Package org.gatein.wci.security

Examples of org.gatein.wci.security.Credentials

60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
        if (req.getRemoteUser() == null) {
            String token = LoginServlet.getRememberMeTokenCookie(req);
            if (token != null) {
                ExoContainer container = getContainer();
                CookieTokenService tokenservice = container.getComponentInstanceOfType(CookieTokenService.class);
                Credentials credentials = tokenservice.validateToken(token, false);
                if (credentials != null) {
                    ServletContainer servletContainer = ServletContainerFactory.getServletContainer();
                    try {
                        servletContainer.login(req, resp, credentials);
                    } catch (Exception e) {
                        // Could not authenticate
                    }
                }
            }

            // Clear token cookie if we did not authenticate
            if (req.getRemoteUser() == null) {
                Cookie cookie = new Cookie(LoginServlet.COOKIE_NAME, "");
                cookie.setPath(req.getContextPath());
                cookie.setMaxAge(0);
                resp.addCookie(cookie);
            }
        }

        //Process oauth rememberMe
        if(req.getRemoteUser() == null) {
            String token = LoginServlet.getOauthRememberMeTokenCookie(req);
            if(token != null) {
                ExoContainer container = getContainer();
                CookieTokenService tokenService = container.getComponentInstanceOfType(CookieTokenService.class);
                Credentials credentials = tokenService.validateToken(token, false);
                AuthenticationRegistry authRegistry = container.getComponentInstanceOfType(AuthenticationRegistry.class);
                OrganizationService orgService = container.getComponentInstanceOfType(OrganizationService.class);

                if (credentials != null) {
                    ServletContainer servletContainer = ServletContainerFactory.getServletContainer();
                    try {
                        String username = credentials.getUsername();

                        User portalUser = orgService.getUserHandler().findUserByName(username, UserStatus.ENABLED);
                        if(portalUser != null) {
                            authRegistry.setAttributeOfClient(req, ATTRIBUTE_AUTHENTICATED_PORTAL_USER_FOR_JAAS, portalUser);
View Full Code Here
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
            ServletException {
        if (ExoContainer.getProfiles().contains("cluster")) {
            HttpServletRequest httpRequest = (HttpServletRequest) request;

            Credentials credentials = (Credentials) httpRequest.getSession().getAttribute(
                    PortalLoginModule.AUTHENTICATED_CREDENTIALS);

            // Make programatic login if authenticated credentials are present in session - they were set in another cluster
            // node
            if (credentials != null && httpRequest.getRemoteUser() == null) {
                WebAuthentication pwl = new WebAuthentication();
                pwl.login(credentials.getUsername(), credentials.getPassword());

            }

            chain.doFilter(request, response);
View Full Code Here
178
179
180
181
182
183
184
185
186
187
188
                    String hashedRandomString = hashToken(randomString);
                    long expirationTimeMillis = System.currentTimeMillis() + validityMillis;

                    /* the symmetric encryption happens here */
                    String encryptedPassword = codec.encode(credentials.getPassword());
                    Credentials encodedCredentials = new Credentials(credentials.getUsername(), encryptedPassword);

                    try {
                        tokenContainer.saveToken(context.getSession(), id, hashedRandomString, encodedCredentials, new Date(expirationTimeMillis));
                    } catch (TokenExistsException e) {
                        cookieTokenString = null;
View Full Code Here
347
348
349
350
351
352
353
354
355
356
357
358
                HashedToken hashedToken = getMixin(en, HashedToken.class);
                if (hashedToken != null && hashedToken.getHashedToken() != null) {
                    try {
                        if (saltedHashService.validate(token.getRandomString(), hashedToken.getHashedToken())) {
                            GateInToken encryptedToken = en.getToken();
                            Credentials encryptedCredentials = encryptedToken.getPayload();
                            Credentials decryptedCredentials = new Credentials(encryptedCredentials.getUsername(),

                            codec.decode(encryptedCredentials.getPassword()));
                            if (remove) {
                                en.remove();
                            }
View Full Code Here
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
     * @see javax.security.auth.spi.LoginModule#login()
     */
    @SuppressWarnings("unchecked")
    public boolean login() throws LoginException {
        if (getContextMethod != null) {
            Credentials authCredentials = null;

            try {
                HttpServletRequest request = getCurrentHttpServletRequest();

                // This can be the case with CLI login
                if (request == null) {
                    log.debug("Unable to find HTTPServletRequest.");
                    return false;
                }

                authCredentials = (Credentials) request.getSession().getAttribute(AUTHENTICATED_CREDENTIALS);

                // If authenticated credentials were presented in HTTP session, it means that we were already logged on
                // different cluster node
                // with this HTTP session. We don't need to validate password again in this case (We don't have password anyway)
                if (authCredentials != null) {
                    Authenticator authenticator = (Authenticator) getContainer()
                            .getComponentInstanceOfType(Authenticator.class);
                    if (authenticator == null) {
                        throw new LoginException("No Authenticator component found, check your configuration");
                    }

                    String username = authCredentials.getUsername();
                    Identity identity = authenticator.createIdentity(username);

                    sharedState.put("exo.security.identity", identity);
                    sharedState.put("javax.security.auth.login.name", username);

View Full Code Here
141
142
143
144
145
146
147
148
149
150
151
        if (getContextMethod != null && isClusteredSSO() && sharedState.containsKey("javax.security.auth.login.name")
                && sharedState.containsKey("javax.security.auth.login.password")
                && sharedState.get(LOGIN_ON_DIFFERENT_NODE) == null) {
            String uid = (String) sharedState.get("javax.security.auth.login.name");

            Credentials wc = new Credentials(uid, "");

            HttpServletRequest request = null;
            try {
                request = getCurrentHttpServletRequest();
View Full Code Here
68
69
70
71
72
73
74
75
76
77
78
      {
         throw new ServletException("Was not expecting a session to exist");
      }

      // Authenticate
      container.login(req, resp, new Credentials("foo", "bar"));

      //
      session = req.getSession();
      String id = session.getId();
View Full Code Here
35
36
37
38
39
40
41
42
43
  private GenericAuthentication() {}

  public AuthenticationResult login(String login, String password, HttpServletRequest request, HttpServletResponse response, long validityMillis)
  {
     String ticket = TICKET_SERVICE.createTicket(new Credentials(login, password), validityMillis);

     return new GenericAuthenticationResult(login, ticket);
  }
View Full Code Here
53
54
55
56
57
58
59
60
      resp.flushBuffer();

      Object o = DefaultServletContainerFactory.getInstance().getServletContainer();
      if (o instanceof DefaultServletContainer)
      {
        ((DefaultServletContainer)o).fireEvent(DefaultServletContainer.EventType.LOGIN, new AuthenticationEvent(req, resp, new Credentials(username, ticket)))
      }
   }
View Full Code Here
104
105
106
107
108
109
110
111
112
113
      AuthenticationResult result = registration.context.login(request, response, userName, password, validityMillis);

      //
      if (!(result instanceof GenericAuthenticationResult))
      {
         fireEvent(EventType.LOGIN, new AuthenticationEvent(request, response, new Credentials(userName, password)));
      }

      return result;
   }
View Full Code Here
TOP

Related Classes of org.gatein.wci.security.Credentials

  • org.exoplatform.portal.webui.login.UIForgetPassword$SendActionListener
  • org.exoplatform.web.login.ClusteredSSOFilter
  • org.exoplatform.web.login.ConversationStateUpdateFilter
  • org.exoplatform.web.login.DoLoginServlet
  • org.exoplatform.web.login.GateinWCIController
  • org.exoplatform.web.login.InitiateLoginServlet
  • org.exoplatform.web.login.LoginServlet
  • org.exoplatform.web.login.RememberMeFilter
  • org.exoplatform.web.security.AuthenticationRegistryImpl
  • org.exoplatform.web.security.PortalLoginController
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.