Skip to content

Commit

Permalink
[ELY-2583] Make requestURI and Source-Address available from RealmSuc…
Browse files Browse the repository at this point in the history
…cessfulAuthenticationEvent and RealmFailedAuthenticationEvent
  • Loading branch information
Skyllarr committed Sep 11, 2023
1 parent 3dc896a commit 2ec6427
Show file tree
Hide file tree
Showing 3 changed files with 58 additions and 2 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,10 @@ public interface MechanismInformation {
*/
String getProtocol();

default String getRequestURI() {
return null;
}

MechanismInformation DEFAULT = new MechanismInformation() {

@Override
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -1108,6 +1108,9 @@ private void handleOne(final Callback[] callbacks, final int idx) throws IOExcep
mi.getMechanismType(), mi.getMechanismName(), mi.getHostName(), mi.getProtocol());
}
setMechanismInformation(mi);
Attributes runtimeAttributes = new MapAttributes();
runtimeAttributes.addFirst("Request-URI", mi.getRequestURI());
addRuntimeAttributes(runtimeAttributes);
handleOne(callbacks, idx + 1);
} catch (Exception e) {
throw new IOException(e);
Expand Down Expand Up @@ -2107,15 +2110,57 @@ void succeed() {
void fail(final boolean requireInProgress) {
final SecurityIdentity capturedIdentity = getSourceIdentity();
final AtomicReference<State> stateRef = getStateRef();
if (! stateRef.compareAndSet(this, FAILED)) {
if (!stateRef.compareAndSet(this, FAILED)) {
stateRef.get().fail(requireInProgress);
return;
}
SecurityRealm.safeHandleRealmEvent(getRealmInfo().getSecurityRealm(), new RealmFailedAuthenticationEvent(realmIdentity, null, null));
SecurityRealm.safeHandleRealmEvent(getRealmInfo().getSecurityRealm(), new RealmFailedAuthenticationEvent(getRealmIdentityWithRuntimeAttributes(), null, null));
SecurityDomain.safeHandleSecurityEvent(capturedIdentity.getSecurityDomain(), new SecurityAuthenticationFailedEvent(capturedIdentity, realmIdentity.getRealmIdentityPrincipal()));
realmIdentity.dispose();
}

private RealmIdentity getRealmIdentityWithRuntimeAttributes() {
return new RealmIdentity() {
@Override
public Principal getRealmIdentityPrincipal() {
return realmIdentity.getRealmIdentityPrincipal();
}

@Override
public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec) throws RealmUnavailableException {
return realmIdentity.getCredentialAcquireSupport(credentialType, algorithmName, parameterSpec);
}

@Override
public <C extends Credential> C getCredential(Class<C> credentialType) throws RealmUnavailableException {
return realmIdentity.getCredential(credentialType);
}

@Override
public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> evidenceType, String algorithmName) throws RealmUnavailableException {
return realmIdentity.getEvidenceVerifySupport(evidenceType, algorithmName);
}

@Override
public boolean verifyEvidence(Evidence evidence) throws RealmUnavailableException {
return realmIdentity.verifyEvidence(evidence);
}

@Override
public boolean exists() throws RealmUnavailableException {
return realmIdentity.exists();
}

public AuthorizationIdentity getAuthorizationIdentity() throws RealmUnavailableException {
if (realmIdentity.exists()) {
return AuthorizationIdentity.basicIdentity(realmIdentity.getAuthorizationIdentity(), runtimeAttributes);
} else {
return AuthorizationIdentity.basicIdentity(AuthorizationIdentity.EMPTY, runtimeAttributes);
}
}
};
}

@Override
void setPrincipal(final Principal principal, final boolean exclusive) {
if (isSamePrincipal(principal)) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@
import static org.wildfly.security.http.HttpConstants.HOST;
import static org.wildfly.security.http.util.ElytronMessages.log;

import java.net.URI;
import java.util.Map;

import javax.security.auth.callback.Callback;
Expand Down Expand Up @@ -73,6 +74,7 @@ public String getMechanismName() {
public void evaluateRequest(HttpServerRequest request) throws HttpAuthenticationException {
String host = request.getFirstRequestHeaderValue(HOST);
String resolvedHostName = null;
URI requestedUri = request.getRequestURI();
if (host != null) {
if (host.startsWith("[")) {
int close = host.indexOf(']');
Expand Down Expand Up @@ -110,6 +112,11 @@ public String getMechanismName() {
public String getHostName() {
return hostName;
}
@Override
public String getRequestURI() {
return requestedUri.toString();
}

})});

} catch (Throwable e) {
Expand Down

0 comments on commit 2ec6427

Please sign in to comment.