org.wildfly.security.auth.util.ElytronAuthenticator Maven / Gradle / Ivy
Go to download
This artifact provides a single jar that contains all classes required to use remote EJB and JMS, including
all dependencies. It is intended for use by those not using maven, maven users should just import the EJB and
JMS BOM's instead (shaded JAR's cause lots of problems with maven, as it is very easy to inadvertently end up
with different versions on classes on the class path).
/*
* JBoss, Home of Professional Open Source.
* Copyright 2014 Red Hat, Inc., and individual contributors
* as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.wildfly.security.auth.util;
import static java.security.AccessController.doPrivileged;
import static org.wildfly.security.auth.util.ElytronMessages2.log;
import java.io.IOException;
import java.net.Authenticator;
import java.net.PasswordAuthentication;
import java.net.URISyntaxException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.wildfly.security.auth.callback.CredentialCallback;
import org.wildfly.security.auth.client.AuthenticationConfiguration;
import org.wildfly.security.auth.client.AuthenticationContext;
import org.wildfly.security.auth.client.AuthenticationContextConfigurationClient;
import org.wildfly.security.credential.PasswordCredential;
import org.wildfly.security.password.PasswordFactory;
import org.wildfly.security.password.TwoWayPassword;
import org.wildfly.security.password.spec.ClearPasswordSpec;
import org.wildfly.security.permission.ElytronPermission;
/**
* An implementation of {@link Authenticator} which uses the current security context to perform the authentication.
*
* @author David M. Lloyd
* @deprecated Using the ElytronAuthenticator is not supported or recommended due to known credential limitations in Java 8.
*/
@Deprecated
public final class ElytronAuthenticator extends Authenticator {
private static final AuthenticationContextConfigurationClient client = doPrivileged(AuthenticationContextConfigurationClient.ACTION);
private static final ElytronPermission CREATE_AUTHENTICATOR_PERMISSION = new ElytronPermission("createAuthenticator");
/**
* Construct a new instance. Requires the {@code createAuthenticator} {@link ElytronPermission}.
*/
public ElytronAuthenticator() {
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(CREATE_AUTHENTICATOR_PERMISSION);
}
}
/**
* Get the password authentication for this authenticator, which uses the current local
* {@linkplain AuthenticationContext authentication context} to log in to the remote server.
*
* @return the authenticator
*/
protected PasswordAuthentication getPasswordAuthentication() {
final AuthenticationContext context = AuthenticationContext.captureCurrent();
final AuthenticationConfiguration authenticationConfiguration;
try {
authenticationConfiguration = client.getAuthenticationConfiguration(getRequestingURL().toURI(), context);
} catch (URISyntaxException e) {
log.tracef("URISyntaxException getting URI from the requesting URL [%s]:", getRequestingURL(), e);
return null;
}
if (authenticationConfiguration == null) return null;
final CallbackHandler callbackHandler = client.getCallbackHandler(authenticationConfiguration);
final NameCallback nameCallback = new NameCallback(getRequestingPrompt());
final CredentialCallback credentialCallback = new CredentialCallback(PasswordCredential.class);
char[] password = null;
try {
callbackHandler.handle(new Callback[] { nameCallback, credentialCallback });
final TwoWayPassword twoWayPassword = credentialCallback.applyToCredential(PasswordCredential.class, c -> c.getPassword().castAs(TwoWayPassword.class));
if (twoWayPassword == null) {
return null;
}
final PasswordFactory factory = PasswordFactory.getInstance(twoWayPassword.getAlgorithm(), client.getProviderSupplier(authenticationConfiguration));
password = factory.getKeySpec(factory.translate(twoWayPassword), ClearPasswordSpec.class).getEncodedPassword();
} catch (UnsupportedCallbackException e) {
if (e.getCallback() == credentialCallback) {
// try again with a password callback
final PasswordCallback passwordCallback = new PasswordCallback("Password", false);
try {
callbackHandler.handle(new Callback[] { nameCallback, passwordCallback });
password = passwordCallback.getPassword();
} catch (IOException | UnsupportedCallbackException e1) {
log.trace("Error handling callback:", e1);
return null;
}
}
} catch (IOException e){
log.trace("IOException handling callback:", e);
return null;
} catch (NoSuchAlgorithmException e) {
log.trace("NoSuchAlgorithmException getting PasswordFactory:", e);
return null;
} catch (InvalidKeySpecException e){
log.trace("InvalidKeySpecException getting ClearPasswordSpec:", e);
return null;
} catch (InvalidKeyException e) {
log.trace("InvalidKeyException getting ClearPasswordSpec:", e);
return null;
}
final String name = nameCallback.getName();
if (name == null || password == null) return null;
return new PasswordAuthentication(name, password);
}
}