Package org.apache.geronimo.tomcat.security

Examples of org.apache.geronimo.tomcat.security.AuthResult


            ServerAuthContext authContext = serverAuthConfig.getAuthContext(authContextId, serviceSubject, authProperties);
            Subject clientSubject = new Subject();

            AuthStatus authStatus = authContext.validateRequest(messageInfo, clientSubject, serviceSubject);
            if (authStatus == AuthStatus.SEND_CONTINUE)
                return new AuthResult(TomcatAuthStatus.SEND_CONTINUE, null);
            if (authStatus == AuthStatus.SEND_FAILURE)
                return new AuthResult(TomcatAuthStatus.SEND_FAILURE, null);

            if (authStatus == AuthStatus.SUCCESS) {
                Set<UserIdentity> ids = clientSubject.getPrivateCredentials(UserIdentity.class);
                UserIdentity userIdentity;
                if (ids.size() > 0) {
                    userIdentity = ids.iterator().next();
                } else {
                    CallerPrincipalCallback principalCallback = callbackHandler.getThreadCallerPrincipalCallback();
                    if (principalCallback == null) throw new NullPointerException("No CallerPrincipalCallback");
                    Principal principal = principalCallback.getPrincipal();
                    if (principal == null) {
                        String principalName = principalCallback.getName();
                        Set<Principal> principals = principalCallback.getSubject().getPrincipals();
                        for (Principal p : principals) {
                            if (p.getName().equals(principalName)) {
                                principal = p;
                                break;
                            }
                        }
                        if (principal == null) {
                            //TODO not clear what to do here.
                            return new AuthResult(TomcatAuthStatus.SUCCESS, null);
                        }
                    }
                    GroupPrincipalCallback groupPrincipalCallback = callbackHandler.getThreadGroupPrincipalCallback();
                    String[] groups = groupPrincipalCallback == null ? null : groupPrincipalCallback.getGroups();
                    userIdentity = identityService.newUserIdentity(clientSubject, principal, Arrays.asList(groups));
                }
                return new AuthResult(TomcatAuthStatus.SUCCESS, userIdentity);
            }
            if (authStatus == AuthStatus.SEND_SUCCESS) {
                //we are processing a message in a secureResponse dialog.
                return new AuthResult(TomcatAuthStatus.SEND_SUCCESS, null);
            }
            //should not happen
            throw new NullPointerException("No AuthStatus returned");
        } catch (AuthException e) {
            throw new ServerAuthException(e);
View Full Code Here


    public AuthResult validateRequest(Request request, Response response, boolean isAuthMandatory) throws ServerAuthException {
        try {
            Session session = request.getSessionInternal(isAuthMandatory);
            if (session == null) {
                //default identity??
                return new AuthResult(TomcatAuthStatus.SUCCESS, null);
            }
            if (matchRequest(request, session)) {
                //            if (log.isDebugEnabled())
                //                log.debug("Restore request from session '"
                //                          + session.getIdInternal()
                //                          + "'");
//                UserIdentity userIdentity = (UserIdentity)
//                        session.getNote(Constants.FORM_PRINCIPAL_NOTE);
                //            register(request, response, principal, Constants.FORM_METHOD,
                //                     (String) session.getNote(Constants.SESS_USERNAME_NOTE),
                //                     (String) session.getNote(Constants.SESS_PASSWORD_NOTE));
                //             If we're caching principals we no longer need the username
                // and password in the session, so remove them
                //            if (cache) {
                //                session.removeNote(Constants.SESS_USERNAME_NOTE);
                //                session.removeNote(Constants.SESS_PASSWORD_NOTE);
                //            }
                if (!restoreRequest(request, session)) {
//                    if (log.isDebugEnabled())
//                        log.debug("Proceed to restored request");
//                    return new AuthResult(TomcatAuthStatus.SUCCESS, userIdentity);
//                } else {
//                    if (log.isDebugEnabled())
//                        log.debug("Restore of original request failed");
                    response.sendError(HttpServletResponse.SC_BAD_REQUEST);
                    return new AuthResult(TomcatAuthStatus.SEND_FAILURE, null);
                }
            }
            UserIdentity userIdentity = (UserIdentity) session.getNote(Constants.FORM_PRINCIPAL_NOTE);
            if (userIdentity != null) {
                return new AuthResult(TomcatAuthStatus.SUCCESS, userIdentity);
            }

            //we have not yet completed authentication.
            // Acquire references to objects we will need to evaluate
            MessageBytes uriMB = MessageBytes.newInstance();
            CharChunk uriCC = uriMB.getCharChunk();
            uriCC.setLimit(-1);
            String contextPath = request.getContextPath();
            String requestURI = request.getDecodedRequestURI();
            response.setContext(request.getContext());

            // Is this the action request from the login page?
            boolean loginAction =
                    requestURI.startsWith(contextPath) &&
                            requestURI.endsWith(Constants.FORM_ACTION);

            // No -- Save this request and redirect to the form login page
            if (!loginAction) {
//                session = request.getSessionInternal(true);
//                if (log.isDebugEnabled())
//                    log.debug("Save request in session '" + session.getIdInternal() + "'");
                if (!isAuthMandatory) {
                    return new AuthResult(TomcatAuthStatus.SUCCESS, null);
                }
                try {
                    saveRequest(request, session);
                } catch (IOException ioe) {
//                    log.debug("Request body too big to save during authentication");
                    response.sendError(HttpServletResponse.SC_BAD_REQUEST,
                            sm.getString("authenticator.requestBodyTooBig"));
                    return new AuthResult(TomcatAuthStatus.SEND_FAILURE, null);
                }
                forwardToLoginPage(request, response);
                return new AuthResult(TomcatAuthStatus.SEND_CONTINUE, unauthenticatedIdentity);
            }

            // Yes -- Validate the specified credentials and redirect
            // to the error page if they are not correct
//            if (characterEncoding != null) {
//                request.setCharacterEncoding(characterEncoding);
//            }
            String username = request.getParameter(Constants.FORM_USERNAME);
            String password = request.getParameter(Constants.FORM_PASSWORD);
//            if (log.isDebugEnabled())
//                log.debug("Authenticating username '" + username + "'");
            userIdentity = loginService.login(username, password);
            if (userIdentity == null) {
//                if (isAuthMandatory) {
                    forwardToErrorPage(request, response);
                    //TODO right status?
                    return new AuthResult(TomcatAuthStatus.SEND_FAILURE, unauthenticatedIdentity);
//                } else {
//                    userIdentity = unauthenticatedIdentity;
//                }
            }

//            if (log.isDebugEnabled())
//                log.debug("Authentication of '" + username + "' was successful");

            if (session == null)
                session = request.getSessionInternal(false);
            if (session == null) {
//                if (containerLog.isDebugEnabled())
//                    containerLog.debug
//                        ("User took so long to log on the session expired");
                response.sendError(HttpServletResponse.SC_REQUEST_TIMEOUT,
                        sm.getString("authenticator.sessionExpired"));
                return new AuthResult(TomcatAuthStatus.SEND_FAILURE, unauthenticatedIdentity);
            }

            // Save the authenticated Principal in our session
            session.setNote(Constants.FORM_PRINCIPAL_NOTE, userIdentity);

            // Save the username and password as well
            session.setNote(Constants.SESS_USERNAME_NOTE, username);
            session.setNote(Constants.SESS_PASSWORD_NOTE, password);

            // Redirect the user to the original request URI (which will cause
            // the original request to be restored)
            requestURI = savedRequestURL(session);
//            if (log.isDebugEnabled())
//                log.debug("Redirecting to original '" + requestURI + "'");
            if (requestURI == null) {
                response.sendError(HttpServletResponse.SC_BAD_REQUEST,
                        sm.getString("authenticator.formlogin"));
                return new AuthResult(TomcatAuthStatus.SEND_FAILURE, null);
            } else {
                response.sendRedirect(response.encodeRedirectURL(requestURI));
                return new AuthResult(TomcatAuthStatus.SEND_CONTINUE, userIdentity);
            }
        } catch (IOException e) {
            throw new ServerAuthException(e);
        }
View Full Code Here

        try {
            if ((certs == null) || (certs.length < 1)) {
                if (isAuthMandatory) {
                    response.sendError(HttpServletResponse.SC_BAD_REQUEST,
                                   sm.getString("authenticator.certificates"));
                    return new AuthResult(TomcatAuthStatus.SEND_FAILURE, null);
                } else {
                    return new AuthResult(TomcatAuthStatus.SUCCESS, unauthenticatedIdentity);
                }
            }

            // Authenticate the specified certificate chain
            UserIdentity userIdentity = loginService.login(certs);
            if (userIdentity != null) {
                return new AuthResult(TomcatAuthStatus.SUCCESS, userIdentity);
            }
            if (isAuthMandatory) {
                response.sendError(HttpServletResponse.SC_UNAUTHORIZED,
                                   sm.getString("authenticator.unauthorized"));
                return new AuthResult(TomcatAuthStatus.SEND_CONTINUE, null);
            }
        } catch (IOException e) {
            throw new ServerAuthException(e);
        }
        return new AuthResult(TomcatAuthStatus.SUCCESS, unauthenticatedIdentity);
    }
View Full Code Here

public class NoneAuthenticator implements Authenticator {

    private final AuthResult unauthenticated;

    public NoneAuthenticator(UserIdentity unauthenticatedIdentity) {
        unauthenticated = new AuthResult(TomcatAuthStatus.SUCCESS, unauthenticatedIdentity);
    }
View Full Code Here

                authorizationBC.setOffset(authorizationBC.getOffset() - 6);
            }

            UserIdentity userIdentity = loginService.login(username, password);
            if (userIdentity != null) {
                return new AuthResult(TomcatAuthStatus.SUCCESS, userIdentity);
            }
        }


        // Send an "unauthorized" response and an appropriate challenge
        if (isAuthMandatory) {
            try {
                MessageBytes authenticate =
                        response.getCoyoteResponse().getMimeHeaders()
                        .addValue(AUTHENTICATE_BYTES, 0, AUTHENTICATE_BYTES.length);
                CharChunk authenticateCC = authenticate.getCharChunk();
                authenticateCC.append("Basic realm=\"");
                authenticateCC.append((realmName == null) ? "<unspecified>" : realmName);
                authenticateCC.append('\"');
                authenticate.toChars();
                response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
                return new AuthResult(TomcatAuthStatus.SEND_CONTINUE, null);
            } catch (IOException e) {
                throw new ServerAuthException(e);
            }
        }
        return new AuthResult(TomcatAuthStatus.SUCCESS, unauthenticatedIdentity);
    }
View Full Code Here

    public AuthResult validateRequest(Request request, Response response, boolean isAuthMandatory) throws ServerAuthException {
        String authorization = request.getHeader("authorization");
        if (authorization != null) {
            UserIdentity userIdentity = findPrincipal(request, authorization);
            if (userIdentity != null) {
                return new AuthResult(TomcatAuthStatus.SUCCESS, userIdentity);
            }
        }



        // Send an "unauthorized" response and an appropriate challenge

        // Next, generate a nOnce token (that is a token which is supposed
        // to be unique).
        if (isAuthMandatory) {
            String nOnce = generateNOnce(request);

            setAuthenticateHeader(response, nOnce);
            try {
                response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
            } catch (IOException e) {
                throw new ServerAuthException(e);
            }
            return new AuthResult(TomcatAuthStatus.SEND_CONTINUE, null);
        }
        return new AuthResult(TomcatAuthStatus.SUCCESS, unauthenticatedIdentity);

    }
View Full Code Here

                try {
                    response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
                } catch (IOException e) {
                    throw new ServerAuthException(e);
                }
                return new AuthResult(TomcatAuthStatus.SEND_CONTINUE, null, false);
            }
            return new AuthResult(TomcatAuthStatus.SUCCESS, unauthenticatedIdentity, false);
        }

        // Validate any credentials already included with this request
        String username = null;
        String password = null;

        authorization.toBytes();
        ByteChunk authorizationBC = authorization.getByteChunk();
        if (authorizationBC.startsWithIgnoreCase("basic ", 0)) { // Basic authorization
            authorizationBC.setOffset(authorizationBC.getOffset() + 6);
            // FIXME: Add trimming
            // authorizationBC.trim();

            CharChunk authorizationCC = authorization.getCharChunk();
            Base64.decode(authorizationBC, authorizationCC);

            // Get username and password
            int colon = authorizationCC.indexOf(':');
            if (colon < 0) {
                username = authorizationCC.toString();
            } else {
                char[] buf = authorizationCC.getBuffer();
                username = new String(buf, 0, colon);
                password = new String(buf, colon + 1, authorizationCC.getEnd() - colon - 1);
            }

            authorizationBC.setOffset(authorizationBC.getOffset() - 6);
        } else if (authorizationBC.startsWithIgnoreCase("negotiate ", 0)) { // Spnego authorization
            authorizationBC.setOffset(authorizationBC.getOffset() + 10);
            username = authorizationBC.toString();
            authorizationBC.setOffset(authorizationBC.getOffset() - 10);
        }

        UserIdentity userIdentity = loginService.login(username, password);
        if (userIdentity != null) {
            return new AuthResult(TomcatAuthStatus.SUCCESS, userIdentity, false);
        }

        // Send an "unauthorized" response and an appropriate challenge (BASIC)
        if (isAuthMandatory) {
            try {
                StringBuilder authenticateCC = new StringBuilder();
                authenticateCC.append("Basic realm=\"");
                if (realmName == null) {
                    authenticateCC.append(request.getServerName());
                    authenticateCC.append(':');
                    authenticateCC.append(Integer.toString(request.getServerPort()));
                } else {
                    authenticateCC.append(realmName);
                }
                authenticateCC.append('\"');
                response.addHeader(WWW_AUTHENTICATE, authenticateCC.toString());
                response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
                return new AuthResult(TomcatAuthStatus.SEND_CONTINUE, null, false);
            } catch (IOException e) {
                throw new ServerAuthException(e);
            }
        }

        return new AuthResult(TomcatAuthStatus.SUCCESS, unauthenticatedIdentity, false);
    }
View Full Code Here

    @Override
    public AuthResult login(String username, String password, Request request) throws ServletException {
        UserIdentity userIdentity = loginService.login(username, password);
        if (userIdentity != null) {
            return new AuthResult(TomcatAuthStatus.SUCCESS, userIdentity, false);
        }
        return new AuthResult(TomcatAuthStatus.FAILURE, null, false);
    }
View Full Code Here

        try {
            if ((certs == null) || (certs.length < 1)) {
                if (isAuthMandatory) {
                    response.sendError(HttpServletResponse.SC_BAD_REQUEST,
                                   sm.getString("authenticator.certificates"));
                    return new AuthResult(TomcatAuthStatus.SEND_FAILURE, null, false);
                } else {
                    return new AuthResult(TomcatAuthStatus.SUCCESS, unauthenticatedIdentity, false);
                }
            }

            // Authenticate the specified certificate chain
            UserIdentity userIdentity = loginService.login(certs);
            if (userIdentity != null) {
                return new AuthResult(TomcatAuthStatus.SUCCESS, userIdentity, true);
            }
            if (isAuthMandatory) {
                response.sendError(HttpServletResponse.SC_UNAUTHORIZED,
                                   sm.getString("authenticator.unauthorized"));
                return new AuthResult(TomcatAuthStatus.SEND_CONTINUE, null, false);
            }
        } catch (IOException e) {
            throw new ServerAuthException(e);
        }
        return new AuthResult(TomcatAuthStatus.SUCCESS, unauthenticatedIdentity, false);
    }
View Full Code Here

    @Override
    public AuthResult login(String username, String password, Request request) throws ServletException {
        UserIdentity userIdentity = loginService.login(username, password);
        if (userIdentity != null) {
            return new AuthResult(TomcatAuthStatus.SUCCESS, userIdentity, true);
        }
        return new AuthResult(TomcatAuthStatus.FAILURE, null, false);
    }
View Full Code Here

TOP

Related Classes of org.apache.geronimo.tomcat.security.AuthResult

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.