protected boolean authenticate(String realmName, String username, char[] password)
      throws HttpAuthenticationException {
    RealmCallback realmCallback =
        realmName != null ? new RealmCallback("User realm", realmName) : null;
    NameCallback nameCallback = new NameCallback("Remote Authentication Name", username);
    nameCallback.setName(username);
    final PasswordGuessEvidence evidence = new PasswordGuessEvidence(password);
    EvidenceVerifyCallback evidenceVerifyCallback = new EvidenceVerifyCallback(evidence);

    try {
      final Callback[] callbacks;
      if (realmCallback != null) {
        callbacks = new Callback[] {realmCallback, nameCallback, evidenceVerifyCallback};
      } else {
        callbacks = new Callback[] {nameCallback, evidenceVerifyCallback};
      }

      callbackHandler.handle(callbacks);

      return evidenceVerifyCallback.isVerified();
    } catch (UnsupportedCallbackException e) {
      return false;
    } catch (IOException e) {
      throw new HttpAuthenticationException(e);
    } finally {
      evidence.destroy();
    }
  }
Exemplo n.º 2
0
  private Set<RealmGroup> getUsersGroups(
      final String realmName, final String userName, final String password) throws Exception {
    AuthorizingCallbackHandler cbh = getAuthorizingCallbackHandler(realmName);

    NameCallback ncb = new NameCallback("Username", userName);
    RealmCallback rcb = new RealmCallback("Realm", TEST_REALM);
    EvidenceVerifyCallback ecb =
        new EvidenceVerifyCallback(new PasswordGuessEvidence(password.toCharArray()));

    cbh.handle(new Callback[] {ncb, rcb, ecb});

    assertTrue("Password verified", ecb.isVerified());

    Principal user = new SimplePrincipal(userName);
    Collection<Principal> principals = Collections.singleton(user);
    SubjectUserInfo userInfo = cbh.createSubjectUserInfo(principals);

    return userInfo.getSubject().getPrincipals(RealmGroup.class);
  }