Examples with AuthException jakarta.security.auth.message.AuthException used on opensource projects

Example 1 with AuthException

use of jakarta.security.auth.message.AuthException in project tomcat by apache.

the class AuthenticatorBase method authenticateJaspic.

private boolean authenticateJaspic(Request request, Response response, JaspicState state, boolean requirePrincipal) {
    boolean cachedAuth = checkForCachedAuthentication(request, response, false);
    Subject client = new Subject();
    AuthStatus authStatus;
    try {
        authStatus = state.serverAuthContext.validateRequest(state.messageInfo, client, null);
    } catch (AuthException e) {
        log.debug(sm.getString("authenticator.loginFail"), e);
        return false;
    }
    request.setRequest((HttpServletRequest) state.messageInfo.getRequestMessage());
    response.setResponse((HttpServletResponse) state.messageInfo.getResponseMessage());
    if (authStatus == AuthStatus.SUCCESS) {
        GenericPrincipal principal = getPrincipal(client);
        if (log.isDebugEnabled()) {
            log.debug("Authenticated user: " + principal);
        }
        if (principal == null) {
            request.setUserPrincipal(null);
            request.setAuthType(null);
            if (requirePrincipal) {
                return false;
            }
        } else if (cachedAuth == false || !principal.getUserPrincipal().equals(request.getUserPrincipal())) {
            // Skip registration if authentication credentials were
            // cached and the Principal did not change.
            // Check to see if any of the JASPIC properties were set
            Boolean register = null;
            String authType = "JASPIC";
            // JASPIC API uses raw types
            @SuppressWarnings("rawtypes") Map map = state.messageInfo.getMap();
            String registerValue = (String) map.get("jakarta.servlet.http.registerSession");
            if (registerValue != null) {
                register = Boolean.valueOf(registerValue);
            }
            String authTypeValue = (String) map.get("jakarta.servlet.http.authType");
            if (authTypeValue != null) {
                authType = authTypeValue;
            }
            /*
                 * Need to handle three cases.
                 * See https://bz.apache.org/bugzilla/show_bug.cgi?id=64713
                 * 1. registerSession TRUE    always use session, always cache
                 * 2. registerSession NOT SET config for session, config for cache
                 * 3. registerSession FALSE   config for session, never cache
                 */
            if (register != null) {
                register(request, response, principal, authType, null, null, alwaysUseSession || register.booleanValue(), register.booleanValue());
            } else {
                register(request, response, principal, authType, null, null);
            }
        }
        request.setNote(Constants.REQ_JASPIC_SUBJECT_NOTE, client);
        return true;
    }
    return false;
}

Example 2 with AuthException

use of jakarta.security.auth.message.AuthException in project tomcat by apache.

the class AuthenticatorBase method logout.

@Override
public void logout(Request request) {
    AuthConfigProvider provider = getJaspicProvider();
    if (provider != null) {
        MessageInfo messageInfo = new MessageInfoImpl(request, request.getResponse(), true);
        Subject client = (Subject) request.getNote(Constants.REQ_JASPIC_SUBJECT_NOTE);
        if (client != null) {
            ServerAuthContext serverAuthContext;
            try {
                ServerAuthConfig serverAuthConfig = provider.getServerAuthConfig("HttpServlet", jaspicAppContextID, getCallbackHandler());
                String authContextID = serverAuthConfig.getAuthContextID(messageInfo);
                serverAuthContext = serverAuthConfig.getAuthContext(authContextID, null, null);
                serverAuthContext.cleanSubject(messageInfo, client);
            } catch (AuthException e) {
                log.debug(sm.getString("authenticator.jaspicCleanSubjectFail"), e);
            }
        }
    }
    Principal p = request.getPrincipal();
    if (p instanceof TomcatPrincipal) {
        try {
            ((TomcatPrincipal) p).logout();
        } catch (Throwable t) {
            ExceptionUtils.handleThrowable(t);
            log.debug(sm.getString("authenticator.tomcatPrincipalLogoutFail"), t);
        }
    }
    register(request, request.getResponse(), null, null, null, null);
}

Example 3 with AuthException

use of jakarta.security.auth.message.AuthException in project tomcat by apache.

the class AuthenticatorBase method getJaspicState.

private JaspicState getJaspicState(AuthConfigProvider jaspicProvider, Request request, Response response, boolean authMandatory) throws IOException {
    JaspicState jaspicState = new JaspicState();
    jaspicState.messageInfo = new MessageInfoImpl(request.getRequest(), response.getResponse(), authMandatory);
    try {
        CallbackHandler callbackHandler = getCallbackHandler();
        ServerAuthConfig serverAuthConfig = jaspicProvider.getServerAuthConfig("HttpServlet", jaspicAppContextID, callbackHandler);
        String authContextID = serverAuthConfig.getAuthContextID(jaspicState.messageInfo);
        jaspicState.serverAuthContext = serverAuthConfig.getAuthContext(authContextID, null, null);
    } catch (AuthException e) {
        log.warn(sm.getString("authenticator.jaspicServerAuthContextFail"), e);
        response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
        return null;
    }
    return jaspicState;
}

Example 4 with AuthException

use of jakarta.security.auth.message.AuthException in project tomcat by apache.

the class SimpleServerAuthConfig method getAuthContext.

// JASPIC API uses raw types
@SuppressWarnings({ "rawtypes", "unchecked" })
@Override
public ServerAuthContext getAuthContext(String authContextID, Subject serviceSubject, Map properties) throws AuthException {
    ServerAuthContext serverAuthContext = this.serverAuthContext;
    if (serverAuthContext == null) {
        synchronized (this) {
            if (this.serverAuthContext == null) {
                Map<String, String> mergedProperties = new HashMap<>();
                if (this.properties != null) {
                    mergedProperties.putAll(this.properties);
                }
                if (properties != null) {
                    mergedProperties.putAll(properties);
                }
                List<ServerAuthModule> modules = new ArrayList<>();
                int moduleIndex = 1;
                String key = SERVER_AUTH_MODULE_KEY_PREFIX + moduleIndex;
                String moduleClassName = mergedProperties.get(key);
                while (moduleClassName != null) {
                    try {
                        Class<?> clazz = Class.forName(moduleClassName);
                        ServerAuthModule module = (ServerAuthModule) clazz.getConstructor().newInstance();
                        module.initialize(null, null, handler, mergedProperties);
                        modules.add(module);
                    } catch (ReflectiveOperationException | IllegalArgumentException | SecurityException e) {
                        AuthException ae = new AuthException();
                        ae.initCause(e);
                        throw ae;
                    }
                    // Look for the next module
                    moduleIndex++;
                    key = SERVER_AUTH_MODULE_KEY_PREFIX + moduleIndex;
                    moduleClassName = mergedProperties.get(key);
                }
                if (modules.size() == 0) {
                    throw new AuthException(sm.getString("simpleServerAuthConfig.noModules"));
                }
                this.serverAuthContext = createServerAuthContext(modules);
            }
            serverAuthContext = this.serverAuthContext;
        }
    }
    return serverAuthContext;
}