { context.setAuthenticationPrincipal(principal); if (context.verifyEvidence(evidence)) { if (context.authorize()) { context.succeed();
if (serverAuthenticationContext.verifyEvidence(evidence)) { if (serverAuthenticationContext.authorize()) { if (evidence instanceof PasswordGuessEvidence) {
try { context.setAuthenticationName(username); if (context.verifyEvidence(evidence)) { if (context.authorize()) { context.succeed();
if (authenticationContext.verifyEvidence(evidence)) { if (authenticationContext.authorize()) { SecurityIdentity authorizedIdentity = authenticationContext.getAuthorizedIdentity();
if (peerCerts != null) { log.tracef("Authentication ID is null but SSL peer certificates are available. Trying to authenticate peer"); verifyEvidence(new X509PeerCertificateChainEvidence(peerCerts)); EvidenceVerifyCallback evidenceVerifyCallback = (EvidenceVerifyCallback) callback; evidenceVerifyCallback.setVerified(verifyEvidence(evidenceVerifyCallback.getEvidence()));
if (! authenticationContext.verifyEvidence(evidence)) { if (authenticationOptional) { ElytronMessages.log.tracef("Credential validation failed: no trusted certificate found for principal [%s], ignoring as authentication is optional", principal);
private static SecurityIdentity createSecurityIdentity(Principal principal, Set<String> roles) { ServerAuthenticationContext serverAuthenticationContext = INFLOW_SECURITY_DOMAIN.createNewAuthenticationContext(); try { serverAuthenticationContext.verifyEvidence(new EvidenceWithRoles(principal, roles)); serverAuthenticationContext.authorize(); } catch (RealmUnavailableException e) { // As the domain is backed by a dummy realm that never throws this Exception it is impossible for it to be thrown. throw new IllegalStateException(e); } return serverAuthenticationContext.getAuthorizedIdentity(); }
private static SecurityIdentity createSecurityIdentity(Principal principal, Set<String> roles) { ServerAuthenticationContext serverAuthenticationContext = INFLOW_SECURITY_DOMAIN.createNewAuthenticationContext(); try { serverAuthenticationContext.verifyEvidence(new EvidenceWithRoles(principal, roles)); serverAuthenticationContext.authorize(); } catch (RealmUnavailableException e) { // As the domain is backed by a dummy realm that never throws this Exception it is impossible for it to be thrown. throw new IllegalStateException(e); } return serverAuthenticationContext.getAuthorizedIdentity(); }
if (serverAuthenticationContext.verifyEvidence(evidence)) { if (serverAuthenticationContext.authorize()) { if (evidence instanceof PasswordGuessEvidence) {
if (serverAuthenticationContext.verifyEvidence(evidence)) { if (serverAuthenticationContext.authorize()) { if (evidence instanceof PasswordGuessEvidence) {
if (serverAuthenticationContext.verifyEvidence(evidence)) { if (serverAuthenticationContext.authorize()) { if (evidence instanceof PasswordGuessEvidence) {
try { context.setAuthenticationName(username); if (context.verifyEvidence(evidence)) { if (context.authorize()) { context.succeed();
private SecurityIdentity authenticate(final String username, final String password) { ServerAuthenticationContext context = this.securityDomain.createNewAuthenticationContext(); PasswordGuessEvidence evidence = new PasswordGuessEvidence(password != null ? password.toCharArray() : null); try { context.setAuthenticationName(username); if (context.verifyEvidence(evidence)) { if (context.authorize()) { context.succeed(); return context.getAuthorizedIdentity(); } else { context.fail(); WSLogger.ROOT_LOGGER.failedAuthorization(username); } } else { context.fail(); WSLogger.ROOT_LOGGER.failedAuthentication(username); } } catch (IllegalArgumentException | IllegalStateException | RealmUnavailableException e) { context.fail(); WSLogger.ROOT_LOGGER.failedAuthenticationWithException(e, username, e.getMessage()); } finally { if (!context.isDone()) context.fail(); //prevent leaks of RealmIdentity instances evidence.destroy(); } return null; }
private SecurityIdentity authenticate(final String username, final String password) { ServerAuthenticationContext context = this.securityDomain.createNewAuthenticationContext(); PasswordGuessEvidence evidence = new PasswordGuessEvidence(password != null ? password.toCharArray() : null); try { context.setAuthenticationName(username); if (context.verifyEvidence(evidence)) { if (context.authorize()) { context.succeed(); return context.getAuthorizedIdentity(); } else { context.fail(); WSLogger.ROOT_LOGGER.failedAuthorization(username); } } else { context.fail(); WSLogger.ROOT_LOGGER.failedAuthentication(username); } } catch (IllegalArgumentException | IllegalStateException | RealmUnavailableException e) { context.fail(); WSLogger.ROOT_LOGGER.failedAuthenticationWithException(e, username, e.getMessage()); } finally { if (!context.isDone()) context.fail(); //prevent leaks of RealmIdentity instances evidence.destroy(); } return null; }
if (authenticationContext.verifyEvidence(evidence)) { if (authenticationContext.authorize()) { SecurityIdentity authorizedIdentity = authenticationContext.getAuthorizedIdentity();
if (authenticationContext.verifyEvidence(evidence)) { if (authenticationContext.authorize()) { SecurityIdentity authorizedIdentity = authenticationContext.getAuthorizedIdentity();
if (context.verifyEvidence(evidence)) { if (context.authorize()) { context.succeed();
if (context.verifyEvidence(evidence)) { if (context.authorize()) { context.succeed();
if (authenticationContext.verifyEvidence(evidence)) { if (evidence instanceof PasswordGuessEvidence) { authenticationContext.addPrivateCredential(
if (! authenticationContext.verifyEvidence(evidence)) { if (authenticationOptional) { ElytronMessages.log.tracef("Credential validation failed: no trusted certificate found for principal [%s], ignoring as authentication is optional", principal);