Examples with AuthException javax.security.auth.message.AuthException used on opensource projects

Example 1 with AuthException

use of javax.security.auth.message.AuthException in project jetty.project by eclipse.

the class JaspiAuthenticator method secureResponse.

public boolean secureResponse(JaspiMessageInfo messageInfo, Authentication validatedUser) throws ServerAuthException {
    try {
        String authContextId = _authConfig.getAuthContextID(messageInfo);
        ServerAuthContext authContext = _authConfig.getAuthContext(authContextId, _serviceSubject, _authProperties);
        // TODO
        // authContext.cleanSubject(messageInfo,validatedUser.getUserIdentity().getSubject());
        AuthStatus status = authContext.secureResponse(messageInfo, _serviceSubject);
        return (AuthStatus.SEND_SUCCESS.equals(status));
    } catch (AuthException e) {
        throw new ServerAuthException(e);
    }
}

Example 2 with AuthException

use of javax.security.auth.message.AuthException in project jetty.project by eclipse.

the class JaspiAuthenticator method validateRequest.

public Authentication validateRequest(JaspiMessageInfo messageInfo) throws ServerAuthException {
    try {
        String authContextId = _authConfig.getAuthContextID(messageInfo);
        ServerAuthContext authContext = _authConfig.getAuthContext(authContextId, _serviceSubject, _authProperties);
        Subject clientSubject = new Subject();
        AuthStatus authStatus = authContext.validateRequest(messageInfo, clientSubject, _serviceSubject);
        if (authStatus == AuthStatus.SEND_CONTINUE)
            return Authentication.SEND_CONTINUE;
        if (authStatus == AuthStatus.SEND_FAILURE)
            return Authentication.SEND_FAILURE;
        if (authStatus == AuthStatus.SUCCESS) {
            Set<UserIdentity> ids = clientSubject.getPrivateCredentials(UserIdentity.class);
            UserIdentity userIdentity;
            if (ids.size() > 0) {
                userIdentity = ids.iterator().next();
            } else {
                CallerPrincipalCallback principalCallback = _callbackHandler.getThreadCallerPrincipalCallback();
                if (principalCallback == null) {
                    return Authentication.UNAUTHENTICATED;
                }
                Principal principal = principalCallback.getPrincipal();
                if (principal == null) {
                    String principalName = principalCallback.getName();
                    Set<Principal> principals = principalCallback.getSubject().getPrincipals();
                    for (Principal p : principals) {
                        if (p.getName().equals(principalName)) {
                            principal = p;
                            break;
                        }
                    }
                    if (principal == null) {
                        return Authentication.UNAUTHENTICATED;
                    }
                }
                GroupPrincipalCallback groupPrincipalCallback = _callbackHandler.getThreadGroupPrincipalCallback();
                String[] groups = groupPrincipalCallback == null ? null : groupPrincipalCallback.getGroups();
                userIdentity = _identityService.newUserIdentity(clientSubject, principal, groups);
            }
            HttpSession session = ((HttpServletRequest) messageInfo.getRequestMessage()).getSession(false);
            Authentication cached = (session == null ? null : (SessionAuthentication) session.getAttribute(SessionAuthentication.__J_AUTHENTICATED));
            if (cached != null)
                return cached;
            return new UserAuthentication(getAuthMethod(), userIdentity);
        }
        if (authStatus == AuthStatus.SEND_SUCCESS) {
            // we are processing a message in a secureResponse dialog.
            return Authentication.SEND_SUCCESS;
        }
        if (authStatus == AuthStatus.FAILURE) {
            HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage();
            response.sendError(HttpServletResponse.SC_FORBIDDEN);
            return Authentication.SEND_FAILURE;
        }
        // should not happen
        throw new IllegalStateException("No AuthStatus returned");
    } catch (IOException | AuthException e) {
        throw new ServerAuthException(e);
    }
}

Example 3 with AuthException

use of javax.security.auth.message.AuthException in project jetty.project by eclipse.

the class JaspiAuthenticatorFactory method getAuthenticator.

/* ------------------------------------------------------------ */
public Authenticator getAuthenticator(Server server, ServletContext context, AuthConfiguration configuration, IdentityService identityService, LoginService loginService) {
    Authenticator authenticator = null;
    try {
        AuthConfigFactory authConfigFactory = AuthConfigFactory.getFactory();
        RegistrationListener listener = new RegistrationListener() {

            public void notify(String layer, String appContext) {
            }
        };
        Subject serviceSubject = findServiceSubject(server);
        String serverName = findServerName(server, serviceSubject);
        String contextPath = context.getContextPath();
        if (contextPath == null || contextPath.length() == 0)
            contextPath = "/";
        String appContext = serverName + " " + context.getContextPath();
        AuthConfigProvider authConfigProvider = authConfigFactory.getConfigProvider(MESSAGE_LAYER, appContext, listener);
        if (authConfigProvider != null) {
            ServletCallbackHandler servletCallbackHandler = new ServletCallbackHandler(loginService);
            ServerAuthConfig serverAuthConfig = authConfigProvider.getServerAuthConfig(MESSAGE_LAYER, appContext, servletCallbackHandler);
            if (serverAuthConfig != null) {
                Map map = new HashMap();
                for (String key : configuration.getInitParameterNames()) map.put(key, configuration.getInitParameter(key));
                authenticator = new JaspiAuthenticator(serverAuthConfig, map, servletCallbackHandler, serviceSubject, true, identityService);
            }
        }
    } catch (AuthException e) {
        LOG.warn(e);
    }
    return authenticator;
}

Example 4 with AuthException

use of javax.security.auth.message.AuthException in project jetty.project by eclipse.

the class FormAuthModule method validateRequest.

@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
    HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
    HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage();
    String uri = request.getRequestURI();
    if (uri == null)
        uri = URIUtil.SLASH;
    boolean mandatory = isMandatory(messageInfo);
    mandatory |= isJSecurityCheck(uri);
    HttpSession session = request.getSession(mandatory);
    // not mandatory or its the login or login error page don't authenticate
    if (!mandatory || isLoginOrErrorPage(URIUtil.addPaths(request.getServletPath(), request.getPathInfo())))
        // TODO return null for do nothing?
        return AuthStatus.SUCCESS;
    try {
        // Handle a request for authentication.
        if (isJSecurityCheck(uri)) {
            final String username = request.getParameter(__J_USERNAME);
            final String password = request.getParameter(__J_PASSWORD);
            boolean success = tryLogin(messageInfo, clientSubject, response, session, username, new Password(password));
            if (success) {
                // Redirect to original request                    
                String nuri = null;
                synchronized (session) {
                    nuri = (String) session.getAttribute(__J_URI);
                }
                if (nuri == null || nuri.length() == 0) {
                    nuri = request.getContextPath();
                    if (nuri.length() == 0)
                        nuri = URIUtil.SLASH;
                }
                response.setContentLength(0);
                response.sendRedirect(response.encodeRedirectURL(nuri));
                return AuthStatus.SEND_CONTINUE;
            }
            // not authenticated
            if (LOG.isDebugEnabled())
                LOG.debug("Form authentication FAILED for " + StringUtil.printable(username));
            if (_formErrorPage == null) {
                if (response != null)
                    response.sendError(HttpServletResponse.SC_FORBIDDEN);
            } else {
                response.setContentLength(0);
                response.sendRedirect(response.encodeRedirectURL(URIUtil.addPaths(request.getContextPath(), _formErrorPage)));
            }
            // that occur?
            return AuthStatus.SEND_FAILURE;
        }
        // Check if the session is already authenticated.
        SessionAuthentication sessionAuth = (SessionAuthentication) session.getAttribute(SessionAuthentication.__J_AUTHENTICATED);
        if (sessionAuth != null) {
            //to FormAuthModule
            if (sessionAuth.getUserIdentity().getSubject() == null)
                return AuthStatus.SEND_FAILURE;
            Set<Object> credentials = sessionAuth.getUserIdentity().getSubject().getPrivateCredentials();
            if (credentials == null || credentials.isEmpty())
                //if no private credentials, assume it cannot be authenticated
                return AuthStatus.SEND_FAILURE;
            clientSubject.getPrivateCredentials().addAll(credentials);
            clientSubject.getPrivateCredentials().add(sessionAuth.getUserIdentity());
            return AuthStatus.SUCCESS;
        }
        // if we can't send challenge
        if (DeferredAuthentication.isDeferred(response))
            return AuthStatus.SUCCESS;
        // redirect to login page  
        StringBuffer buf = request.getRequestURL();
        if (request.getQueryString() != null)
            buf.append("?").append(request.getQueryString());
        synchronized (session) {
            session.setAttribute(__J_URI, buf.toString());
        }
        response.setContentLength(0);
        response.sendRedirect(response.encodeRedirectURL(URIUtil.addPaths(request.getContextPath(), _formLoginPage)));
        return AuthStatus.SEND_CONTINUE;
    } catch (IOException e) {
        throw new AuthException(e.getMessage());
    } catch (UnsupportedCallbackException e) {
        throw new AuthException(e.getMessage());
    }
}

Example 5 with AuthException

use of javax.security.auth.message.AuthException in project jetty.project by eclipse.

the class HttpHeaderAuthModule method validateRequest.

/**
     * Validation occurs here.
     */
@Override
public AuthStatus validateRequest(final MessageInfo messageInfo, final Subject client, final Subject serviceSubject) throws AuthException {
    // Take the request from the messageInfo structure.
    final HttpServletRequest req = (HttpServletRequest) messageInfo.getRequestMessage();
    try {
        // Get the user name from the header. If not there then fail authentication.
        final String userName = req.getHeader("X-Forwarded-User");
        if (userName == null) {
            return AuthStatus.FAILURE;
        }
        // Store the user name that was in the header and also set a group.
        handler.handle(new Callback[] { new CallerPrincipalCallback(client, userName), new GroupPrincipalCallback(client, new String[] { "users" }) });
        return AuthStatus.SUCCESS;
    } catch (final Exception e) {
        throw new AuthException(e.getMessage());
    }
}