diff --git a/http/base/src/main/java/org/wildfly/security/http/HttpAuthenticator.java b/http/base/src/main/java/org/wildfly/security/http/HttpAuthenticator.java index 40cb4f6f572..8690269fe45 100644 --- a/http/base/src/main/java/org/wildfly/security/http/HttpAuthenticator.java +++ b/http/base/src/main/java/org/wildfly/security/http/HttpAuthenticator.java @@ -139,9 +139,12 @@ private SecurityIdentity login(String username, Evidence evidence, String mechan IdentityCache identityCache = getOrCreateIdentityCache(); identityCache.put(authorizedIdentity); - logoutHandlerConsumer.accept(identityCache::remove); + if (logoutHandlerConsumer != null) { + logoutHandlerConsumer.accept(identityCache::remove); + } httpExchangeSpi.authenticationComplete(authorizedIdentity, mechanismName); + authenticationContext.succeed(); return authorizedIdentity; } else { @@ -192,7 +195,9 @@ private boolean restoreIdentity() { securityIdentity = authenticationContext.getAuthorizedIdentity(); httpExchangeSpi.authenticationComplete(securityIdentity, cachedIdentity.getMechanismName()); - logoutHandlerConsumer.accept(identityCache::remove); + if (logoutHandlerConsumer != null) { + logoutHandlerConsumer.accept(identityCache::remove); + } if (cache) { log.tracef("Replacing cached identity for '%s' against session scope.", cachedIdentity.getName()); diff --git a/tests/base/src/test/java/org/wildfly/security/http/HttpAuthenticatorTest.java b/tests/base/src/test/java/org/wildfly/security/http/HttpAuthenticatorTest.java index e20540e3765..007348ed2e4 100644 --- a/tests/base/src/test/java/org/wildfly/security/http/HttpAuthenticatorTest.java +++ b/tests/base/src/test/java/org/wildfly/security/http/HttpAuthenticatorTest.java @@ -26,21 +26,44 @@ import static org.wildfly.security.http.HttpConstants.SHA256; import static org.wildfly.security.http.HttpConstants.UNAUTHORIZED; +import java.security.Provider; +import java.security.Security; +import java.util.ArrayList; import java.util.Collections; import java.util.HashMap; import java.util.LinkedList; import java.util.List; import java.util.Map; +import java.util.function.Consumer; import javax.security.auth.callback.CallbackHandler; +import org.hamcrest.MatcherAssert; +import org.hamcrest.core.IsInstanceOf; + +import org.junit.AfterClass; import org.junit.Assert; +import org.junit.BeforeClass; import org.junit.Test; import org.junit.runner.RunWith; +import org.wildfly.security.auth.permission.LoginPermission; +import org.wildfly.security.auth.realm.SimpleMapBackedSecurityRealm; +import org.wildfly.security.auth.realm.SimpleRealmEntry; +import org.wildfly.security.auth.server.SecurityDomain; +import org.wildfly.security.auth.server.SecurityIdentity; +import org.wildfly.security.auth.server.event.SecurityAuthenticationFailedEvent; +import org.wildfly.security.auth.server.event.SecurityAuthenticationSuccessfulEvent; +import org.wildfly.security.auth.server.event.SecurityPermissionCheckSuccessfulEvent; +import org.wildfly.security.auth.server.event.SecurityEvent; +import org.wildfly.security.credential.PasswordCredential; import org.wildfly.security.http.digest.WildFlyElytronHttpDigestProvider; import org.wildfly.security.http.impl.AbstractBaseHttpTest; import org.wildfly.security.http.util.SecurityProviderServerMechanismFactory; +import org.wildfly.security.password.PasswordFactory; +import org.wildfly.security.password.WildFlyElytronPasswordProvider; +import org.wildfly.security.password.interfaces.ClearPassword; +import org.wildfly.security.password.spec.ClearPasswordSpec; import mockit.integration.junit4.JMockit; @@ -75,6 +98,18 @@ public class HttpAuthenticatorTest extends AbstractBaseHttpTest { + " response=\"753927fa0e85d155564e2e272a28d1802ca10daf4496794697cf8db5856cb6c1\",\n" + " opaque=\"FQhe/qaU925kfnzjCev0ciny7QMkPqMAFRtzCUYo5tdS\""; + private static final Provider provider = WildFlyElytronPasswordProvider.getInstance(); + + @BeforeClass + public static void registerPasswordProvider() { + Security.insertProviderAt(provider, 1); + } + + @AfterClass + public static void removePasswordProvider() { + Security.removeProvider(provider.getName()); + } + private CallbackHandler callbackHandler() { return getCallbackHandler("Mufasa", "http-auth@example.org", "Circle of Life"); } @@ -256,4 +291,42 @@ public void testUsingSecurityProviderServerMechanismWithDigestMD5() throws Excep authenticateWithDigestMD5(); } + @Test + public void testLoginInSecurityDomain() throws Exception { + SimpleMapBackedSecurityRealm usersRealm = new SimpleMapBackedSecurityRealm(); + usersRealm.setIdentityMap(Collections.singletonMap("Mufasa", + new SimpleRealmEntry(Collections.singletonList(new PasswordCredential( + PasswordFactory.getInstance(ClearPassword.ALGORITHM_CLEAR).generatePassword( + new ClearPasswordSpec("Circle of Life".toCharArray()))))))); + List events = new ArrayList<>(); + Consumer listener = event -> events.add(event); + SecurityDomain secDomain = SecurityDomain.builder() + .addRealm("http-auth@example.org", usersRealm).build() + .setDefaultRealmName("http-auth@example.org") + .setPermissionMapper((permissionMappable, roles) -> LoginPermission.getInstance()) + .setSecurityEventListener(listener) + .build(); + + authenticator = HttpAuthenticator.builder() + .setHttpExchangeSpi(exchangeSpi) + .setSecurityDomain(secDomain) + .build(); + + SecurityIdentity identity = authenticator.login("Mufasa", "wrong-password"); + Assert.assertNull(identity); + Assert.assertEquals(1, events.size()); + MatcherAssert.assertThat(events.get(0), IsInstanceOf.instanceOf(SecurityAuthenticationFailedEvent.class)); + Assert.assertEquals("Mufasa", ((SecurityAuthenticationFailedEvent) events.get(0)).getPrincipal().getName()); + + events.clear(); + + identity = authenticator.login("Mufasa", "Circle of Life"); + Assert.assertNotNull(identity); + Assert.assertEquals(2, events.size()); + MatcherAssert.assertThat(events.get(0), IsInstanceOf.instanceOf(SecurityPermissionCheckSuccessfulEvent.class)); + Assert.assertEquals("Mufasa", ((SecurityPermissionCheckSuccessfulEvent) events.get(0)).getSecurityIdentity().getPrincipal().getName()); + MatcherAssert.assertThat(((SecurityPermissionCheckSuccessfulEvent) events.get(0)).getPermission(), IsInstanceOf.instanceOf(LoginPermission.class)); + MatcherAssert.assertThat(events.get(1), IsInstanceOf.instanceOf(SecurityAuthenticationSuccessfulEvent.class)); + Assert.assertEquals("Mufasa", ((SecurityAuthenticationSuccessfulEvent) events.get(1)).getSecurityIdentity().getPrincipal().getName()); + } } diff --git a/tests/base/src/test/java/org/wildfly/security/http/impl/AbstractBaseHttpTest.java b/tests/base/src/test/java/org/wildfly/security/http/impl/AbstractBaseHttpTest.java index 73171b4fb48..128fcac453d 100644 --- a/tests/base/src/test/java/org/wildfly/security/http/impl/AbstractBaseHttpTest.java +++ b/tests/base/src/test/java/org/wildfly/security/http/impl/AbstractBaseHttpTest.java @@ -601,7 +601,7 @@ public OutputStream getResponseOutputStream() { } public HttpScope getScope(Scope scope) { - throw new IllegalStateException(); + return null; } public Collection getScopeIds(Scope scope) {