Package org.jboss.security.plugins.auth

Examples of org.jboss.security.plugins.auth.JASPIServerAuthenticationManager

198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
        if (this.serverAuthenticationManagerClass ==  null) {
            SecurityContext context = SecurityActions.getSecurityContext();
            if (context != null) {
                WebLogger.WEB_SECURITY_LOGGER.debugf("Instantiating JASPI authentication manager with security domain %s",
                        context.getSecurityDomain());
                sam = new JASPIServerAuthenticationManager(context.getSecurityDomain(), new JBossCallbackHandler());
            }
            else {
                WebLogger.WEB_SECURITY_LOGGER.debugf("Security context is null, instantiating JASPI authentication manager with default domain");
                sam = new JASPIServerAuthenticationManager();
            }
        }
        // if not, load the configured authentication manager via reflection.
        else {
            Class<?> clazz;
View Full Code Here
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
    }

    @Override
    public AuthenticationMechanismOutcome authenticate(final HttpServerExchange exchange, final SecurityContext sc) {
        final ServletRequestContext requestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
        final JASPIServerAuthenticationManager sam = createJASPIAuthenticationManager();
        final GenericMessageInfo messageInfo = createMessageInfo(exchange, sc);
        final String applicationIdentifier = buildApplicationIdentifier(requestContext);
        final JASPICallbackHandler cbh = new JASPICallbackHandler();

        UndertowLogger.ROOT_LOGGER.debugf("validateRequest for layer [%s] and applicationContextIdentifier [%s]", JASPI_HTTP_SERVLET_LAYER, applicationIdentifier);

        Account cachedAccount = null;
        final JASPICSecurityContext jaspicSecurityContext = (JASPICSecurityContext) exchange.getSecurityContext();
        final AuthenticatedSessionManager sessionManager = exchange.getAttachment(AuthenticatedSessionManager.ATTACHMENT_KEY);

        if (sessionManager != null) {
            AuthenticatedSessionManager.AuthenticatedSession authSession = sessionManager.lookupSession(exchange);
            cachedAccount = authSession.getAccount();
            // if there is a cached account we set it in the security context so that the principal is available to
            // SAM modules via request.getUserPrincipal().
            if (cachedAccount !=  null) {
                jaspicSecurityContext.setCachedAuthenticatedAccount(cachedAccount);
            }
        }

        AuthenticationMechanismOutcome outcome = AuthenticationMechanismOutcome.NOT_AUTHENTICATED;
        Account authenticatedAccount = null;

        boolean isValid = sam.isValid(messageInfo, new Subject(), JASPI_HTTP_SERVLET_LAYER, applicationIdentifier, cbh);
        jaspicSecurityContext.setCachedAuthenticatedAccount(null);

        if (isValid) {
            // The CBH filled in the JBOSS SecurityContext, we need to create an Undertow account based on that
            org.jboss.security.SecurityContext jbossSct = SecurityActions.getSecurityContext();
View Full Code Here
159
160
161
162
163
164
165
    private boolean wasAuthExceptionThrown(HttpServerExchange exchange) {
        return exchange.getAttachment(UndertowSecurityAttachments.SECURITY_CONTEXT_ATTACHMENT).getData().get(AuthException.class.getName()) != null;
    }

    private JASPIServerAuthenticationManager createJASPIAuthenticationManager() {
        return new JASPIServerAuthenticationManager(this.securityDomain, new JBossCallbackHandler());
    }
View Full Code Here
59
60
61
62
63
64
65
    public JASPICSecurityContext(final HttpServerExchange exchange, final AuthenticationMode mode, final IdentityManager identityManager,
                                 final String securityDomain) {
        super (exchange, mode, identityManager);
        this.exchange = exchange;
        this.manager = new JASPIServerAuthenticationManager(securityDomain, new JBossCallbackHandler());
    }
View Full Code Here
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
        if (this.serverAuthenticationManagerClass ==  null) {
            SecurityContext context = SecurityActions.getSecurityContext();
            if (context != null) {
                log.debugf("Instantiating JASPI authentication manager with security domain %s",
                        context.getSecurityDomain());
                sam = new JASPIServerAuthenticationManager(context.getSecurityDomain(), new JBossCallbackHandler());
            }
            else {
                log.debugf("Security context is null, instantiating JASPI authentication manager with default domain");
                sam = new JASPIServerAuthenticationManager();
            }
        }
        // if not, load the configured authentication manager via reflection.
        else {
            Class<?> clazz;
View Full Code Here
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
            // authentication here is not mandatory.
            messageInfo.getMap().put("javax.security.auth.message.MessagePolicy.isMandatory", "false");

            WebJASPICallbackHandler cbh = new WebJASPICallbackHandler();
            ServerAuthenticationManager sam = new JASPIServerAuthenticationManager();

            String appContext = request.getLocalName() + " " + request.getContextPath();
            String messageLayer = "HttpServlet";

            boolean isValid = sam.isValid(messageInfo, new Subject(), messageLayer, appContext, cbh);
            if (isValid) {
                log.debugf("JASPI validation for unprotected request context %s succeeded", request.getServletPath());
                sam.secureResponse(messageInfo, new Subject(),  messageLayer, appContext, cbh);
            }
            else {
                // just log an error - this situation indicates a problem with the JASPI implementation but the call is
                // safe to proceed to the unprotected resource.
                log.errorf("JASPI validation for unprotected request context %s failed", request.getServletPath());
View Full Code Here
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
        if (this.serverAuthenticationManagerClass ==  null) {
            SecurityContext context = SecurityActions.getSecurityContext();
            if (context != null) {
                WebLogger.WEB_SECURITY_LOGGER.debugf("Instantiating JASPI authentication manager with security domain %s",
                        context.getSecurityDomain());
                sam = new JASPIServerAuthenticationManager(context.getSecurityDomain(), new JBossCallbackHandler());
            }
            else {
                WebLogger.WEB_SECURITY_LOGGER.debugf("Security context is null, instantiating JASPI authentication manager with default domain");
                sam = new JASPIServerAuthenticationManager();
            }
        }
        // if not, load the configured authentication manager via reflection.
        else {
            Class<?> clazz;
View Full Code Here
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
        if (this.serverAuthenticationManagerClass ==  null) {
            SecurityContext context = SecurityActions.getSecurityContext();
            if (context != null) {
                WebLogger.WEB_SECURITY_LOGGER.debugf("Instantiating JASPI authentication manager with security domain %s",
                        context.getSecurityDomain());
                sam = new JASPIServerAuthenticationManager(context.getSecurityDomain(), new JBossCallbackHandler());
            }
            else {
                WebLogger.WEB_SECURITY_LOGGER.debugf("Security context is null, instantiating JASPI authentication manager with default domain");
                sam = new JASPIServerAuthenticationManager();
            }
        }
        // if not, load the configured authentication manager via reflection.
        else {
            Class<?> clazz;
View Full Code Here
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
            // authentication here is not mandatory.
            messageInfo.getMap().put("javax.security.auth.message.MessagePolicy.isMandatory", "false");

            WebJASPICallbackHandler cbh = new WebJASPICallbackHandler();
            ServerAuthenticationManager sam = new JASPIServerAuthenticationManager();

            String appContext = request.getLocalName() + " " + request.getContextPath();
            String messageLayer = "HttpServlet";

            boolean isValid = sam.isValid(messageInfo, new Subject(), messageLayer, appContext, cbh);
            if (isValid) {
                WebLogger.WEB_SECURITY_LOGGER.debugf("JASPI validation for unprotected request context %s succeeded", request.getServletPath());
                sam.secureResponse(messageInfo, new Subject(),  messageLayer, appContext, cbh);
            }
            else {
                // just log an error - this situation indicates a problem with the JASPI implementation but the call is
                // safe to proceed to the unprotected resource.
                WebLogger.WEB_SECURITY_LOGGER.failJASPIValidation(request.getServletPath());
View Full Code Here
187
188
189
190
191
192
193
194
195
196
197
  
      SecurityContext securityContext = new JBossSecurityContext(policyName);
      SecurityContextAssociation.setSecurityContext(securityContext);
     
      CallbackHandler handler = new TestCallbackHandler();
      JASPIServerAuthenticationManager aContext = new JASPIServerAuthenticationManager(policyName,
            handler)
      GenericMessageInfo requestMessage = new GenericMessageInfo(new Object(), new Object());
      return  aContext.isValid(requestMessage, new Subject(), "HttpServlet",
            handler);
   }
View Full Code Here
TOP

Related Classes of org.jboss.security.plugins.auth.JASPIServerAuthenticationManager

  • org.jboss.as.web.security.jaspi.WebJASPIAuthenticator
  • org.jboss.as.web.security.jaspi.WebJASPIOptionalAuthenticator
  • org.jboss.test.authentication.jaspi.AuthContextUnitTestCase
  • org.jboss.test.authentication.jaspi.JASPIServerAuthenticationManagerUnitTestCase
  • org.jboss.test.authentication.WebJASPIAuthMgrUnitTestCase
  • org.wildfly.extension.undertow.security.jaspi.JASPIAuthenticationMechanism
  • org.wildfly.extension.undertow.security.jaspi.JASPICSecurityContext
  • javax.security.auth.message.config.AuthConfigFactory
  • javax.security.auth.message.config.AuthConfigProvider
  • javax.security.auth.message.AuthStatus
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.