Package javax.security.auth.message

Examples of javax.security.auth.message.MessageInfo


    public void logout(final HttpRequest req) {
        boolean securityExtensionEnabled = isSecurityExtensionEnabled(req.getRequest().getServletContext());
        byte[] alreadyCalled = (byte[]) reentrancyStatus.get();
        if (securityExtensionEnabled && helper != null && alreadyCalled[0] == 0) {
            alreadyCalled[0] = 1;
            MessageInfo messageInfo = (MessageInfo) req.getRequest().getAttribute(MESSAGE_INFO);
            if (messageInfo == null) {
                messageInfo = new HttpMessageInfo((HttpServletRequest) req.getRequest(),
                        (HttpServletResponse) req.getResponse().getResponse());
            }
            messageInfo.getMap().put(HttpServletConstants.IS_MANDATORY,
                        Boolean.TRUE.toString());
            try {
                ServerAuthContext sAC = helper.getServerAuthContext(messageInfo,null);
                if (sAC != null) {
                    /*
 
View Full Code Here


        boolean result = false;
        ServerAuthContext sAC = null;
        try {
            if (helper != null) {
                HttpServletRequest req = (HttpServletRequest) request.getRequest();
                MessageInfo messageInfo =
                        (MessageInfo) req.getAttribute(MESSAGE_INFO);
                if (messageInfo != null) {
                    //JSR 196 is enabled for this application
                    sAC = (ServerAuthContext) messageInfo.getMap().get(SERVER_AUTH_CONTEXT);
                    if (sAC != null) {
                        AuthStatus authStatus =
                                sAC.secureResponse(messageInfo,
                                null); //null serviceSubject
                        result = AuthStatus.SUCCESS.equals(authStatus);
View Full Code Here

        HttpServletRequest req = (HttpServletRequest) request.getRequest();
        HttpServletResponse res = (HttpServletResponse) response.getResponse();

        Subject subject = new Subject();

        MessageInfo messageInfo = new HttpMessageInfo(req, res);

        boolean rvalue = false;
        boolean isMandatory = true;
        try {
            WebSecurityManager webSecMgr = getWebSecurityManager(true);
            isMandatory = !webSecMgr.permitAll(req);
            //Issue  - 9578 - produce user challenge if call originates from HttpRequest.authenticate
            if (isMandatory || calledFromAuthenticate) {
                messageInfo.getMap().put(HttpServletConstants.IS_MANDATORY,
                        Boolean.TRUE.toString());
            }
            ServerAuthContext sAC =
                    helper.getServerAuthContext(messageInfo,
                    null); // null serviceSubject
            if (sAC != null) {
                AuthStatus authStatus =
                        sAC.validateRequest(messageInfo, subject,
                        null); // null serviceSubject
                rvalue = AuthStatus.SUCCESS.equals(authStatus);

                if (rvalue) { // cache it only if validateRequest = true
                    messageInfo.getMap().put(SERVER_AUTH_CONTEXT, sAC);
                    req.setAttribute(MESSAGE_INFO, messageInfo);
                }
            } else {
                throw new AuthException("null ServerAuthContext");
            }
        } catch (AuthException ae) {
            if (_logger.isLoggable(Level.FINE)) {
                _logger.log(Level.FINE,
                        "JMAC: http msg authentication fail", ae);
            }
            res.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
        }

        if (rvalue) {
            Set<Principal> principalSet = subject.getPrincipals();
            // must be at least one new principal to establish
            // non-default security context
            if (principalSet != null && !principalSet.isEmpty() &&
                !principalSetContainsOnlyAnonymousPrincipal(principalSet)) {

                SecurityContext ctx = new SecurityContext(subject);
                //XXX assuming no null principal here
                Principal p = ctx.getCallerPrincipal();
                WebPrincipal wp = new WebPrincipal(p, ctx);
                try {
                    //XXX Keep it for reference
                    /*
                    if (this.sAC.managesSessions(sharedState)) {
                    // registration (via proxy) does not occur
                    // if context manages sessions
                    // record authentication information in the request
                    request.setAuthType(PROXY_AUTH_TYPE);
                    request.setUserPrincipal(wp);
                    } else {
                    AuthenticatorProxy proxy =
                    new AuthenticatorProxy(authenticator,wp);
                    proxy.authenticate(request,response,config);
                    }
                     */
                    String authType = (String) messageInfo.getMap().get(
                            HttpServletConstants.AUTH_TYPE);
                   
                    if (authType == null && config != null &&
                            config.getAuthMethod() != null) {
                        authType = config.getAuthMethod();
                    }

                    if (shouldRegister(messageInfo.getMap())) {
                        AuthenticatorProxy proxy = new AuthenticatorProxy(authenticator, wp, authType);
                        proxy.authenticate(request, response, config);
                    } else {
                        request.setAuthType((authType == null) ? PROXY_AUTH_TYPE : authType);
                        request.setUserPrincipal(wp);
                    }
                } catch (LifecycleException le) {
                    _logger.log(Level.SEVERE, "[Web-Security] unable to register session", le);

                }

                HttpServletRequest newRequest = (HttpServletRequest) messageInfo.getRequestMessage();
                if (newRequest != req) {
                    request.setNote(Globals.WRAPPED_REQUEST,
                            new HttpRequestWrapper(request, newRequest));
                }

                HttpServletResponse newResponse = (HttpServletResponse) messageInfo.getResponseMessage();
                if (newResponse != res) {
                    request.setNote(Globals.WRAPPED_RESPONSE,
                            new HttpResponseWrapper(response, newResponse));
                }

View Full Code Here

        this.identityService = identityService;
    }

    public AuthResult validateRequest(Request request, Response response, boolean isAuthMandatory) throws ServerAuthException {
        try {
            MessageInfo messageInfo = new JaspicMessageInfo(request, response, isAuthMandatory);
            request.setNote(MESSAGE_INFO_KEY, messageInfo);
            String authContextId = serverAuthConfig.getAuthContextID(messageInfo);
            ServerAuthContext authContext = serverAuthConfig.getAuthContext(authContextId, serviceSubject, authProperties);
            Subject clientSubject = new Subject();
View Full Code Here

    public void logout(final HttpRequest req) {
        boolean securityExtensionEnabled = isSecurityExtensionEnabled(req.getRequest().getServletContext());
        byte[] alreadyCalled = (byte[]) reentrancyStatus.get();
        if (securityExtensionEnabled && helper != null && alreadyCalled[0] == 0) {
            alreadyCalled[0] = 1;
            MessageInfo messageInfo = (MessageInfo) req.getRequest().getAttribute(MESSAGE_INFO);
            if (messageInfo == null) {
                messageInfo = new HttpMessageInfo((HttpServletRequest) req.getRequest(),
                        (HttpServletResponse) req.getResponse().getResponse());
            }
            messageInfo.getMap().put(HttpServletConstants.IS_MANDATORY,
                        Boolean.TRUE.toString());
            try {
                ServerAuthContext sAC = helper.getServerAuthContext(messageInfo,null);
                if (sAC != null) {
                    /*
 
View Full Code Here

        boolean result = false;
        ServerAuthContext sAC = null;
        try {
            if (helper != null) {
                HttpServletRequest req = (HttpServletRequest) request.getRequest();
                MessageInfo messageInfo =
                        (MessageInfo) req.getAttribute(MESSAGE_INFO);
                if (messageInfo != null) {
                    //JSR 196 is enabled for this application
                    sAC = (ServerAuthContext) messageInfo.getMap().get(SERVER_AUTH_CONTEXT);
                    if (sAC != null) {
                        AuthStatus authStatus =
                                sAC.secureResponse(messageInfo,
                                null); //null serviceSubject
                        result = AuthStatus.SUCCESS.equals(authStatus);
View Full Code Here

        HttpServletRequest req = (HttpServletRequest) request.getRequest();
        HttpServletResponse res = (HttpServletResponse) response.getResponse();

        Subject subject = new Subject();

        MessageInfo messageInfo = new HttpMessageInfo(req, res);

        boolean rvalue = false;
        boolean isMandatory = true;
        try {
            WebSecurityManager webSecMgr = getWebSecurityManager(true);
            isMandatory = !webSecMgr.permitAll(req);
            //Issue  - 9578 - produce user challenge if call originates from HttpRequest.authenticate
            if (isMandatory || calledFromAuthenticate) {
                messageInfo.getMap().put(HttpServletConstants.IS_MANDATORY,
                        Boolean.TRUE.toString());
            }
            ServerAuthContext sAC =
                    helper.getServerAuthContext(messageInfo,
                    null); // null serviceSubject
            if (sAC != null) {
                AuthStatus authStatus =
                        sAC.validateRequest(messageInfo, subject,
                        null); // null serviceSubject
                rvalue = AuthStatus.SUCCESS.equals(authStatus);

                if (rvalue) { // cache it only if validateRequest = true
                    messageInfo.getMap().put(SERVER_AUTH_CONTEXT, sAC);
                    req.setAttribute(MESSAGE_INFO, messageInfo);
                }
            } else {
                throw new AuthException("null ServerAuthContext");
            }
        } catch (AuthException ae) {
            if (_logger.isLoggable(Level.FINE)) {
                _logger.log(Level.FINE,
                        "JMAC: http msg authentication fail", ae);
            }
            res.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
        }

        if (rvalue) {
            Set<Principal> principalSet = subject.getPrincipals();
            // must be at least one new principal to establish
            // non-default security context
            if (principalSet != null && !principalSet.isEmpty() &&
                !principalSetContainsOnlyAnonymousPrincipal(principalSet)) {

                SecurityContext ctx = new SecurityContext(subject);
                //XXX assuming no null principal here
                Principal p = ctx.getCallerPrincipal();
                WebPrincipal wp = new WebPrincipal(p, ctx);
                try {
                    //XXX Keep it for reference
                    /*
                    if (this.sAC.managesSessions(sharedState)) {
                    // registration (via proxy) does not occur
                    // if context manages sessions
                    // record authentication information in the request
                    request.setAuthType(PROXY_AUTH_TYPE);
                    request.setUserPrincipal(wp);
                    } else {
                    AuthenticatorProxy proxy =
                    new AuthenticatorProxy(authenticator,wp);
                    proxy.authenticate(request,response,config);
                    }
                     */
                    String authType = (String) messageInfo.getMap().get(
                            HttpServletConstants.AUTH_TYPE);
                   
                    if (authType == null && config != null &&
                            config.getAuthMethod() != null) {
                        authType = config.getAuthMethod();
                    }

                    if (shouldRegister(messageInfo.getMap())) {
                        AuthenticatorProxy proxy = new AuthenticatorProxy(authenticator, wp, authType);
                        proxy.authenticate(request, response, config);
                    } else {
                        request.setAuthType((authType == null) ? PROXY_AUTH_TYPE : authType);
                        request.setUserPrincipal(wp);
                    }
                } catch (LifecycleException le) {
                    _logger.log(Level.SEVERE, "[Web-Security] unable to register session", le);

                }

                HttpServletRequest newRequest = (HttpServletRequest) messageInfo.getRequestMessage();
                if (newRequest != req) {
                    request.setNote(Globals.WRAPPED_REQUEST,
                            new HttpRequestWrapper(request, newRequest));
                }

                HttpServletResponse newResponse = (HttpServletResponse) messageInfo.getResponseMessage();
                if (newResponse != res) {
                    request.setNote(Globals.WRAPPED_RESPONSE,
                            new HttpResponseWrapper(response, newResponse));
                }

View Full Code Here

    public void logout(final HttpRequest req) {
        boolean securityExtensionEnabled = isSecurityExtensionEnabled(req.getRequest().getServletContext());
        byte[] alreadyCalled = (byte[]) reentrancyStatus.get();
        if (securityExtensionEnabled && helper != null && alreadyCalled[0] == 0) {
            alreadyCalled[0] = 1;
            MessageInfo messageInfo = (MessageInfo) req.getRequest().getAttribute(MESSAGE_INFO);
            if (messageInfo == null) {
                messageInfo = new HttpMessageInfo((HttpServletRequest) req.getRequest(),
                        (HttpServletResponse) req.getResponse().getResponse());
            }
            messageInfo.getMap().put(HttpServletConstants.IS_MANDATORY,
                        Boolean.TRUE.toString());
            try {
                ServerAuthContext sAC = helper.getServerAuthContext(messageInfo,null);
                if (sAC != null) {
                    /*
 
View Full Code Here

        boolean result = false;
        ServerAuthContext sAC = null;
        try {
            if (helper != null) {
                HttpServletRequest req = (HttpServletRequest) request.getRequest();
                MessageInfo messageInfo =
                        (MessageInfo) req.getAttribute(MESSAGE_INFO);
                if (messageInfo != null) {
                    //JSR 196 is enabled for this application
                    sAC = (ServerAuthContext) messageInfo.getMap().get(SERVER_AUTH_CONTEXT);
                    if (sAC != null) {
                        AuthStatus authStatus =
                                sAC.secureResponse(messageInfo,
                                null); //null serviceSubject
                        result = AuthStatus.SUCCESS.equals(authStatus);
View Full Code Here

        HttpServletRequest req = (HttpServletRequest) request.getRequest();
        HttpServletResponse res = (HttpServletResponse) response.getResponse();

        Subject subject = new Subject();

        MessageInfo messageInfo = new HttpMessageInfo(req, res);

        boolean rvalue = false;
        boolean isMandatory = true;
        try {
            WebSecurityManager webSecMgr = getWebSecurityManager(true);
            isMandatory = !webSecMgr.permitAll(req);
            //Issue  - 9578 - produce user challenge if call originates from HttpRequest.authenticate
            if (isMandatory || calledFromAuthenticate) {
                messageInfo.getMap().put(HttpServletConstants.IS_MANDATORY,
                        Boolean.TRUE.toString());
            }
            ServerAuthContext sAC =
                    helper.getServerAuthContext(messageInfo,
                    null); // null serviceSubject
            if (sAC != null) {
                AuthStatus authStatus =
                        sAC.validateRequest(messageInfo, subject,
                        null); // null serviceSubject
                rvalue = AuthStatus.SUCCESS.equals(authStatus);

                if (rvalue) { // cache it only if validateRequest = true
                    messageInfo.getMap().put(SERVER_AUTH_CONTEXT, sAC);
                    req.setAttribute(MESSAGE_INFO, messageInfo);
                }
            } else {
                throw new AuthException("null ServerAuthContext");
            }
        } catch (AuthException ae) {
            if (_logger.isLoggable(Level.FINE)) {
                _logger.log(Level.FINE,
                        "JMAC: http msg authentication fail", ae);
            }
            res.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
        } catch (RuntimeException e) {
            if (_logger.isLoggable(Level.FINE)) {
                _logger.log(Level.FINE,
                        "JMAC: Exception during validateRequest", e);
            }
            res.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
        }
        if (rvalue) {
            Set<Principal> principalSet = subject.getPrincipals();
            // must be at least one new principal to establish
            // non-default security context
            if (principalSet != null && !principalSet.isEmpty() &&
                !principalSetContainsOnlyAnonymousPrincipal(principalSet)) {

                SecurityContext ctx = new SecurityContext(subject);
                //XXX assuming no null principal here
                Principal p = ctx.getCallerPrincipal();
                WebPrincipal wp = new WebPrincipal(p, ctx);
                try {
                    //XXX Keep it for reference
                    /*
                    if (this.sAC.managesSessions(sharedState)) {
                    // registration (via proxy) does not occur
                    // if context manages sessions
                    // record authentication information in the request
                    request.setAuthType(PROXY_AUTH_TYPE);
                    request.setUserPrincipal(wp);
                    } else {
                    AuthenticatorProxy proxy =
                    new AuthenticatorProxy(authenticator,wp);
                    proxy.authenticate(request,response,config);
                    }
                     */
                    String authType = (String) messageInfo.getMap().get(
                            HttpServletConstants.AUTH_TYPE);
                   
                    if (authType == null && config != null &&
                            config.getAuthMethod() != null) {
                        authType = config.getAuthMethod();
                    }

                    if (shouldRegister(messageInfo.getMap())) {
                        AuthenticatorProxy proxy = new AuthenticatorProxy(authenticator, wp, authType);
                        proxy.authenticate(request, response, config);
                    } else {
                        request.setAuthType((authType == null) ? PROXY_AUTH_TYPE : authType);
                        request.setUserPrincipal(wp);
                    }
                } catch (LifecycleException le) {
                    _logger.log(Level.SEVERE, "[Web-Security] unable to register session", le);

                }
            } else {
                //GLASSFISH-20930.Set null for the case when SAM does not
                //indicate that it needs the session
                if (((HttpServletRequest) messageInfo.getRequestMessage()).getUserPrincipal() != null) {
                    request.setUserPrincipal(null);
                    request.setAuthType(null);
                }

                if (isMandatory) {
                    rvalue = false;
                }
            }
            if (rvalue) {
                HttpServletRequest newRequest = (HttpServletRequest) messageInfo.getRequestMessage();
                if (newRequest != req) {
                    request.setNote(Globals.WRAPPED_REQUEST,
                            new HttpRequestWrapper(request, newRequest));
                }

                HttpServletResponse newResponse = (HttpServletResponse) messageInfo.getResponseMessage();
                if (newResponse != res) {
                    request.setNote(Globals.WRAPPED_RESPONSE,
                            new HttpResponseWrapper(response, newResponse));
                }
            }
View Full Code Here

TOP

Related Classes of javax.security.auth.message.MessageInfo

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.