protected boolean authenticate(String realmName, String username, char[] password)
throws HttpAuthenticationException {
RealmCallback realmCallback =
realmName != null ? new RealmCallback("User realm", realmName) : null;
NameCallback nameCallback = new NameCallback("Remote Authentication Name", username);
nameCallback.setName(username);
final PasswordGuessEvidence evidence = new PasswordGuessEvidence(password);
EvidenceVerifyCallback evidenceVerifyCallback = new EvidenceVerifyCallback(evidence);
try {
final Callback[] callbacks;
if (realmCallback != null) {
callbacks = new Callback[] {realmCallback, nameCallback, evidenceVerifyCallback};
} else {
callbacks = new Callback[] {nameCallback, evidenceVerifyCallback};
}
callbackHandler.handle(callbacks);
return evidenceVerifyCallback.isVerified();
} catch (UnsupportedCallbackException e) {
return false;
} catch (IOException e) {
throw new HttpAuthenticationException(e);
} finally {
evidence.destroy();
}
}
private Set<RealmGroup> getUsersGroups(
final String realmName, final String userName, final String password) throws Exception {
AuthorizingCallbackHandler cbh = getAuthorizingCallbackHandler(realmName);
NameCallback ncb = new NameCallback("Username", userName);
RealmCallback rcb = new RealmCallback("Realm", TEST_REALM);
EvidenceVerifyCallback ecb =
new EvidenceVerifyCallback(new PasswordGuessEvidence(password.toCharArray()));
cbh.handle(new Callback[] {ncb, rcb, ecb});
assertTrue("Password verified", ecb.isVerified());
Principal user = new SimplePrincipal(userName);
Collection<Principal> principals = Collections.singleton(user);
SubjectUserInfo userInfo = cbh.createSubjectUserInfo(principals);
return userInfo.getSubject().getPrincipals(RealmGroup.class);
}