Search in sources :

Example 26 with AuthException

use of javax.security.auth.message.AuthException in project javaee7-samples by javaee-samples.

the class TestServerAuthModule method validateRequest.

@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
    HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
    Callback[] callbacks;
    if (request.getParameter("doLogin") != null) {
        callbacks = new Callback[] { new CallerPrincipalCallback(clientSubject, "test"), new GroupPrincipalCallback(clientSubject, new String[] { "architect" }) };
    } else {
        // The JASPIC protocol for "do nothing"
        callbacks = new Callback[] { new CallerPrincipalCallback(clientSubject, (Principal) null) };
    }
    try {
        handler.handle(callbacks);
    } catch (IOException | UnsupportedCallbackException e) {
        throw (AuthException) new AuthException().initCause(e);
    }
    return SUCCESS;
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) CallerPrincipalCallback(javax.security.auth.message.callback.CallerPrincipalCallback) GroupPrincipalCallback(javax.security.auth.message.callback.GroupPrincipalCallback) GroupPrincipalCallback(javax.security.auth.message.callback.GroupPrincipalCallback) CallerPrincipalCallback(javax.security.auth.message.callback.CallerPrincipalCallback) Callback(javax.security.auth.callback.Callback) AuthException(javax.security.auth.message.AuthException) IOException(java.io.IOException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) Principal(java.security.Principal)

Example 27 with AuthException

use of javax.security.auth.message.AuthException in project javaee7-samples by javaee-samples.

the class TestWrappingServerAuthModule method validateRequest.

@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
    try {
        handler.handle(new Callback[] { new CallerPrincipalCallback(clientSubject, "test"), new GroupPrincipalCallback(clientSubject, new String[] { "architect" }) });
    } catch (IOException | UnsupportedCallbackException e) {
        throw (AuthException) new AuthException().initCause(e);
    }
    // Wrap the request - the resource to be invoked should get to see this
    messageInfo.setRequestMessage(new TestHttpServletRequestWrapper((HttpServletRequest) messageInfo.getRequestMessage()));
    // Wrap the response - the resource to be invoked should get to see this
    messageInfo.setResponseMessage(new TestHttpServletResponseWrapper((HttpServletResponse) messageInfo.getResponseMessage()));
    return SUCCESS;
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) CallerPrincipalCallback(javax.security.auth.message.callback.CallerPrincipalCallback) GroupPrincipalCallback(javax.security.auth.message.callback.GroupPrincipalCallback) TestHttpServletRequestWrapper(org.javaee7.jaspic.wrapping.servlet.TestHttpServletRequestWrapper) AuthException(javax.security.auth.message.AuthException) HttpServletResponse(javax.servlet.http.HttpServletResponse) IOException(java.io.IOException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) TestHttpServletResponseWrapper(org.javaee7.jaspic.wrapping.servlet.TestHttpServletResponseWrapper)

Example 28 with AuthException

use of javax.security.auth.message.AuthException in project javaee7-samples by javaee-samples.

the class TestServerAuthModule method validateRequest.

@SuppressWarnings("unchecked")
@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
    HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
    Callback[] callbacks;
    Principal userPrincipal = request.getUserPrincipal();
    if (userPrincipal != null && request.getParameter("continueSession") != null) {
        // ### If already authenticated before, continue this session
        // Execute protocol to signal container registered authentication session be used.
        callbacks = new Callback[] { new CallerPrincipalCallback(clientSubject, userPrincipal) };
    } else if (request.getParameter("doLogin") != null) {
        // ### If not authenticated before, do a new login if so requested
        // For the test perform a login by directly "returning" the details of the authenticated user.
        // Normally credentials would be checked and the details fetched from some repository
        callbacks = new Callback[] { request.getParameter("customPrincipal") == null ? // Name based Callback 
        new CallerPrincipalCallback(clientSubject, "test") : // Custom principal based Callback
        new CallerPrincipalCallback(clientSubject, new MyPrincipal("test")), // the roles of the authenticated user
        new GroupPrincipalCallback(clientSubject, new String[] { "architect" }) };
        // Tell container to register an authentication session.
        messageInfo.getMap().put("javax.servlet.http.registerSession", TRUE.toString());
    } else {
        // ### If no registered session and no login request "do nothing"
        // The JASPIC protocol for "do nothing"
        callbacks = new Callback[] { new CallerPrincipalCallback(clientSubject, (Principal) null) };
    }
    try {
        // Communicate the details of the authenticated user to the container. In many
        // cases the handler will just store the details and the container will actually handle
        // the login after we return from this method.
        handler.handle(callbacks);
    } catch (IOException | UnsupportedCallbackException e) {
        throw (AuthException) new AuthException().initCause(e);
    }
    return SUCCESS;
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) CallerPrincipalCallback(javax.security.auth.message.callback.CallerPrincipalCallback) GroupPrincipalCallback(javax.security.auth.message.callback.GroupPrincipalCallback) GroupPrincipalCallback(javax.security.auth.message.callback.GroupPrincipalCallback) CallerPrincipalCallback(javax.security.auth.message.callback.CallerPrincipalCallback) Callback(javax.security.auth.callback.Callback) AuthException(javax.security.auth.message.AuthException) IOException(java.io.IOException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) Principal(java.security.Principal)

Aggregations

AuthException (javax.security.auth.message.AuthException)28 IOException (java.io.IOException)19 HttpServletRequest (javax.servlet.http.HttpServletRequest)19 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)17 CallerPrincipalCallback (javax.security.auth.message.callback.CallerPrincipalCallback)15 GroupPrincipalCallback (javax.security.auth.message.callback.GroupPrincipalCallback)14 Principal (java.security.Principal)13 HttpServletResponse (javax.servlet.http.HttpServletResponse)10 Callback (javax.security.auth.callback.Callback)9 Subject (javax.security.auth.Subject)4 AuthStatus (javax.security.auth.message.AuthStatus)4 ServerAuthContext (javax.security.auth.message.config.ServerAuthContext)4 ServerAuthConfig (javax.security.auth.message.config.ServerAuthConfig)3 HashMap (java.util.HashMap)2 Map (java.util.Map)2 MessageInfo (javax.security.auth.message.MessageInfo)2 AuthConfigProvider (javax.security.auth.message.config.AuthConfigProvider)2 HttpSession (javax.servlet.http.HttpSession)2 MessageInfoImpl (org.apache.catalina.authenticator.jaspic.MessageInfoImpl)2 GenericPrincipal (org.apache.catalina.realm.GenericPrincipal)2