Example 6 with RedirectCallback
use of com.sun.identity.authentication.spi.RedirectCallback in project OpenAM by OpenRock.
the class OpenAMAuthHandler method isNextCallbackSetAvailable.
/**
* Obtains the next set of OpenAM authorization callbacks, updating our info set or sets the callbacks to null if
* unable to acquire and update the info set and sends an accessReject response in that case. Returns true if
* callback set was loaded into holder. Returns false if they couldn't be loaded or were empty which may be a valid
* state depending on the caller. Sets holder.authPhase = TERMINATED if something happened causing the
* authentication process to fail.
*
* @param context
* @param holder
* @return
*/
private boolean isNextCallbackSetAvailable(RadiusResponse response, ContextHolder holder) {
final boolean moreCallbacksAvailable = holder.getAuthContext().hasMoreRequirements();
if (!moreCallbacksAvailable) {
// cLog.warning("--- no callbacks available, set callbacks=null in isNextCallbackSetAvailable");
holder.setCallbacks(null);
return false;
}
// true means do NOT filter PagePropertiesCallbacks
final Callback[] callbacks = holder.getAuthContext().getRequirements(true);
holder.setCallbacks(callbacks);
if (holder.getCallbacks() == null) {
// cLog.warning("--- callbacks == null after ac.getReqs() called in isNextCallbackSetAvailable");
return false;
}
// process page properties piece
if (callbacks[0] instanceof PagePropertiesCallback) {
// not a formal callback, openam specific
final PagePropertiesCallback pp = (PagePropertiesCallback) callbacks[0];
holder.setCallbackSetProps(pp);
// since page properties cb is at zero index
holder.setIdxOfCurrentCallback(1);
final String moduleName = pp.getModuleName();
if (!moduleName.equals(holder.getModuleName())) {
// entering new module
holder.setModuleName(moduleName);
holder.incrementChainModuleIndex();
holder.setIdxOfCallbackSetInModule(0);
// cLog.warning("New Module Incurred: " + holder.moduleName + " with callbacks["
// + holder.callbacks.length + "]");
} else {
holder.incrementIdxOfCallbackSetInModule();
// cLog.warning("New Callback Set[" + holder.callbacks.length + "] Incurred in Module: "
// + holder.moduleName);
}
// update the
holder.setMillisExpiryForCurrentCallbacks(1000L * pp.getTimeOutValue());
holder.setMillisExpiryPoint(System.currentTimeMillis() + holder.getMillisExpiryForCurrentCallbacks());
} else {
LOG.error("Callback at index 0 is not of type PagePropertiesCallback!!!");
rejectAccessAndTerminateProcess(response, holder);
return false;
}
// now fail fast if we find unsupportable callback types
boolean httpCbIncurred = false;
boolean redirectCbIncurred = false;
for (int i = 1; i < callbacks.length; i++) {
final Callback cb = callbacks[i];
if (cb instanceof HttpCallback) {
httpCbIncurred = true;
break;
} else if (cb instanceof RedirectCallback) {
redirectCbIncurred = true;
break;
}
}
if (httpCbIncurred || redirectCbIncurred) {
LOG.error("Radius can not support " + (httpCbIncurred ? HttpCallback.class.getSimpleName() : RedirectCallback.class.getSimpleName()) + " used by module " + holder.getChainModuleIndex() + " with name " + holder.getModuleName() + " in chain '" + this.authChain + "'. Denying Access.");
rejectAccessAndTerminateProcess(response, holder);
return false;
}
return true;
}
Also used :
RedirectCallback(com.sun.identity.authentication.spi.RedirectCallback)
PagePropertiesCallback(com.sun.identity.authentication.spi.PagePropertiesCallback)
HttpCallback(com.sun.identity.authentication.spi.HttpCallback)
RedirectCallback(com.sun.identity.authentication.spi.RedirectCallback)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
ChoiceCallback(javax.security.auth.callback.ChoiceCallback)
NameCallback(javax.security.auth.callback.NameCallback)
ConfirmationCallback(javax.security.auth.callback.ConfirmationCallback)
Callback(javax.security.auth.callback.Callback)
PagePropertiesCallback(com.sun.identity.authentication.spi.PagePropertiesCallback)
HttpCallback(com.sun.identity.authentication.spi.HttpCallback)
Example 7 with RedirectCallback
use of com.sun.identity.authentication.spi.RedirectCallback in project OpenAM by OpenRock.
the class AMLoginContext method executeLogin.
/**
* Starts login process, the map passed to this method is the parameters
* required to start the login process. These parameters are
* <code>indexType</code>, <code>indexName</code> , <code>principal</code>,
* <code>subject</code>, <code>password</code>,
* <code>organization name</code>. Based on these parameters Module
* Configuration name is retrieved using Configuration component. Creates
* a new LoginContext and starts login process and returns. On error
* LoginException is thrown.
*
* @param loginParamsMap login parameters HashMap
* @throws AuthLoginException if execute login fails
*/
public void executeLogin(Map<String, Object> loginParamsMap) throws AuthLoginException {
boolean errorState = false;
internalAuthError = false;
processDone = false;
isFailed = false;
setLoginHash();
/*
* Ensure loginState created and loginParamsMap provided
*/
if (loginState == null || loginParamsMap == null) {
debug.error("Error: loginState or loginParams is null");
loginStatus.setStatus(LoginStatus.AUTH_FAILED);
if (loginState != null) {
loginState.setErrorCode(AMAuthErrorCode.AUTH_ERROR);
}
setErrorMsgAndTemplate();
internalAuthError = true;
throw new AuthLoginException(BUNDLE_NAME, AMAuthErrorCode.AUTH_ERROR, null);
}
/*
* Lookup resource bundle and locale specific settings based on locale associated with LoginState
*/
java.util.Locale loginLocale = com.sun.identity.shared.locale.Locale.getLocale(loginState.getLocale());
bundle = AMResourceBundleCache.getInstance().getResBundle(BUNDLE_NAME, loginLocale);
exceedRetryLimit = AMResourceBundleCache.getInstance().getResBundle("amAuthLDAP", loginLocale).getString(ISAuthConstants.EXCEED_RETRY_LIMIT);
if (debug.messageEnabled()) {
debug.message("LoginState : " + loginState);
}
/*
* Handle redirection if applicable
*/
String redirectUrl = (String) loginParamsMap.get(AuthContextLocal.REDIRECT_URL);
if (redirectUrl != null) {
// Resource/IP/Env based auth case with Redirection Advice
Callback[] redirectCallback = new Callback[1];
redirectCallback[0] = new RedirectCallback(redirectUrl, null, "GET");
if (isPureJAAS()) {
loginState.setReceivedCallback_NoThread(redirectCallback);
} else {
loginState.setReceivedCallback(redirectCallback, this);
}
return;
}
/*
* Initialize instance fields from loginParamsMap
*/
parseLoginParams(loginParamsMap);
/*
* Copy orgDN and clientType values from LoginState
*/
if (authContext.getOrgDN() != null && !authContext.getOrgDN().isEmpty()) {
orgDN = authContext.getOrgDN();
loginState.setQualifiedOrgDN(orgDN);
} else {
orgDN = loginState.getOrgDN();
}
clientType = loginState.getClientType();
if (debug.messageEnabled()) {
debug.message("orgDN : " + orgDN);
debug.message("clientType : " + clientType);
}
/*
* Throw an exception if module-based authentication is disabled and an authentication module other
* than APPLICATION_MODULE or FEDERATION_MODULE is explicitly requested.
*/
if (indexType == IndexType.MODULE_INSTANCE && !loginState.getEnableModuleBasedAuth() && !indexName.equals(ISAuthConstants.APPLICATION_MODULE)) {
String moduleClassName = null;
try {
AMAuthenticationManager authManager = new AMAuthenticationManager(AccessController.doPrivileged(AdminTokenAction.getInstance()), orgDN);
AMAuthenticationInstance authInstance = authManager.getAuthenticationInstance(indexName);
moduleClassName = authInstance.getType();
} catch (AMConfigurationException amce) {
debug.error("AMLoginContext.executeLogin(): Unable to get authentication config", amce);
}
if (moduleClassName != null && !moduleClassName.equalsIgnoreCase(ISAuthConstants.FEDERATION_MODULE)) {
throwExceptionIfModuleBasedAuthenticationDisabled();
}
}
/*
* Update LoginState indexType and indexName
* (after storing current loginState indexType if required for HTTP callback processing)
*/
IndexType prevIndexType = loginState.getIndexType();
if (prevIndexType == IndexType.LEVEL || prevIndexType == IndexType.COMPOSITE_ADVICE) {
loginState.setPreviousIndexType(prevIndexType);
}
loginState.setIndexType(indexType);
loginState.setIndexName(indexName);
/*
* Delegate actual processing of requested authentication type to the dispatch method 'processIndexType'
*/
try {
if (processIndexType(indexType, indexName, orgDN)) {
return;
}
} catch (AuthLoginException le) {
if (MonitoringUtil.isRunning()) {
if (authImpl == null) {
authImpl = Agent.getAuthSvcMBean();
}
if (authImpl != null) {
authImpl.incSsoServerAuthenticationFailureCount();
}
}
debug.message("Error : ", le);
throw le;
} catch (Exception e) {
if (MonitoringUtil.isRunning()) {
if (authImpl == null) {
authImpl = Agent.getAuthSvcMBean();
}
if (authImpl != null) {
authImpl.incSsoServerAuthenticationFailureCount();
}
}
debug.message("Error : ", e);
throw new AuthLoginException(e);
}
/*
* Establish configName based on indexType, indexName, orgDN and clientType
*
* If configName can't be established, throw an exception
*/
configName = getConfigName(indexType, indexName, orgDN, clientType);
if (configName == null) {
loginState.setErrorCode(AMAuthErrorCode.AUTH_CONFIG_NOT_FOUND);
debug.message("Config not found");
setErrorMsgAndTemplate();
internalAuthError = true;
loginStatus.setStatus(LoginStatus.AUTH_FAILED);
loginState.logFailed(bundle.getString("noConfig"), "NOCONFIG");
auditor.auditLoginFailure(loginState, NO_CONFIG);
if (MonitoringUtil.isRunning()) {
if (authImpl == null) {
authImpl = Agent.getAuthSvcMBean();
}
if (authImpl != null) {
authImpl.incSsoServerAuthenticationFailureCount();
}
}
throw new AuthLoginException(BUNDLE_NAME, AMAuthErrorCode.AUTH_CONFIG_NOT_FOUND, null);
}
/*
* Create the LoginContext object that actually handles login/logout
*/
if (debug.messageEnabled()) {
debug.message("Creating login context object\n" + "\n orgDN : " + orgDN + "\n configName : " + configName);
}
try {
jaasCheck = AuthUtils.isPureJAASModulePresent(configName, this);
if (isPureJAAS()) {
debug.message("Using pure jaas mode.");
if (authThread == null) {
authThread = new AuthThreadManager();
authThread.start();
}
}
DSAMECallbackHandler dsameCallbackHandler = new DSAMECallbackHandler(this);
if (isPureJAAS()) {
if (subject != null) {
loginContext = new javax.security.auth.login.LoginContext(configName, subject, dsameCallbackHandler);
} else {
loginContext = new javax.security.auth.login.LoginContext(configName, dsameCallbackHandler);
}
} else {
debug.message("Using non pure jaas mode.");
if (subject != null) {
jaasLoginContext = new com.sun.identity.authentication.jaas.LoginContext(entries, subject, dsameCallbackHandler);
} else {
jaasLoginContext = new com.sun.identity.authentication.jaas.LoginContext(entries, dsameCallbackHandler);
}
}
} catch (AuthLoginException ae) {
debug.error("JAAS module for config: " + configName + ", " + ae.getMessage());
if (debug.messageEnabled()) {
debug.message("AuthLoginException", ae);
}
/* The user based authentication errors should not be different
* for users who exist and who don't, which can lead to
* possiblity of enumerating existing users.
* The AMAuthErrorCode.AUTH_LOGIN_FAILED error code is used for
* all user based authentication errors.
* Refer issue3278
*/
if (indexType == IndexType.USER && AMAuthErrorCode.AUTH_CONFIG_NOT_FOUND.equals(ae.getErrorCode())) {
loginState.setErrorCode(AMAuthErrorCode.AUTH_LOGIN_FAILED);
} else {
loginState.setErrorCode(ae.getErrorCode());
}
setErrorMsgAndTemplate();
loginState.logFailed(bundle.getString("loginContextCreateFailed"));
auditor.auditLoginFailure(loginState);
internalAuthError = true;
loginStatus.setStatus(LoginStatus.AUTH_FAILED);
if (MonitoringUtil.isRunning()) {
if (authImpl == null) {
authImpl = Agent.getAuthSvcMBean();
}
if (authImpl != null) {
authImpl.incSsoServerAuthenticationFailureCount();
}
}
throw ae;
} catch (LoginException le) {
debug.error("in creating LoginContext.");
if (debug.messageEnabled()) {
debug.message("Exception ", le);
}
loginState.setErrorCode(AMAuthErrorCode.AUTH_ERROR);
loginState.logFailed(bundle.getString("loginContextCreateFailed"));
auditor.auditLoginFailure(loginState);
setErrorMsgAndTemplate();
loginStatus.setStatus(LoginStatus.AUTH_FAILED);
internalAuthError = true;
if (MonitoringUtil.isRunning()) {
if (authImpl == null) {
authImpl = Agent.getAuthSvcMBean();
}
if (authImpl != null) {
authImpl.incSsoServerAuthenticationFailureCount();
}
}
throw new AuthLoginException(BUNDLE_NAME, AMAuthErrorCode.AUTH_ERROR, null, le);
} catch (SecurityException se) {
debug.error("security in creating LoginContext.");
if (debug.messageEnabled()) {
debug.message("Exception ", se);
}
loginState.setErrorCode(AMAuthErrorCode.AUTH_ERROR);
setErrorMsgAndTemplate();
loginState.logFailed(bundle.getString("loginContextCreateFailed"));
auditor.auditLoginFailure(loginState);
internalAuthError = true;
loginStatus.setStatus(LoginStatus.AUTH_FAILED);
if (MonitoringUtil.isRunning()) {
if (authImpl == null) {
authImpl = Agent.getAuthSvcMBean();
}
if (authImpl != null) {
authImpl.incSsoServerAuthenticationFailureCount();
}
}
throw new AuthLoginException(BUNDLE_NAME, AMAuthErrorCode.AUTH_ERROR, null);
} catch (Exception e) {
debug.error("Creating DSAMECallbackHandler: " + e.getMessage());
loginState.setErrorCode(AMAuthErrorCode.AUTH_ERROR);
setErrorMsgAndTemplate();
loginState.logFailed(bundle.getString("loginContextCreateFailed"));
auditor.auditLoginFailure(loginState);
internalAuthError = true;
if (MonitoringUtil.isRunning()) {
if (authImpl == null) {
authImpl = Agent.getAuthSvcMBean();
}
if (authImpl != null) {
authImpl.incSsoServerAuthenticationFailureCount();
}
}
loginStatus.setStatus(LoginStatus.AUTH_FAILED);
throw new AuthLoginException(BUNDLE_NAME, AMAuthErrorCode.AUTH_ERROR, null, e);
}
/*
* Perform the login using the objects this method has setup
*/
try {
if (isPureJAAS()) {
if (jaasThread != null) {
jaasThread.interrupt();
jaasThread = null;
errorState = true;
} else {
jaasThread = new JAASLoginThread(this);
jaasThread.start();
}
} else {
runLogin();
}
} catch (IllegalThreadStateException ite) {
errorState = true;
} catch (Exception e) {
errorState = true;
}
if (errorState) {
loginStatus.setStatus(LoginStatus.AUTH_RESET);
loginState.setErrorCode(AMAuthErrorCode.AUTH_ERROR);
setErrorMsgAndTemplate();
internalAuthError = true;
if (MonitoringUtil.isRunning()) {
if (authImpl == null) {
authImpl = Agent.getAuthSvcMBean();
}
if (authImpl != null) {
authImpl.incSsoServerAuthenticationFailureCount();
}
}
throw new AuthLoginException(BUNDLE_NAME, AMAuthErrorCode.AUTH_ERROR, null);
}
debug.message("AMLoginContext:Thread started... returning.");
}
Also used :
AMConfigurationException(com.sun.identity.authentication.config.AMConfigurationException)
IndexType(com.sun.identity.authentication.AuthContext.IndexType)
AMAuthenticationManager(com.sun.identity.authentication.config.AMAuthenticationManager)
RedirectCallback(com.sun.identity.authentication.spi.RedirectCallback)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
LoginException(javax.security.auth.login.LoginException)
MessageLoginException(com.sun.identity.authentication.spi.MessageLoginException)
AuthErrorCodeException(com.sun.identity.authentication.spi.AuthErrorCodeException)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
InvalidPasswordException(com.sun.identity.authentication.spi.InvalidPasswordException)
SSOException(com.iplanet.sso.SSOException)
AMConfigurationException(com.sun.identity.authentication.config.AMConfigurationException)
RedirectCallback(com.sun.identity.authentication.spi.RedirectCallback)
Callback(javax.security.auth.callback.Callback)
LoginException(javax.security.auth.login.LoginException)
MessageLoginException(com.sun.identity.authentication.spi.MessageLoginException)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
AMAuthenticationInstance(com.sun.identity.authentication.config.AMAuthenticationInstance)
Example 8 with RedirectCallback
use of com.sun.identity.authentication.spi.RedirectCallback in project OpenAM by OpenRock.
the class AuthXMLUtils method createRedirectCallback.
static RedirectCallback createRedirectCallback(Node childNode, Callback callback) {
RedirectCallback redirectCallback = null;
if (callback != null) {
if (callback instanceof RedirectCallback) {
redirectCallback = (RedirectCallback) callback;
}
}
if (redirectCallback == null) {
String redirectURL = getRedirectURL(childNode);
String redirectMethod = XMLUtils.getNodeAttributeValue(childNode, AuthXMLTags.REDIRECT_METHOD);
Map redirectData = getRedirectData(childNode);
String statusParam = getRedirectStatusParam(childNode);
String redirectBackUrlCookie = getRedirectBackUrlCookie(childNode);
if (debug.messageEnabled()) {
debug.message("Created Redirect Callback: redirectURL=" + redirectURL + " redirectMethod=" + redirectMethod + " redirectData=" + redirectData + " statusParam=" + statusParam + " redirectBackUrlCookie = " + redirectBackUrlCookie);
}
redirectCallback = new RedirectCallback(redirectURL, redirectData, redirectMethod, statusParam, redirectBackUrlCookie);
}
String redirectStatus = getRedirectStatus(childNode);
if (redirectStatus != null && redirectStatus.length() > 0) {
redirectCallback.setStatus(redirectStatus);
}
return redirectCallback;
}
Also used :
RedirectCallback(com.sun.identity.authentication.spi.RedirectCallback)
HashMap(java.util.HashMap)
Map(java.util.Map)
Example 9 with RedirectCallback
use of com.sun.identity.authentication.spi.RedirectCallback in project OpenAM by OpenRock.
the class RestAuthRedirectCallbackHandlerTest method shouldFailConvertToJson.
@Test
public void shouldFailConvertToJson() throws RestAuthException {
//Given
RedirectCallback redirectCallback = mock(RedirectCallback.class);
given(redirectCallback.getRedirectUrl()).willReturn("REDIRECT_URL");
given(redirectCallback.getMethod()).willReturn("REDIRECT_METHOD");
given(redirectCallback.getRedirectData()).willReturn(Collections.<String, String>emptyMap());
//When
JsonValue json = restAuthRedirectCallbackHandler.convertToJson(redirectCallback, 1);
//Then
assertThat(json.asMap()).hasSize(2);
assertThat(json.get("type").asString()).isEqualTo("RedirectCallback");
assertThat(json.get("output").asList()).hasSize(4);
assertThat(json.get("output").get(0).get("name").asString()).isEqualTo("redirectUrl");
assertThat(json.get("output").get(0).get("value").asString()).isEqualTo("REDIRECT_URL");
assertThat(json.get("output").get(1).get("name").asString()).isEqualTo("redirectMethod");
assertThat(json.get("output").get(1).get("value").asString()).isEqualTo("REDIRECT_METHOD");
assertThat(json.get("output").get(2).get("name").asString()).isEqualTo("trackingCookie");
assertThat(json.get("output").get(2).get("value").asBoolean()).isEqualTo(false);
assertThat(json.get("output").get(3).get("name").asString()).isEqualTo("redirectData");
assertThat(json.get("output").get(3).get("value").asMap()).hasSize(0);
}
Also used :
RedirectCallback(com.sun.identity.authentication.spi.RedirectCallback)
JsonValue(org.forgerock.json.JsonValue)
Test(org.testng.annotations.Test)
Example 10 with RedirectCallback
use of com.sun.identity.authentication.spi.RedirectCallback in project OpenAM by OpenRock.
the class RestAuthRedirectCallbackHandlerTest method shouldHandleCallback.
@Test
public void shouldHandleCallback() {
//Given
HttpServletRequest request = mock(HttpServletRequest.class);
HttpServletResponse response = mock(HttpServletResponse.class);
JsonValue jsonPostBody = mock(JsonValue.class);
RedirectCallback originalRedirectCallback = mock(RedirectCallback.class);
//When
RedirectCallback redirectCallback = restAuthRedirectCallbackHandler.handle(request, response, jsonPostBody, originalRedirectCallback);
//Then
Assert.assertEquals(originalRedirectCallback, redirectCallback);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
RedirectCallback(com.sun.identity.authentication.spi.RedirectCallback)
JsonValue(org.forgerock.json.JsonValue)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
Test(org.testng.annotations.Test)
Aggregations
RedirectCallback (com.sun.identity.authentication.spi.RedirectCallback)15
JsonValue (org.forgerock.json.JsonValue)6
SSOException (com.iplanet.sso.SSOException)4
AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)4
HttpCallback (com.sun.identity.authentication.spi.HttpCallback)4
PagePropertiesCallback (com.sun.identity.authentication.spi.PagePropertiesCallback)4
Callback (javax.security.auth.callback.Callback)4
ChoiceCallback (javax.security.auth.callback.ChoiceCallback)4
ConfirmationCallback (javax.security.auth.callback.ConfirmationCallback)4
NameCallback (javax.security.auth.callback.NameCallback)4
PasswordCallback (javax.security.auth.callback.PasswordCallback)4
Test (org.testng.annotations.Test)4
HashMap (java.util.HashMap)3
ModelControlException (com.iplanet.jato.model.ModelControlException)2
L10NMessageImpl (com.sun.identity.shared.locale.L10NMessageImpl)2
IOException (java.io.IOException)2
Map (java.util.Map)2
HttpServletRequest (javax.servlet.http.HttpServletRequest)2
HttpServletResponse (javax.servlet.http.HttpServletResponse)2
InternalSession (com.iplanet.dpro.session.service.InternalSession)1
