Package javax.security.auth.message

Examples of javax.security.auth.message.MessageInfo


  
   public void testIsValid()
   {
      CallbackHandler cbh = new AppCallbackHandler("anil",
            "anilpwd".toCharArray());
      MessageInfo messageInfo = new GenericMessageInfo(new Object(), new Object());
      JASPIServerAuthenticationManager jaspiManager = new JASPIServerAuthenticationManager();
      boolean valid = jaspiManager.isValid(messageInfo, new Subject(), layer,
                                       cbh);
      assertTrue(valid);
   }
View Full Code Here


  
   public void testIsInValid()
   {
      CallbackHandler cbh = new AppCallbackHandler("anil",
            "dead".toCharArray());
      MessageInfo messageInfo = new GenericMessageInfo(new Object(), new Object());
      JASPIServerAuthenticationManager jaspiManager = new JASPIServerAuthenticationManager();
      boolean valid = jaspiManager.isValid(messageInfo, new Subject(), layer,
                                       cbh);
      assertFalse(valid);
   }
View Full Code Here

     
      ServerAuthConfig serverConfig =
         provider.getServerAuthConfig("TEST", "APP",
               new AppCallbackHandler("anil","anil".toCharArray()));
      assertNotNull("ServerAuthConfig ! null", serverConfig);
      MessageInfo mi = new GenericMessageInfo(new Object(), new Object());
      String authContextID = serverConfig.getAuthContextID(mi);
      assertNotNull("AuthContext ID != null",authContextID);
      ServerAuthContext sctx = serverConfig.getAuthContext(authContextID,
            new Subject(), new HashMap());
      assertNotNull("ServerAuthContext != null",sctx);
View Full Code Here

     
      ClientAuthConfig clientConfig =
         provider.getClientAuthConfig("TEST", "APP",
               new AppCallbackHandler("anil","anil".toCharArray()));
      assertNotNull("ClientAuthConfig ! null", clientConfig);
      MessageInfo mi = new GenericMessageInfo(new Object(), new Object());
      String authContextID = clientConfig.getAuthContextID(mi);
      assertNotNull("AuthContext ID != null",authContextID);
      ClientAuthContext sctx = clientConfig.getAuthContext(authContextID,
            new Subject(), new HashMap());
      assertNotNull("ClientAuthContext != null",sctx);
View Full Code Here

      AuthConfigProvider provider = factory.getConfigProvider(layer, appId, null);
      ServerAuthConfig serverConfig = provider.getServerAuthConfig(layer, appId, new AppCallbackHandler("jduke",
            "theduke".toCharArray()));
      assertNotNull("ServerAuthConfig is not null", serverConfig);

      MessageInfo mi = new GenericMessageInfo(new Object(), new Object());
      String authContextID = serverConfig.getAuthContextID(mi);
      assertNotNull("AuthContext ID != null", authContextID);
      ServerAuthContext sctx = serverConfig.getAuthContext(authContextID, new Subject(), new HashMap());
      assertNotNull("ServerAuthContext != null", sctx);
      Subject clientSubject = new Subject();
View Full Code Here

      AuthConfigProvider provider = factory.getConfigProvider(layer, appId, null);
      ServerAuthConfig serverConfig = provider.getServerAuthConfig(layer, appId, new AppCallbackHandler("jduke",
            "badpwd".toCharArray()));
      assertNotNull("ServerAuthConfig is not null", serverConfig);

      MessageInfo mi = new GenericMessageInfo(new Object(), new Object());
      String authContextID = serverConfig.getAuthContextID(mi);
      assertNotNull("AuthContext ID != null", authContextID);
      ServerAuthContext sctx = serverConfig.getAuthContext(authContextID, new Subject(), new HashMap());
      assertNotNull("ServerAuthContext != null", sctx);
      Subject clientSubject = new Subject();
View Full Code Here

   @Override
   public void testLogin() throws Exception
   {
      HttpServletRequest hsr = getHttpServletRequest("jduke", "theduke");
      MessageInfo mi = new GenericMessageInfo(hsr, (HttpServletResponse) null);
      ServerAuthenticationManager am = new JASPIServerAuthenticationManager(securityDomain, acbh);
      assertTrue(am.isValid(mi, (Subject)null, "HTTP", new JBossCallbackHandler()));
   }
View Full Code Here

   @Override
   public void testUnsuccessfulLogin() throws Exception
   {
      HttpServletRequest hsr = getHttpServletRequest("jduke", "BAD");
      MessageInfo mi = new GenericMessageInfo(hsr, (HttpServletResponse) null);
      ServerAuthenticationManager am = new JASPIServerAuthenticationManager(securityDomain, acbh);
      assertFalse(am.isValid(mi, (Subject)null, "HTTP", null));
   }
View Full Code Here

        boolean result = false;
        ServerAuthContext sAC = null;
        try {
            if (helper != null) {
                HttpServletRequest req = (HttpServletRequest) request.getRequest();
                MessageInfo messageInfo =
                        (MessageInfo) req.getAttribute(MESSAGE_INFO);
                if (messageInfo != null) {
                    //JSR 196 is enabled for this application
                    sAC = (ServerAuthContext) messageInfo.getMap().get(SERVER_AUTH_CONTEXT);
                    if (sAC != null) {
                        AuthStatus authStatus =
                                sAC.secureResponse(messageInfo,
                                null); //null serviceSubject
                        result = AuthStatus.SUCCESS.equals(authStatus);
View Full Code Here

        HttpServletRequest req = (HttpServletRequest) request.getRequest();
        HttpServletResponse res = (HttpServletResponse) response.getResponse();

        Subject subject = new Subject();

        MessageInfo messageInfo = new HttpMessageInfo(req, res);

        boolean rvalue = false;
        boolean isMandatory = true;
        try {
            WebSecurityManager webSecMgr = getWebSecurityManager(true);
            isMandatory = !webSecMgr.permitAll(req);
            //Issue  - 9578 - produce user challenge if call originates from HttpRequest.authenticate
            if (isMandatory || calledFromAuthenticate) {
                messageInfo.getMap().put(HttpServletConstants.IS_MANDATORY,
                        Boolean.TRUE.toString());
            }
            ServerAuthContext sAC =
                    helper.getServerAuthContext(messageInfo,
                    null); // null serviceSubject
            if (sAC != null) {
                AuthStatus authStatus =
                        sAC.validateRequest(messageInfo, subject,
                        null); // null serviceSubject
                rvalue = AuthStatus.SUCCESS.equals(authStatus);

                if (rvalue) { // cache it only if validateRequest = true
                    messageInfo.getMap().put(SERVER_AUTH_CONTEXT, sAC);
                    req.setAttribute(MESSAGE_INFO, messageInfo);
                }
            } else {
                throw new AuthException("null ServerAuthContext");
            }
        } catch (AuthException ae) {
            if (_logger.isLoggable(Level.FINE)) {
                _logger.log(Level.FINE,
                        "JMAC: http msg authentication fail", ae);
            }
            res.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
        }

        if (rvalue) {
            Set<Principal> principalSet = subject.getPrincipals();
            // must be at least one new principal to establish
            // non-default security context
            if (principalSet != null && !principalSet.isEmpty() &&
                !principalSetContainsOnlyAnonymousPrincipal(principalSet)) {

                SecurityContext ctx = new SecurityContext(subject);
                //XXX assuming no null principal here
                Principal p = ctx.getCallerPrincipal();
                WebPrincipal wp = new WebPrincipal(p, ctx);
                try {
                    //XXX Keep it for reference
                    /*
                    if (this.sAC.managesSessions(sharedState)) {
                    // registration (via proxy) does not occur
                    // if context manages sessions
                    // record authentication information in the request
                    request.setAuthType(PROXY_AUTH_TYPE);
                    request.setUserPrincipal(wp);
                    } else {
                    AuthenticatorProxy proxy =
                    new AuthenticatorProxy(authenticator,wp);
                    proxy.authenticate(request,response,config);
                    }
                     */
                    String authType = (String) messageInfo.getMap().get(
                            HttpServletConstants.AUTH_TYPE);
                    boolean register = messageInfo.getMap().containsKey(
                            HttpServletConstants.REGISTER_WITH_AUTHENTICATOR);

                    if (authType == null && config != null &&
                            config.getAuthMethod() != null) {
                        authType = config.getAuthMethod();
                    }

                    if (register) {
                        AuthenticatorProxy proxy = new AuthenticatorProxy(authenticator, wp, authType);
                        proxy.authenticate(request, response, config);
                    } else {
                        request.setAuthType((authType == null) ? PROXY_AUTH_TYPE : authType);
                        request.setUserPrincipal(wp);
                    }
                } catch (LifecycleException le) {
                    _logger.log(Level.SEVERE, "[Web-Security] unable to register session", le);

                }

                HttpServletRequest newRequest = (HttpServletRequest) messageInfo.getRequestMessage();
                if (newRequest != req) {
                    request.setNote(Globals.WRAPPED_REQUEST,
                            new HttpRequestWrapper(request, newRequest));
                }

                HttpServletResponse newResponse = (HttpServletResponse) messageInfo.getResponseMessage();
                if (newResponse != res) {
                    request.setNote(Globals.WRAPPED_RESPONSE,
                            new HttpResponseWrapper(response, newResponse));
                }

View Full Code Here

TOP

Related Classes of javax.security.auth.message.MessageInfo

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.