io.undertow.security.api.AuthenticationMechanism Java Examples

The following examples show how to use io.undertow.security.api.AuthenticationMechanism. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: BasicAuthenticationMechanism.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
@Override
public AuthenticationMechanism create(String mechanismName,IdentityManager identityManager, FormParserFactory formParserFactory, Map<String, String> properties) {
    String realm = properties.get(REALM);
    String silent = properties.get(SILENT);
    String charsetString = properties.get(CHARSET);
    Charset charset = charsetString == null ? StandardCharsets.UTF_8 : Charset.forName(charsetString);
    Map<Pattern, Charset> userAgentCharsets = new HashMap<>();
    String userAgentString = properties.get(USER_AGENT_CHARSETS);
    if(userAgentString != null) {
        String[] parts = userAgentString.split(",");
        if(parts.length % 2 != 0) {
            throw UndertowMessages.MESSAGES.userAgentCharsetMustHaveEvenNumberOfItems(userAgentString);
        }
        for(int i = 0; i < parts.length; i += 2) {
            Pattern pattern = Pattern.compile(parts[i]);
            Charset c = Charset.forName(parts[i + 1]);
            userAgentCharsets.put(pattern, c);
        }
    }

    return new BasicAuthenticationMechanism(realm, mechanismName, silent != null && silent.equals("true"), identityManager, charset, userAgentCharsets);
}
 
Example #2
Source File: BasicAuthenticationMechanism.java    From quarkus-http with Apache License 2.0 6 votes vote down vote up
@Override
public AuthenticationMechanism create(String mechanismName, IdentityManager identityManager, FormParserFactory formParserFactory, Map<String, String> properties) {
    String realm = properties.get(REALM);
    String silent = properties.get(SILENT);
    String charsetString = properties.get(CHARSET);
    Charset charset = charsetString == null ? StandardCharsets.UTF_8 : Charset.forName(charsetString);
    Map<Pattern, Charset> userAgentCharsets = new HashMap<>();
    String userAgentString = properties.get(USER_AGENT_CHARSETS);
    if(userAgentString != null) {
        String[] parts = userAgentString.split(",");
        if(parts.length % 2 != 0) {
            throw UndertowMessages.MESSAGES.userAgentCharsetMustHaveEvenNumberOfItems(userAgentString);
        }
        for(int i = 0; i < parts.length; i += 2) {
            Pattern pattern = Pattern.compile(parts[i]);
            Charset c = Charset.forName(parts[i + 1]);
            userAgentCharsets.put(pattern, c);
        }
    }

    return new BasicAuthenticationMechanism(realm, mechanismName, silent != null && silent.equals("true"), identityManager, charset, userAgentCharsets);
}
 
Example #3
Source File: LightBasicAuthenticationMechanism.java    From light-oauth2 with Apache License 2.0 6 votes vote down vote up
@Override
public AuthenticationMechanism create(String mechanismName, FormParserFactory formParserFactory, Map<String, String> properties) {
    String realm = properties.get(REALM);
    String silent = properties.get(SILENT);
    String charsetString = properties.get(CHARSET);
    Charset charset = charsetString == null ? StandardCharsets.UTF_8 : Charset.forName(charsetString);
    Map<Pattern, Charset> userAgentCharsets = new HashMap<>();
    String userAgentString = properties.get(USER_AGENT_CHARSETS);
    if(userAgentString != null) {
        String[] parts = userAgentString.split(",");
        if(parts.length % 2 != 0) {
            throw UndertowMessages.MESSAGES.userAgentCharsetMustHaveEvenNumberOfItems(userAgentString);
        }
        for(int i = 0; i < parts.length; i += 2) {
            Pattern pattern = Pattern.compile(parts[i]);
            Charset c = Charset.forName(parts[i + 1]);
            userAgentCharsets.put(pattern, c);
        }
    }

    return new com.networknt.oauth.security.LightBasicAuthenticationMechanism(realm, mechanismName, silent != null && silent.equals("true"), identityManager, charset, userAgentCharsets);
}
 
Example #4
Source File: SecurityContextImpl.java    From quarkus-http with Apache License 2.0 5 votes vote down vote up
@Override
@Deprecated
public List<AuthenticationMechanism> getAuthenticationMechanisms() {
    List<AuthenticationMechanism> ret = new LinkedList<>();
    Node<AuthenticationMechanism> cur = authMechanisms;
    while (cur != null) {
        ret.add(cur.item);
        cur = cur.next;
    }
    return Collections.unmodifiableList(ret);
}
 
Example #5
Source File: SecurityContextImpl.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
@Override
@Deprecated
public List<AuthenticationMechanism> getAuthenticationMechanisms() {
    List<AuthenticationMechanism> ret = new LinkedList<>();
    Node<AuthenticationMechanism> cur = authMechanisms;
    while (cur != null) {
        ret.add(cur.item);
        cur = cur.next;
    }
    return Collections.unmodifiableList(ret);
}
 
Example #6
Source File: SecurityContextImpl.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
private AuthenticationState transition() {
    if (currentMethod != null) {
        final AuthenticationMechanism mechanism = currentMethod.item;
        currentMethod = currentMethod.next;
        AuthenticationMechanismOutcome outcome = mechanism.authenticate(exchange, SecurityContextImpl.this);
        if(UndertowLogger.SECURITY_LOGGER.isDebugEnabled()) {
            UndertowLogger.SECURITY_LOGGER.debugf("Authentication outcome was %s with method %s for %s", outcome, mechanism, exchange.getRequestURI());
            if(UndertowLogger.SECURITY_LOGGER.isTraceEnabled()) {
                UndertowLogger.SECURITY_LOGGER.tracef("Contents of exchange after authentication attempt is %s", exchange);
            }
        }

        if (outcome == null) {
            throw UndertowMessages.MESSAGES.authMechanismOutcomeNull();
        }

        switch (outcome) {
            case AUTHENTICATED:
                // TODO - Should verify that the mechanism did register an authenticated Account.
                return AuthenticationState.AUTHENTICATED;
            case NOT_AUTHENTICATED:
                // A mechanism attempted to authenticate but could not complete, this now means that
                // authentication is required and challenges need to be sent.
                setAuthenticationRequired();
                return AuthenticationState.ATTEMPTED;
            case NOT_ATTEMPTED:
                // Time to try the next mechanism.
                return transition();
            default:
                throw new IllegalStateException();
        }

    } else {
        // Reached the end of the mechanisms and no mechanism authenticated for us to reach this point.
        return AuthenticationState.ATTEMPTED;
    }
}
 
Example #7
Source File: SecurityContextImpl.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
@Override
public void addAuthenticationMechanism(final AuthenticationMechanism handler) {
    // TODO - Do we want to change this so we can ensure the mechanisms are not modifiable mid request?
    if(authMechanisms == null) {
        authMechanisms = new Node<>(handler);
    } else {
        Node<AuthenticationMechanism> cur = authMechanisms;
        while (cur.next != null) {
            cur = cur.next;
        }
        cur.next = new Node<>(handler);
    }
}
 
Example #8
Source File: SecurityContextImpl.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
private AuthenticationState transition() {
    if (currentMethod != null) {
        final AuthenticationMechanism mechanism = currentMethod.item;
        currentMethod = currentMethod.next;
        ChallengeResult result = mechanism.sendChallenge(exchange, SecurityContextImpl.this);
        if(result == null) {
            throw UndertowMessages.MESSAGES.sendChallengeReturnedNull(mechanism);
        }
        if (result.isChallengeSent()) {
            challengeSent = true;
            Integer desiredCode = result.getDesiredResponseCode();
            if (desiredCode != null && (chosenStatusCode == null || chosenStatusCode.equals(StatusCodes.OK))) {
                chosenStatusCode = desiredCode;
                if (chosenStatusCode.equals(StatusCodes.OK) == false) {
                    if(!exchange.isResponseStarted()) {
                        exchange.setStatusCode(chosenStatusCode);
                    }
                }
            }
        }

        // We always transition so we can reach the end of the list and hit the else.
        return transition();

    } else {
        if(!exchange.isResponseStarted()) {
            // Iterated all mechanisms, if OK it will not be set yet.
            if (chosenStatusCode == null) {
                if (challengeSent == false) {
                    // No mechanism generated a challenge so send a 403 as our challenge - i.e. just rejecting the request.
                    exchange.setStatusCode(StatusCodes.FORBIDDEN);
                }
            } else if (chosenStatusCode.equals(StatusCodes.OK)) {
                exchange.setStatusCode(chosenStatusCode);
            }
        }

        return AuthenticationState.CHALLENGE_SENT;
    }
}
 
Example #9
Source File: SpnegoBasicAuthenticationTestCase.java    From quarkus-http with Apache License 2.0 5 votes vote down vote up
@Override
protected List<AuthenticationMechanism> getTestMechanisms() {
    ArrayList<AuthenticationMechanism> mechanisms = new ArrayList<>(super.getTestMechanisms());
    mechanisms.add(BasicAuthenticationTestCase.getTestMechanism());

    return mechanisms;
}
 
Example #10
Source File: DigestAuthentication2069TestCase.java    From quarkus-http with Apache License 2.0 5 votes vote down vote up
@Override
protected List<AuthenticationMechanism> getTestMechanisms() {
    List<DigestQop> qopList = Collections.emptyList();
    AuthenticationMechanism mechanism = new DigestAuthenticationMechanism(Collections.singletonList(DigestAlgorithm.MD5),
            qopList, REALM_NAME, "/", new SimpleNonceManager());

    return Collections.singletonList(mechanism);
}
 
Example #11
Source File: SecurityContextImpl.java    From quarkus-http with Apache License 2.0 5 votes vote down vote up
private AuthenticationState transition() {
    if (currentMethod != null) {
        final AuthenticationMechanism mechanism = currentMethod.item;
        currentMethod = currentMethod.next;
        ChallengeResult result = mechanism.sendChallenge(exchange, SecurityContextImpl.this);
        if(result == null) {
            throw UndertowMessages.MESSAGES.sendChallengeReturnedNull(mechanism);
        }
        if (result.isChallengeSent()) {
            challengeSent = true;
            Integer desiredCode = result.getDesiredResponseCode();
            if (desiredCode != null && (chosenStatusCode == null || chosenStatusCode.equals(StatusCodes.OK))) {
                chosenStatusCode = desiredCode;
                if (chosenStatusCode.equals(StatusCodes.OK) == false) {
                    if(!exchange.isResponseStarted()) {
                        exchange.setStatusCode(chosenStatusCode);
                    }
                }
            }
        }

        // We always transition so we can reach the end of the list and hit the else.
        return transition();

    } else {
        if(!exchange.isResponseStarted()) {
            // Iterated all mechanisms, if OK it will not be set yet.
            if (chosenStatusCode == null) {
                if (challengeSent == false) {
                    // No mechanism generated a challenge so send a 403 as our challenge - i.e. just rejecting the request.
                    exchange.setStatusCode(StatusCodes.FORBIDDEN);
                }
            } else if (chosenStatusCode.equals(StatusCodes.OK)) {
                exchange.setStatusCode(chosenStatusCode);
            }
        }

        return AuthenticationState.CHALLENGE_SENT;
    }
}
 
Example #12
Source File: SecurityContextImpl.java    From quarkus-http with Apache License 2.0 5 votes vote down vote up
private AuthenticationState transition() {
    if (currentMethod != null) {
        final AuthenticationMechanism mechanism = currentMethod.item;
        currentMethod = currentMethod.next;
        AuthenticationMechanismOutcome outcome = mechanism.authenticate(exchange, SecurityContextImpl.this);
        if(UndertowLogger.SECURITY_LOGGER.isDebugEnabled()) {
            UndertowLogger.SECURITY_LOGGER.tracef("Authentication outcome was %s with method %s for %s", outcome, mechanism, exchange.getRequestURI());
            if(UndertowLogger.SECURITY_LOGGER.isTraceEnabled()) {
                UndertowLogger.SECURITY_LOGGER.tracef("Contents of exchange after authentication attempt is %s", exchange);
            }
        }

        if (outcome == null) {
            throw UndertowMessages.MESSAGES.authMechanismOutcomeNull();
        }

        switch (outcome) {
            case AUTHENTICATED:
                // TODO - Should verify that the mechanism did register an authenticated Account.
                return AuthenticationState.AUTHENTICATED;
            case NOT_AUTHENTICATED:
                // A mechanism attempted to authenticate but could not complete, this now means that
                // authentication is required and challenges need to be sent.
                setAuthenticationRequired();
                return AuthenticationState.ATTEMPTED;
            case NOT_ATTEMPTED:
                // Time to try the next mechanism.
                return transition();
            default:
                throw new IllegalStateException();
        }

    } else {
        // Reached the end of the mechanisms and no mechanism authenticated for us to reach this point.
        return AuthenticationState.ATTEMPTED;
    }
}
 
Example #13
Source File: SpnegoDigestAuthenticationTestCase.java    From quarkus-http with Apache License 2.0 5 votes vote down vote up
@Override
protected List<AuthenticationMechanism> getTestMechanisms() {
    ArrayList<AuthenticationMechanism> mechanisms = new ArrayList<>(super.getTestMechanisms());
    mechanisms.add(DigestAuthenticationAuthTestCase.getTestMechanism());

    return mechanisms;
}
 
Example #14
Source File: SecurityContextImpl.java    From quarkus-http with Apache License 2.0 5 votes vote down vote up
@Override
public void addAuthenticationMechanism(final AuthenticationMechanism handler) {
    // TODO - Do we want to change this so we can ensure the mechanisms are not modifiable mid request?
    if(authMechanisms == null) {
        authMechanisms = new Node<>(handler);
    } else {
        Node<AuthenticationMechanism> cur = authMechanisms;
        while (cur.next != null) {
            cur = cur.next;
        }
        cur.next = new Node<>(handler);
    }
}
 
Example #15
Source File: FormAuthTestCase.java    From quarkus-http with Apache License 2.0 5 votes vote down vote up
@Override
protected List<AuthenticationMechanism> getTestMechanisms() {
    List<AuthenticationMechanism> ret = new ArrayList<>();
    ret.add(new CachedAuthenticatedSessionMechanism());
    ret.add(new FormAuthenticationMechanism("test", "/login", "/error"));
    return ret;
}
 
Example #16
Source File: DigestAuthenticationAuthTestCase.java    From quarkus-http with Apache License 2.0 5 votes vote down vote up
/**
 * @see io.undertow.server.security.AuthenticationTestBase#getTestMechanisms()
 */
@Override
protected List<AuthenticationMechanism> getTestMechanisms() {
    AuthenticationMechanism mechanism = getTestMechanism();

    return Collections.singletonList(mechanism);
}
 
Example #17
Source File: ServletFormAuthenticationMechanism.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
@Override
public AuthenticationMechanism create(String mechanismName, IdentityManager identityManager, FormParserFactory formParserFactory, Map<String, String> properties) {
    boolean saveOriginal = true;
    if(properties.containsKey(SAVE_ORIGINAL_REQUEST)) {
        saveOriginal = Boolean.parseBoolean(properties.get(SAVE_ORIGINAL_REQUEST));
    }
    return new ServletFormAuthenticationMechanism(formParserFactory, mechanismName, properties.get(LOGIN_PAGE), properties.get(ERROR_PAGE), identityManager, saveOriginal);
}
 
Example #18
Source File: ServletFormAuthenticationMechanism.java    From quarkus-http with Apache License 2.0 5 votes vote down vote up
@Override
public AuthenticationMechanism create(String mechanismName, IdentityManager identityManager, FormParserFactory formParserFactory,  Map<String, String> properties) {
    boolean saveOriginal = true;
    if(properties.containsKey(SAVE_ORIGINAL_REQUEST)) {
        saveOriginal = Boolean.parseBoolean(properties.get(SAVE_ORIGINAL_REQUEST));
    }
    return new ServletFormAuthenticationMechanism( formParserFactory, mechanismName, properties.get(LOGIN_PAGE), properties.get(ERROR_PAGE), identityManager,  saveOriginal);
}
 
Example #19
Source File: LogoutHandler.java    From wildfly-core with GNU Lesser General Public License v2.1 5 votes vote down vote up
private AuthenticationMechanism mechanism(final boolean opera, final boolean digest) {
    if (digest) {
        return opera ? fakeRealmdigestMechanism : digestMechanism;
    } else {
        return opera ? fakeRealmBasicMechanism : basicMechanism;
    }
}
 
Example #20
Source File: AuthenticationMechanismsHandler.java    From lams with GNU General Public License v2.0 4 votes vote down vote up
public AuthenticationMechanismsHandler(final List<AuthenticationMechanism> authenticationHandlers) {
    this.authenticationMechanisms = authenticationHandlers.toArray(new AuthenticationMechanism[authenticationHandlers.size()]);
}
 
Example #21
Source File: DeploymentImpl.java    From lams with GNU General Public License v2.0 4 votes vote down vote up
public void setAuthenticationMechanisms(List<AuthenticationMechanism> authenticationMechanisms) {
    this.authenticationMechanisms = authenticationMechanisms;
}
 
Example #22
Source File: DeploymentInfo.java    From lams with GNU General Public License v2.0 4 votes vote down vote up
public AuthenticationMechanism getJaspiAuthenticationMechanism() {
    return jaspiAuthenticationMechanism;
}
 
Example #23
Source File: DeploymentInfo.java    From lams with GNU General Public License v2.0 4 votes vote down vote up
public DeploymentInfo setJaspiAuthenticationMechanism(AuthenticationMechanism jaspiAuthenticationMechanism) {
    this.jaspiAuthenticationMechanism = jaspiAuthenticationMechanism;
    return this;
}
 
Example #24
Source File: ImmediateAuthenticationMechanismFactory.java    From lams with GNU General Public License v2.0 4 votes vote down vote up
@Override
public AuthenticationMechanism create(String mechanismName, IdentityManager identityManager, FormParserFactory formParserFactory, Map<String, String> properties) {
    return authenticationMechanism;
}
 
Example #25
Source File: DeploymentImpl.java    From lams with GNU General Public License v2.0 4 votes vote down vote up
@Override
public List<AuthenticationMechanism> getAuthenticationMechanisms() {
    return authenticationMechanisms;
}
 
Example #26
Source File: ClientCertRenegotiationTestCase.java    From quarkus-http with Apache License 2.0 4 votes vote down vote up
@Override
protected List<AuthenticationMechanism> getTestMechanisms() {
    AuthenticationMechanism mechanism = new ClientCertAuthenticationMechanism();

    return Collections.singletonList(mechanism);
}
 
Example #27
Source File: AuthenticationMechanismsHandler.java    From lams with GNU General Public License v2.0 4 votes vote down vote up
public AuthenticationMechanismsHandler(final HttpHandler next, final List<AuthenticationMechanism> authenticationMechanisms) {
    this.next = next;
    this.authenticationMechanisms = authenticationMechanisms.toArray(new AuthenticationMechanism[authenticationMechanisms.size()]);
}
 
Example #28
Source File: DatawaveAuthenticationMechanism.java    From datawave with Apache License 2.0 4 votes vote down vote up
@Override
public AuthenticationMechanism create(String mechanismName, IdentityManager identityManager, FormParserFactory formParserFactory,
                Map<String,String> properties) {
    String forceRenegotiation = properties.get(ClientCertAuthenticationMechanism.FORCE_RENEGOTIATION);
    return new DatawaveAuthenticationMechanism(mechanismName, (forceRenegotiation == null) || "true".equals(forceRenegotiation), identityManager);
}
 
Example #29
Source File: DatawaveAuthenticationMechanism.java    From datawave with Apache License 2.0 4 votes vote down vote up
@Override
@Deprecated
public AuthenticationMechanism create(String mechanismName, FormParserFactory formParserFactory, Map<String,String> properties) {
    return create(mechanismName, identityManager, formParserFactory, properties);
}
 
Example #30
Source File: ImmediateAuthenticationMechanismFactory.java    From lams with GNU General Public License v2.0 4 votes vote down vote up
public ImmediateAuthenticationMechanismFactory(AuthenticationMechanism authenticationMechanism) {
    this.authenticationMechanism = authenticationMechanism;
}