Package org.jboss.security

Examples of org.jboss.security.ServerAuthenticationManager


     * </p>
     *
     * @return a reference to the instantiated {@code ServerAuthenticationManager} instance.
     */
    protected ServerAuthenticationManager getServerAuthenticationManager() {
        ServerAuthenticationManager sam = null;
        // if the default authentication manager is to be used, just instantiate it.
        if (this.serverAuthenticationManagerClass ==  null) {
            SecurityContext context = SecurityActions.getSecurityContext();
            if (context != null) {
                WebLogger.WEB_SECURITY_LOGGER.debugf("Instantiating JASPI authentication manager with security domain %s",
View Full Code Here


        // put bits of information needed by tomcat server auth modules
        messageInfo.getMap().put("CACHE", String.valueOf(cache));
        messageInfo.getMap().put("javax.security.auth.message.MessagePolicy.isMandatory", "true");

        WebJASPICallbackHandler cbh = new WebJASPICallbackHandler();
        ServerAuthenticationManager sam = getServerAuthenticationManager();
        String appContext = request.getLocalName() + " " + request.getContextPath();
        Subject clientSubject = new Subject();
        if (sam != null) {
            result = sam.isValid(messageInfo, clientSubject, messageLayer, appContext, cbh);
        }

        // the authentication process has been a success. We need to register the principal, username, password and roles
        // with the container
        if (result) {
            PasswordValidationCallback pvc = cbh.getPasswordValidationCallback();
            CallerPrincipalCallback cpc = cbh.getCallerPrincipalCallback();
            GroupPrincipalCallback gpc = cbh.getGroupPrincipalCallback();

            // get the client principal from the callback.
            Principal clientPrincipal = cpc.getPrincipal();
            if (clientPrincipal == null) {
                clientPrincipal = new SimplePrincipal(cpc.getName());
            }

            // if the client principal is not a jboss generic principal, we need to build one before registering.
            if (!(clientPrincipal instanceof JBossGenericPrincipal))
                clientPrincipal = this.buildJBossPrincipal(clientSubject, clientPrincipal, gpc);

            String passwordString = (pvc != null && pvc.getPassword() != null) ? new String(pvc.getPassword()) : null;
            String passwordUsername = (pvc != null && pvc.getUsername() != null) ? pvc.getUsername() : null;
            this.register(request, response, clientPrincipal, authMethod, passwordUsername, passwordString);

            if (this.secureResponse)
                sam.secureResponse(messageInfo, new Subject(), messageLayer, appContext, cbh);
        }

        return result;
    }
View Full Code Here

     * </p>
     *
     * @return a reference to the instantiated {@code ServerAuthenticationManager} instance.
     */
    protected ServerAuthenticationManager getServerAuthenticationManager() {
        ServerAuthenticationManager sam = null;
        // if the default authentication manager is to be used, just instantiate it.
        if (this.serverAuthenticationManagerClass ==  null) {
            SecurityContext context = SecurityActions.getSecurityContext();
            if (context != null) {
                WebLogger.WEB_SECURITY_LOGGER.debugf("Instantiating JASPI authentication manager with security domain %s",
View Full Code Here

            // authentication here is not mandatory.
            messageInfo.getMap().put("javax.security.auth.message.MessagePolicy.isMandatory", "false");

            WebJASPICallbackHandler cbh = new WebJASPICallbackHandler();
            ServerAuthenticationManager sam = new JASPIServerAuthenticationManager();

            String appContext = request.getLocalName() + " " + request.getContextPath();
            String messageLayer = "HttpServlet";

            boolean isValid = sam.isValid(messageInfo, new Subject(), messageLayer, appContext, cbh);
            if (isValid) {
                WebLogger.WEB_SECURITY_LOGGER.debugf("JASPI validation for unprotected request context %s succeeded", request.getServletPath());
                sam.secureResponse(messageInfo, new Subject(),  messageLayer, appContext, cbh);
            }
            else {
                // just log an error - this situation indicates a problem with the JASPI implementation but the call is
                // safe to proceed to the unprotected resource.
                WebLogger.WEB_SECURITY_LOGGER.failJASPIValidation(request.getServletPath());
View Full Code Here

        // put bits of information needed by tomcat server auth modules
        messageInfo.getMap().put("CACHE", String.valueOf(cache));
        messageInfo.getMap().put("javax.security.auth.message.MessagePolicy.isMandatory", "true");

        WebJASPICallbackHandler cbh = new WebJASPICallbackHandler();
        ServerAuthenticationManager sam = getServerAuthenticationManager();
        String appContext = request.getLocalName() + " " + request.getContextPath();
        Subject clientSubject = new Subject();
        if (sam != null) {
            result = sam.isValid(messageInfo, clientSubject, messageLayer, appContext, cbh);
        }

        // the authentication process has been a success. We need to register the principal, username, password and roles
        // with the container
        if (result) {
            PasswordValidationCallback pvc = cbh.getPasswordValidationCallback();
            CallerPrincipalCallback cpc = cbh.getCallerPrincipalCallback();

            // get the client principal from the callback.
            Principal clientPrincipal = cpc.getPrincipal();
            if (clientPrincipal == null) {
                clientPrincipal = new SimplePrincipal(cpc.getName());
            }

            // if the client principal is not a jboss generic principal, we need to build one before registering.
            if (!(clientPrincipal instanceof JBossGenericPrincipal))
                clientPrincipal = this.buildJBossPrincipal(clientSubject, clientPrincipal);

            this.register(request, response, clientPrincipal, authMethod, pvc.getUsername(),
                    new String(pvc.getPassword()));

            if (this.secureResponse)
                sam.secureResponse(messageInfo, new Subject(), messageLayer, appContext, cbh);
        }

        return result;
    }
View Full Code Here

     * </p>
     *
     * @return a reference to the instantiated {@code ServerAuthenticationManager} instance.
     */
    protected ServerAuthenticationManager getServerAuthenticationManager() {
        ServerAuthenticationManager sam = null;
        // if the default authentication manager is to be used, just instantiate it.
        if (this.serverAuthenticationManagerClass ==  null) {
            SecurityContext context = SecurityActions.getSecurityContext();
            if (context != null) {
                WebLogger.WEB_SECURITY_LOGGER.debugf("Instantiating JASPI authentication manager with security domain %s",
View Full Code Here

   @Override
   public void testLogin() throws Exception
   {
      HttpServletRequest hsr = getHttpServletRequest("jduke", "theduke");
      MessageInfo mi = new GenericMessageInfo(hsr, (HttpServletResponse) null);
      ServerAuthenticationManager am = new JASPIServerAuthenticationManager(securityDomain, acbh);
      assertTrue(am.isValid(mi, (Subject)null, "HTTP", new JBossCallbackHandler()));
   }
View Full Code Here

   @Override
   public void testUnsuccessfulLogin() throws Exception
   {
      HttpServletRequest hsr = getHttpServletRequest("jduke", "BAD");
      MessageInfo mi = new GenericMessageInfo(hsr, (HttpServletResponse) null);
      ServerAuthenticationManager am = new JASPIServerAuthenticationManager(securityDomain, acbh);
      assertFalse(am.isValid(mi, (Subject)null, "HTTP", null));
   }
View Full Code Here

TOP

Related Classes of org.jboss.security.ServerAuthenticationManager

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.