Custom identity stores

In some cases, we may need to integrate our application security with an identity store not directly supported by the security API, for example, we may have a requirement to integrate with an existing commercial security product. For cases like this, the Java EE security API allows us to roll our own identity store definition.

To handle custom identity stores, we need to create an application-scoped CDI bean; the bean must implement the IdentityStore interface, as illustrated in the following example:

package net.ensode.javaee8book.security.basicauthexample; 
 
import java.util.Arrays; 
import java.util.HashSet; 
import java.util.Set; 
import javax.annotation.PostConstruct; 
import javax.enterprise.context.ApplicationScoped; 
import javax.security.enterprise.credential.Credential; 
import javax.security.enterprise.credential.UsernamePasswordCredential; 
import javax.security.enterprise.identitystore.CredentialValidationResult; 
import javax.security.enterprise.identitystore.IdentityStore; 
 
@ApplicationScoped 
public class DummyIdentityStore implements IdentityStore { 
 
  Set<String> adminRoleSet; 
  Set userRoleSet; 
  Set userAdminRoleSet; 
 
  @PostConstruct 
  public void init() { 
    adminRoleSet = new HashSet<>(Arrays.asList("admin")); 
    userRoleSet = new HashSet<>(Arrays.asList("user")); 
    userAdminRoleSet = new HashSet<>(Arrays.asList("user",  
     "admin")); 
  } 
 
  @Override 
  public CredentialValidationResult validate(Credential credential)
   { 
    UsernamePasswordCredential usernamePasswordCredential =  
            (UsernamePasswordCredential) credential; 
 
    CredentialValidationResult credentialValidationResult; 
 
    if (usernamePasswordCredential.compareTo( 
            "david", "secret")) { 
      credentialValidationResult =  
              new CredentialValidationResult("david", 
              adminRoleSet); 
    } 
    else if (usernamePasswordCredential.compareTo("alan",
         "iforgot")) { 
      credentialValidationResult =  
              new CredentialValidationResult("alan",
                 userAdminRoleSet); 
    } 
    else { 
      credentialValidationResult = 
        CredentialValidationResult.INVALID_RESULT; 
    } 
 
    return credentialValidationResult; 
  } 
}

The validate() method is defined in the IdentityStore interface provided by the security API; in our example, we implement this method so that we can implement custom validation for our application.

In our example, we are hardcoding valid credentials into the code, do not do this for real applications!

The validate() method defined in the IdentityStore interface accepts an instance of a class implementing the Credential interface as its sole argument. In the body of our method, we cast it down to UserNamePasswordCredential, then we invoke its compareTo() method, passing the expected username and password. If the provided credentials match either one of the expected sets of credentials, then we allow the user to successfully log in; we do this by returning an instance of CredentialValidationResult containing the username and a Set containing all the roles that the user has in our application.

If the supplied credentials don't match either of the expected credentials, then we prevent the user from logging in by returning CredentialValidationResult.INVALID_RESULT.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.140.197.10