use of javax.security.auth.message.AuthException in project javaee7-samples by javaee-samples.
the class TestServerAuthModule method validateRequest.
@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
Callback[] callbacks;
if (request.getParameter("doLogin") != null) {
callbacks = new Callback[] { new CallerPrincipalCallback(clientSubject, "test"), new GroupPrincipalCallback(clientSubject, new String[] { "architect" }) };
} else {
// The JASPIC protocol for "do nothing"
callbacks = new Callback[] { new CallerPrincipalCallback(clientSubject, (Principal) null) };
}
try {
handler.handle(callbacks);
} catch (IOException | UnsupportedCallbackException e) {
throw (AuthException) new AuthException().initCause(e);
}
return SUCCESS;
}
use of javax.security.auth.message.AuthException in project javaee7-samples by javaee-samples.
the class TestServerAuthModule method validateRequest.
@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
Callback[] callbacks;
if (request.getParameter("doLogin") != null) {
// For the test perform a login by directly "returning" the details of the authenticated user.
// Normally credentials would be checked and the details fetched from some repository
callbacks = new Callback[] { // The name of the authenticated user
new CallerPrincipalCallback(clientSubject, "test"), // the roles of the authenticated user
new GroupPrincipalCallback(clientSubject, new String[] { "architect" }) };
} else {
// The JASPIC protocol for "do nothing"
callbacks = new Callback[] { new CallerPrincipalCallback(clientSubject, (Principal) null) };
}
try {
// Communicate the details of the authenticated user to the container. In many
// cases the handler will just store the details and the container will actually handle
// the login after we return from this method.
handler.handle(callbacks);
} catch (IOException | UnsupportedCallbackException e) {
throw (AuthException) new AuthException().initCause(e);
}
return SUCCESS;
}
use of javax.security.auth.message.AuthException in project javaee7-samples by javaee-samples.
the class TestServerAuthModule method validateRequest.
@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
Callback[] callbacks;
if (request.getParameter("doLogin") != null) {
// For the test perform a login by directly "returning" the details of the authenticated user.
// Normally credentials would be checked and the details fetched from some repository
callbacks = new Callback[] { // The name of the authenticated user
new CallerPrincipalCallback(clientSubject, "test"), // the roles of the authenticated user
new GroupPrincipalCallback(clientSubject, new String[] { "architect" }) };
} else {
// The JASPIC protocol for "do nothing"
callbacks = new Callback[] { new CallerPrincipalCallback(clientSubject, (Principal) null) };
}
try {
// Communicate the details of the authenticated user to the container. In many
// cases the handler will just store the details and the container will actually handle
// the login after we return from this method.
handler.handle(callbacks);
} catch (IOException | UnsupportedCallbackException e) {
throw (AuthException) new AuthException().initCause(e);
}
return SUCCESS;
}
use of javax.security.auth.message.AuthException in project jbossws-cxf by jbossws.
the class JaspiServerAuthenticator method secureResponse.
public void secureResponse(SoapMessage message) {
SOAPMessage request = message.getExchange().getInMessage().get(SOAPMessage.class);
SOAPMessage response = message.getContent(SOAPMessage.class);
MessageInfo messageInfo = new GenericMessageInfo(request, response);
AuthStatus authStatus = null;
try {
authStatus = sctx.secureResponse(messageInfo, null);
} catch (AuthException e) {
if (isSOAP12(message)) {
SoapFault soap12Fault = new SoapFault(e.getMessage(), Soap12.getInstance().getReceiver());
throw soap12Fault;
} else {
throw new SoapFault(e.getMessage(), new QName("", "jaspi AuthException"));
}
}
if (messageInfo.getResponseMessage() != null && !message.getExchange().isOneWay()) {
if (AuthStatus.SEND_CONTINUE == authStatus) {
message.put(Message.RESPONSE_CODE, Integer.valueOf(303));
}
if (AuthStatus.SEND_FAILURE == authStatus) {
message.put(Message.RESPONSE_CODE, Integer.valueOf(500));
}
}
}
use of javax.security.auth.message.AuthException in project jbossws-cxf by jbossws.
the class JaspiClientAuthenticator method secureRequest.
public void secureRequest(SoapMessage message) {
SOAPMessage soapMessage = message.getContent(SOAPMessage.class);
MessageInfo messageInfo = new GenericMessageInfo(soapMessage, null);
String authContextID = clientConfig.getAuthContextID(messageInfo);
Properties serverContextProperties = new Properties();
serverContextProperties.put("security-domain", securityDomain);
serverContextProperties.put("jaspi-policy", jpi);
Subject clientSubject = new Subject();
@SuppressWarnings("unused") AuthStatus authStatus = null;
try {
ClientAuthContext cctx = clientConfig.getAuthContext(authContextID, clientSubject, serverContextProperties);
authStatus = cctx.secureRequest(messageInfo, clientSubject);
} catch (AuthException e) {
if (isSOAP12(message)) {
SoapFault soap12Fault = new SoapFault(e.getMessage(), Soap12.getInstance().getSender());
throw soap12Fault;
} else {
throw new SoapFault(e.getMessage(), new QName("", "japsi AuthException"));
}
}
// TODO:look at how to handle AuthStatus
}
Aggregations