Search in sources :

Example 26 with AuthContext

use of com.sun.identity.authentication.AuthContext in project OpenAM by OpenRock.

the class AuthXMLHandler method processRequirements.

/*
     * process callbacks
     */
private void processRequirements(String xml, AuthContextLocal authContext, AuthXMLResponse authResponse, String params, HttpServletRequest servletRequest) {
    String[] paramArray = null;
    StringTokenizer paramsSet = null;
    if (params != null) {
        paramsSet = new StringTokenizer(params, ISAuthConstants.PIPE_SEPARATOR);
    }
    boolean allCallbacksAreSet = true;
    String param;
    while (authContext.hasMoreRequirements()) {
        Callback[] reqdCallbacks = authContext.getRequirements();
        for (int i = 0; i < reqdCallbacks.length; i++) {
            if (reqdCallbacks[i] instanceof X509CertificateCallback) {
                X509CertificateCallback certCallback = (X509CertificateCallback) reqdCallbacks[i];
                LoginState loginState = AuthUtils.getLoginState(authContext);
                if (loginState != null) {
                    X509Certificate cert = loginState.getX509Certificate(servletRequest);
                    if (cert != null) {
                        certCallback.setCertificate(cert);
                        certCallback.setReqSignature(false);
                    } else {
                        allCallbacksAreSet = false;
                    }
                }
            } else {
                param = null;
                if (reqdCallbacks[i] instanceof NameCallback) {
                    param = getNextParam(paramsSet);
                    if (param != null) {
                        NameCallback nc = (NameCallback) reqdCallbacks[i];
                        nc.setName(param);
                        if (messageEnabled) {
                            debug.message("Name callback set to " + param);
                        }
                    } else {
                        allCallbacksAreSet = false;
                        break;
                    }
                } else if (reqdCallbacks[i] instanceof PasswordCallback) {
                    param = getNextParam(paramsSet);
                    if (param != null) {
                        PasswordCallback pc = (PasswordCallback) reqdCallbacks[i];
                        pc.setPassword(param.toCharArray());
                        if (messageEnabled) {
                            debug.message("Password callback is set");
                        }
                    } else {
                        allCallbacksAreSet = false;
                        break;
                    }
                } else {
                    if (params == null) {
                        allCallbacksAreSet = false;
                    }
                }
            // add more callbacks if required
            }
        }
        if (getNextParam(paramsSet) != null) {
            allCallbacksAreSet = false;
        }
        if (allCallbacksAreSet) {
            if (messageEnabled) {
                debug.message("submit callbacks with passed in params");
            }
            authContext.submitRequirements(reqdCallbacks);
        } else {
            authResponse.setReqdCallbacks(reqdCallbacks);
            break;
        }
    }
    if (!authContext.hasMoreRequirements()) {
        AuthContext.Status loginStatus = authContext.getStatus();
        if (messageEnabled) {
            debug.message(" Status: " + loginStatus);
        }
        authResponse.setLoginStatus(loginStatus);
    }
}
Also used : AuthContext(com.sun.identity.authentication.AuthContext) X509Certificate(java.security.cert.X509Certificate) StringTokenizer(java.util.StringTokenizer) PasswordCallback(javax.security.auth.callback.PasswordCallback) Callback(javax.security.auth.callback.Callback) X509CertificateCallback(com.sun.identity.authentication.spi.X509CertificateCallback) ChoiceCallback(javax.security.auth.callback.ChoiceCallback) NameCallback(javax.security.auth.callback.NameCallback) NameCallback(javax.security.auth.callback.NameCallback) LoginState(com.sun.identity.authentication.service.LoginState) PasswordCallback(javax.security.auth.callback.PasswordCallback) X509CertificateCallback(com.sun.identity.authentication.spi.X509CertificateCallback)

Example 27 with AuthContext

use of com.sun.identity.authentication.AuthContext in project OpenAM by OpenRock.

the class AuthXMLRequestParser method parseXML.

/**
     * Parses the authentication request xml document. 
     * 
     * @return a AuthXMLRequest object.
     * @throws AuthException if it fails to parse the xml.
     */
public AuthXMLRequest parseXML() throws AuthException {
    try {
        debug.message("entering parseXML");
        if (xmlDocument == null) {
            return null;
        }
        authXMLRequest = new AuthXMLRequest();
        // get the document root
        Element docElem = xmlDocument.getDocumentElement();
        if (docElem != null) {
            String temp = docElem.getAttribute("version");
            if (debug.messageEnabled()) {
                debug.message("Request Version is.. : " + temp);
            }
            if (temp != null) {
                authXMLRequest.setRequestVersion(temp);
            }
            Node requestNode = XMLUtils.getChildNode((Node) docElem, "Request");
            String authIdentifier = null;
            if (requestNode != null) {
                authIdentifier = parseNodeAttributes(requestNode, "authIdentifier");
                if (debug.messageEnabled()) {
                    debug.message("AuthIdentifier is : " + authIdentifier);
                }
                authXMLRequest.setAuthIdentifier(authIdentifier);
            }
            Node appSSOTokenNode = XMLUtils.getChildNode((Node) requestNode, "AppSSOToken");
            if (appSSOTokenNode != null) {
                debug.message("Got the SSO Token node: ");
                String appSSOTokenID = XMLUtils.getValueOfValueNode(appSSOTokenNode);
                if (appSSOTokenID != null) {
                    if (debug.messageEnabled()) {
                        debug.message("Got the Session Id: " + appSSOTokenID);
                    }
                    authXMLRequest.setAppSSOTokenID(appSSOTokenID);
                }
            }
            // get the Nodes for the Request Element
            // get new auth context node 
            Node newAuthContextNode = XMLUtils.getChildNode(requestNode, "NewAuthContext");
            if (newAuthContextNode != null) {
                String orgName = parseNodeAttributes(newAuthContextNode, "orgName");
                authXMLRequest.setOrgName(orgName);
                authXMLRequest.setRequestType(AuthXMLRequest.NewAuthContext);
                AuthContextLocal authContext = AuthUtils.getAuthContext(orgName, authIdentifier, false, servletReq, null, null);
                authXMLRequest.setAuthContext(authContext);
            }
            // get query node 
            Node queryInfoNode = XMLUtils.getChildNode(requestNode, "QueryInformation");
            if (queryInfoNode != null) {
                String queryType = parseNodeAttributes(queryInfoNode, "requestedInformation");
                authXMLRequest.setRequestInformation(queryType);
                authXMLRequest.setRequestType(AuthXMLRequest.QueryInformation);
                String orgName = parseNodeAttributes(queryInfoNode, "orgName");
                AuthContextLocal authContext = null;
                if (orgName != null) {
                    authContext = AuthUtils.getAuthContext(orgName, servletReq);
                } else {
                    authContext = AuthUtils.getAuthContext(null, authIdentifier, false);
                }
                authXMLRequest.setAuthContext(authContext);
            }
            // get login node 
            Node loginNode = XMLUtils.getChildNode(requestNode, "Login");
            if (loginNode != null) {
                debug.message("found login node !!");
                String orgName = parseNodeAttributes(loginNode, "orgName");
                //Let's set the request type to Login by default
                authXMLRequest.setRequestType(AuthXMLRequest.Login);
                //this method can change the default requesttype to
                //LoginIndex type if indexname/indextype was supplied in the
                //request
                parseLoginNodeElements(loginNode, authXMLRequest);
                AuthContext.IndexType indexType = authXMLRequest.getIndexType();
                String indexTypeParam = convertIndexType(indexType);
                String indexName = authXMLRequest.getIndexName();
                if (indexType == AuthContext.IndexType.COMPOSITE_ADVICE) {
                    //realm name from policy advice has precedence over
                    //the orgName attribute
                    orgName = AuthUtils.getRealmFromPolicyAdvice(indexName);
                }
                AuthContextLocal authContext = null;
                if (orgName != null) {
                    authXMLRequest.setOrgName(orgName);
                }
                String hostName = parseNodeAttributes(loginNode, "hostName");
                if (hostName != null) {
                    authXMLRequest.setHostName(hostName);
                }
                String localeAttr = parseNodeAttributes(loginNode, AuthXMLTags.LOCALE);
                if (localeAttr != null) {
                    authXMLRequest.setLocale(localeAttr);
                }
                String forceAuth = parseNodeAttributes(loginNode, "forceAuth");
                if (forceAuth != null) {
                    authXMLRequest.setForceAuth(forceAuth);
                    if (debug.messageEnabled()) {
                        debug.message("AuthXMLRequestParser.parseXML: " + "Got the force auth flag: " + forceAuth);
                    }
                }
                boolean forceAuthBool = Boolean.parseBoolean(forceAuth);
                authContext = AuthUtils.getAuthContext(orgName, authIdentifier, false, servletReq, indexTypeParam, authXMLRequest, forceAuthBool);
                authXMLRequest.setAuthContext(authContext);
                if (localeAttr != null) {
                    LoginState loginState = authContext.getLoginState();
                    loginState.setRemoteLocale(localeAttr);
                }
                HttpServletRequest clientRequest = AuthXMLUtils.getRemoteRequest(XMLUtils.getChildNode(requestNode, AuthXMLTags.REMOTE_REQUEST_RESPONSE));
                HttpServletResponse clientResponse = AuthXMLUtils.getRemoteResponse(XMLUtils.getChildNode(requestNode, AuthXMLTags.REMOTE_REQUEST_RESPONSE));
                authXMLRequest.setClientRequest(clientRequest);
                authXMLRequest.setClientResponse(clientResponse);
            }
            // get submit requirements node
            Node submitReqNode = XMLUtils.getChildNode(requestNode, "SubmitRequirements");
            if (submitReqNode != null) {
                authXMLRequest.setRequestType(AuthXMLRequest.SubmitRequirements);
                AuthContextLocal authContext = AuthUtils.getAuthContext(servletReq, authIdentifier);
                authXMLRequest.setAuthContext(authContext);
                Callback[] callbacks = AuthUtils.getRecdCallback(authContext);
                parseSubmitReqElements(submitReqNode, authXMLRequest, callbacks);
                String localeStr = authXMLRequest.getLocale();
                LoginState loginState = authContext.getLoginState();
                loginState.setRemoteLocale(localeStr);
                HttpServletRequest clientRequest = AuthXMLUtils.getRemoteRequest(XMLUtils.getChildNode(requestNode, AuthXMLTags.REMOTE_REQUEST_RESPONSE));
                HttpServletResponse clientResponse = AuthXMLUtils.getRemoteResponse(XMLUtils.getChildNode(requestNode, AuthXMLTags.REMOTE_REQUEST_RESPONSE));
                authXMLRequest.setClientRequest(clientRequest);
                authXMLRequest.setClientResponse(clientResponse);
            }
            // get  logout node
            Node logoutNode = XMLUtils.getChildNode(requestNode, "Logout");
            if (logoutNode != null) {
                authXMLRequest.setRequestType(AuthXMLRequest.Logout);
            }
            // get abort node
            Node abortNode = XMLUtils.getChildNode(requestNode, "Abort");
            if (abortNode != null) {
                authXMLRequest.setRequestType(AuthXMLRequest.Abort);
                AuthContextLocal authContext = AuthUtils.getAuthContext(null, authIdentifier, true);
                authXMLRequest.setAuthContext(authContext);
            }
        }
    } catch (AuthException e) {
        throw e;
    } catch (Exception e) {
        debug.message("Error in parseXML: : ", e);
    }
    return authXMLRequest;
}
Also used : Element(org.w3c.dom.Element) Node(org.w3c.dom.Node) AuthContext(com.sun.identity.authentication.AuthContext) HttpServletResponse(javax.servlet.http.HttpServletResponse) AuthException(com.sun.identity.authentication.service.AuthException) AuthException(com.sun.identity.authentication.service.AuthException) HttpServletRequest(javax.servlet.http.HttpServletRequest) Callback(javax.security.auth.callback.Callback) LoginState(com.sun.identity.authentication.service.LoginState)

Example 28 with AuthContext

use of com.sun.identity.authentication.AuthContext in project OpenAM by OpenRock.

the class Authenticator method sessionBasedLoginInternal.

private AuthContext sessionBasedLoginInternal(CommandManager mgr, String bindUser, String bindPwd, String indexType, String indexName) throws CLIException {
    AuthContext lc = getAuthContext(mgr, indexType, indexName);
    processCallback(mgr, lc, bindUser, bindPwd);
    try {
        lc.getSSOToken();
    } catch (Exception e) {
        ResourceBundle rb = mgr.getResourceBundle();
        throw new CLIException(rb.getString("exception-session-based-login-failed"), ExitCodes.SESSION_BASED_LOGIN_FAILED);
    }
    return lc;
}
Also used : AuthContext(com.sun.identity.authentication.AuthContext) ResourceBundle(java.util.ResourceBundle) LoginException(javax.security.auth.login.LoginException) InvalidAuthContextException(com.sun.identity.authentication.internal.InvalidAuthContextException) SSOException(com.iplanet.sso.SSOException)

Example 29 with AuthContext

use of com.sun.identity.authentication.AuthContext in project OpenAM by OpenRock.

the class Authenticator method sessionBasedLogin.

public AuthContext sessionBasedLogin(CommandManager mgr, String bindUser, String bindPwd) throws CLIException {
    String[] param = { bindUser };
    LogWriter.log(mgr, LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_LOGIN", param, null);
    try {
        AuthContext ac = sessionBasedLoginInternal(mgr, bindUser, bindPwd);
        LogWriter.log(mgr, LogWriter.LOG_ACCESS, Level.INFO, "SUCCEED_LOGIN", param, null);
        return ac;
    } catch (CLIException e) {
        String[] params = { bindUser, e.getMessage() };
        LogWriter.log(mgr, LogWriter.LOG_ERROR, Level.INFO, "FAILED_LOGIN", params, null);
        throw e;
    }
}
Also used : AuthContext(com.sun.identity.authentication.AuthContext)

Example 30 with AuthContext

use of com.sun.identity.authentication.AuthContext in project OpenAM by OpenRock.

the class SessionCommand method handleRequest.

public void handleRequest(RequestContext rc) throws CLIException {
    super.handleRequest(rc);
    Authenticator auth = Authenticator.getInstance();
    String bindUser = getAdminID();
    AuthContext lc = auth.sessionBasedLogin(getCommandManager(), bindUser, getAdminPassword());
    try {
        boolean isQuiet = isOptionSet(QUIET_PARAM);
        handleRequest(lc.getSSOToken(), isQuiet);
        try {
            lc.logout();
        } catch (AuthLoginException e) {
            throw new CLIException(e, ExitCodes.SESSION_BASED_LOGOUT_FAILED);
        }
    } catch (Exception e) {
        throw new CLIException(e, ExitCodes.SESSION_BASED_LOGIN_FAILED);
    }
}
Also used : AuthContext(com.sun.identity.authentication.AuthContext) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException) IOException(java.io.IOException) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException) SessionException(com.iplanet.dpro.session.SessionException)

Aggregations

AuthContext (com.sun.identity.authentication.AuthContext)40 Callback (javax.security.auth.callback.Callback)22 NameCallback (javax.security.auth.callback.NameCallback)21 PasswordCallback (javax.security.auth.callback.PasswordCallback)20 SSOToken (com.iplanet.sso.SSOToken)14 AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)14 SSOException (com.iplanet.sso.SSOException)12 LoginException (javax.security.auth.login.LoginException)8 Iterator (java.util.Iterator)7 Set (java.util.Set)7 IdRepoException (com.sun.identity.idm.IdRepoException)6 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)6 IOException (java.io.IOException)5 ArrayList (java.util.ArrayList)5 Subject (javax.security.auth.Subject)5 Principal (java.security.Principal)4 HashSet (java.util.HashSet)4 Map (java.util.Map)4 SSOTokenManager (com.iplanet.sso.SSOTokenManager)3 LoginState (com.sun.identity.authentication.service.LoginState)3