Search in sources :

Example 41 with AuthException

use of javax.security.auth.message.AuthException in project javaee7-samples by javaee-samples.

the class TestServerAuthModule method validateRequest.

@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
    HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
    Callback[] callbacks;
    if (request.getParameter("doLogin") != null) {
        callbacks = new Callback[] { new CallerPrincipalCallback(clientSubject, "test"), new GroupPrincipalCallback(clientSubject, new String[] { "architect" }) };
    } else {
        // The JASPIC protocol for "do nothing"
        callbacks = new Callback[] { new CallerPrincipalCallback(clientSubject, (Principal) null) };
    }
    try {
        handler.handle(callbacks);
    } catch (IOException | UnsupportedCallbackException e) {
        throw (AuthException) new AuthException().initCause(e);
    }
    return SUCCESS;
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) CallerPrincipalCallback(javax.security.auth.message.callback.CallerPrincipalCallback) GroupPrincipalCallback(javax.security.auth.message.callback.GroupPrincipalCallback) GroupPrincipalCallback(javax.security.auth.message.callback.GroupPrincipalCallback) CallerPrincipalCallback(javax.security.auth.message.callback.CallerPrincipalCallback) Callback(javax.security.auth.callback.Callback) AuthException(javax.security.auth.message.AuthException) IOException(java.io.IOException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) Principal(java.security.Principal)

Example 42 with AuthException

use of javax.security.auth.message.AuthException in project javaee7-samples by javaee-samples.

the class TestServerAuthModule method validateRequest.

@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
    HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
    Callback[] callbacks;
    if (request.getParameter("doLogin") != null) {
        // For the test perform a login by directly "returning" the details of the authenticated user.
        // Normally credentials would be checked and the details fetched from some repository
        callbacks = new Callback[] { // The name of the authenticated user
        new CallerPrincipalCallback(clientSubject, "test"), // the roles of the authenticated user
        new GroupPrincipalCallback(clientSubject, new String[] { "architect" }) };
    } else {
        // The JASPIC protocol for "do nothing"
        callbacks = new Callback[] { new CallerPrincipalCallback(clientSubject, (Principal) null) };
    }
    try {
        // Communicate the details of the authenticated user to the container. In many
        // cases the handler will just store the details and the container will actually handle
        // the login after we return from this method.
        handler.handle(callbacks);
    } catch (IOException | UnsupportedCallbackException e) {
        throw (AuthException) new AuthException().initCause(e);
    }
    return SUCCESS;
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) CallerPrincipalCallback(javax.security.auth.message.callback.CallerPrincipalCallback) GroupPrincipalCallback(javax.security.auth.message.callback.GroupPrincipalCallback) GroupPrincipalCallback(javax.security.auth.message.callback.GroupPrincipalCallback) CallerPrincipalCallback(javax.security.auth.message.callback.CallerPrincipalCallback) Callback(javax.security.auth.callback.Callback) AuthException(javax.security.auth.message.AuthException) IOException(java.io.IOException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) Principal(java.security.Principal)

Example 43 with AuthException

use of javax.security.auth.message.AuthException in project javaee7-samples by javaee-samples.

the class TestServerAuthModule method validateRequest.

@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
    HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
    Callback[] callbacks;
    if (request.getParameter("doLogin") != null) {
        // For the test perform a login by directly "returning" the details of the authenticated user.
        // Normally credentials would be checked and the details fetched from some repository
        callbacks = new Callback[] { // The name of the authenticated user
        new CallerPrincipalCallback(clientSubject, "test"), // the roles of the authenticated user
        new GroupPrincipalCallback(clientSubject, new String[] { "architect" }) };
    } else {
        // The JASPIC protocol for "do nothing"
        callbacks = new Callback[] { new CallerPrincipalCallback(clientSubject, (Principal) null) };
    }
    try {
        // Communicate the details of the authenticated user to the container. In many
        // cases the handler will just store the details and the container will actually handle
        // the login after we return from this method.
        handler.handle(callbacks);
    } catch (IOException | UnsupportedCallbackException e) {
        throw (AuthException) new AuthException().initCause(e);
    }
    return SUCCESS;
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) CallerPrincipalCallback(javax.security.auth.message.callback.CallerPrincipalCallback) GroupPrincipalCallback(javax.security.auth.message.callback.GroupPrincipalCallback) GroupPrincipalCallback(javax.security.auth.message.callback.GroupPrincipalCallback) CallerPrincipalCallback(javax.security.auth.message.callback.CallerPrincipalCallback) Callback(javax.security.auth.callback.Callback) AuthException(javax.security.auth.message.AuthException) IOException(java.io.IOException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) Principal(java.security.Principal)

Example 44 with AuthException

use of javax.security.auth.message.AuthException in project jbossws-cxf by jbossws.

the class JaspiServerAuthenticator method secureResponse.

public void secureResponse(SoapMessage message) {
    SOAPMessage request = message.getExchange().getInMessage().get(SOAPMessage.class);
    SOAPMessage response = message.getContent(SOAPMessage.class);
    MessageInfo messageInfo = new GenericMessageInfo(request, response);
    AuthStatus authStatus = null;
    try {
        authStatus = sctx.secureResponse(messageInfo, null);
    } catch (AuthException e) {
        if (isSOAP12(message)) {
            SoapFault soap12Fault = new SoapFault(e.getMessage(), Soap12.getInstance().getReceiver());
            throw soap12Fault;
        } else {
            throw new SoapFault(e.getMessage(), new QName("", "jaspi AuthException"));
        }
    }
    if (messageInfo.getResponseMessage() != null && !message.getExchange().isOneWay()) {
        if (AuthStatus.SEND_CONTINUE == authStatus) {
            message.put(Message.RESPONSE_CODE, Integer.valueOf(303));
        }
        if (AuthStatus.SEND_FAILURE == authStatus) {
            message.put(Message.RESPONSE_CODE, Integer.valueOf(500));
        }
    }
}
Also used : SoapFault(org.apache.cxf.binding.soap.SoapFault) AuthStatus(javax.security.auth.message.AuthStatus) QName(javax.xml.namespace.QName) GenericMessageInfo(org.jboss.security.auth.message.GenericMessageInfo) AuthException(javax.security.auth.message.AuthException) SOAPMessage(javax.xml.soap.SOAPMessage) MessageInfo(javax.security.auth.message.MessageInfo) GenericMessageInfo(org.jboss.security.auth.message.GenericMessageInfo)

Example 45 with AuthException

use of javax.security.auth.message.AuthException in project jbossws-cxf by jbossws.

the class JaspiClientAuthenticator method secureRequest.

public void secureRequest(SoapMessage message) {
    SOAPMessage soapMessage = message.getContent(SOAPMessage.class);
    MessageInfo messageInfo = new GenericMessageInfo(soapMessage, null);
    String authContextID = clientConfig.getAuthContextID(messageInfo);
    Properties serverContextProperties = new Properties();
    serverContextProperties.put("security-domain", securityDomain);
    serverContextProperties.put("jaspi-policy", jpi);
    Subject clientSubject = new Subject();
    @SuppressWarnings("unused") AuthStatus authStatus = null;
    try {
        ClientAuthContext cctx = clientConfig.getAuthContext(authContextID, clientSubject, serverContextProperties);
        authStatus = cctx.secureRequest(messageInfo, clientSubject);
    } catch (AuthException e) {
        if (isSOAP12(message)) {
            SoapFault soap12Fault = new SoapFault(e.getMessage(), Soap12.getInstance().getSender());
            throw soap12Fault;
        } else {
            throw new SoapFault(e.getMessage(), new QName("", "japsi AuthException"));
        }
    }
// TODO:look at how to handle AuthStatus
}
Also used : SoapFault(org.apache.cxf.binding.soap.SoapFault) AuthStatus(javax.security.auth.message.AuthStatus) QName(javax.xml.namespace.QName) GenericMessageInfo(org.jboss.security.auth.message.GenericMessageInfo) AuthException(javax.security.auth.message.AuthException) ClientAuthContext(javax.security.auth.message.config.ClientAuthContext) Properties(java.util.Properties) SOAPMessage(javax.xml.soap.SOAPMessage) Subject(javax.security.auth.Subject) MessageInfo(javax.security.auth.message.MessageInfo) GenericMessageInfo(org.jboss.security.auth.message.GenericMessageInfo)

Aggregations

AuthException (javax.security.auth.message.AuthException)48 IOException (java.io.IOException)27 HttpServletRequest (javax.servlet.http.HttpServletRequest)24 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)21 CallerPrincipalCallback (javax.security.auth.message.callback.CallerPrincipalCallback)16 Principal (java.security.Principal)14 GroupPrincipalCallback (javax.security.auth.message.callback.GroupPrincipalCallback)14 HttpServletResponse (javax.servlet.http.HttpServletResponse)13 MessageInfo (javax.security.auth.message.MessageInfo)11 Callback (javax.security.auth.callback.Callback)10 AuthStatus (javax.security.auth.message.AuthStatus)9 Subject (javax.security.auth.Subject)8 ServerAuthContext (javax.security.auth.message.config.ServerAuthContext)7 PrivilegedActionException (java.security.PrivilegedActionException)4 ClientAuthModule (javax.security.auth.message.module.ClientAuthModule)4 ServerAuthModule (javax.security.auth.message.module.ServerAuthModule)4 MalformedURLException (java.net.MalformedURLException)3 ArrayList (java.util.ArrayList)3 HashMap (java.util.HashMap)3 Map (java.util.Map)3