use of javax.security.auth.message.AuthException in project javaee7-samples by javaee-samples.
the class TestServerAuthModule method validateRequest.
@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
Callback[] callbacks;
if (request.getParameter("doLogin") != null) {
// For the test perform a login by directly "returning" the details of the authenticated user.
// Normally credentials would be checked and the details fetched from some repository
callbacks = new Callback[] { // The name of the authenticated user
new CallerPrincipalCallback(clientSubject, "test"), // the roles of the authenticated user
new GroupPrincipalCallback(clientSubject, new String[] { "architect" }) };
} else {
// The JASPIC protocol for "do nothing"
callbacks = new Callback[] { new CallerPrincipalCallback(clientSubject, (Principal) null) };
}
try {
// Communicate the details of the authenticated user to the container. In many
// cases the handler will just store the details and the container will actually handle
// the login after we return from this method.
handler.handle(callbacks);
} catch (IOException | UnsupportedCallbackException e) {
throw (AuthException) new AuthException().initCause(e);
}
return SUCCESS;
}
use of javax.security.auth.message.AuthException in project javaee7-samples by javaee-samples.
the class TestServerAuthModule method validateRequest.
@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
Callback[] callbacks;
if (request.getParameter("doLogin") != null) {
// For the test perform a login by directly "returning" the details of the authenticated user.
// Normally credentials would be checked and the details fetched from some repository
callbacks = new Callback[] { // This is the main variant of this test vs basic-authentication
new CallerPrincipalCallback(clientSubject, new MyPrincipal("test")), // the roles of the authenticated user
new GroupPrincipalCallback(clientSubject, new String[] { "architect" }) };
} else {
// The JASPIC protocol for "do nothing"
callbacks = new Callback[] { new CallerPrincipalCallback(clientSubject, (Principal) null) };
}
try {
// Communicate the details of the authenticated user to the container. In many
// cases the handler will just store the details and the container will actually handle
// the login after we return from this method.
handler.handle(callbacks);
} catch (IOException | UnsupportedCallbackException e) {
throw (AuthException) new AuthException().initCause(e);
}
return SUCCESS;
}
use of javax.security.auth.message.AuthException in project javaee7-samples by javaee-samples.
the class TestServerAuthModule method validateRequest.
@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
Callback[] callbacks;
if (request.getParameter("doLogin") != null) {
callbacks = new Callback[] { new CallerPrincipalCallback(clientSubject, "test"), new GroupPrincipalCallback(clientSubject, new String[] { "architect" }) };
} else {
// The JASPIC protocol for "do nothing"
callbacks = new Callback[] { new CallerPrincipalCallback(clientSubject, (Principal) null) };
}
try {
handler.handle(callbacks);
} catch (IOException | UnsupportedCallbackException e) {
throw (AuthException) new AuthException().initCause(e);
}
return SUCCESS;
}
use of javax.security.auth.message.AuthException in project OpenAM by OpenRock.
the class JaspiAuthModuleWrapper method onLoginSuccess.
/**
* Post processing of successful authentication, which initialises the underlying JASPI ServerAuthModule, as a new
* instance of this class is created for the Post Authentication Process, and then calls the subtypes
* onLoginSuccess method, and then finally calls the JASPI ServerAuthModule's secureResponse method.
*
* @param requestParamsMap {@inheritDoc}
* @param request {@inheritDoc}
* @param response {@inheritDoc}
* @param ssoToken {@inheritDoc}
* @throws AuthenticationException {@inheritDoc}
*/
public void onLoginSuccess(Map requestParamsMap, HttpServletRequest request, HttpServletResponse response, SSOToken ssoToken) throws AuthenticationException {
try {
Map<String, Object> config = initialize(requestParamsMap, request, response, ssoToken);
serverAuthModule.initialize(createRequestMessagePolicy(), null, null, config);
MessageInfo messageInfo = prepareMessageInfo(request, response);
onLoginSuccess(messageInfo, requestParamsMap, request, response, ssoToken);
AuthStatus authStatus = serverAuthModule.secureResponse(messageInfo, null);
if (AuthStatus.SEND_SUCCESS.equals(authStatus)) {
// nothing to do here just carry on
debug.message("Successfully secured response.");
} else if (AuthStatus.SEND_FAILURE.equals(authStatus)) {
// Send HttpServletResponse to client and exit.
debug.message("Failed to secured response, included response message");
throw new AuthenticationException(resourceBundleName, "authFailed", null);
} else if (AuthStatus.SEND_CONTINUE.equals(authStatus)) {
// Send HttpServletResponse to client and exit.
debug.message("Has not finished securing response. Requires more information from client.");
throw new AuthenticationException(resourceBundleName, "authFailed", null);
} else {
debug.error("Invalid AuthStatus, " + authStatus.toString());
throw new AuthenticationException(resourceBundleName, "authFailed", null);
}
} catch (AuthException e) {
debug.error("Authentication Failed", e);
throw new AuthenticationException(resourceBundleName, "authFailed", null);
}
}
use of javax.security.auth.message.AuthException in project javaee7-samples by javaee-samples.
the class TestServerAuthModule method validateRequest.
@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
try {
HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage();
if ("include".equals(request.getParameter("dispatch"))) {
request.getRequestDispatcher("/includedServlet").include(request, response);
// "Do nothing", required protocol when returning SUCCESS
handler.handle(new Callback[] { new CallerPrincipalCallback(clientSubject, (Principal) null) });
// resource can also write to the response
return SUCCESS;
} else {
request.getRequestDispatcher("/forwardedServlet").forward(request, response);
// MUST NOT invoke the resource, so CAN NOT return SUCCESS here.
return SEND_CONTINUE;
}
} catch (IOException | ServletException | UnsupportedCallbackException e) {
throw (AuthException) new AuthException().initCause(e);
}
}
Aggregations