io.undertow.security.api.SecurityNotification Java Examples
The following examples show how to use
io.undertow.security.api.SecurityNotification.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: AbstractSamlAuthMech.java From keycloak with Apache License 2.0 | 6 votes |
|
protected void registerNotifications(final SecurityContext securityContext) {
final NotificationReceiver logoutReceiver = new NotificationReceiver() {
@Override
public void handleNotification(SecurityNotification notification) {
if (notification.getEventType() != SecurityNotification.EventType.LOGGED_OUT)
return;
HttpServerExchange exchange = notification.getExchange();
UndertowHttpFacade facade = createFacade(exchange);
SamlDeployment deployment = deploymentContext.resolveDeployment(facade);
SamlSessionStore sessionStore = getTokenStore(exchange, facade, deployment, securityContext);
sessionStore.logoutAccount();
}
};
securityContext.registerNotificationReceiver(logoutReceiver);
}
Example #2
| Source File: AbstractUndertowKeycloakAuthMech.java From keycloak with Apache License 2.0 | 6 votes |
|
protected void registerNotifications(final SecurityContext securityContext) {
final NotificationReceiver logoutReceiver = new NotificationReceiver() {
@Override
public void handleNotification(SecurityNotification notification) {
if (notification.getEventType() != SecurityNotification.EventType.LOGGED_OUT) return;
HttpServerExchange exchange = notification.getExchange();
UndertowHttpFacade facade = createFacade(exchange);
KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade);
KeycloakSecurityContext ksc = exchange.getAttachment(OIDCUndertowHttpFacade.KEYCLOAK_SECURITY_CONTEXT_KEY);
if (!deployment.isBearerOnly() && ksc != null && ksc instanceof RefreshableKeycloakSecurityContext) {
((RefreshableKeycloakSecurityContext) ksc).logout(deployment);
}
AdapterTokenStore tokenStore = getTokenStore(exchange, facade, deployment, securityContext);
tokenStore.logout();
}
};
securityContext.registerNotificationReceiver(logoutReceiver);
}
Example #3
| Source File: AuthenticationTestBase.java From quarkus-http with Apache License 2.0 | 5 votes |
|
public List<SecurityNotification> takeNotifications() {
try {
return new ArrayList<>(receivedNotifications);
} finally {
receivedNotifications.clear();
}
}
Example #4
| Source File: AbstractSecurityContext.java From lams with GNU General Public License v2.0 | 5 votes |
|
@Override
public void logout() {
if (!isAuthenticated()) {
return;
}
UndertowLogger.SECURITY_LOGGER.debugf("Logged out %s", exchange);
sendNoticiation(new SecurityNotification(exchange, SecurityNotification.EventType.LOGGED_OUT, account, mechanismName, true,
MESSAGES.userLoggedOut(account.getPrincipal().getName()), true));
this.account = null;
this.mechanismName = null;
}
Example #5
| Source File: AbstractSecurityContext.java From lams with GNU General Public License v2.0 | 5 votes |
|
private void sendNoticiation(final SecurityNotification notification) {
Node<NotificationReceiver> cur = notificationReceivers;
while (cur != null) {
cur.item.handleNotification(notification);
cur = cur.next;
}
}
Example #6
| Source File: AbstractSecurityContext.java From lams with GNU General Public License v2.0 | 5 votes |
|
protected void authenticationComplete(Account account, String mechanism, boolean programatic, final boolean cachingRequired) {
this.account = account;
this.mechanismName = mechanism;
UndertowLogger.SECURITY_LOGGER.debugf("Authenticated as %s, roles %s", account.getPrincipal().getName(), account.getRoles());
sendNoticiation(new SecurityNotification(exchange, EventType.AUTHENTICATED, account, mechanism, programatic,
MESSAGES.userAuthenticated(account.getPrincipal().getName()), cachingRequired));
}
Example #7
| Source File: SingleSignOnAuthenticationMechanism.java From lams with GNU General Public License v2.0 | 5 votes |
|
@Override
public AuthenticationMechanismOutcome authenticate(HttpServerExchange exchange, SecurityContext securityContext) {
Cookie cookie = exchange.getRequestCookies().get(cookieName);
if (cookie != null) {
final String ssoId = cookie.getValue();
log.tracef("Found SSO cookie %s", ssoId);
try (SingleSignOn sso = this.singleSignOnManager.findSingleSignOn(ssoId)) {
if (sso != null) {
if(log.isTraceEnabled()) {
log.tracef("SSO session with ID: %s found.", ssoId);
}
Account verified = getIdentityManager(securityContext).verify(sso.getAccount());
if (verified == null) {
if(log.isTraceEnabled()) {
log.tracef("Account not found. Returning 'not attempted' here.");
}
//we return not attempted here to allow other mechanisms to proceed as normal
return AuthenticationMechanismOutcome.NOT_ATTEMPTED;
}
final Session session = getSession(exchange);
registerSessionIfRequired(sso, session);
securityContext.authenticationComplete(verified, sso.getMechanismName(), false);
securityContext.registerNotificationReceiver(new NotificationReceiver() {
@Override
public void handleNotification(SecurityNotification notification) {
if (notification.getEventType() == SecurityNotification.EventType.LOGGED_OUT) {
singleSignOnManager.removeSingleSignOn(sso);
}
}
});
log.tracef("Authenticated account %s using SSO", verified.getPrincipal().getName());
return AuthenticationMechanismOutcome.AUTHENTICATED;
}
}
clearSsoCookie(exchange);
}
exchange.addResponseWrapper(responseListener);
return AuthenticationMechanismOutcome.NOT_ATTEMPTED;
}
Example #8
| Source File: CachedAuthenticatedSessionHandler.java From lams with GNU General Public License v2.0 | 5 votes |
|
@Override
public void handleNotification(SecurityNotification notification) {
EventType eventType = notification.getEventType();
HttpServerExchange exchange = notification.getExchange();
SessionManager sessionManager = exchange.getAttachment(SessionManager.ATTACHMENT_KEY);
SessionConfig sessionConfig = exchange.getAttachment(SessionConfig.ATTACHMENT_KEY);
if (sessionManager == null || sessionConfig == null) {
return;
}
Session httpSession = sessionManager.getSession(exchange, sessionConfig);
switch (eventType) {
case AUTHENTICATED:
if (isCacheable(notification)) {
if (httpSession == null) {
httpSession = sessionManager.createSession(exchange, sessionConfig);
}
// It is normal for this notification to be received when using a previously cached session - in that
// case the IDM would have been given an opportunity to re-load the Account so updating here ready for
// the next request is desired.
httpSession.setAttribute(ATTRIBUTE_NAME,
new AuthenticatedSession(notification.getAccount(), notification.getMechanism()));
}
break;
case LOGGED_OUT:
if (httpSession != null) {
httpSession.removeAttribute(ATTRIBUTE_NAME);
httpSession.removeAttribute(NO_ID_CHANGE_REQUIRED);
}
break;
}
}
Example #9
| Source File: AuthenticationTestBase.java From quarkus-http with Apache License 2.0 | 5 votes |
|
protected static void assertNotifiactions(final SecurityNotification.EventType ... eventTypes) {
List<SecurityNotification> notifications = auditReceiver.takeNotifications();
assertEquals("A single notification is expected.", eventTypes.length, notifications.size());
final List<SecurityNotification.EventType> types = new ArrayList<>();
for(SecurityNotification i : notifications) {
types.add(i.getEventType());
}
assertEquals("Expected EventType not matched.", Arrays.asList(eventTypes), types);
}
Example #10
| Source File: AbstractSecurityContext.java From quarkus-http with Apache License 2.0 | 5 votes |
|
@Override
public void logout() {
if (!isAuthenticated()) {
return;
}
UndertowLogger.SECURITY_LOGGER.debugf("Logged out %s", exchange);
sendNoticiation(new SecurityNotification(exchange, SecurityNotification.EventType.LOGGED_OUT, account, mechanismName, true,
MESSAGES.userLoggedOut(account.getPrincipal().getName()), true));
this.account = null;
this.mechanismName = null;
}
Example #11
| Source File: AbstractSecurityContext.java From quarkus-http with Apache License 2.0 | 5 votes |
|
private void sendNoticiation(final SecurityNotification notification) {
Node<NotificationReceiver> cur = notificationReceivers;
while (cur != null) {
cur.item.handleNotification(notification);
cur = cur.next;
}
}
Example #12
| Source File: AbstractSecurityContext.java From quarkus-http with Apache License 2.0 | 5 votes |
|
protected void authenticationComplete(Account account, String mechanism, boolean programatic, final boolean cachingRequired) {
this.account = account;
this.mechanismName = mechanism;
UndertowLogger.SECURITY_LOGGER.debugf("Authenticated as %s, roles %s", account.getPrincipal().getName(), account.getRoles());
sendNoticiation(new SecurityNotification(exchange, EventType.AUTHENTICATED, account, mechanism, programatic,
MESSAGES.userAuthenticated(account.getPrincipal().getName()), cachingRequired));
}
Example #13
| Source File: SingleSignOnAuthenticationMechanism.java From quarkus-http with Apache License 2.0 | 5 votes |
|
@Override
public AuthenticationMechanismOutcome authenticate(HttpServerExchange exchange, SecurityContext securityContext) {
Cookie cookie = exchange.getRequestCookies().get(cookieName);
if (cookie != null) {
final String ssoId = cookie.getValue();
log.tracef("Found SSO cookie %s", ssoId);
try (SingleSignOn sso = this.singleSignOnManager.findSingleSignOn(ssoId)) {
if (sso != null) {
if (log.isTraceEnabled()) {
log.tracef("SSO session with ID: %s found.", ssoId);
}
Account verified = getIdentityManager(securityContext).verify(sso.getAccount());
if (verified == null) {
if (log.isTraceEnabled()) {
log.tracef("Account not found. Returning 'not attempted' here.");
}
//we return not attempted here to allow other mechanisms to proceed as normal
return AuthenticationMechanismOutcome.NOT_ATTEMPTED;
}
final Session session = getSession(exchange);
registerSessionIfRequired(sso, session);
securityContext.authenticationComplete(verified, sso.getMechanismName(), false);
securityContext.registerNotificationReceiver(new NotificationReceiver() {
@Override
public void handleNotification(SecurityNotification notification) {
if (notification.getEventType() == SecurityNotification.EventType.LOGGED_OUT) {
singleSignOnManager.removeSingleSignOn(sso);
}
}
});
log.tracef("Authenticated account %s using SSO", verified.getPrincipal().getName());
return AuthenticationMechanismOutcome.AUTHENTICATED;
}
}
clearSsoCookie(exchange);
}
exchange.addResponseCommitListener(responseListener);
return AuthenticationMechanismOutcome.NOT_ATTEMPTED;
}
Example #14
| Source File: CachedAuthenticatedSessionHandler.java From quarkus-http with Apache License 2.0 | 5 votes |
|
@Override
public void handleNotification(SecurityNotification notification) {
EventType eventType = notification.getEventType();
HttpServerExchange exchange = notification.getExchange();
SessionManager sessionManager = exchange.getAttachment(SessionManager.ATTACHMENT_KEY);
SessionConfig sessionConfig = exchange.getAttachment(SessionConfig.ATTACHMENT_KEY);
if (sessionManager == null || sessionConfig == null) {
return;
}
Session httpSession = sessionManager.getSession(exchange, sessionConfig);
switch (eventType) {
case AUTHENTICATED:
if (isCacheable(notification)) {
if (httpSession == null) {
httpSession = sessionManager.createSession(exchange, sessionConfig);
}
// It is normal for this notification to be received when using a previously cached session - in that
// case the IDM would have been given an opportunity to re-load the Account so updating here ready for
// the next request is desired.
httpSession.setAttribute(ATTRIBUTE_NAME,
new AuthenticatedSession(notification.getAccount(), notification.getMechanism()));
}
break;
case LOGGED_OUT:
if (httpSession != null) {
httpSession.removeAttribute(ATTRIBUTE_NAME);
httpSession.removeAttribute(NO_ID_CHANGE_REQUIRED);
}
break;
}
}
Example #15
| Source File: AuthenticationTestBase.java From quarkus-http with Apache License 2.0 | 4 votes |
|
protected static void assertSingleNotificationType(final SecurityNotification.EventType eventType) {
List<SecurityNotification> notifications = auditReceiver.takeNotifications();
assertEquals("A single notification is expected.", 1, notifications.size());
assertEquals("Expected EventType not matched.", eventType, notifications.get(0).getEventType());
}
Example #16
| Source File: AuthenticationTestBase.java From quarkus-http with Apache License 2.0 | 4 votes |
|
@Override
public void handleNotification(SecurityNotification notification) {
receivedNotifications.add(notification);
}
Example #17
| Source File: CachedAuthenticatedSessionHandler.java From quarkus-http with Apache License 2.0 | 4 votes |
|
private boolean isCacheable(final SecurityNotification notification) {
return notification.isProgramatic() || notification.isCachingRequired();
}
Example #18
| Source File: CachedAuthenticatedSessionHandler.java From lams with GNU General Public License v2.0 | 4 votes |
|
private boolean isCacheable(final SecurityNotification notification) {
return notification.isProgramatic() || notification.isCachingRequired();
}
Example #19
| Source File: AbstractSecurityContext.java From quarkus-http with Apache License 2.0 | 4 votes |
|
@Override
public void authenticationFailed(String message, String mechanism) {
UndertowLogger.SECURITY_LOGGER.debugf("Authentication failed with message %s and mechanism %s for %s", message, mechanism, exchange);
sendNoticiation(new SecurityNotification(exchange, EventType.FAILED_AUTHENTICATION, null, mechanism, false, message, true));
}
Example #20
| Source File: AbstractSecurityContext.java From lams with GNU General Public License v2.0 | 4 votes |
|
@Override
public void authenticationFailed(String message, String mechanism) {
UndertowLogger.SECURITY_LOGGER.debugf("Authentication failed with message %s and mechanism %s for %s", message, mechanism, exchange);
sendNoticiation(new SecurityNotification(exchange, EventType.FAILED_AUTHENTICATION, null, mechanism, false, message, true));
}
Example #21
| Source File: CachedAuthenticatedSessionHandler.java From lams with GNU General Public License v2.0 | 4 votes |
|
private boolean isCacheable(final SecurityNotification notification) {
return notification.isProgramatic() || notification.isCachingRequired();
}
Example #22
| Source File: CachedAuthenticatedSessionHandler.java From quarkus-http with Apache License 2.0 | 4 votes |
|
private boolean isCacheable(final SecurityNotification notification) {
return notification.isProgramatic() || notification.isCachingRequired();
}
