Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Client Side Http Authentication Mechanism #1881

Closed
wants to merge 19 commits into from
Closed

Client Side Http Authentication Mechanism #1881

Show file tree
Hide file tree
Changes from 14 commits
Commits
Show all changes
19 commits
Select commit Hold shift + click to select a range
3783a89
added next version of schema - elytron-client-1_8.xsd
keshav-725 Mar 17, 2023
0dbc282
added required configuration to get http-selector-mechanism type from…
keshav-725 Mar 17, 2023
269823e
added client side http basic authentication using HttpClient
keshav-725 Mar 17, 2023
dccba73
added digest authentication for ElytronClient
keshav-725 Mar 28, 2023
ac793e1
added digest authentication test method for ElytronHttpClient
keshav-725 Mar 31, 2023
7c47abf
updated getRequest Return type in ElytronHttpClient
keshav-725 Apr 3, 2023
a74600e
updated digest authentication for dynamic cnonce and incremental ncount
keshav-725 Apr 11, 2023
29f41c9
Updated digest authentication for ElytronClient
keshav-725 Mar 28, 2023
1a4971f
added digest authentication test method for ElytronHttpClient
keshav-725 Mar 31, 2023
5d17618
Updated ElytronHttpClient
keshav-725 Apr 18, 2023
366ee64
added tests in ElytronHttpClientTest
keshav-725 Apr 21, 2023
0d1712a
removed common-codec dependency
keshav-725 Apr 21, 2023
cbac3de
added Basic Authentication Forbidden and Unauthorized test case in El…
keshav-725 Apr 24, 2023
8e855c1
updated ElytronHttpClient separating Authentication mechanism type me…
keshav-725 May 1, 2023
189af37
added bearer token for elytron http client
keshav-725 May 14, 2023
70c282c
added bearer authentication mechanism
keshav-725 May 27, 2023
4cb3996
updated code for client cert auth having some issue
keshav-725 Jun 6, 2023
f7578fd
added tls handshake for https
keshav-725 Jun 11, 2023
0f7120b
updated elytron code
keshav-725 Jul 8, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
2 changes: 1 addition & 1 deletion ELY_Messages.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -132,7 +132,7 @@
30000 - 30999
# Reserved For master / Elytron 2
40000 - 40999 wildfly-elytron-ssh-util
41000 - 41999 master
41000 - 41999 wildfly-elytron-http-client
42000 - 42999 master
43000 - 43999 master
44000 - 44999 master
Expand Down
29 changes: 27 additions & 2 deletions auth/client/src/main/java/org/wildfly/security/auth/client/AuthenticationConfiguration.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -166,6 +166,7 @@ public final class AuthenticationConfiguration {
private static final int SET_SASL_PROTOCOL = 20;
private static final int SET_FWD_AUTHZ_NAME_DOMAIN = 21;
private static final int SET_WEBSERVICES_PROPS = 22;
private static final int SET_HTTP_MECHANISM_SELECTOR = 23;

private static final String JBOSS_LOCAL_USER_QUIET_AUTH = "wildfly.sasl.local-user.quiet-auth";
private static final String JBOSS_LOCAL_USER_LEGACY_QUIET_AUTH = "jboss.sasl.local-user.quiet-auth";
Expand Down Expand Up @@ -229,6 +230,7 @@ public static AuthenticationConfiguration empty() {
final Predicate<Callback> callbackIntercept;
final String saslProtocol;
final Map<String, ?> webServicesProperties;
final String httpMechanismSelector;

// constructors

Expand Down Expand Up @@ -260,6 +262,7 @@ private AuthenticationConfiguration() {
this.callbackIntercept = null;
this.saslProtocol = null;
this.webServicesProperties = null;
this.httpMechanismSelector = null;
}

/**
Expand Down Expand Up @@ -296,6 +299,7 @@ private AuthenticationConfiguration(final AuthenticationConfiguration original,
this.callbackIntercept = what == SET_CALLBACK_INTERCEPT ? (Predicate<Callback>) value : original.callbackIntercept;
this.saslProtocol = what == SET_SASL_PROTOCOL ? (String) value : original.saslProtocol;
this.webServicesProperties = what == SET_WEBSERVICES_PROPS ? (Map<String, ?>) value : original.webServicesProperties;
this.httpMechanismSelector = what == SET_HTTP_MECHANISM_SELECTOR ? (String) value : original.httpMechanismSelector;
sanitazeOnMutation(what);
}

Expand Down Expand Up @@ -335,6 +339,7 @@ private AuthenticationConfiguration(final AuthenticationConfiguration original,
this.callbackIntercept = what1 == SET_CALLBACK_INTERCEPT ? (Predicate<Callback>) value1 : what2 == SET_CALLBACK_INTERCEPT ? (Predicate<Callback>) value2 : original.callbackIntercept;
this.saslProtocol = what1 == SET_SASL_PROTOCOL ? (String) value1 : what2 == SET_SASL_PROTOCOL ? (String) value2 : original.saslProtocol;
this.webServicesProperties = what1 == SET_WEBSERVICES_PROPS ? (Map<String, ?>) value1 : what2 == SET_WEBSERVICES_PROPS ? (Map<String, ?>) value2 : original.webServicesProperties;
this.httpMechanismSelector = what1 == SET_HTTP_MECHANISM_SELECTOR ? (String) value1 : what2 == SET_HTTP_MECHANISM_SELECTOR ? (String) value2 : original.httpMechanismSelector;
sanitazeOnMutation(what1);
sanitazeOnMutation(what2);
}
Expand Down Expand Up @@ -376,6 +381,7 @@ private AuthenticationConfiguration(final AuthenticationConfiguration original,
this.callbackIntercept = what1 == SET_CALLBACK_INTERCEPT ? (Predicate<Callback>) value1 : what2 == SET_CALLBACK_INTERCEPT ? (Predicate<Callback>) value2 : what3 == SET_CALLBACK_INTERCEPT ? (Predicate<Callback>) value3 : original.callbackIntercept;
this.saslProtocol = what1 == SET_SASL_PROTOCOL ? (String) value1 : what2 == SET_SASL_PROTOCOL ? (String) value2 : what3 == SET_SASL_PROTOCOL ? (String) value3 : original.saslProtocol;
this.webServicesProperties = what1 == SET_WEBSERVICES_PROPS ? (Map<String, ?>) value1 : what2 == SET_WEBSERVICES_PROPS ? (Map<String, ?>) value2 : what3 == SET_WEBSERVICES_PROPS ? (Map<String, ?>) value3 : original.webServicesProperties;
this.httpMechanismSelector = what1 ==SET_HTTP_MECHANISM_SELECTOR ? (String) value1 : what2 == SET_HTTP_MECHANISM_SELECTOR ? (String) value2 : what3 == SET_HTTP_MECHANISM_SELECTOR ? (String) value3 : original.httpMechanismSelector;
sanitazeOnMutation(what1);
sanitazeOnMutation(what2);
sanitazeOnMutation(what3);
Expand Down Expand Up @@ -412,6 +418,7 @@ private AuthenticationConfiguration(final AuthenticationConfiguration original,
this.callbackIntercept = original.callbackIntercept;
this.saslProtocol = original.saslProtocol;
this.webServicesProperties = original.webServicesProperties;
this.httpMechanismSelector = original.httpMechanismSelector;
}

private AuthenticationConfiguration(final AuthenticationConfiguration original, final AuthenticationConfiguration other) {
Expand Down Expand Up @@ -439,6 +446,7 @@ private AuthenticationConfiguration(final AuthenticationConfiguration original,
this.callbackIntercept = other.callbackIntercept == null ? original.callbackIntercept : original.callbackIntercept == null ? other.callbackIntercept : other.callbackIntercept.or(original.callbackIntercept);
this.saslProtocol = getOrDefault(other.saslProtocol, original.saslProtocol);
this.webServicesProperties = getOrDefault(other.webServicesProperties, original.webServicesProperties);
this.httpMechanismSelector = getOrDefault(other.httpMechanismSelector, original.httpMechanismSelector);
sanitazeOnMutation(SET_USER_CBH);
}

Expand Down Expand Up @@ -495,6 +503,10 @@ String getWsSecurityType() {
return null;
}

String getHttpMechanismType(){
return httpMechanismSelector;
}

// internal actions

/**
Expand Down Expand Up @@ -1153,6 +1165,17 @@ public AuthenticationConfiguration useWebServices(Map<String, ?> webservicesProp
return new AuthenticationConfiguration(this, SET_WEBSERVICES_PROPS, optimizeMap(newMap));
}

public AuthenticationConfiguration useHttpMechanism(String httpMechanismSelector) {
if (httpMechanismSelector == null || httpMechanismSelector.isEmpty()) {
httpMechanismSelector = null;
}
if (Objects.equals(this.httpMechanismSelector, httpMechanismSelector)) {
return this;
} else {
return new AuthenticationConfiguration(this, SET_HTTP_MECHANISM_SELECTOR, httpMechanismSelector);
}
}

/**
* Create a new configuration which is the same as this configuration, but which connects to a different port.
*
Expand Down Expand Up @@ -1600,7 +1623,8 @@ public boolean equals(final AuthenticationConfiguration other) {
&& Objects.equals(trustManagerFactory, other.trustManagerFactory)
&& Objects.equals(saslMechanismProperties, other.saslMechanismProperties)
&& Objects.equals(saslProtocol, other.saslProtocol)
&& Objects.equals(webServicesProperties, other.webServicesProperties);
&& Objects.equals(webServicesProperties, other.webServicesProperties)
&& Objects.equals(httpMechanismSelector, other.httpMechanismSelector);
}

/**
Expand All @@ -1615,7 +1639,7 @@ public int hashCode() {
principal, setHost, setProtocol, setRealm, setAuthzPrincipal, authenticationNameForwardSecurityDomain,
authenticationCredentialsForwardSecurityDomain, authorizationNameForwardSecurityDomain, userCallbackHandler, credentialSource,
providerSupplier, keyManagerFactory, saslMechanismSelector, principalRewriter, saslClientFactorySupplier, parameterSpecs, trustManagerFactory,
saslMechanismProperties, saslProtocol, webServicesProperties) * 19 + setPort;
saslMechanismProperties, saslProtocol, webServicesProperties, httpMechanismSelector) * 19 + setPort;
if (hashCode == 0) {
hashCode = 1;
}
Expand Down Expand Up @@ -1654,6 +1678,7 @@ public String toString() {
if (trustManagerFactory != null) b.append("trust-manager-factory=").append(trustManagerFactory).append(',');
if (! saslMechanismProperties.isEmpty()) b.append("mechanism-properties=").append(saslMechanismProperties).append(',');
if (webServicesProperties != null && ! webServicesProperties.isEmpty()) b.append("webservices-properties=").append(webServicesProperties).append(',');
if(httpMechanismSelector != null) b.append("http-mechanism-selector=").append(httpMechanismSelector).append(',');
b.setLength(b.length() - 1);
this.toString = b.toString();
return this.toString;
Expand Down
11 changes: 11 additions & 0 deletions .../main/java/org/wildfly/security/auth/client/AuthenticationContextConfigurationClient.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -378,6 +378,17 @@ public String getWsSecurityType(AuthenticationConfiguration configuration) {
return configuration.getWsSecurityType();
}

/**
* Get the Http Mechanism Type to use for the given configuration.
*
* @param configuration the configuration (must not be {@code null})
* @return the Http Mechanism type to use
*/
public String getHttpMechanismType(AuthenticationConfiguration configuration) {
Assert.checkNotNullParam("configuration", configuration);
return configuration.getHttpMechanismType();
}

/**
* Get the authentication principal to use for the given configuration.
*
Expand Down
37 changes: 36 additions & 1 deletion auth/client/src/main/java/org/wildfly/security/auth/client/ElytronXmlParser.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -154,7 +154,8 @@ private enum Version {
VERSION_1_4("urn:elytron:client:1.4", VERSION_1_3),
VERSION_1_5("urn:elytron:client:1.5", VERSION_1_4),
VERSION_1_6("urn:elytron:client:1.6", VERSION_1_5),
VERSION_1_7("urn:elytron:client:1.7", VERSION_1_6);
VERSION_1_7("urn:elytron:client:1.7", VERSION_1_6),
VERSION_1_8("urn:elytron:client:1.8", VERSION_1_7);

final String namespace;

Expand Down Expand Up @@ -1243,6 +1244,13 @@ static void parseAuthenticationConfigurationType(ConfigurationXMLStreamReader re
configuration = andThenOp(configuration, parentConfig -> parentConfig.useWebServices(webServices));
break;
}
case "http-mechanism-selector": {
if (isSet(foundBits, 15) || !xmlVersion.isAtLeast(Version.VERSION_1_8)) throw reader.unexpectedElement();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@keshav-725 Since we are not adding an HTTP selector at this time, please remove the selector related code from this PR for now

foundBits = setBit(foundBits, 15);
final String selector = parseHttpMechanismSelectorType(reader);
configuration = andThenOp(configuration, parentConfig -> parentConfig.useHttpMechanism(selector));
break;
}
default: {
throw reader.unexpectedElement();
}
Expand Down Expand Up @@ -2545,6 +2553,33 @@ static String parseNameType(ConfigurationXMLStreamReader reader, boolean optiona
throw reader.unexpectedDocumentEnd();
}

static String parseHttpMechanismSelectorType(ConfigurationXMLStreamReader reader) throws ConfigXMLParseException {
final int attributeCount = reader.getAttributeCount();
String selector = null;
for (int i = 0; i < attributeCount; i ++) {
checkAttributeNamespace(reader, i);
if (reader.getAttributeLocalName(i).equals("selector")) {
selector = reader.getAttributeValueResolved(i);
} else {
throw reader.unexpectedAttribute(i);
}
}
if (selector == null) {
throw missingAttribute(reader, "selector");
}
if (reader.hasNext()) {
final int tag = reader.nextTag();
if (tag == START_ELEMENT) {
throw reader.unexpectedElement();
} else if (tag == END_ELEMENT) {
return selector;
} else {
throw reader.unexpectedContent();
}
}
throw reader.unexpectedDocumentEnd();
}

/**
* Parse an XML element of type {@code resource-type} from an XML reader.
*
Expand Down