-
Notifications
You must be signed in to change notification settings - Fork 263
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[ELY-2583] Make requestURI and Source-Address available from RealmSuc…
…cessfulAuthenticationEvent and RealmFailedAuthenticationEvent
- Loading branch information
Showing
5 changed files
with
425 additions
and
2 deletions.
There are no files selected for viewing
53 changes: 53 additions & 0 deletions
53
...erver/base/src/main/java/org/wildfly/security/auth/server/RequestInformationCallback.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
/* | ||
* JBoss, Home of Professional Open Source. | ||
* Copyright 2023 Red Hat, Inc., and individual contributors | ||
* as indicated by the @author tags. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
package org.wildfly.security.auth.server; | ||
|
||
import org.wildfly.security.auth.callback.ExtendedCallback; | ||
|
||
import javax.security.auth.callback.Callback; | ||
import java.net.URI; | ||
|
||
/** | ||
* A {@link javax.security.auth.callback.Callback} to inform a server authentication context about current authentication request. | ||
* | ||
*/ | ||
public class RequestInformationCallback implements ExtendedCallback { | ||
|
||
/** | ||
* request URI | ||
*/ | ||
private final URI requestUri; | ||
|
||
/** | ||
* Construct a new instance of this {@link Callback}. | ||
* | ||
* @param requestUri URI of the current authentication request | ||
*/ | ||
public RequestInformationCallback(URI requestUri) { | ||
this.requestUri = requestUri; | ||
} | ||
|
||
/** | ||
* Get the URI of this request. | ||
* | ||
* @return the URI of the current authentication request | ||
*/ | ||
public URI getRequestUri() { | ||
return this.requestUri; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
86 changes: 86 additions & 0 deletions
86
...a/org/wildfly/security/http/util/SetRequestInformationCallbackServerMechanismFactory.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,86 @@ | ||
/* | ||
* JBoss, Home of Professional Open Source. | ||
* Copyright 2023 Red Hat, Inc., and individual contributors | ||
* as indicated by the @author tags. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
package org.wildfly.security.http.util; | ||
|
||
import org.wildfly.security.auth.server.RequestInformationCallback; | ||
import org.wildfly.security.http.HttpAuthenticationException; | ||
import org.wildfly.security.http.HttpServerAuthenticationMechanism; | ||
import org.wildfly.security.http.HttpServerAuthenticationMechanismFactory; | ||
import org.wildfly.security.http.HttpServerRequest; | ||
|
||
import javax.security.auth.callback.Callback; | ||
import javax.security.auth.callback.CallbackHandler; | ||
import javax.security.auth.callback.UnsupportedCallbackException; | ||
import java.io.IOException; | ||
import java.util.Map; | ||
|
||
import static org.wildfly.common.Assert.checkNotNullParam; | ||
|
||
/** | ||
* A wrapper {@link HttpServerAuthenticationMechanismFactory} that sets the request information using the current authentication request. | ||
* | ||
* @author <a href="mailto:dvilkola@redhat.com">Diana Krepinska</a> | ||
*/ | ||
public class SetRequestInformationCallbackServerMechanismFactory implements HttpServerAuthenticationMechanismFactory { | ||
|
||
private final HttpServerAuthenticationMechanismFactory delegate; | ||
|
||
/** | ||
* Construct a wrapping mechanism factory instance. | ||
* | ||
* @param delegate the wrapped mechanism factory | ||
*/ | ||
public SetRequestInformationCallbackServerMechanismFactory(final HttpServerAuthenticationMechanismFactory delegate) { | ||
this.delegate = checkNotNullParam("delegate", delegate); | ||
} | ||
|
||
@Override | ||
public String[] getMechanismNames(Map<String, ?> properties) { | ||
return delegate.getMechanismNames(properties); | ||
} | ||
|
||
@Override | ||
public HttpServerAuthenticationMechanism createAuthenticationMechanism(final String mechanismName, Map<String, ?> properties, | ||
final CallbackHandler callbackHandler) throws HttpAuthenticationException { | ||
final HttpServerAuthenticationMechanism mechanism = delegate.createAuthenticationMechanism(mechanismName, properties, callbackHandler); | ||
return mechanism != null ? new HttpServerAuthenticationMechanism() { | ||
|
||
@Override | ||
public String getMechanismName() { | ||
return mechanism.getMechanismName(); | ||
} | ||
|
||
@Override | ||
public void evaluateRequest(HttpServerRequest request) throws HttpAuthenticationException { | ||
try { | ||
callbackHandler.handle(new Callback[]{new RequestInformationCallback(request.getRequestURI())}); | ||
} catch (IOException | UnsupportedCallbackException e) { | ||
throw new HttpAuthenticationException(e); | ||
} | ||
|
||
mechanism.evaluateRequest(request); | ||
} | ||
|
||
@Override | ||
public void dispose() { | ||
mechanism.dispose(); | ||
} | ||
|
||
} : null; | ||
} | ||
} |
121 changes: 121 additions & 0 deletions
121
tests/base/src/test/java/org/wildfly/security/auth/server/RealmEventTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,121 @@ | ||
/* | ||
* JBoss, Home of Professional Open Source. | ||
* Copyright 2023 Red Hat, Inc., and individual contributors | ||
* as indicated by the @author tags. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
package org.wildfly.security.auth.server; | ||
|
||
import org.junit.Test; | ||
import org.wildfly.security.auth.callback.MechanismInformationCallback; | ||
import org.wildfly.security.auth.permission.LoginPermission; | ||
import org.wildfly.security.authz.Attributes; | ||
import org.wildfly.security.authz.MapAttributes; | ||
import org.wildfly.security.credential.PasswordCredential; | ||
import org.wildfly.security.password.PasswordFactory; | ||
import org.wildfly.security.password.WildFlyElytronPasswordProvider; | ||
import org.wildfly.security.password.interfaces.ClearPassword; | ||
import org.wildfly.security.password.spec.ClearPasswordSpec; | ||
import org.wildfly.security.permission.PermissionVerifier; | ||
|
||
import javax.security.auth.callback.CallbackHandler; | ||
import javax.security.auth.callback.UnsupportedCallbackException; | ||
import java.io.IOException; | ||
import java.security.NoSuchAlgorithmException; | ||
import java.security.Provider; | ||
import java.security.Security; | ||
import java.security.spec.InvalidKeySpecException; | ||
|
||
import static org.junit.Assert.fail; | ||
import static org.wildfly.security.authz.RoleDecoder.KEY_SOURCE_ADDRESS; | ||
|
||
public class RealmEventTest { | ||
|
||
private static SecurityDomain usersDomain; | ||
private static TestCustomRealm.CustomRealm usersRealm; | ||
private static final Provider provider = WildFlyElytronPasswordProvider.getInstance(); | ||
|
||
private ServerAuthenticationContext setupAndGetServerAuthenticationContext() throws IOException, UnsupportedCallbackException { | ||
Security.addProvider(provider); | ||
|
||
usersRealm = new TestCustomRealm.CustomRealm(); | ||
SecurityDomain.Builder builder = SecurityDomain.builder(); | ||
builder.addRealm("users", usersRealm).build(); | ||
builder.setDefaultRealmName("users"); | ||
builder.setPermissionMapper((permissionMappable, roles) -> PermissionVerifier.from(new LoginPermission())); | ||
usersDomain = builder.build(); | ||
|
||
ServerAuthenticationContext serverAuthenticationContext = usersDomain.createNewAuthenticationContext(); | ||
serverAuthenticationContext.addRuntimeAttributes(createRuntimeAttributesWithSourceAddress()); | ||
|
||
MechanismInformation mechanismInformation = new MechanismInformation() { | ||
@Override | ||
public String getMechanismType() { | ||
return null; | ||
} | ||
|
||
@Override | ||
public String getMechanismName() { | ||
return null; | ||
} | ||
|
||
@Override | ||
public String getHostName() { | ||
return null; | ||
} | ||
|
||
@Override | ||
public String getProtocol() { | ||
return null; | ||
} | ||
|
||
}; | ||
|
||
CallbackHandler callbackHandler = serverAuthenticationContext.createCallbackHandler(); | ||
callbackHandler.handle(new MechanismInformationCallback[]{new MechanismInformationCallback(mechanismInformation)}); | ||
return serverAuthenticationContext; | ||
} | ||
|
||
@Test | ||
public void testRealmSuccessfulAuthenticationEvent() throws IOException, UnsupportedCallbackException { | ||
ServerAuthenticationContext serverAuthenticationContext = setupAndGetServerAuthenticationContext(); | ||
try { | ||
serverAuthenticationContext.setAuthenticationName("myadmin"); | ||
serverAuthenticationContext.addPublicCredential(new PasswordCredential( | ||
PasswordFactory.getInstance(ClearPassword.ALGORITHM_CLEAR).generatePassword( | ||
new ClearPasswordSpec("mypassword".toCharArray())))); | ||
|
||
serverAuthenticationContext.authorize(); | ||
} catch (RealmUnavailableException | InvalidKeySpecException | NoSuchAlgorithmException e) { | ||
fail(); | ||
} | ||
serverAuthenticationContext.succeed(); | ||
} | ||
|
||
@Test | ||
public void testRealmFailedAuthenticationEvent() throws NoSuchAlgorithmException, IOException, UnsupportedCallbackException, InvalidKeySpecException { | ||
ServerAuthenticationContext serverAuthenticationContext = setupAndGetServerAuthenticationContext(); | ||
serverAuthenticationContext.setAuthenticationName("myadmin"); | ||
serverAuthenticationContext.addPublicCredential(new PasswordCredential( | ||
PasswordFactory.getInstance(ClearPassword.ALGORITHM_CLEAR).generatePassword( | ||
new ClearPasswordSpec("wrongPassword".toCharArray())))); | ||
serverAuthenticationContext.fail(); | ||
} | ||
|
||
private Attributes createRuntimeAttributesWithSourceAddress() { | ||
MapAttributes runtimeAttributes = new MapAttributes(); | ||
runtimeAttributes.addFirst(KEY_SOURCE_ADDRESS, "10.12.14.16"); | ||
return runtimeAttributes; | ||
} | ||
} |
Oops, something went wrong.