/** * Constructs this realm info and adds it into the domain. * * @return the security domain builder */ public Builder build() { assertNotBuilt(); return parent.addRealm(this); }
/** * Sets a pre-realm name rewriter, which rewrites the authentication name before a realm is selected. * * @param rewriter the name rewriter (must not be {@code null}) * @return this builder */ public Builder setPreRealmRewriter(NameRewriter rewriter) { return setPreRealmRewriter(rewriter.asPrincipalRewriter()); }
/** * Sets a post-realm name rewriter, which rewrites the authentication name after a realm is selected. * * @param rewriter the name rewriter (must not be {@code null}) * @return this builder */ public Builder setPostRealmRewriter(NameRewriter rewriter) { return setPostRealmRewriter(rewriter.asPrincipalRewriter()); }
@Override boolean authorize(final boolean requireLoginPermission) throws RealmUnavailableException { final SecurityIdentity capturedIdentity = this.capturedIdentity; if (capturedIdentity.isAnonymous()) { return authorizeAnonymous(requireLoginPermission); } final AtomicReference<State> stateRef = getStateRef(); return (! requireLoginPermission || capturedIdentity.implies(LoginPermission.getInstance())) && (stateRef.compareAndSet(this, new AuthorizedState(capturedIdentity, capturedIdentity.getPrincipal(), capturedIdentity.getRealmInfo(), mechanismConfiguration, getMechanismRealmConfiguration())) || stateRef.get().authorize(requireLoginPermission)); }
@Override void succeed() { final SecurityIdentity authorizedIdentity = getSourceIdentity(); final AtomicReference<State> stateRef = getStateRef(); if (! stateRef.compareAndSet(this, new CompleteState(authorizedIdentity))) { stateRef.get().succeed(); return; } SecurityRealm.safeHandleRealmEvent(getRealmInfo().getSecurityRealm(), new RealmSuccessfulAuthenticationEvent(realmIdentity, authorizedIdentity.getAuthorizationIdentity(), null, null)); SecurityDomain.safeHandleSecurityEvent(authorizedIdentity.getSecurityDomain(), new SecurityAuthenticationSuccessfulEvent(authorizedIdentity)); realmIdentity.dispose(); }
@Override void fail(final boolean requireInProgress) { final SecurityIdentity capturedIdentity = getSourceIdentity(); final AtomicReference<State> stateRef = getStateRef(); if (! stateRef.compareAndSet(this, FAILED)) { stateRef.get().fail(requireInProgress); return; } SecurityRealm.safeHandleRealmEvent(getRealmInfo().getSecurityRealm(), new RealmFailedAuthenticationEvent(realmIdentity, null, null)); SecurityDomain.safeHandleSecurityEvent(capturedIdentity.getSecurityDomain(), new SecurityAuthenticationFailedEvent(capturedIdentity, realmIdentity.getRealmIdentityPrincipal())); realmIdentity.dispose(); }
@Override void fail(final boolean requireInProgress) { final SecurityIdentity authorizedIdentity = getSourceIdentity(); final AtomicReference<State> stateRef = getStateRef(); if (! stateRef.compareAndSet(this, FAILED)) { stateRef.get().fail(requireInProgress); return; } SecurityRealm.safeHandleRealmEvent(getRealmInfo().getSecurityRealm(), new RealmFailedAuthenticationEvent(realmIdentity, null, null)); SecurityDomain.safeHandleSecurityEvent(authorizedIdentity.getSecurityDomain(), new SecurityAuthenticationFailedEvent(authorizedIdentity, realmIdentity.getRealmIdentityPrincipal())); realmIdentity.dispose(); }
private static Function<String, HttpAuthenticationFactory> toHttpAuthenticationFactoryFunction(final Supplier<SecurityDomain> securityDomainSupplier) { final HttpServerAuthenticationMechanismFactory mechanismFactory = new FilterServerMechanismFactory(new ServerMechanismFactoryImpl(), SERVLET_MECHANISM); return (realmName) -> HttpAuthenticationFactory.builder().setFactory(mechanismFactory) .setSecurityDomain(securityDomainSupplier.get()) .setMechanismConfigurationSelector( MechanismConfigurationSelector.constantSelector(realmName == null ? MechanismConfiguration.EMPTY : MechanismConfiguration.builder() .addMechanismRealm( MechanismRealmConfiguration.builder().setRealmName(realmName).build()) .build())) .build(); }
@Override void addPrivateCredential(final Credential credential) { final NameAssignedState newState = new NameAssignedState(getSourceIdentity(), getRealmInfo(), getRealmIdentity(), getAuthenticationPrincipal(), getMechanismConfiguration(), getMechanismRealmConfiguration(), privateCredentials.withCredential(credential), publicCredentials); if (! stateRef.compareAndSet(this, newState)) { stateRef.get().addPublicCredential(credential); } }
@Override void addPublicCredential(final Credential credential) { final RealmAssignedState newState = new RealmAssignedState(getSourceIdentity(), getMechanismConfiguration(), getMechanismRealmConfiguration(), getPrivateCredentials(), getPublicCredentials().withCredential(credential)); if (! stateRef.compareAndSet(this, newState)) { stateRef.get().addPublicCredential(credential); } }
@Override boolean authorizeAnonymous(final boolean requireLoginPermission) { final AtomicReference<State> stateRef = getStateRef(); final SecurityIdentity anonymousIdentity = getSecurityDomain().getAnonymousSecurityIdentity(); return (! requireLoginPermission || anonymousIdentity.implies(LoginPermission.getInstance())) && (stateRef.compareAndSet(this, new AnonymousAuthorizedState(anonymousIdentity)) || stateRef.get().authorizeAnonymous(requireLoginPermission)); }
void addPublicCredential(final Credential credential) { final InitialState newState = new InitialState(getSourceIdentity(), getMechanismConfiguration(), mechanismConfigurationSelector, getPrivateCredentials(), getPublicCredentials().withCredential(credential)); if (! stateRef.compareAndSet(this, newState)) { stateRef.get().addPublicCredential(credential); } }
void addPublicCredential(final Credential credential) { final SecurityIdentity sourceIdentity = getSourceIdentity(); final AuthorizedState newState = new AuthorizedState(sourceIdentity.withPublicCredential(credential), getAuthenticationPrincipal(), getRealmInfo(), getMechanismConfiguration(), getMechanismRealmConfiguration()); if (! stateRef.compareAndSet(this, newState)) { stateRef.get().addPublicCredential(credential); } }
private boolean runAsPrincipalExists(final SecurityDomain securityDomain, final String runAsPrincipal) throws RealmUnavailableException { RealmIdentity realmIdentity = null; try { realmIdentity = securityDomain.getIdentity(runAsPrincipal); return realmIdentity.exists(); } finally { if (realmIdentity != null) { realmIdentity.dispose(); } } } }
@Override void addPublicCredential(final Credential credential) { final InactiveState newState = new InactiveState(capturedIdentity, mechanismConfigurationSelector, mechanismInformation, privateCredentials, publicCredentials.withCredential(credential)); if (! stateRef.compareAndSet(this, newState)) { stateRef.get().addPublicCredential(credential); } }
@Override boolean isSamePrincipal(Principal principal) { final SecurityDomain domain = capturedIdentity.getSecurityDomain(); principal = rewriteAll(principal, mechanismRealmConfiguration.getPreRealmRewriter(), mechanismConfiguration.getPreRealmRewriter(), domain.getPreRealmRewriter()); return authenticationPrincipal.equals(principal); }
public HttpAuthenticationFactory build() { return new HttpAuthenticationFactory(getSecurityDomain(), getMechanismConfigurationSelector(), getFactory()); } }
@Override SupportLevel getEvidenceVerifySupport(final Class<? extends Evidence> evidenceType, final String algorithmName) throws RealmUnavailableException { return getSecurityDomain().getEvidenceVerifySupport(evidenceType, algorithmName); }
ServerAuthenticationContext createNewAuthenticationContext(SecurityIdentity capturedIdentity, MechanismConfigurationSelector mechanismConfigurationSelector) { assert capturedIdentity.getSecurityDomain() == this; return new ServerAuthenticationContext(capturedIdentity, mechanismConfigurationSelector); }
@Override boolean isSamePrincipal(Principal principal) { final SecurityDomain domain = authorizedIdentity.getSecurityDomain(); principal = rewriteAll(principal, mechanismRealmConfiguration.getPreRealmRewriter(), mechanismConfiguration.getPreRealmRewriter(), domain.getPreRealmRewriter()); return authenticationPrincipal.equals(principal); }