Search in sources :

Example 6 with AuthException

use of javax.security.auth.message.AuthException in project jetty.project by eclipse.

the class JaspiAuthenticatorFactory method getAuthenticator.

/* ------------------------------------------------------------ */
public Authenticator getAuthenticator(Server server, ServletContext context, AuthConfiguration configuration, IdentityService identityService, LoginService loginService) {
    Authenticator authenticator = null;
    try {
        AuthConfigFactory authConfigFactory = AuthConfigFactory.getFactory();
        RegistrationListener listener = new RegistrationListener() {

            public void notify(String layer, String appContext) {
            }
        };
        Subject serviceSubject = findServiceSubject(server);
        String serverName = findServerName(server, serviceSubject);
        String contextPath = context.getContextPath();
        if (contextPath == null || contextPath.length() == 0)
            contextPath = "/";
        String appContext = serverName + " " + context.getContextPath();
        AuthConfigProvider authConfigProvider = authConfigFactory.getConfigProvider(MESSAGE_LAYER, appContext, listener);
        if (authConfigProvider != null) {
            ServletCallbackHandler servletCallbackHandler = new ServletCallbackHandler(loginService);
            ServerAuthConfig serverAuthConfig = authConfigProvider.getServerAuthConfig(MESSAGE_LAYER, appContext, servletCallbackHandler);
            if (serverAuthConfig != null) {
                Map map = new HashMap();
                for (String key : configuration.getInitParameterNames()) map.put(key, configuration.getInitParameter(key));
                authenticator = new JaspiAuthenticator(serverAuthConfig, map, servletCallbackHandler, serviceSubject, true, identityService);
            }
        }
    } catch (AuthException e) {
        LOG.warn(e);
    }
    return authenticator;
}
Also used : RegistrationListener(javax.security.auth.message.config.RegistrationListener) AuthConfigProvider(javax.security.auth.message.config.AuthConfigProvider) HashMap(java.util.HashMap) AuthConfigFactory(javax.security.auth.message.config.AuthConfigFactory) AuthException(javax.security.auth.message.AuthException) HashMap(java.util.HashMap) Map(java.util.Map) Authenticator(org.eclipse.jetty.security.Authenticator) Subject(javax.security.auth.Subject) ServerAuthConfig(javax.security.auth.message.config.ServerAuthConfig)

Example 7 with AuthException

use of javax.security.auth.message.AuthException in project jetty.project by eclipse.

the class FormAuthModule method validateRequest.

@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
    HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
    HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage();
    String uri = request.getRequestURI();
    if (uri == null)
        uri = URIUtil.SLASH;
    boolean mandatory = isMandatory(messageInfo);
    mandatory |= isJSecurityCheck(uri);
    HttpSession session = request.getSession(mandatory);
    // not mandatory or its the login or login error page don't authenticate
    if (!mandatory || isLoginOrErrorPage(URIUtil.addPaths(request.getServletPath(), request.getPathInfo())))
        // TODO return null for do nothing?
        return AuthStatus.SUCCESS;
    try {
        // Handle a request for authentication.
        if (isJSecurityCheck(uri)) {
            final String username = request.getParameter(__J_USERNAME);
            final String password = request.getParameter(__J_PASSWORD);
            boolean success = tryLogin(messageInfo, clientSubject, response, session, username, new Password(password));
            if (success) {
                // Redirect to original request                    
                String nuri = null;
                synchronized (session) {
                    nuri = (String) session.getAttribute(__J_URI);
                }
                if (nuri == null || nuri.length() == 0) {
                    nuri = request.getContextPath();
                    if (nuri.length() == 0)
                        nuri = URIUtil.SLASH;
                }
                response.setContentLength(0);
                response.sendRedirect(response.encodeRedirectURL(nuri));
                return AuthStatus.SEND_CONTINUE;
            }
            // not authenticated
            if (LOG.isDebugEnabled())
                LOG.debug("Form authentication FAILED for " + StringUtil.printable(username));
            if (_formErrorPage == null) {
                if (response != null)
                    response.sendError(HttpServletResponse.SC_FORBIDDEN);
            } else {
                response.setContentLength(0);
                response.sendRedirect(response.encodeRedirectURL(URIUtil.addPaths(request.getContextPath(), _formErrorPage)));
            }
            // that occur?
            return AuthStatus.SEND_FAILURE;
        }
        // Check if the session is already authenticated.
        SessionAuthentication sessionAuth = (SessionAuthentication) session.getAttribute(SessionAuthentication.__J_AUTHENTICATED);
        if (sessionAuth != null) {
            //to FormAuthModule
            if (sessionAuth.getUserIdentity().getSubject() == null)
                return AuthStatus.SEND_FAILURE;
            Set<Object> credentials = sessionAuth.getUserIdentity().getSubject().getPrivateCredentials();
            if (credentials == null || credentials.isEmpty())
                //if no private credentials, assume it cannot be authenticated
                return AuthStatus.SEND_FAILURE;
            clientSubject.getPrivateCredentials().addAll(credentials);
            clientSubject.getPrivateCredentials().add(sessionAuth.getUserIdentity());
            return AuthStatus.SUCCESS;
        }
        // if we can't send challenge
        if (DeferredAuthentication.isDeferred(response))
            return AuthStatus.SUCCESS;
        // redirect to login page  
        StringBuffer buf = request.getRequestURL();
        if (request.getQueryString() != null)
            buf.append("?").append(request.getQueryString());
        synchronized (session) {
            session.setAttribute(__J_URI, buf.toString());
        }
        response.setContentLength(0);
        response.sendRedirect(response.encodeRedirectURL(URIUtil.addPaths(request.getContextPath(), _formLoginPage)));
        return AuthStatus.SEND_CONTINUE;
    } catch (IOException e) {
        throw new AuthException(e.getMessage());
    } catch (UnsupportedCallbackException e) {
        throw new AuthException(e.getMessage());
    }
}
Also used : HttpSession(javax.servlet.http.HttpSession) HttpServletResponse(javax.servlet.http.HttpServletResponse) AuthException(javax.security.auth.message.AuthException) SessionAuthentication(org.eclipse.jetty.security.authentication.SessionAuthentication) IOException(java.io.IOException) HttpServletRequest(javax.servlet.http.HttpServletRequest) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) Password(org.eclipse.jetty.util.security.Password)

Example 8 with AuthException

use of javax.security.auth.message.AuthException in project jetty.project by eclipse.

the class HttpHeaderAuthModule method validateRequest.

/**
     * Validation occurs here.
     */
@Override
public AuthStatus validateRequest(final MessageInfo messageInfo, final Subject client, final Subject serviceSubject) throws AuthException {
    // Take the request from the messageInfo structure.
    final HttpServletRequest req = (HttpServletRequest) messageInfo.getRequestMessage();
    try {
        // Get the user name from the header. If not there then fail authentication.
        final String userName = req.getHeader("X-Forwarded-User");
        if (userName == null) {
            return AuthStatus.FAILURE;
        }
        // Store the user name that was in the header and also set a group.
        handler.handle(new Callback[] { new CallerPrincipalCallback(client, userName), new GroupPrincipalCallback(client, new String[] { "users" }) });
        return AuthStatus.SUCCESS;
    } catch (final Exception e) {
        throw new AuthException(e.getMessage());
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) CallerPrincipalCallback(javax.security.auth.message.callback.CallerPrincipalCallback) GroupPrincipalCallback(javax.security.auth.message.callback.GroupPrincipalCallback) AuthException(javax.security.auth.message.AuthException) AuthException(javax.security.auth.message.AuthException)

Example 9 with AuthException

use of javax.security.auth.message.AuthException in project javaee7-samples by javaee-samples.

the class TestLifecycleAuthModule method validateRequest.

@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
    HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage();
    try {
        response.getWriter().write("validateRequest invoked\n");
        boolean isMandatory = Boolean.valueOf((String) messageInfo.getMap().get("javax.security.auth.message.MessagePolicy.isMandatory"));
        response.getWriter().write("isMandatory: " + isMandatory + "\n");
        handler.handle(new Callback[] { new CallerPrincipalCallback(clientSubject, "test"), new GroupPrincipalCallback(clientSubject, new String[] { "architect" }) });
    } catch (IOException | UnsupportedCallbackException e) {
        throw (AuthException) new AuthException().initCause(e);
    }
    return SUCCESS;
}
Also used : CallerPrincipalCallback(javax.security.auth.message.callback.CallerPrincipalCallback) GroupPrincipalCallback(javax.security.auth.message.callback.GroupPrincipalCallback) HttpServletResponse(javax.servlet.http.HttpServletResponse) AuthException(javax.security.auth.message.AuthException) IOException(java.io.IOException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)

Example 10 with AuthException

use of javax.security.auth.message.AuthException in project javaee7-samples by javaee-samples.

the class TestServerAuthModule method validateRequest.

@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
    HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
    Callback[] callbacks;
    if (request.getAttribute("doLogin") != null) {
        // notice "getAttribute" here, this is set by the Servlet
        // For the test perform a login by directly "returning" the details of the authenticated user.
        // Normally credentials would be checked and the details fetched from some repository
        callbacks = new Callback[] { // The name of the authenticated user
        new CallerPrincipalCallback(clientSubject, "test"), // the roles of the authenticated user
        new GroupPrincipalCallback(clientSubject, new String[] { "architect" }) };
    } else {
        // The JASPIC protocol for "do nothing"
        callbacks = new Callback[] { new CallerPrincipalCallback(clientSubject, (Principal) null) };
    }
    try {
        // Communicate the details of the authenticated user to the container. In many
        // cases the handler will just store the details and the container will actually handle
        // the login after we return from this method.
        handler.handle(callbacks);
    } catch (IOException | UnsupportedCallbackException e) {
        throw (AuthException) new AuthException().initCause(e);
    }
    return SUCCESS;
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) CallerPrincipalCallback(javax.security.auth.message.callback.CallerPrincipalCallback) GroupPrincipalCallback(javax.security.auth.message.callback.GroupPrincipalCallback) GroupPrincipalCallback(javax.security.auth.message.callback.GroupPrincipalCallback) CallerPrincipalCallback(javax.security.auth.message.callback.CallerPrincipalCallback) Callback(javax.security.auth.callback.Callback) AuthException(javax.security.auth.message.AuthException) IOException(java.io.IOException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) Principal(java.security.Principal)

Aggregations

AuthException (javax.security.auth.message.AuthException)28 IOException (java.io.IOException)19 HttpServletRequest (javax.servlet.http.HttpServletRequest)19 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)17 CallerPrincipalCallback (javax.security.auth.message.callback.CallerPrincipalCallback)15 GroupPrincipalCallback (javax.security.auth.message.callback.GroupPrincipalCallback)14 Principal (java.security.Principal)13 HttpServletResponse (javax.servlet.http.HttpServletResponse)10 Callback (javax.security.auth.callback.Callback)9 Subject (javax.security.auth.Subject)4 AuthStatus (javax.security.auth.message.AuthStatus)4 ServerAuthContext (javax.security.auth.message.config.ServerAuthContext)4 ServerAuthConfig (javax.security.auth.message.config.ServerAuthConfig)3 HashMap (java.util.HashMap)2 Map (java.util.Map)2 MessageInfo (javax.security.auth.message.MessageInfo)2 AuthConfigProvider (javax.security.auth.message.config.AuthConfigProvider)2 HttpSession (javax.servlet.http.HttpSession)2 MessageInfoImpl (org.apache.catalina.authenticator.jaspic.MessageInfoImpl)2 GenericPrincipal (org.apache.catalina.realm.GenericPrincipal)2