-
Notifications
You must be signed in to change notification settings - Fork 10
/
UserRealm.java
99 lines (89 loc) · 2.88 KB
/
UserRealm.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
package net.eisele.security.glassfishrealm;
import com.sun.appserv.security.AppservRealm;
import com.sun.enterprise.security.auth.realm.BadRealmException;
import com.sun.enterprise.security.auth.realm.InvalidOperationException;
import com.sun.enterprise.security.auth.realm.NoSuchRealmException;
import com.sun.enterprise.security.auth.realm.NoSuchUserException;
import java.util.Enumeration;
import java.util.Properties;
import java.util.logging.Level;
import net.eisele.security.util.Password;
import net.eisele.security.util.SecurityStore;
/**
* High Security UserRealm for GlassFish Server. Implementing password salting.
*
* @author eiselem
*/
public class UserRealm extends AppservRealm {
private String jaasCtxName;
private String dataSource;
/**
* Init realm from properties
*
* @param props
* @throws BadRealmException
* @throws NoSuchRealmException
*/
@Override
protected void init(Properties props) throws BadRealmException, NoSuchRealmException {
_logger.fine("init()");
jaasCtxName = props.getProperty("jaas-context", "UserRealm");
dataSource = props.getProperty("dataSource", "jdbc/userdb");
}
/**
* {@inheritDoc }
*
* @return
*/
@Override
public String getJAASContext() {
return jaasCtxName;
}
/**
* {@inheritDoc }
*
* @return
*/
@Override
public String getAuthType() {
return "High Security UserRealm";
}
/**
* Authenticates a user against GlassFish
*
* @param uid The User ID
* @param givenPwd The Password to check
* @return String[] of the groups a user belongs to.
* @throws Exception
*/
public String[] authenticate(String name, String givenPwd) throws Exception {
SecurityStore store = new SecurityStore(dataSource);
// attempting to read the users-salt
String salt = store.getSaltForUser(name);
// Defaulting to a failed login by setting null
String[] result = null;
if (salt != null) {
Password pwd = new Password();
// get the byte[] from the salt
byte[] saltBytes = pwd.bytesFrombase64(salt);
// hash password and salt
byte[] passwordBytes = pwd.hashWithSalt(givenPwd, saltBytes);
// Base64 encode to String
String password = pwd.base64FromBytes(passwordBytes);
_logger.log(Level.FINE, "PWD Generated {0}", password);
// validate password with the db
if (store.validateUser(name, password)) {
result[0] = "ValidUser";
}
}
return result;
}
/**
* {@inheritDoc }
*/
@Override
public Enumeration getGroupNames(String string) throws InvalidOperationException, NoSuchUserException {
//never called. Only here to make compiler happy.
return null;
}
}