Examples with MessageInfo javax.security.auth.message.MessageInfo used on opensource projects

Example 1 with MessageInfo

use of javax.security.auth.message.MessageInfo in project tomcat by apache.

the class AuthenticatorBase method logout.

@Override
public void logout(Request request) {
    AuthConfigProvider provider = getJaspicProvider();
    if (provider != null) {
        MessageInfo messageInfo = new MessageInfoImpl(request, request.getResponse(), true);
        Subject client = (Subject) request.getNote(Constants.REQ_JASPIC_SUBJECT_NOTE);
        if (client == null) {
            return;
        }
        ServerAuthContext serverAuthContext;
        try {
            ServerAuthConfig serverAuthConfig = provider.getServerAuthConfig("HttpServlet", jaspicAppContextID, CallbackHandlerImpl.getInstance());
            String authContextID = serverAuthConfig.getAuthContextID(messageInfo);
            serverAuthContext = serverAuthConfig.getAuthContext(authContextID, null, null);
            serverAuthContext.cleanSubject(messageInfo, client);
        } catch (AuthException e) {
            log.debug(sm.getString("authenticator.jaspicCleanSubjectFail"), e);
        }
    }
    Principal p = request.getPrincipal();
    if (p instanceof TomcatPrincipal) {
        try {
            ((TomcatPrincipal) p).logout();
        } catch (Throwable t) {
            ExceptionUtils.handleThrowable(t);
            log.debug(sm.getString("authenticator.tomcatPrincipalLogoutFail"), t);
        }
    }
    register(request, request.getResponse(), null, null, null, null);
}

Example 2 with MessageInfo

use of javax.security.auth.message.MessageInfo in project tomcat by apache.

the class TestSimpleServerAuthConfig method validateServerAuthContext.

private void validateServerAuthContext(ServerAuthContext serverAuthContext) throws Exception {
    MessageInfo msgInfo = new TesterMessageInfo();
    serverAuthContext.cleanSubject(msgInfo, null);
    Assert.assertEquals("init()-cleanSubject()-", msgInfo.getMap().get("trace"));
}

Example 3 with MessageInfo

use of javax.security.auth.message.MessageInfo in project OpenAM by OpenRock.

the class JaspiAuthModuleWrapper method onLoginSuccess.

/**
     * Post processing of successful authentication, which initialises the underlying JASPI ServerAuthModule, as a new
     * instance of this class is created for the Post Authentication Process, and then calls the subtypes
     * onLoginSuccess method, and then finally calls the JASPI ServerAuthModule's secureResponse method.
     *
     * @param requestParamsMap {@inheritDoc}
     * @param request {@inheritDoc}
     * @param response {@inheritDoc}
     * @param ssoToken {@inheritDoc}
     * @throws AuthenticationException {@inheritDoc}
     */
public void onLoginSuccess(Map requestParamsMap, HttpServletRequest request, HttpServletResponse response, SSOToken ssoToken) throws AuthenticationException {
    try {
        Map<String, Object> config = initialize(requestParamsMap, request, response, ssoToken);
        serverAuthModule.initialize(createRequestMessagePolicy(), null, null, config);
        MessageInfo messageInfo = prepareMessageInfo(request, response);
        onLoginSuccess(messageInfo, requestParamsMap, request, response, ssoToken);
        AuthStatus authStatus = serverAuthModule.secureResponse(messageInfo, null);
        if (AuthStatus.SEND_SUCCESS.equals(authStatus)) {
            // nothing to do here just carry on
            debug.message("Successfully secured response.");
        } else if (AuthStatus.SEND_FAILURE.equals(authStatus)) {
            // Send HttpServletResponse to client and exit.
            debug.message("Failed to secured response, included response message");
            throw new AuthenticationException(resourceBundleName, "authFailed", null);
        } else if (AuthStatus.SEND_CONTINUE.equals(authStatus)) {
            // Send HttpServletResponse to client and exit.
            debug.message("Has not finished securing response. Requires more information from client.");
            throw new AuthenticationException(resourceBundleName, "authFailed", null);
        } else {
            debug.error("Invalid AuthStatus, " + authStatus.toString());
            throw new AuthenticationException(resourceBundleName, "authFailed", null);
        }
    } catch (AuthException e) {
        debug.error("Authentication Failed", e);
        throw new AuthenticationException(resourceBundleName, "authFailed", null);
    }
}

Example 4 with MessageInfo

use of javax.security.auth.message.MessageInfo in project OpenAM by OpenRock.

the class JaspiAuthModuleWrapperTest method setUp.

@BeforeMethod
public void setUp() {
    amLoginModuleBinder = mock(AMLoginModuleBinder.class);
    serverAuthModule = mock(ServerAuthModule.class);
    jaspiAuthModuleWrapper = new JaspiAuthModuleWrapper<ServerAuthModule>(serverAuthModule, "amAuthPersistentCookie") {

        @Override
        protected Map<String, Object> initialize(Subject subject, Map sharedState, Map options) {
            return config;
        }

        @Override
        protected boolean process(MessageInfo messageInfo, Subject clientSubject, Callback[] callbacks) throws LoginException {
            processMethodCalled = true;
            return true;
        }

        @Override
        protected Map<String, Object> initialize(Map requestParamsMap, HttpServletRequest request, HttpServletResponse response, SSOToken ssoToken) throws AuthenticationException {
            return config;
        }

        @Override
        protected void onLoginSuccess(MessageInfo messageInfo, Map requestParamsMap, HttpServletRequest request, HttpServletResponse response, SSOToken ssoToken) throws AuthenticationException {
            onLoginSuccessMethodCalled = true;
        }

        @Override
        public Principal getPrincipal() {
            return null;
        }
    };
    jaspiAuthModuleWrapper.setAMLoginModule(amLoginModuleBinder);
    HttpServletRequest request = mock(HttpServletRequest.class);
    HttpServletResponse response = mock(HttpServletResponse.class);
    given(amLoginModuleBinder.getHttpServletRequest()).willReturn(request);
    given(amLoginModuleBinder.getHttpServletResponse()).willReturn(response);
}

Example 5 with MessageInfo

use of javax.security.auth.message.MessageInfo in project OpenAM by OpenRock.

the class PersistentCookieAuthModuleTest method shouldStoreClientIPOnLoginSuccess.

@Test
public void shouldStoreClientIPOnLoginSuccess() throws AuthenticationException, SSOException {
    //Given
    MessageInfo messageInfo = mock(MessageInfo.class);
    HttpServletRequest request = mock(HttpServletRequest.class);
    HttpServletResponse response = mock(HttpServletResponse.class);
    SSOToken ssoToken = mock(SSOToken.class);
    Map<String, Object> messageInfoMap = new HashMap<String, Object>();
    Map<String, Object> contextMap = new HashMap<String, Object>();
    Principal principal = mock(Principal.class);
    SSOTokenID ssoTokenID = mock(SSOTokenID.class);
    given(messageInfo.getMap()).willReturn(messageInfoMap);
    messageInfoMap.put(AuthenticationFramework.ATTRIBUTE_AUTH_CONTEXT, contextMap);
    given(ssoToken.getPrincipal()).willReturn(principal);
    given(ssoToken.getTokenID()).willReturn(ssoTokenID);
    given(request.getRemoteAddr()).willReturn("CLIENT_IP");
    //When
    persistentCookieAuthModule.onLoginSuccess(messageInfo, Collections.emptyMap(), request, response, ssoToken);
    //Then
    assertEquals(contextMap.get("openam.clientip"), "CLIENT_IP");
}