Search in sources :

Example 31 with AuthException

use of javax.security.auth.message.AuthException in project javaee7-samples by javaee-samples.

the class TestServerAuthModule method validateRequest.

@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
    HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
    HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage();
    if ("cdi".equals(request.getParameter("tech"))) {
        callCDIBean(request, response, "validateRequest");
    } else if ("ejb".equals(request.getParameter("tech"))) {
        callEJBBean(response, "validateRequest");
    }
    try {
        handler.handle(new Callback[] { new CallerPrincipalCallback(clientSubject, "test"), new GroupPrincipalCallback(clientSubject, new String[] { "architect" }) });
        return SUCCESS;
    } catch (IOException | UnsupportedCallbackException e) {
        throw (AuthException) new AuthException().initCause(e);
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) CallerPrincipalCallback(javax.security.auth.message.callback.CallerPrincipalCallback) GroupPrincipalCallback(javax.security.auth.message.callback.GroupPrincipalCallback) HttpServletResponse(javax.servlet.http.HttpServletResponse) AuthException(javax.security.auth.message.AuthException) IOException(java.io.IOException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)

Example 32 with AuthException

use of javax.security.auth.message.AuthException in project javaee7-samples by javaee-samples.

the class TestServerAuthModule method validateRequest.

@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
    HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
    Callback[] callbacks;
    if (request.getParameter("doLogin") != null) {
        callbacks = new Callback[] { new CallerPrincipalCallback(clientSubject, "test"), new GroupPrincipalCallback(clientSubject, new String[] { "architect" }) };
    } else {
        // The JASPIC protocol for "do nothing"
        callbacks = new Callback[] { new CallerPrincipalCallback(clientSubject, (Principal) null) };
    }
    try {
        handler.handle(callbacks);
    } catch (IOException | UnsupportedCallbackException e) {
        throw (AuthException) new AuthException().initCause(e);
    }
    return SUCCESS;
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) CallerPrincipalCallback(javax.security.auth.message.callback.CallerPrincipalCallback) GroupPrincipalCallback(javax.security.auth.message.callback.GroupPrincipalCallback) GroupPrincipalCallback(javax.security.auth.message.callback.GroupPrincipalCallback) CallerPrincipalCallback(javax.security.auth.message.callback.CallerPrincipalCallback) Callback(javax.security.auth.callback.Callback) AuthException(javax.security.auth.message.AuthException) IOException(java.io.IOException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) Principal(java.security.Principal)

Example 33 with AuthException

use of javax.security.auth.message.AuthException in project javaee7-samples by javaee-samples.

the class TestWrappingServerAuthModule method validateRequest.

@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
    try {
        handler.handle(new Callback[] { new CallerPrincipalCallback(clientSubject, "test"), new GroupPrincipalCallback(clientSubject, new String[] { "architect" }) });
    } catch (IOException | UnsupportedCallbackException e) {
        throw (AuthException) new AuthException().initCause(e);
    }
    // Wrap the request - the resource to be invoked should get to see this
    messageInfo.setRequestMessage(new TestHttpServletRequestWrapper((HttpServletRequest) messageInfo.getRequestMessage()));
    // Wrap the response - the resource to be invoked should get to see this
    messageInfo.setResponseMessage(new TestHttpServletResponseWrapper((HttpServletResponse) messageInfo.getResponseMessage()));
    return SUCCESS;
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) CallerPrincipalCallback(javax.security.auth.message.callback.CallerPrincipalCallback) GroupPrincipalCallback(javax.security.auth.message.callback.GroupPrincipalCallback) TestHttpServletRequestWrapper(org.javaee7.jaspic.wrapping.servlet.TestHttpServletRequestWrapper) AuthException(javax.security.auth.message.AuthException) HttpServletResponse(javax.servlet.http.HttpServletResponse) IOException(java.io.IOException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) TestHttpServletResponseWrapper(org.javaee7.jaspic.wrapping.servlet.TestHttpServletResponseWrapper)

Example 34 with AuthException

use of javax.security.auth.message.AuthException in project jetty.project by eclipse.

the class BasicAuthModule method validateRequest.

@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
    HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
    HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage();
    String credentials = request.getHeader(HttpHeader.AUTHORIZATION.asString());
    try {
        if (credentials != null) {
            if (LOG.isDebugEnabled())
                LOG.debug("Credentials: " + credentials);
            if (login(clientSubject, credentials, Constraint.__BASIC_AUTH, messageInfo)) {
                return AuthStatus.SUCCESS;
            }
        }
        if (!isMandatory(messageInfo)) {
            return AuthStatus.SUCCESS;
        }
        response.setHeader(HttpHeader.WWW_AUTHENTICATE.asString(), "basic realm=\"" + realmName + '"');
        response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
        return AuthStatus.SEND_CONTINUE;
    } catch (IOException e) {
        throw new AuthException(e.getMessage());
    } catch (UnsupportedCallbackException e) {
        throw new AuthException(e.getMessage());
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) HttpServletResponse(javax.servlet.http.HttpServletResponse) AuthException(javax.security.auth.message.AuthException) IOException(java.io.IOException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)

Example 35 with AuthException

use of javax.security.auth.message.AuthException in project jetty.project by eclipse.

the class ClientCertAuthModule method validateRequest.

@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
    HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
    HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage();
    java.security.cert.X509Certificate[] certs = (java.security.cert.X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
    try {
        // Need certificates.
        if (certs == null || certs.length == 0 || certs[0] == null) {
            response.sendError(HttpServletResponse.SC_FORBIDDEN, "A client certificate is required for accessing this web application but the server's listener is not configured for mutual authentication (or the client did not provide a certificate).");
            return AuthStatus.SEND_FAILURE;
        }
        Principal principal = certs[0].getSubjectDN();
        if (principal == null)
            principal = certs[0].getIssuerDN();
        final String username = principal == null ? "clientcert" : principal.getName();
        // TODO no idea if this is correct
        final String password = new String(B64Code.encode(certs[0].getSignature()));
        // TODO is cert_auth correct?
        if (login(clientSubject, username, new Password(password), Constraint.__CERT_AUTH, messageInfo)) {
            return AuthStatus.SUCCESS;
        }
        if (!isMandatory(messageInfo)) {
            return AuthStatus.SUCCESS;
        }
        response.sendError(HttpServletResponse.SC_FORBIDDEN, "The provided client certificate does not correspond to a trusted user.");
        return AuthStatus.SEND_FAILURE;
    } catch (IOException e) {
        throw new AuthException(e.getMessage());
    } catch (UnsupportedCallbackException e) {
        throw new AuthException(e.getMessage());
    }
}
Also used : HttpServletResponse(javax.servlet.http.HttpServletResponse) AuthException(javax.security.auth.message.AuthException) IOException(java.io.IOException) HttpServletRequest(javax.servlet.http.HttpServletRequest) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) Principal(java.security.Principal) Password(org.eclipse.jetty.util.security.Password)

Aggregations

AuthException (javax.security.auth.message.AuthException)40 IOException (java.io.IOException)25 HttpServletRequest (javax.servlet.http.HttpServletRequest)23 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)21 CallerPrincipalCallback (javax.security.auth.message.callback.CallerPrincipalCallback)16 Principal (java.security.Principal)15 GroupPrincipalCallback (javax.security.auth.message.callback.GroupPrincipalCallback)14 HttpServletResponse (javax.servlet.http.HttpServletResponse)13 Callback (javax.security.auth.callback.Callback)10 Subject (javax.security.auth.Subject)7 ServerAuthContext (javax.security.auth.message.config.ServerAuthContext)7 MessageInfo (javax.security.auth.message.MessageInfo)6 AuthStatus (javax.security.auth.message.AuthStatus)5 MalformedURLException (java.net.MalformedURLException)3 PrivilegedActionException (java.security.PrivilegedActionException)3 ServerAuthConfig (javax.security.auth.message.config.ServerAuthConfig)3 ServerAuthModule (javax.security.auth.message.module.ServerAuthModule)3 HttpSession (javax.servlet.http.HttpSession)3 SecurityContext (com.sun.enterprise.security.SecurityContext)2 PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)2