Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[ELY-2377] RealmFailedAuthenticationEvent triggered during successful http programmatic login #2205

Open
wants to merge 2 commits into
base: 2.x
Choose a base branch
from
Open

[ELY-2377] RealmFailedAuthenticationEvent triggered during successful http programmatic login #2205

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
1f9d394
[ELY-2377] RealmFailedAuthenticationEvent triggered during successful…
rmartinc Aug 4, 2022
1e1a01c
[ELY-2377] RealmFailedAuthenticationEvent triggered during successful…
darranl Sep 23, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 7 additions & 2 deletions http/base/src/main/java/org/wildfly/security/http/HttpAuthenticator.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -135,9 +135,12 @@ private SecurityIdentity login(String username, Evidence evidence, String mechan

IdentityCache identityCache = getOrCreateIdentityCache();
identityCache.put(authorizedIdentity);
logoutHandlerConsumer.accept(identityCache::remove);
if (logoutHandlerConsumer != null) {
logoutHandlerConsumer.accept(identityCache::remove);
}

httpExchangeSpi.authenticationComplete(authorizedIdentity, mechanismName);
authenticationContext.succeed();

return authorizedIdentity;
} else {
Expand Down Expand Up @@ -188,7 +191,9 @@ private boolean restoreIdentity() {
securityIdentity = authenticationContext.getAuthorizedIdentity();

httpExchangeSpi.authenticationComplete(securityIdentity, cachedIdentity.getMechanismName());
logoutHandlerConsumer.accept(identityCache::remove);
if (logoutHandlerConsumer != null) {
logoutHandlerConsumer.accept(identityCache::remove);
}

if (cache) {
log.tracef("Replacing cached identity for '%s' against session scope.", cachedIdentity.getName());
Expand Down
74 changes: 74 additions & 0 deletions tests/base/src/test/java/org/wildfly/security/http/HttpAuthenticatorTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,21 +26,44 @@
import static org.wildfly.security.http.HttpConstants.SHA256;
import static org.wildfly.security.http.HttpConstants.UNAUTHORIZED;

import java.security.Provider;
import java.security.Security;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.function.Consumer;

import javax.security.auth.callback.CallbackHandler;

import org.hamcrest.MatcherAssert;
import org.hamcrest.core.IsInstanceOf;

import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;

import org.wildfly.security.auth.permission.LoginPermission;
import org.wildfly.security.auth.realm.SimpleMapBackedSecurityRealm;
import org.wildfly.security.auth.realm.SimpleRealmEntry;
import org.wildfly.security.auth.server.SecurityDomain;
import org.wildfly.security.auth.server.SecurityIdentity;
import org.wildfly.security.auth.server.event.SecurityAuthenticationFailedEvent;
import org.wildfly.security.auth.server.event.SecurityAuthenticationSuccessfulEvent;
import org.wildfly.security.auth.server.event.SecurityPermissionCheckSuccessfulEvent;
import org.wildfly.security.auth.server.event.SecurityEvent;
import org.wildfly.security.credential.PasswordCredential;
import org.wildfly.security.http.digest.WildFlyElytronHttpDigestProvider;
import org.wildfly.security.http.impl.AbstractBaseHttpTest;
import org.wildfly.security.http.util.SecurityProviderServerMechanismFactory;
import org.wildfly.security.password.PasswordFactory;
import org.wildfly.security.password.WildFlyElytronPasswordProvider;
import org.wildfly.security.password.interfaces.ClearPassword;
import org.wildfly.security.password.spec.ClearPasswordSpec;

import mockit.integration.junit4.JMockit;

Expand Down Expand Up @@ -75,6 +98,18 @@ public class HttpAuthenticatorTest extends AbstractBaseHttpTest {
+ " response=\"753927fa0e85d155564e2e272a28d1802ca10daf4496794697cf8db5856cb6c1\",\n"
+ " opaque=\"FQhe/qaU925kfnzjCev0ciny7QMkPqMAFRtzCUYo5tdS\"";

private static final Provider provider = WildFlyElytronPasswordProvider.getInstance();

@BeforeClass
public static void registerPasswordProvider() {
Security.insertProviderAt(provider, 1);
}

@AfterClass
public static void removePasswordProvider() {
Security.removeProvider(provider.getName());
}

private CallbackHandler callbackHandler() {
return getCallbackHandler("Mufasa", "[email protected]", "Circle of Life");
}
Expand Down Expand Up @@ -255,4 +290,43 @@ public void testUsingSecurityProviderServerMechanismWithDigestMD5() throws Excep

authenticateWithDigestMD5();
}

@Test
public void testLoginInSecurityDomain() throws Exception {
SimpleMapBackedSecurityRealm usersRealm = new SimpleMapBackedSecurityRealm();
usersRealm.setIdentityMap(Collections.singletonMap("Mufasa",
new SimpleRealmEntry(Collections.singletonList(new PasswordCredential(
PasswordFactory.getInstance(ClearPassword.ALGORITHM_CLEAR).generatePassword(
new ClearPasswordSpec("Circle of Life".toCharArray())))))));
List<SecurityEvent> events = new ArrayList<>();
Consumer<SecurityEvent> listener = event -> events.add(event);
SecurityDomain secDomain = SecurityDomain.builder()
.addRealm("[email protected]", usersRealm).build()
.setDefaultRealmName("[email protected]")
.setPermissionMapper((permissionMappable, roles) -> LoginPermission.getInstance())
.setSecurityEventListener(listener)
.build();

authenticator = HttpAuthenticator.builder()
.setHttpExchangeSpi(exchangeSpi)
.setSecurityDomain(secDomain)
.build();

SecurityIdentity identity = authenticator.login("Mufasa", "wrong-password");
Assert.assertNull(identity);
Assert.assertEquals(1, events.size());
MatcherAssert.assertThat(events.get(0), IsInstanceOf.instanceOf(SecurityAuthenticationFailedEvent.class));
Assert.assertEquals("Mufasa", ((SecurityAuthenticationFailedEvent) events.get(0)).getPrincipal().getName());

events.clear();

identity = authenticator.login("Mufasa", "Circle of Life");
Assert.assertNotNull(identity);
Assert.assertEquals(2, events.size());
MatcherAssert.assertThat(events.get(0), IsInstanceOf.instanceOf(SecurityPermissionCheckSuccessfulEvent.class));
Assert.assertEquals("Mufasa", ((SecurityPermissionCheckSuccessfulEvent) events.get(0)).getSecurityIdentity().getPrincipal().getName());
MatcherAssert.assertThat(((SecurityPermissionCheckSuccessfulEvent) events.get(0)).getPermission(), IsInstanceOf.instanceOf(LoginPermission.class));
MatcherAssert.assertThat(events.get(1), IsInstanceOf.instanceOf(SecurityAuthenticationSuccessfulEvent.class));
Assert.assertEquals("Mufasa", ((SecurityAuthenticationSuccessfulEvent) events.get(1)).getSecurityIdentity().getPrincipal().getName());
}
}
2 changes: 1 addition & 1 deletion tests/base/src/test/java/org/wildfly/security/http/impl/AbstractBaseHttpTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -680,7 +680,7 @@ public OutputStream getResponseOutputStream() {
}

public HttpScope getScope(Scope scope) {
throw new IllegalStateException();
return null;
}

public Collection<String> getScopeIds(Scope scope) {
Expand Down
Loading