public SecurityIdentity getLocalIdentity(final int id) { if (id == 0) { final SaslAuthenticationFactory authenticationFactory = this.authenticationFactory; return authenticationFactory == null ? null : authenticationFactory.getSecurityDomain().getAnonymousSecurityIdentity(); } else if (id == 1) { return getLocalIdentity(); } final Auth auth = authMap.get(id); return auth != null ? (SecurityIdentity) auth.getSaslServer().getNegotiatedProperty(WildFlySasl.SECURITY_IDENTITY) : null; }
@BeforeClass public static void create() throws Exception { final WildFlyElytronProvider provider = new WildFlyElytronProvider(); Security.addProvider(provider); providerName = provider.getName(); endpoint = Endpoint.builder().setEndpointName("test").build(); NetworkServerProvider networkServerProvider = endpoint.getConnectionProviderInterface("remote", NetworkServerProvider.class); final SecurityDomain.Builder domainBuilder = SecurityDomain.builder(); final SimpleMapBackedSecurityRealm mainRealm = new SimpleMapBackedSecurityRealm(); domainBuilder.addRealm("mainRealm", mainRealm).build(); domainBuilder.setDefaultRealmName("mainRealm"); domainBuilder.setPermissionMapper((permissionMappable, roles) -> PermissionVerifier.ALL); final PasswordFactory passwordFactory = PasswordFactory.getInstance("clear"); mainRealm.setPasswordMap( "bob", passwordFactory.generatePassword(new ClearPasswordSpec("pass".toCharArray()))); final SaslServerFactory saslServerFactory = new ServiceLoaderSaslServerFactory(RemoteChannelCloseTest.class.getClassLoader()); final SaslAuthenticationFactory.Builder builder = SaslAuthenticationFactory.builder(); builder.setSecurityDomain(domainBuilder.build()); builder.setFactory(saslServerFactory); builder.addMechanism( SaslMechanismInformation.Names.SCRAM_SHA_256, MechanismConfiguration.EMPTY); final SaslAuthenticationFactory saslAuthenticationFactory = builder.build(); streamServer = networkServerProvider.createServer( new InetSocketAddress("localhost", 30123), OptionMap.EMPTY, saslAuthenticationFactory); }
ConnectionImpl( final EndpointImpl endpoint, final ConnectionHandlerFactory connectionHandlerFactory, final ConnectionProviderContext connectionProviderContext, final URI peerUri, final Principal principal, final UnaryOperator<SaslClientFactory> saslClientFactoryOperator, final SaslAuthenticationFactory authenticationFactory, final AuthenticationConfiguration authenticationConfiguration) { super(endpoint.getExecutor(), true); this.endpoint = endpoint; this.peerUri = peerUri; this.principal = principal; this.authenticationConfiguration = authenticationConfiguration; this.connectionHandler = connectionHandlerFactory.createInstance( endpoint.new LocalConnectionContext(connectionProviderContext, this)); this.authenticationFactory = authenticationFactory; this.peerIdentityContext = new ConnectionPeerIdentityContext( this, authenticationFactory == null ? null : authenticationFactory.getMechanismNames()); }
public void receiveAuthRequest( final int id, final String mechName, final byte[] initialResponse) { log.tracef("Received authentication request for ID %08x, mech %s", id, mechName); if (id == 0 || id == 1) { // ignore return; } getExecutor() .execute( () -> { final SaslServer saslServer; final IntIndexHashMap<Auth> authMap = this.authMap; try { saslServer = authenticationFactory.createMechanism( mechName, f -> new ServerNameSaslServerFactory(f, endpoint.getName())); } catch (SaslException e) { log.trace("Authentication failed at mechanism creation", e); try { Auth oldAuth = authMap.put(new Auth(id, new RejectingSaslServer())); if (oldAuth != null) oldAuth.dispose(); connectionHandler.sendAuthReject(id); } catch (IOException e1) { log.trace("Failed to send auth reject", e1); } return; } // clear out any old auth final Auth auth = new Auth(id, saslServer); Auth oldAuth = authMap.put(auth); if (oldAuth != null) oldAuth.dispose(); final byte[] challenge; try { challenge = saslServer.evaluateResponse(initialResponse); } catch (SaslException e) { log.trace("Authentication failed at response evaluation", e); try { connectionHandler.sendAuthReject(id); } catch (IOException e1) { authMap.remove(auth); auth.dispose(); log.trace("Failed to send auth reject", e1); } return; } if (saslServer.isComplete()) { try { connectionHandler.sendAuthSuccess(id, challenge); } catch (IOException e) { authMap.remove(auth); auth.dispose(); log.trace("Failed to send auth success", e); } return; } else { try { connectionHandler.sendAuthChallenge(id, challenge); } catch (IOException e) { authMap.remove(auth); auth.dispose(); log.trace("Failed to send auth challenge", e); } return; } }); }