Package org.jboss.seam.security

Examples of org.jboss.seam.security.Identity


        String[] a = unpack(auth);
        String usr = a[0];
        String pwd = a[1];
        if ( Contexts.isApplicationContextActive() ) {
           // return (FileManagerUtils) Component.getInstance( "fileManager" );
            Identity ids = Identity.instance();
            ids.getCredentials().setUsername(usr);
            ids.getCredentials().setPassword(pwd);
            try {
                ids.authenticate();
                log.info(usr + " authenticated for rest api");
              
                return true;
            } catch (LoginException e) {
                log.warn("Unable to authenticate for rest api: " + usr);
View Full Code Here


     * Autologin means that its not really logged in, but a generic username will be used.
     * Basically means security is bypassed.
     *
     */
    private String checkAutoLogin() {
        Identity id = Identity.instance();
        id.getCredentials().setUsername( GUEST_LOGIN );
        try {
            id.authenticate();
        } catch ( LoginException e ) {
            return null;
        }
        if ( id.isLoggedIn() ) {
            return id.getCredentials().getUsername();
        } else {
            return null;
        }

    }
View Full Code Here

      if (session!=null)
      {
         Object attribute = session.getAttribute("org.jboss.seam.security.identity");
         if (attribute instanceof Identity)
         {
             Identity identity = (Identity) attribute;
             String username = identity.getUsername();
             if (username != null)
             {
                 MDC.put("username", username);
             }
         }
View Full Code Here

   private void processBasicAuth(HttpServletRequest request,
            HttpServletResponse response, FilterChain chain)
      throws IOException, ServletException
   {
      Context ctx = new SessionContext( new ServletRequestSessionMap(request) );
      Identity identity = (Identity) ctx.get(Identity.class);
     
      boolean requireAuth = false;
     
      String header = request.getHeader("Authorization");
      if (header != null && header.startsWith("Basic "))
      {
         String base64Token = header.substring(6);
         String token = new String(Base64.decode(base64Token));

         String username = "";
         String password = "";
         int delim = token.indexOf(":");

         if (delim != -1)
         {
             username = token.substring(0, delim);
             password = token.substring(delim + 1);
         }

         // Only reauthenticate if username doesn't match Identity.username and user isn't authenticated
         if (!username.equals(identity.getUsername()) || !identity.isLoggedIn())
         {
            identity.setUsername(username);
            identity.setPassword(password);
         }        
      }
     
      if (!identity.isLoggedIn() && !identity.isCredentialsSet())
      {
         requireAuth = true;
      }
     
      try
      {
         if (!requireAuth)
         {
            chain.doFilter(request, response);
            return;
         }
      }
      catch (NotLoggedInException ex)
      {
         requireAuth = true;
      }
     
      if (requireAuth && !identity.isLoggedIn())
      {
         response.addHeader("WWW-Authenticate", "Basic realm=\"" + realm + "\"");
         response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Not authorized");        
      }              
   }
View Full Code Here

   private void processDigestAuth(HttpServletRequest request,
            HttpServletResponse response, FilterChain chain)
      throws IOException, ServletException
   {
      Identity identity = (Identity) request.getSession().getAttribute( Seam.getComponentName(Identity.class) );
     
      boolean requireAuth = false;   
      boolean nonceExpired = false;
     
      String header = request.getHeader("Authorization");     
      if (header != null && header.startsWith("Digest "))
      {
         String section212response = header.substring(7);

         String[] headerEntries = section212response.split(",");
         Map<String,String> headerMap = new HashMap<String,String>();
         for (String entry : headerEntries)
         {
            String[] vals = split(entry, "=");
            headerMap.put(vals[0].trim(), vals[1].replace("\"", "").trim());
         }
        

         DigestRequest digestRequest = new DigestRequest();
         digestRequest.setHttpMethod(request.getMethod());
         digestRequest.setSystemRealm(realm);
         digestRequest.setRealm(headerMap.get("realm"));        
         digestRequest.setKey(key);
         digestRequest.setNonce(headerMap.get("nonce"));
         digestRequest.setUri(headerMap.get("uri"));
         digestRequest.setClientDigest(headerMap.get("response"));
         digestRequest.setQop(headerMap.get("qop"));
         digestRequest.setNonceCount(headerMap.get("nc"));
         digestRequest.setClientNonce(headerMap.get("cnonce"));
                 
         try
         {
            digestRequest.validate();
            request.getSession().setAttribute(DigestRequest.DIGEST_REQUEST, digestRequest);
            authenticate( request, headerMap.get("username") );
         }
         catch (DigestValidationException ex)
         {
            log.error(String.format("Digest validation failed, header [%s]: %s",
                     section212response, ex.getMessage()));
            requireAuth = true;
           
            if (ex.isNonceExpired()) nonceExpired = true;
         }           
         catch (Exception ex)
         {
            log.error("Error authenticating: " + ex.getMessage());
            requireAuth = true;
         }
      }  

      if (!identity.isLoggedIn() && !identity.isCredentialsSet())
      {
         requireAuth = true;
      }
     
      try
      {
         if (!requireAuth)
         {
            chain.doFilter(request, response);
            return;
         }
      }
      catch (NotLoggedInException ex)
      {
         requireAuth = true;
      }
     
      if (requireAuth && !identity.isLoggedIn())
      {     
         long expiryTime = System.currentTimeMillis() + (nonceValiditySeconds * 1000);
        
         String signatureValue = DigestUtils.md5Hex(expiryTime + ":" + key);
         String nonceValue = expiryTime + ":" + signatureValue;
View Full Code Here

      new ContextualHttpServletRequest(request)
      {
         @Override
         public void process() throws ServletException, IOException, LoginException
         {
            Identity identity = Identity.instance();
            identity.setUsername(username);
            identity.authenticate();
         }
      }.run()
   }
View Full Code Here

      Context ctx = new SessionContext(new ServletRequestSessionMap(httpRequest));

      // Only reauthenticate if username doesn't match Identity.username
      // and user isn't authenticated
      Credentials credentials = (Credentials) ctx.get(Credentials.class);
      Identity identity = (Identity) ctx.get(Identity.class);

      if (identity.isLoggedIn())
      {
         throw new RuntimeException("User is already logged in.");
      }

      credentials.setPassword("");
View Full Code Here

     
      // Otherwise if identity management is enabled, use it.
      IdentityManager identityManager = IdentityManager.instance();
      if (identityManager != null && identityManager.getIdentityStore() != null)
      {
         Identity identity = Identity.instance();
        
         try
         {
            boolean success = identityManager.authenticate(username, identity.getPassword());
           
            if (success)
            {
               for (String role : identityManager.getImpliedRoles(username))
               {
                  identity.addRole(role);
               }
            }
           
            return success;
         }
View Full Code Here

public class CXFAuthenticationHandler implements RequestHandler {

    public Response handleRequest(Message m, ClassResourceInfo resourceClass) {
        if (Contexts.isApplicationContextActive()) {
            //If the request is from same session, the user should be logged already.
            Identity ids = Identity.instance();
            if (ids.isLoggedIn()) {
                return null;
            }

            AuthorizationPolicy policy = (AuthorizationPolicy) m
                    .get(AuthorizationPolicy.class);

            // The policy can be null when the user did not specify credentials
            if (policy != null) {
                String username = policy.getUserName();
                String password = policy.getPassword();

                ids.getCredentials().setUsername(username);
                ids.getCredentials().setPassword(password);
            }

            try {
                ids.authenticate();
                return null;
            } catch (LoginException e) {
                throw new WebApplicationException(getErrorResponse());
            }
        } else {
View Full Code Here

            // default to get content as json
            action = "json";
        }
       
        // log in
        Identity ids = Identity.instance();
        ids.getCredentials().setUsername(usr);
        ids.getCredentials().setPassword(pwd);
       
        try {
            ids.authenticate();
        } catch (LoginException e) {
            throw new ServletException(new IllegalArgumentException("Unable to authenticate user."));
        }
       
        log.debug("Successful login");
View Full Code Here

TOP

Related Classes of org.jboss.seam.security.Identity

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.