Java IdentityManager类代码示例

import io.undertow.security.idm.IdentityManager; //导入依赖的package包/类
@Override
public void postProcess(BootContext context) {
  boolean statelessAuth = statelessAuth(context);
  DeploymentInfo deploymentInfo = context.deploymentInfo();

  deploymentInfo.addAuthenticationMechanism(RestAuthenticationMechanism.MECHANISM_NAME, (name, formParserFactory,
    properties) -> new RestAuthenticationMechanism(statelessAuth, context.getService(UserRepository.class)));

  LoginConfig loginConfig = new LoginConfig(RestAuthenticationMechanism.MECHANISM_NAME, "vas-db-realm");
  deploymentInfo.setLoginConfig(loginConfig);

  deploymentInfo.setIdentityManager(context.getService(IdentityManager.class));
  deploymentInfo.addSecurityConstraint(new SecurityConstraint().addRoleAllowed(User.ROLE).addWebResourceCollection(
    new WebResourceCollection().addUrlPattern("/*")));

  logoutServlet(context, deploymentInfo);
}
 

import io.undertow.security.idm.IdentityManager; //导入依赖的package包/类
public LightblueRestTestHarness(int httpServerPort, IdentityManager identityManager) throws Exception {
    super();
    httpPort = httpServerPort;
    this.identityManager = identityManager;

    dataUrl = new StringBuffer("http://")
            .append(getHttpHost())
            .append(':')
            .append(getHttpPort())
            .append(getDataContextPath())
            .toString();

    metadataUrl = new StringBuffer("http://")
            .append(getHttpHost())
            .append(':')
            .append(getHttpPort())
            .append(getMetadataContextPath())
            .toString();

    ensureHttpServerIsRunning();
}
 

import io.undertow.security.idm.IdentityManager; //导入依赖的package包/类
/**
 * <p>This method will change the {@link IdentityManager} that the server is using. Be warned, this method will
 * internal restart lightblue.</p>
 * <p>A <code>null</code> value is the same as no authentication.
 * @param identityManager - implementation of {@link IdentityManager}.
 * @throws IOException
 */
public void changeIdentityManager(IdentityManager identifyManager) throws IOException {
    identityManager = identifyManager;
    getControllerInstance().setIdentityManager(identifyManager);
    LightblueRestTestHarness.stopHttpServer();
    ensureHttpServerIsRunning();

    //TODO remove sleep. There is some sort of timing issue with the server restart.
    //DeploymentManager might be the key, but no way to get access to it today
    // https://github.com/undertow-io/undertow/blob/master/examples/src/main/java/io/undertow/examples/servlet/ServletServer.java
    try {
        Thread.sleep(5000);
    } catch (InterruptedException e) {
        throw new RuntimeException(e);
    }
}
 

import io.undertow.security.idm.IdentityManager; //导入依赖的package包/类
private static PipedHttpHandler getSecurityHandlerChain(final PipedHttpHandler next, AuthenticationMechanism authenticationMechanism, final IdentityManager identityManager, final AccessManager accessManager, final boolean challenging) {
    if (identityManager != null) {
        final List<AuthenticationMechanism> mechanisms = new ArrayList<>();

        if(authenticationMechanism != null){
        	mechanisms.add(authenticationMechanism);
        }
        
        mechanisms.add(new AuthTokenAuthenticationMechanism(RESTHEART_REALM));

        if (challenging) {
            mechanisms.add(new BasicAuthenticationMechanism(RESTHEART_REALM));
        } else {
            mechanisms.add(new SilentBasicAuthenticationMechanism(RESTHEART_REALM));
        }

        return buildSecurityHandlerChain(next, accessManager, identityManager, mechanisms);
    } else {
        return next;
    }
}
 

import io.undertow.security.idm.IdentityManager; //导入依赖的package包/类
/**
 * loadAuthenticationMechanism
 *
 * @return the AuthenticationMechanism
 */
private static AuthenticationMechanism loadAuthenticationMechanism(final IdentityManager identityManager) {
    AuthenticationMechanism authMechanism = null;
    if (configuration.getAuthMechanism() != null) {
        try {
            AuthenticationMechanismFactory am = (AuthenticationMechanismFactory) Class.forName(configuration.getAuthMechanism())
                    .getConstructor()
                    .newInstance();

            authMechanism = am.build(configuration.getAuthMechanismArgs(), identityManager);
            LOGGER.info("Authentication Mechanism {} enabled", configuration.getAuthMechanism());
        } catch (ClassNotFoundException
                | IllegalAccessException
                | IllegalArgumentException
                | InstantiationException
                | NoSuchMethodException
                | SecurityException
                | InvocationTargetException ex) {
            logErrorAndExit("Error configuring Authentication Mechanism implementation " + configuration.getAuthMechanism(), ex, false, -3);
        }
    } else {
        LOGGER.info("Authentication Mechanism io.undertow.security.impl.BasicAuthenticationMechanism enabled");
    }
    return authMechanism;
}
 

import io.undertow.security.idm.IdentityManager; //导入依赖的package包/类
public SecurityHandler(HttpHandler next) {
    if (NONE.equals(securityMode)) {
        internalHandler = next::handleRequest;
    } else {
        final Map<String, char[]> users = new HashMap<>(2);
        users.put("userOne", "passwordOne".toCharArray());
        users.put("userTwo", "passwordTwo".toCharArray());

        final IdentityManager identityManager = new MapIdentityManager(users);

        internalHandler = addSecurity(exchange -> {

            SecurityContext securityContext = exchange.getAttachment(SecurityContext.ATTACHMENT_KEY);
            if (securityContext.isAuthenticated()) {
                exchange.setResponseCode(FOUND);
                exchange.endExchange();
            } else {
                next.handleRequest(exchange);
            }
        }, identityManager);
    }
}
 

import io.undertow.security.idm.IdentityManager; //导入依赖的package包/类
public SecurityInitialHandler(final AuthenticationMode authenticationMode, final IdentityManager identityManager,
        final String programaticMechName, final SecurityContextFactory contextFactory, final HttpHandler next) {
    this.authenticationMode = authenticationMode;
    this.identityManager = identityManager;
    this.programaticMechName = programaticMechName;
    this.contextFactory = contextFactory;
    this.next = next;
}
 

import io.undertow.security.idm.IdentityManager; //导入依赖的package包/类
public SecurityContextImpl(final HttpServerExchange exchange, final AuthenticationMode authenticationMode, final IdentityManager identityManager) {
    this.authenticationMode = authenticationMode;
    this.identityManager = identityManager;
    this.exchange = exchange;
    if (System.getSecurityManager() != null) {
        System.getSecurityManager().checkPermission(PERMISSION);
    }
}
 

import io.undertow.security.idm.IdentityManager; //导入依赖的package包/类
@Override
public AuthenticationMechanismOutcome authenticate(final HttpServerExchange exchange,
                                                   final SecurityContext securityContext) {
    ServerConnection connection = exchange.getConnection();
    NegotiationContext negContext = connection.getAttachment(NegotiationContext.ATTACHMENT_KEY);
    if (negContext != null) {
        exchange.putAttachment(NegotiationContext.ATTACHMENT_KEY, negContext);
        if (negContext.isEstablished()) {
            IdentityManager identityManager = securityContext.getIdentityManager();
            final Account account = identityManager.verify(new GSSContextCredential(negContext.getGssContext()));
            if (account != null) {
                securityContext.authenticationComplete(account, name, false);
                return AuthenticationMechanismOutcome.AUTHENTICATED;
            } else {
                return AuthenticationMechanismOutcome.NOT_AUTHENTICATED;
            }
        }
    }

    List<String> authHeaders = exchange.getRequestHeaders().get(AUTHORIZATION);
    if (authHeaders != null) {
        for (String current : authHeaders) {
            if (current.startsWith(NEGOTIATE_PREFIX)) {
                String base64Challenge = current.substring(NEGOTIATE_PREFIX.length());
                try {
                    ByteBuffer challenge = FlexBase64.decode(base64Challenge);
                    return runGSSAPI(exchange, challenge, securityContext);
                } catch (IOException e) {
                }

                // By this point we had a header we should have been able to verify but for some reason
                // it was not correctly structured.
                return AuthenticationMechanismOutcome.NOT_AUTHENTICATED;
            }
        }
    }

    // No suitable header was found so authentication was not even attempted.
    return AuthenticationMechanismOutcome.NOT_ATTEMPTED;
}
 

import io.undertow.security.idm.IdentityManager; //导入依赖的package包/类
public AuthenticationMechanismOutcome run() throws GSSException {
    NegotiationContext negContext = exchange.getAttachment(NegotiationContext.ATTACHMENT_KEY);
    if (negContext == null) {
        negContext = new NegotiationContext();
        exchange.putAttachment(NegotiationContext.ATTACHMENT_KEY, negContext);
        // Also cache it on the connection for future calls.
        exchange.getConnection().putAttachment(NegotiationContext.ATTACHMENT_KEY, negContext);
    }

    GSSContext gssContext = negContext.getGssContext();
    if (gssContext == null) {
        GSSManager manager = GSSManager.getInstance();
        gssContext = manager.createContext((GSSCredential) null);

        negContext.setGssContext(gssContext);
    }

    byte[] respToken = gssContext.acceptSecContext(challenge.array(), challenge.arrayOffset(), challenge.limit());
    negContext.setResponseToken(respToken);

    if (negContext.isEstablished()) {

        if (respToken != null) {
            // There will be no further challenge but we do have a token so set it here.
            exchange.getResponseHeaders().add(WWW_AUTHENTICATE,
                    NEGOTIATE_PREFIX + FlexBase64.encodeString(respToken, false));
        }
        IdentityManager identityManager = securityContext.getIdentityManager();
        final Account account = identityManager.verify(new GSSContextCredential(negContext.getGssContext()));
        if (account != null) {
            securityContext.authenticationComplete(account, name, false);
            return AuthenticationMechanismOutcome.AUTHENTICATED;
        } else {
            return AuthenticationMechanismOutcome.NOT_AUTHENTICATED;
        }
    } else {
        // This isn't a failure but as the context is not established another round trip with the client is needed.
        return AuthenticationMechanismOutcome.NOT_AUTHENTICATED;
    }
}
 

import io.undertow.security.idm.IdentityManager; //导入依赖的package包/类
public AuthenticationMechanismOutcome runFormAuth(final HttpServerExchange exchange, final SecurityContext securityContext) {
    final FormDataParser parser = formParserFactory.createParser(exchange);
    if (parser == null) {
        UndertowLogger.REQUEST_LOGGER.debug("Could not authenticate as no form parser is present");
        // TODO - May need a better error signaling mechanism here to prevent repeated attempts.
        return AuthenticationMechanismOutcome.NOT_AUTHENTICATED;
    }

    try {
        final FormData data = parser.parseBlocking();
        final FormData.FormValue jUsername = data.getFirst("j_username");
        final FormData.FormValue jPassword = data.getFirst("j_password");
        if (jUsername == null || jPassword == null) {
            UndertowLogger.REQUEST_LOGGER.debug("Could not authenticate as username or password was not present in the posted result");
            return AuthenticationMechanismOutcome.NOT_AUTHENTICATED;
        }
        final String userName = jUsername.getValue();
        final String password = jPassword.getValue();
        AuthenticationMechanismOutcome outcome = null;
        PasswordCredential credential = new PasswordCredential(password.toCharArray());
        try {
            IdentityManager identityManager = securityContext.getIdentityManager();
            Account account = identityManager.verify(userName, credential);
            if (account != null) {
                securityContext.authenticationComplete(account, name, true);
                outcome = AuthenticationMechanismOutcome.AUTHENTICATED;
            } else {
                securityContext.authenticationFailed(MESSAGES.authenticationFailed(userName), name);
            }
        } finally {
            if (outcome == AuthenticationMechanismOutcome.AUTHENTICATED) {
                handleRedirectBack(exchange);
                exchange.endExchange();
            }
            return outcome != null ? outcome : AuthenticationMechanismOutcome.NOT_AUTHENTICATED;
        }
    } catch (IOException e) {
        throw new RuntimeException(e);
    }
}
 

import io.undertow.security.idm.IdentityManager; //导入依赖的package包/类
@Override
public SecurityContext createSecurityContext(final HttpServerExchange exchange, final AuthenticationMode mode,
    final IdentityManager identityManager, final String programmaticMechName) {
    SecurityContextImpl securityContext = SecurityActions.createSecurityContextImpl(exchange, mode, identityManager);
    if (programmaticMechName != null)
        securityContext.setProgramaticMechName(programmaticMechName);
    return securityContext;
}
 

import io.undertow.security.idm.IdentityManager; //导入依赖的package包/类
public AuthenticationMechanismOutcome authenticate(final HttpServerExchange exchange, final SecurityContext securityContext) {
    SSLSessionInfo sslSession = exchange.getConnection().getSslSessionInfo();
    if (sslSession != null) {
        try {
            Certificate[] clientCerts = getPeerCertificates(exchange, sslSession, securityContext);
            if (clientCerts[0] instanceof X509Certificate) {
                Credential credential = new X509CertificateCredential((X509Certificate) clientCerts[0]);

                IdentityManager idm = securityContext.getIdentityManager();
                Account account = idm.verify(credential);
                if (account != null) {
                    securityContext.authenticationComplete(account, name, false);
                    return AuthenticationMechanismOutcome.AUTHENTICATED;
                }
            }
        } catch (SSLPeerUnverifiedException e) {
            // No action - this mechanism can not attempt authentication without peer certificates so allow it to drop out
            // to NOT_ATTEMPTED.
        }
    }

    /*
     * For ClientCert we do not have a concept of a failed authentication, if the client did use a key then it was deemed
     * acceptable for the connection to be established, this mechanism then just 'attempts' to use it for authentication but
     * does not mandate success.
     */

    return AuthenticationMechanismOutcome.NOT_ATTEMPTED;
}
 

import io.undertow.security.idm.IdentityManager; //导入依赖的package包/类
static SecurityContextImpl createSecurityContextImpl(final HttpServerExchange exchange, final AuthenticationMode authenticationMode, final IdentityManager identityManager) {
    if (System.getSecurityManager() == null) {
        return new SecurityContextImpl(exchange, authenticationMode, identityManager);
    } else {
        return AccessController.doPrivileged(new PrivilegedAction<SecurityContextImpl>() {
            @Override
            public SecurityContextImpl run() {
                return new SecurityContextImpl(exchange, authenticationMode, identityManager);
            }
        });
    }
}
 

import io.undertow.security.idm.IdentityManager; //导入依赖的package包/类
@Override
public HttpHandler getHandler() {
    IMap<String, User> users = CacheStartupHookProvider.hz.getMap("users");
    final IdentityManager identityManager = new MapIdentityManager(users);

    HttpHandler handler = Handlers.routing()
        .add(Methods.GET, "/health", new HealthGetHandler())
        .add(Methods.GET, "/server/info", new ServerInfoGetHandler())
        .add(Methods.GET, "/oauth2/code", addBasicSecurity(new Oauth2CodeGetHandler(), identityManager))
        .add(Methods.POST, "/oauth2/code", addFormSecurity(new Oauth2CodePostHandler(), identityManager))
    ;
    return handler;
}