Examples with AuthStatus javax.security.auth.message.AuthStatus used on opensource projects

Search in sources :

Example 1 with AuthStatus

use of javax.security.auth.message.AuthStatus in project tomcat by apache.

the class AuthenticatorBase method authenticateJaspic.

private boolean authenticateJaspic(Request request, Response response, JaspicState state, boolean requirePrincipal) {
    boolean cachedAuth = checkForCachedAuthentication(request, response, false);
    Subject client = new Subject();
    AuthStatus authStatus;
    try {
        authStatus = state.serverAuthContext.validateRequest(state.messageInfo, client, null);
    } catch (AuthException e) {
        log.debug(sm.getString("authenticator.loginFail"), e);
        return false;
    }
    request.setRequest((HttpServletRequest) state.messageInfo.getRequestMessage());
    response.setResponse((HttpServletResponse) state.messageInfo.getResponseMessage());
    if (authStatus == AuthStatus.SUCCESS) {
        GenericPrincipal principal = getPrincipal(client);
        if (log.isDebugEnabled()) {
            log.debug("Authenticated user: " + principal);
        }
        if (principal == null) {
            request.setUserPrincipal(null);
            request.setAuthType(null);
            if (requirePrincipal) {
                return false;
            }
        } else if (cachedAuth == false || !principal.getUserPrincipal().equals(request.getUserPrincipal())) {
            // Skip registration if authentication credentials were
            // cached and the Principal did not change.
            request.setNote(Constants.REQ_JASPIC_SUBJECT_NOTE, client);
            // JASPIC API uses raw types
            @SuppressWarnings("rawtypes") Map map = state.messageInfo.getMap();
            if (map != null && map.containsKey("javax.servlet.http.registerSession")) {
                register(request, response, principal, "JASPIC", null, null, true, true);
            } else {
                register(request, response, principal, "JASPIC", null, null);
            }
        }
        return true;
    }
    return false;
}
Also used : GenericPrincipal(org.apache.catalina.realm.GenericPrincipal) AuthStatus(javax.security.auth.message.AuthStatus) AuthException(javax.security.auth.message.AuthException) Map(java.util.Map) Subject(javax.security.auth.Subject)

Example 2 with AuthStatus

use of javax.security.auth.message.AuthStatus in project jetty.project by eclipse.

the class JaspiAuthenticator method secureResponse.

public boolean secureResponse(JaspiMessageInfo messageInfo, Authentication validatedUser) throws ServerAuthException {
    try {
        String authContextId = _authConfig.getAuthContextID(messageInfo);
        ServerAuthContext authContext = _authConfig.getAuthContext(authContextId, _serviceSubject, _authProperties);
        // TODO
        // authContext.cleanSubject(messageInfo,validatedUser.getUserIdentity().getSubject());
        AuthStatus status = authContext.secureResponse(messageInfo, _serviceSubject);
        return (AuthStatus.SEND_SUCCESS.equals(status));
    } catch (AuthException e) {
        throw new ServerAuthException(e);
    }
}
Also used : AuthStatus(javax.security.auth.message.AuthStatus) AuthException(javax.security.auth.message.AuthException) ServerAuthException(org.eclipse.jetty.security.ServerAuthException) ServerAuthException(org.eclipse.jetty.security.ServerAuthException) ServerAuthContext(javax.security.auth.message.config.ServerAuthContext)

Example 3 with AuthStatus

use of javax.security.auth.message.AuthStatus in project jetty.project by eclipse.

the class JaspiAuthenticator method validateRequest.

public Authentication validateRequest(JaspiMessageInfo messageInfo) throws ServerAuthException {
    try {
        String authContextId = _authConfig.getAuthContextID(messageInfo);
        ServerAuthContext authContext = _authConfig.getAuthContext(authContextId, _serviceSubject, _authProperties);
        Subject clientSubject = new Subject();
        AuthStatus authStatus = authContext.validateRequest(messageInfo, clientSubject, _serviceSubject);
        if (authStatus == AuthStatus.SEND_CONTINUE)
            return Authentication.SEND_CONTINUE;
        if (authStatus == AuthStatus.SEND_FAILURE)
            return Authentication.SEND_FAILURE;
        if (authStatus == AuthStatus.SUCCESS) {
            Set<UserIdentity> ids = clientSubject.getPrivateCredentials(UserIdentity.class);
            UserIdentity userIdentity;
            if (ids.size() > 0) {
                userIdentity = ids.iterator().next();
            } else {
                CallerPrincipalCallback principalCallback = _callbackHandler.getThreadCallerPrincipalCallback();
                if (principalCallback == null) {
                    return Authentication.UNAUTHENTICATED;
                }
                Principal principal = principalCallback.getPrincipal();
                if (principal == null) {
                    String principalName = principalCallback.getName();
                    Set<Principal> principals = principalCallback.getSubject().getPrincipals();
                    for (Principal p : principals) {
                        if (p.getName().equals(principalName)) {
                            principal = p;
                            break;
                        }
                    }
                    if (principal == null) {
                        return Authentication.UNAUTHENTICATED;
                    }
                }
                GroupPrincipalCallback groupPrincipalCallback = _callbackHandler.getThreadGroupPrincipalCallback();
                String[] groups = groupPrincipalCallback == null ? null : groupPrincipalCallback.getGroups();
                userIdentity = _identityService.newUserIdentity(clientSubject, principal, groups);
            }
            HttpSession session = ((HttpServletRequest) messageInfo.getRequestMessage()).getSession(false);
            Authentication cached = (session == null ? null : (SessionAuthentication) session.getAttribute(SessionAuthentication.__J_AUTHENTICATED));
            if (cached != null)
                return cached;
            return new UserAuthentication(getAuthMethod(), userIdentity);
        }
        if (authStatus == AuthStatus.SEND_SUCCESS) {
            // we are processing a message in a secureResponse dialog.
            return Authentication.SEND_SUCCESS;
        }
        if (authStatus == AuthStatus.FAILURE) {
            HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage();
            response.sendError(HttpServletResponse.SC_FORBIDDEN);
            return Authentication.SEND_FAILURE;
        }
        // should not happen
        throw new IllegalStateException("No AuthStatus returned");
    } catch (IOException | AuthException e) {
        throw new ServerAuthException(e);
    }
}
Also used : HttpSession(javax.servlet.http.HttpSession) UserIdentity(org.eclipse.jetty.server.UserIdentity) HttpServletResponse(javax.servlet.http.HttpServletResponse) AuthException(javax.security.auth.message.AuthException) ServerAuthException(org.eclipse.jetty.security.ServerAuthException) SessionAuthentication(org.eclipse.jetty.security.authentication.SessionAuthentication) IOException(java.io.IOException) ServerAuthException(org.eclipse.jetty.security.ServerAuthException) UserAuthentication(org.eclipse.jetty.security.UserAuthentication) Subject(javax.security.auth.Subject) ServerAuthContext(javax.security.auth.message.config.ServerAuthContext) HttpServletRequest(javax.servlet.http.HttpServletRequest) CallerPrincipalCallback(javax.security.auth.message.callback.CallerPrincipalCallback) GroupPrincipalCallback(javax.security.auth.message.callback.GroupPrincipalCallback) AuthStatus(javax.security.auth.message.AuthStatus) DeferredAuthentication(org.eclipse.jetty.security.authentication.DeferredAuthentication) SessionAuthentication(org.eclipse.jetty.security.authentication.SessionAuthentication) UserAuthentication(org.eclipse.jetty.security.UserAuthentication) Authentication(org.eclipse.jetty.server.Authentication) Principal(java.security.Principal)

Example 4 with AuthStatus

use of javax.security.auth.message.AuthStatus in project OpenAM by OpenRock.

the class JaspiAuthModuleWrapper method onLoginSuccess.

/**
     * Post processing of successful authentication, which initialises the underlying JASPI ServerAuthModule, as a new
     * instance of this class is created for the Post Authentication Process, and then calls the subtypes
     * onLoginSuccess method, and then finally calls the JASPI ServerAuthModule's secureResponse method.
     *
     * @param requestParamsMap {@inheritDoc}
     * @param request {@inheritDoc}
     * @param response {@inheritDoc}
     * @param ssoToken {@inheritDoc}
     * @throws AuthenticationException {@inheritDoc}
     */
public void onLoginSuccess(Map requestParamsMap, HttpServletRequest request, HttpServletResponse response, SSOToken ssoToken) throws AuthenticationException {
    try {
        Map<String, Object> config = initialize(requestParamsMap, request, response, ssoToken);
        serverAuthModule.initialize(createRequestMessagePolicy(), null, null, config);
        MessageInfo messageInfo = prepareMessageInfo(request, response);
        onLoginSuccess(messageInfo, requestParamsMap, request, response, ssoToken);
        AuthStatus authStatus = serverAuthModule.secureResponse(messageInfo, null);
        if (AuthStatus.SEND_SUCCESS.equals(authStatus)) {
            // nothing to do here just carry on
            debug.message("Successfully secured response.");
        } else if (AuthStatus.SEND_FAILURE.equals(authStatus)) {
            // Send HttpServletResponse to client and exit.
            debug.message("Failed to secured response, included response message");
            throw new AuthenticationException(resourceBundleName, "authFailed", null);
        } else if (AuthStatus.SEND_CONTINUE.equals(authStatus)) {
            // Send HttpServletResponse to client and exit.
            debug.message("Has not finished securing response. Requires more information from client.");
            throw new AuthenticationException(resourceBundleName, "authFailed", null);
        } else {
            debug.error("Invalid AuthStatus, " + authStatus.toString());
            throw new AuthenticationException(resourceBundleName, "authFailed", null);
        }
    } catch (AuthException e) {
        debug.error("Authentication Failed", e);
        throw new AuthenticationException(resourceBundleName, "authFailed", null);
    }
}
Also used : AuthStatus(javax.security.auth.message.AuthStatus) AuthenticationException(com.sun.identity.authentication.spi.AuthenticationException) AuthException(javax.security.auth.message.AuthException) MessageInfo(javax.security.auth.message.MessageInfo)

Example 5 with AuthStatus

use of javax.security.auth.message.AuthStatus in project tomcat by apache.

the class SimpleServerAuthContext method validateRequest.

// JASPIC API uses raw types
@SuppressWarnings("unchecked")
@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
    for (int moduleIndex = 0; moduleIndex < modules.size(); moduleIndex++) {
        ServerAuthModule module = modules.get(moduleIndex);
        AuthStatus result = module.validateRequest(messageInfo, clientSubject, serviceSubject);
        if (result != AuthStatus.SEND_FAILURE) {
            messageInfo.getMap().put("moduleIndex", Integer.valueOf(moduleIndex));
            return result;
        }
    }
    return AuthStatus.SEND_FAILURE;
}
Also used : AuthStatus(javax.security.auth.message.AuthStatus) ServerAuthModule(javax.security.auth.message.module.ServerAuthModule)

Aggregations

AuthStatus (javax.security.auth.message.AuthStatus)5 AuthException (javax.security.auth.message.AuthException)4 Subject (javax.security.auth.Subject)2 ServerAuthContext (javax.security.auth.message.config.ServerAuthContext)2 ServerAuthException (org.eclipse.jetty.security.ServerAuthException)2 AuthenticationException (com.sun.identity.authentication.spi.AuthenticationException)1 IOException (java.io.IOException)1 Principal (java.security.Principal)1 Map (java.util.Map)1 MessageInfo (javax.security.auth.message.MessageInfo)1 CallerPrincipalCallback (javax.security.auth.message.callback.CallerPrincipalCallback)1 GroupPrincipalCallback (javax.security.auth.message.callback.GroupPrincipalCallback)1 ServerAuthModule (javax.security.auth.message.module.ServerAuthModule)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 HttpServletResponse (javax.servlet.http.HttpServletResponse)1 HttpSession (javax.servlet.http.HttpSession)1 GenericPrincipal (org.apache.catalina.realm.GenericPrincipal)1 UserAuthentication (org.eclipse.jetty.security.UserAuthentication)1 DeferredAuthentication (org.eclipse.jetty.security.authentication.DeferredAuthentication)1 SessionAuthentication (org.eclipse.jetty.security.authentication.SessionAuthentication)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial