Example 1 with AuthStatus
use of jakarta.security.auth.message.AuthStatus in project tomcat by apache.
the class AuthenticatorBase method authenticateJaspic.
private boolean authenticateJaspic(Request request, Response response, JaspicState state, boolean requirePrincipal) {
boolean cachedAuth = checkForCachedAuthentication(request, response, false);
Subject client = new Subject();
AuthStatus authStatus;
try {
authStatus = state.serverAuthContext.validateRequest(state.messageInfo, client, null);
} catch (AuthException e) {
log.debug(sm.getString("authenticator.loginFail"), e);
return false;
}
request.setRequest((HttpServletRequest) state.messageInfo.getRequestMessage());
response.setResponse((HttpServletResponse) state.messageInfo.getResponseMessage());
if (authStatus == AuthStatus.SUCCESS) {
GenericPrincipal principal = getPrincipal(client);
if (log.isDebugEnabled()) {
log.debug("Authenticated user: " + principal);
}
if (principal == null) {
request.setUserPrincipal(null);
request.setAuthType(null);
if (requirePrincipal) {
return false;
}
} else if (cachedAuth == false || !principal.getUserPrincipal().equals(request.getUserPrincipal())) {
// Skip registration if authentication credentials were
// cached and the Principal did not change.
// Check to see if any of the JASPIC properties were set
Boolean register = null;
String authType = "JASPIC";
// JASPIC API uses raw types
@SuppressWarnings("rawtypes") Map map = state.messageInfo.getMap();
String registerValue = (String) map.get("jakarta.servlet.http.registerSession");
if (registerValue != null) {
register = Boolean.valueOf(registerValue);
}
String authTypeValue = (String) map.get("jakarta.servlet.http.authType");
if (authTypeValue != null) {
authType = authTypeValue;
}
/*
* Need to handle three cases.
* See https://bz.apache.org/bugzilla/show_bug.cgi?id=64713
* 1. registerSession TRUE always use session, always cache
* 2. registerSession NOT SET config for session, config for cache
* 3. registerSession FALSE config for session, never cache
*/
if (register != null) {
register(request, response, principal, authType, null, null, alwaysUseSession || register.booleanValue(), register.booleanValue());
} else {
register(request, response, principal, authType, null, null);
}
}
request.setNote(Constants.REQ_JASPIC_SUBJECT_NOTE, client);
return true;
}
return false;
}
Also used :
GenericPrincipal(org.apache.catalina.realm.GenericPrincipal)
AuthStatus(jakarta.security.auth.message.AuthStatus)
AuthException(jakarta.security.auth.message.AuthException)
FilterMap(org.apache.tomcat.util.descriptor.web.FilterMap)
Map(java.util.Map)
Subject(javax.security.auth.Subject)
Example 2 with AuthStatus
use of jakarta.security.auth.message.AuthStatus in project tomcat by apache.
the class SimpleServerAuthContext method validateRequest.
// JASPIC API uses raw types
@SuppressWarnings("unchecked")
@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
for (int moduleIndex = 0; moduleIndex < modules.size(); moduleIndex++) {
ServerAuthModule module = modules.get(moduleIndex);
AuthStatus result = module.validateRequest(messageInfo, clientSubject, serviceSubject);
if (result != AuthStatus.SEND_FAILURE) {
messageInfo.getMap().put("moduleIndex", Integer.valueOf(moduleIndex));
return result;
}
}
return AuthStatus.SEND_FAILURE;
}
Also used :
AuthStatus(jakarta.security.auth.message.AuthStatus)
ServerAuthModule(jakarta.security.auth.message.module.ServerAuthModule)
Aggregations
AuthStatus (jakarta.security.auth.message.AuthStatus)2
AuthException (jakarta.security.auth.message.AuthException)1
ServerAuthModule (jakarta.security.auth.message.module.ServerAuthModule)1
Map (java.util.Map)1
Subject (javax.security.auth.Subject)1
GenericPrincipal (org.apache.catalina.realm.GenericPrincipal)1
FilterMap (org.apache.tomcat.util.descriptor.web.FilterMap)1
