// put bits of information needed by tomcat server auth modules
messageInfo.getMap().put("CACHE", String.valueOf(cache));
messageInfo.getMap().put("javax.security.auth.message.MessagePolicy.isMandatory", "true");
WebJASPICallbackHandler cbh = new WebJASPICallbackHandler();
ServerAuthenticationManager sam = getServerAuthenticationManager();
String appContext = request.getLocalName() + " " + request.getContextPath();
Subject clientSubject = new Subject();
if (sam != null) {
result = sam.isValid(messageInfo, clientSubject, messageLayer, appContext, cbh);
}
// the authentication process has been a success. We need to register the principal, username, password and roles
// with the container
if (result) {
PasswordValidationCallback pvc = cbh.getPasswordValidationCallback();
CallerPrincipalCallback cpc = cbh.getCallerPrincipalCallback();
GroupPrincipalCallback gpc = cbh.getGroupPrincipalCallback();
// get the client principal from the callback.
Principal clientPrincipal = cpc.getPrincipal();
if (clientPrincipal == null) {
clientPrincipal = new SimplePrincipal(cpc.getName());
}
// if the client principal is not a jboss generic principal, we need to build one before registering.
if (!(clientPrincipal instanceof JBossGenericPrincipal))
clientPrincipal = this.buildJBossPrincipal(clientSubject, clientPrincipal, gpc);
String passwordString = (pvc != null && pvc.getPassword() != null) ? new String(pvc.getPassword()) : null;
String passwordUsername = (pvc != null && pvc.getUsername() != null) ? pvc.getUsername() : null;
this.register(request, response, clientPrincipal, authMethod, passwordUsername, passwordString);
if (this.secureResponse)
sam.secureResponse(messageInfo, new Subject(), messageLayer, appContext, cbh);
}
return result;
}