Examples with AuthException javax.security.auth.message.AuthException used on opensource projects

Search in sources :

Example 16 with AuthException

use of javax.security.auth.message.AuthException in project wildfly by wildfly.

the class HTTPSchemeServerAuthModule method validateRequest.

@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
    HttpServerExchange exchange = (HttpServerExchange) messageInfo.getMap().get(JASPICAuthenticationMechanism.HTTP_SERVER_EXCHANGE_ATTACHMENT_KEY);
    SecurityContext securityContext = (SecurityContext) messageInfo.getMap().get(JASPICAuthenticationMechanism.SECURITY_CONTEXT_ATTACHMENT_KEY);
    ServletRequestContext src = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
    List<AuthenticationMechanism> mechanisms = src.getDeployment().getAuthenticationMechanisms();
    try {
        boolean success = false;
        for (AuthenticationMechanism mechanism : mechanisms) {
            AuthenticationMechanism.AuthenticationMechanismOutcome result = mechanism.authenticate(exchange, securityContext);
            if (result == AUTHENTICATED) {
                success = true;
                break;
            } else if (result == NOT_AUTHENTICATED) {
                break;
            }
        }
        if (!success) {
            String mandatory = (String) messageInfo.getMap().get("javax.security.auth.message.MessagePolicy.isMandatory");
            if (mandatory != null && mandatory.toLowerCase().equals("false")) {
                return SUCCESS;
            } else {
                for (AuthenticationMechanism mechanism : mechanisms) {
                    AuthenticationMechanism.ChallengeResult challengeResult = mechanism.sendChallenge(exchange, securityContext);
                    if (challengeResult.getDesiredResponseCode() != null) {
                        exchange.setResponseCode(challengeResult.getDesiredResponseCode());
                    }
                    if (exchange.isResponseComplete()) {
                        break;
                    }
                }
                return SEND_CONTINUE;
            }
        }
    } catch (Exception e) {
        UndertowLogger.ROOT_LOGGER.debug(e);
        throw new AuthException("Could not validateRequest using mechanisms [" + mechanisms + ".");
    }
    return SUCCESS;
}
Also used : HttpServerExchange(io.undertow.server.HttpServerExchange) JASPICAuthenticationMechanism(org.wildfly.extension.undertow.security.jaspi.JASPICAuthenticationMechanism) AuthenticationMechanism(io.undertow.security.api.AuthenticationMechanism) SecurityContext(io.undertow.security.api.SecurityContext) ServletRequestContext(io.undertow.servlet.handlers.ServletRequestContext) AuthException(javax.security.auth.message.AuthException) AuthException(javax.security.auth.message.AuthException)

Example 17 with AuthException

use of javax.security.auth.message.AuthException in project tomee by apache.

the class TheServerAuthModule method cdi.

private void cdi(final MessageInfo messageInfo, final String msg) throws AuthException {
    final HttpServletRequest request = HttpServletRequest.class.cast(messageInfo.getRequestMessage());
    final HttpServletResponse response = HttpServletResponse.class.cast(messageInfo.getResponseMessage());
    if (request.getParameter("bean") != null) {
        final TheBean cdiBean = CDI.current().select(TheBean.class).get();
        cdiBean.set(msg);
        try {
            response.getWriter().write(String.valueOf(request.getAttribute("cdi")));
        } catch (final IOException e) {
            throw new AuthException(e.getMessage());
        }
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) HttpServletResponse(javax.servlet.http.HttpServletResponse) AuthException(javax.security.auth.message.AuthException) IOException(java.io.IOException)

Example 18 with AuthException

use of javax.security.auth.message.AuthException in project tomee by apache.

the class TheServerAuthModule method validateRequest.

@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
    HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
    Callback[] callbacks;
    if (request.getParameter("doLogin") != null) {
        callbacks = new Callback[] { new CallerPrincipalCallback(clientSubject, "test"), new GroupPrincipalCallback(clientSubject, new String[] { "architect" }) };
    } else {
        callbacks = new Callback[] { new CallerPrincipalCallback(clientSubject, (Principal) null) };
    }
    try {
        handler.handle(callbacks);
    } catch (IOException | UnsupportedCallbackException e) {
        throw (AuthException) new AuthException().initCause(e);
    }
    cdi(messageInfo, "vr");
    return SUCCESS;
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) CallerPrincipalCallback(javax.security.auth.message.callback.CallerPrincipalCallback) GroupPrincipalCallback(javax.security.auth.message.callback.GroupPrincipalCallback) GroupPrincipalCallback(javax.security.auth.message.callback.GroupPrincipalCallback) CallerPrincipalCallback(javax.security.auth.message.callback.CallerPrincipalCallback) Callback(javax.security.auth.callback.Callback) AuthException(javax.security.auth.message.AuthException) IOException(java.io.IOException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) Principal(java.security.Principal)

Example 19 with AuthException

use of javax.security.auth.message.AuthException in project Payara by payara.

the class SimpleSAMConfig method getAuthContext.

@Override
public ServerAuthContext getAuthContext(String authContextID, Subject serviceSubject, Map properties) throws AuthException {
    // combine constructed properties with passed in properties
    if (constructedProperties != null)
        properties.putAll(constructedProperties);
    ServerAuthModule localSam = sam;
    if (localSam == null || properties.containsKey(JASPICWebListenerHelper.SAM_PER_REQUEST_PROPERTY)) {
        try {
            localSam = (ServerAuthModule) samClass.newInstance();
        } catch (InstantiationException | IllegalAccessException ex) {
            Logger.getLogger(SimpleSAMConfig.class.getName()).log(Level.SEVERE, null, ex);
            AuthException ae = new AuthException("Unable to instantiate an instance of the provided SAM class");
            ae.initCause(ex);
            throw ae;
        }
    }
    ServerAuthModule sam = this.sam;
    if (sam == null) {
        synchronized (this) {
            this.sam = localSam;
        }
    }
    return new SimpleSAMAuthContext(authContextID, serviceSubject, properties, handler, localSam);
}
Also used : ServerAuthModule(javax.security.auth.message.module.ServerAuthModule) AuthException(javax.security.auth.message.AuthException)

Example 20 with AuthException

use of javax.security.auth.message.AuthException in project Payara by payara.

the class RestMonitoringAuthModule method validateRequest.

@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
    if (securityEnabled) {
        HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
        HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage();
        HttpSession session = request.getSession();
        // Check if our session has already been authenticated
        Principal userPrincipal = request.getUserPrincipal();
        if (userPrincipal != null) {
            try {
                handler.handle(new Callback[] { new CallerPrincipalCallback(clientSubject, userPrincipal) });
                return AuthStatus.SUCCESS;
            } catch (IOException | UnsupportedCallbackException ex) {
                AuthException ae = new AuthException();
                ae.initCause(ex);
                throw ae;
            }
        }
        // See if the username / password has been passed in...
        String username = request.getParameter("j_username");
        String password = request.getParameter("j_password");
        if ((username == null) || (password == null) || !request.getMethod().equalsIgnoreCase("post")) {
            // Not passed in, show the login page...
            String origPath = request.getRequestURI();
            String queryString = request.getQueryString();
            if ((queryString != null) && (!queryString.isEmpty())) {
                origPath += "?" + queryString;
            }
            session.setAttribute(ORIG_REQUEST_PATH, origPath);
            RequestDispatcher rd = request.getRequestDispatcher(LOGIN_PAGE);
            try {
                rd.forward(request, response);
            } catch (Exception ex) {
                AuthException authException = new AuthException();
                authException.initCause(ex);
                throw authException;
            }
            return AuthStatus.SEND_CONTINUE;
        }
        // Authenticate the details
        PasswordValidationCallback pvCallback = new PasswordValidationCallback(clientSubject, username, password.toCharArray());
        try {
            handler.handle(new Callback[] { pvCallback });
        } catch (Exception ex) {
            AuthException ae = new AuthException();
            ae.initCause(ex);
            throw ae;
        }
        // Register the session as authenticated
        messageInfo.getMap().put("javax.servlet.http.registerSession", Boolean.TRUE.toString());
        // Redirect to original path
        try {
            String origRequest = (String) session.getAttribute(ORIG_REQUEST_PATH);
            if ((origRequest == null)) {
                origRequest = contextRoot;
            }
            response.sendRedirect(response.encodeRedirectURL(origRequest));
        } catch (Exception ex) {
            AuthException ae = new AuthException();
            ae.initCause(ex);
            throw ae;
        }
        // Continue...
        return AuthStatus.SUCCESS;
    } else {
        Callback[] callbacks = new Callback[] { new CallerPrincipalCallback(clientSubject, DEFAULT_USER_NAME) };
        try {
            handler.handle(callbacks);
        } catch (IOException | UnsupportedCallbackException ex) {
            Logger.getLogger(RestMonitoringAuthModule.class.getName()).log(Level.SEVERE, null, ex);
        }
        return AuthStatus.SUCCESS;
    }
}
Also used : HttpSession(javax.servlet.http.HttpSession) HttpServletResponse(javax.servlet.http.HttpServletResponse) AuthException(javax.security.auth.message.AuthException) IOException(java.io.IOException) RequestDispatcher(javax.servlet.RequestDispatcher) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) IOException(java.io.IOException) AuthException(javax.security.auth.message.AuthException) HttpServletRequest(javax.servlet.http.HttpServletRequest) CallerPrincipalCallback(javax.security.auth.message.callback.CallerPrincipalCallback) PasswordValidationCallback(javax.security.auth.message.callback.PasswordValidationCallback) CallerPrincipalCallback(javax.security.auth.message.callback.CallerPrincipalCallback) Callback(javax.security.auth.callback.Callback) PasswordValidationCallback(javax.security.auth.message.callback.PasswordValidationCallback) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) Principal(java.security.Principal)

Aggregations

AuthException (javax.security.auth.message.AuthException)40 IOException (java.io.IOException)25 HttpServletRequest (javax.servlet.http.HttpServletRequest)23 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)21 CallerPrincipalCallback (javax.security.auth.message.callback.CallerPrincipalCallback)16 Principal (java.security.Principal)15 GroupPrincipalCallback (javax.security.auth.message.callback.GroupPrincipalCallback)14 HttpServletResponse (javax.servlet.http.HttpServletResponse)13 Callback (javax.security.auth.callback.Callback)10 Subject (javax.security.auth.Subject)7 ServerAuthContext (javax.security.auth.message.config.ServerAuthContext)7 MessageInfo (javax.security.auth.message.MessageInfo)6 AuthStatus (javax.security.auth.message.AuthStatus)5 MalformedURLException (java.net.MalformedURLException)3 PrivilegedActionException (java.security.PrivilegedActionException)3 ServerAuthConfig (javax.security.auth.message.config.ServerAuthConfig)3 ServerAuthModule (javax.security.auth.message.module.ServerAuthModule)3 HttpSession (javax.servlet.http.HttpSession)3 SecurityContext (com.sun.enterprise.security.SecurityContext)2 PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial