Package javax.security.auth.message

Examples of javax.security.auth.message.MessageInfo

131
132
133
134
135
136
137
138
139
140
141
    */
   public Principal authenticate(Request request, HttpServletResponse response,
         LoginConfig config) throws Exception
   {
      log.debug("ExtendedSecurityMgrRealm:authenticate");
      MessageInfo authParam = new GenericMessageInfo(request, request.getResponse());
      GeneralizedAuthenticationManager gam = getAuthenticationManager();
      Subject clientSubject = new Subject();
      Subject serviceSubject = new Subject();
      Map sharedState = getSharedState(request,config);
      AuthStatus status = AuthStatus.FAILURE;
View Full Code Here
130
131
132
133
134
135
136
137
138
139
140
    */
   public Principal authenticate(Request request, Response response,
         LoginConfig config) throws Exception
   {
      log.debug("ExtendedSecurityMgrRealm:authenticate");
      MessageInfo authParam = new GenericMessageInfo(request,response);
      GeneralizedAuthenticationManager gam = getAuthenticationManager();
      Subject clientSubject = new Subject();
      Subject serviceSubject = new Subject();
      Map sharedState = getSharedState(request,config);
      AuthStatus status = AuthStatus.FAILURE;
View Full Code Here
63
64
65
66
67
68
69
70
71
72
73
        this.identityService = identityService;
    }

    public AuthResult validateRequest(Request request, Response response, boolean isAuthMandatory) throws ServerAuthException {
        try {
            MessageInfo messageInfo = new JaspicMessageInfo(request, response, isAuthMandatory);
            request.setNote(MESSAGE_INFO_KEY, messageInfo);
            String authContextId = serverAuthConfig.getAuthContextID(messageInfo);
            ServerAuthContext authContext = serverAuthConfig.getAuthContext(authContextId, serviceSubject, authProperties);
            Subject clientSubject = new Subject();
View Full Code Here
75
76
77
78
79
80
81
82
83
84
85
86
87
        containerCaching = authProperties != null && (authProperties.get(CONTAINER_CACHING_KEY) == null ? false : Boolean.valueOf((String) authProperties.get(CONTAINER_CACHING_KEY)));
    }

    public AuthResult validateRequest(Request request, HttpServletResponse response, boolean isAuthMandatory, UserIdentity cachedIdentity) throws ServerAuthException {
        try {
            MessageInfo messageInfo = new JaspicMessageInfo(request, response, isAuthMandatory);
            if (cachedIdentity != null) {
                messageInfo.getMap().put(CACHED_IDENTITY_KEY, cachedIdentity);
            }
            request.setNote(MESSAGE_INFO_KEY, messageInfo);
            String authContextId = serverAuthConfig.getAuthContextID(messageInfo);
            ServerAuthContext authContext = serverAuthConfig.getAuthContext(authContextId, serviceSubject, authProperties);
            Subject clientSubject = new Subject();
View Full Code Here
72
73
74
75
76
77
78
79
80
81
82
83
84
        containerCaching = authProperties != null && (authProperties.get(CONTAINER_CACHING_KEY) == null ? false : Boolean.valueOf((String) authProperties.get(CONTAINER_CACHING_KEY)));
    }

    public AuthResult validateRequest(Request request, HttpServletResponse response, boolean isAuthMandatory, UserIdentity cachedIdentity) throws ServerAuthException {
        try {
            MessageInfo messageInfo = new JaspicMessageInfo(request, response, isAuthMandatory);
            if (cachedIdentity != null) {
                messageInfo.getMap().put(CACHED_IDENTITY_KEY, cachedIdentity);
            }
            request.setNote(MESSAGE_INFO_KEY, messageInfo);
            String authContextId = serverAuthConfig.getAuthContextID(messageInfo);
            ServerAuthContext authContext = serverAuthConfig.getAuthContext(authContextId, serviceSubject, authProperties);
            Subject clientSubject = new Subject();
View Full Code Here
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
        boolean result = false;
        ServerAuthContext sAC = null;
        try {
            if (helper != null) {
                HttpServletRequest req = (HttpServletRequest)request.getRequest();
                MessageInfo messageInfo =
                        (MessageInfo)req.getAttribute(MESSAGE_INFO);
                if (messageInfo != null) {
                    //JSR 196 is enabled for this application
                    sAC = (ServerAuthContext)
                            messageInfo.getMap().get(SERVER_AUTH_CONTEXT);
                    if (sAC != null) {
                        AuthStatus authStatus =
                                sAC.secureResponse(messageInfo,
                                    null); //null serviceSubject
                        result = AuthStatus.SUCCESS.equals(authStatus);
View Full Code Here
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
        HttpServletRequest req = (HttpServletRequest)request.getRequest();
        HttpServletResponse res = (HttpServletResponse)response.getResponse();

        Subject subject = new Subject();

  MessageInfo messageInfo = new HttpMessageInfo(req, res);

        boolean rvalue = false;
        boolean isMandatory = true;
        try {
            WebSecurityManager webSecMgr = getWebSecurityManager(true);
            isMandatory = !webSecMgr.permitAll(req);
            if (isMandatory) {
                messageInfo.getMap().put(HttpServletConstants.IS_MANDATORY,
                    Boolean.TRUE.toString());
            }
            ServerAuthContext sAC =
                    helper.getServerAuthContext(messageInfo,
                        null); // null serviceSubject
            if (sAC != null) {
                AuthStatus authStatus =
                        sAC.validateRequest(messageInfo, subject,
                            null); // null serviceSubject
                rvalue = AuthStatus.SUCCESS.equals(authStatus);

                if (rvalue) { // cache it only if validateRequest = true
                    messageInfo.getMap().put(SERVER_AUTH_CONTEXT, sAC);
                    req.setAttribute(MESSAGE_INFO, messageInfo);
                }
            } else {
    throw new AuthException("null ServerAuthContext");
      }
        } catch(AuthException ae) {
            if (_logger.isLoggable(Level.FINE)) {
                _logger.log(Level.FINE,
                "JAMC: http msg authentication fail",ae);
            }
            res.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
        }

        if (rvalue) {
            Set principalSet = subject.getPrincipals();
            // must be at least one new principal to establish
      // non-default security context
            if (principalSet != null && !principalSet.isEmpty() &&
               !principalSetContainsOnlyAnonymousPrincipal(principalSet)) {

                SecurityContext ctx = new SecurityContext(subject);
                //XXX assuming no null principal here
    Principal p = ctx.getCallerPrincipal();
    WebPrincipal wp = new WebPrincipal(p,ctx);
    try {
                    //XXX Keep it for reference
                    /*
        if (this.sAC.managesSessions(sharedState)) {
      // registration (via proxy) does not occur
      // if context manages sessions
      // record authentication information in the request
      request.setAuthType(PROXY_AUTH_TYPE);
      request.setUserPrincipal(wp);
        } else {
      AuthenticatorProxy proxy =
          new AuthenticatorProxy(authenticator,wp);
      proxy.authenticate(request,response,config);
        }
                    */
                    String authType = (String)messageInfo.getMap().get(
                            HttpServletHelper.AUTH_TYPE);
                    boolean register = messageInfo.getMap().containsKey(
                            HttpServletConstants.REGISTER_WITH_AUTHENTICATOR);

                    if (authType == null && config != null &&
                            config.getAuthMethod() != null) {
                        authType = config.getAuthMethod();
                    }

                    if (register) {
                        AuthenticatorProxy proxy = new AuthenticatorProxy
                               (authenticator, wp, authType);
                        proxy.authenticate(request,response,config);
                    } else {
                        request.setAuthType((authType == null) ?
                                PROXY_AUTH_TYPE: authType);
                        request.setUserPrincipal(wp);
                    }
    } catch (LifecycleException le) {
        _logger.log(Level.SEVERE,"[Web-Security] unable to register session",le);
   
                                }

                HttpServletRequest newRequest = (HttpServletRequest)
                    messageInfo.getRequestMessage();
                if (newRequest != req) {
                    request.setNote(Globals.WRAPPED_REQUEST,
                            new HttpRequestWrapper(request, newRequest));
                }

                HttpServletResponse newResponse = (HttpServletResponse)
                    messageInfo.getResponseMessage();
                if (newResponse != res) {
                    request.setNote(Globals.WRAPPED_RESPONSE,
                            new HttpResponseWrapper(response,newResponse));
                }

View Full Code Here
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
    @Override
    public void logout(final HttpServletRequest req, final HttpServletResponse resp) {
        byte[] alreadyCalled = (byte[]) reentrancyStatus.get();
        if (helper != null && alreadyCalled[0] == 0) {
            alreadyCalled[0] = 1;
            MessageInfo messageInfo = (MessageInfo) req.getAttribute(MESSAGE_INFO);
            if (messageInfo == null) {
                messageInfo = new HttpMessageInfo((HttpServletRequest) req, (HttpServletResponse) resp);
            }
            messageInfo.getMap().put(HttpServletConstants.IS_MANDATORY,
                        Boolean.TRUE.toString());
            try {
                ServerAuthContext sAC = helper.getServerAuthContext(messageInfo,null);
                if (sAC != null) {
                    /*
 
View Full Code Here
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
        boolean result = false;
        ServerAuthContext sAC = null;
        try {
            if (helper != null) {
                HttpServletRequest req = (HttpServletRequest) request.getRequest();
                MessageInfo messageInfo =
                        (MessageInfo) req.getAttribute(MESSAGE_INFO);
                if (messageInfo != null) {
                    //JSR 196 is enabled for this application
                    sAC = (ServerAuthContext) messageInfo.getMap().get(SERVER_AUTH_CONTEXT);
                    if (sAC != null) {
                        AuthStatus authStatus =
                                sAC.secureResponse(messageInfo,
                                null); //null serviceSubject
                        result = AuthStatus.SUCCESS.equals(authStatus);
View Full Code Here
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
        HttpServletRequest req = (HttpServletRequest) request.getRequest();
        HttpServletResponse res = (HttpServletResponse) response.getResponse();

        Subject subject = new Subject();

        MessageInfo messageInfo = new HttpMessageInfo(req, res);

        boolean rvalue = false;
        boolean isMandatory = true;
        try {
            WebSecurityManager webSecMgr = getWebSecurityManager(true);
            isMandatory = !webSecMgr.permitAll(req);
            //Issue  - 9578 - produce user challenge if call originates from HttpRequest.authenticate
            if (isMandatory || calledFromAuthenticate) {
                messageInfo.getMap().put(HttpServletConstants.IS_MANDATORY,
                        Boolean.TRUE.toString());
            }
            ServerAuthContext sAC =
                    helper.getServerAuthContext(messageInfo,
                    null); // null serviceSubject
            if (sAC != null) {
                AuthStatus authStatus =
                        sAC.validateRequest(messageInfo, subject,
                        null); // null serviceSubject
                rvalue = AuthStatus.SUCCESS.equals(authStatus);

                if (rvalue) { // cache it only if validateRequest = true
                    messageInfo.getMap().put(SERVER_AUTH_CONTEXT, sAC);
                    req.setAttribute(MESSAGE_INFO, messageInfo);
                }
            } else {
                throw new AuthException("null ServerAuthContext");
            }
        } catch (AuthException ae) {
            if (_logger.isLoggable(Level.FINE)) {
                _logger.log(Level.FINE,
                        "JMAC: http msg authentication fail", ae);
            }
            res.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
        }

        if (rvalue) {
            Set<Principal> principalSet = subject.getPrincipals();
            // must be at least one new principal to establish
            // non-default security context
            if (principalSet != null && !principalSet.isEmpty() &&
                !principalSetContainsOnlyAnonymousPrincipal(principalSet)) {

                SecurityContext ctx = new SecurityContext(subject);
                //XXX assuming no null principal here
                Principal p = ctx.getCallerPrincipal();
                WebPrincipal wp = new WebPrincipal(p, ctx);
                try {
                    //XXX Keep it for reference
                    /*
                    if (this.sAC.managesSessions(sharedState)) {
                    // registration (via proxy) does not occur
                    // if context manages sessions
                    // record authentication information in the request
                    request.setAuthType(PROXY_AUTH_TYPE);
                    request.setUserPrincipal(wp);
                    } else {
                    AuthenticatorProxy proxy =
                    new AuthenticatorProxy(authenticator,wp);
                    proxy.authenticate(request,response,config);
                    }
                     */
                    String authType = (String) messageInfo.getMap().get(
                            HttpServletConstants.AUTH_TYPE);
                   
                    if (authType == null && config != null &&
                            config.getAuthMethod() != null) {
                        authType = config.getAuthMethod();
                    }

                    if (shouldRegister(messageInfo.getMap())) {
                        AuthenticatorProxy proxy = new AuthenticatorProxy(authenticator, wp, authType);
                        proxy.authenticate(request, response, config);
                    } else {
                        request.setAuthType((authType == null) ? PROXY_AUTH_TYPE : authType);
                        request.setUserPrincipal(wp);
                    }
                } catch (LifecycleException le) {
                    _logger.log(Level.SEVERE, "[Web-Security] unable to register session", le);

                }

                HttpServletRequest newRequest = (HttpServletRequest) messageInfo.getRequestMessage();
                if (newRequest != req) {
                    request.setNote(Globals.WRAPPED_REQUEST,
                            new HttpRequestWrapper(request, newRequest));
                }

                HttpServletResponse newResponse = (HttpServletResponse) messageInfo.getResponseMessage();
                if (newResponse != res) {
                    request.setNote(Globals.WRAPPED_RESPONSE,
                            new HttpResponseWrapper(response, newResponse));
                }

View Full Code Here
TOP

Related Classes of javax.security.auth.message.MessageInfo

  • com.sun.web.security.RealmAdapter
  • com.sun.xml.wss.provider.wsit.WSITClientAuthConfig
  • org.apache.geronimo.tomcat.security.authentication.jaspic.JaspicAuthenticator
  • org.jboss.test.authentication.jaspi.JASPIConfigUnitTestCase
  • org.jboss.test.authentication.jaspi.JASPILoginModuleDelgateUnitTestCase
  • org.jboss.test.authentication.jaspi.JASPIServerAuthenticationManagerUnitTestCase
  • org.jboss.test.authentication.jaspi.JASPIWorkflowUnitTestCase
  • org.jboss.test.authentication.WebJASPIAuthMgrUnitTestCase
  • org.jboss.web.tomcat.security.JBossExtendedSecurityMgrRealm
  • org.wildfly.extension.undertow.security.jaspi.JASPICSecurityContext
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.