Example 6 with MessageInfo
use of javax.security.auth.message.MessageInfo in project OpenAM by OpenRock.
the class JaspiAuthModuleWrapper method onLoginSuccess.
/**
* Post processing of successful authentication, which initialises the underlying JASPI ServerAuthModule, as a new
* instance of this class is created for the Post Authentication Process, and then calls the subtypes
* onLoginSuccess method, and then finally calls the JASPI ServerAuthModule's secureResponse method.
*
* @param requestParamsMap {@inheritDoc}
* @param request {@inheritDoc}
* @param response {@inheritDoc}
* @param ssoToken {@inheritDoc}
* @throws AuthenticationException {@inheritDoc}
*/
public void onLoginSuccess(Map requestParamsMap, HttpServletRequest request, HttpServletResponse response, SSOToken ssoToken) throws AuthenticationException {
try {
Map<String, Object> config = initialize(requestParamsMap, request, response, ssoToken);
serverAuthModule.initialize(createRequestMessagePolicy(), null, null, config);
MessageInfo messageInfo = prepareMessageInfo(request, response);
onLoginSuccess(messageInfo, requestParamsMap, request, response, ssoToken);
AuthStatus authStatus = serverAuthModule.secureResponse(messageInfo, null);
if (AuthStatus.SEND_SUCCESS.equals(authStatus)) {
// nothing to do here just carry on
debug.message("Successfully secured response.");
} else if (AuthStatus.SEND_FAILURE.equals(authStatus)) {
// Send HttpServletResponse to client and exit.
debug.message("Failed to secured response, included response message");
throw new AuthenticationException(resourceBundleName, "authFailed", null);
} else if (AuthStatus.SEND_CONTINUE.equals(authStatus)) {
// Send HttpServletResponse to client and exit.
debug.message("Has not finished securing response. Requires more information from client.");
throw new AuthenticationException(resourceBundleName, "authFailed", null);
} else {
debug.error("Invalid AuthStatus, " + authStatus.toString());
throw new AuthenticationException(resourceBundleName, "authFailed", null);
}
} catch (AuthException e) {
debug.error("Authentication Failed", e);
throw new AuthenticationException(resourceBundleName, "authFailed", null);
}
}
Also used :
AuthStatus(javax.security.auth.message.AuthStatus)
AuthenticationException(com.sun.identity.authentication.spi.AuthenticationException)
AuthException(javax.security.auth.message.AuthException)
MessageInfo(javax.security.auth.message.MessageInfo)
Example 7 with MessageInfo
use of javax.security.auth.message.MessageInfo in project OpenAM by OpenRock.
the class JaspiAuthModuleWrapperTest method setUp.
@BeforeMethod
public void setUp() {
amLoginModuleBinder = mock(AMLoginModuleBinder.class);
serverAuthModule = mock(ServerAuthModule.class);
jaspiAuthModuleWrapper = new JaspiAuthModuleWrapper<ServerAuthModule>(serverAuthModule, "amAuthPersistentCookie") {
@Override
protected Map<String, Object> initialize(Subject subject, Map sharedState, Map options) {
return config;
}
@Override
protected boolean process(MessageInfo messageInfo, Subject clientSubject, Callback[] callbacks) throws LoginException {
processMethodCalled = true;
return true;
}
@Override
protected Map<String, Object> initialize(Map requestParamsMap, HttpServletRequest request, HttpServletResponse response, SSOToken ssoToken) throws AuthenticationException {
return config;
}
@Override
protected void onLoginSuccess(MessageInfo messageInfo, Map requestParamsMap, HttpServletRequest request, HttpServletResponse response, SSOToken ssoToken) throws AuthenticationException {
onLoginSuccessMethodCalled = true;
}
@Override
public Principal getPrincipal() {
return null;
}
};
jaspiAuthModuleWrapper.setAMLoginModule(amLoginModuleBinder);
HttpServletRequest request = mock(HttpServletRequest.class);
HttpServletResponse response = mock(HttpServletResponse.class);
given(amLoginModuleBinder.getHttpServletRequest()).willReturn(request);
given(amLoginModuleBinder.getHttpServletResponse()).willReturn(response);
}
Also used :
SSOToken(com.iplanet.sso.SSOToken)
AuthenticationException(com.sun.identity.authentication.spi.AuthenticationException)
ServerAuthModule(javax.security.auth.message.module.ServerAuthModule)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
Subject(javax.security.auth.Subject)
MessageInfo(javax.security.auth.message.MessageInfo)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Callback(javax.security.auth.callback.Callback)
LoginException(javax.security.auth.login.LoginException)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
HashMap(java.util.HashMap)
Map(java.util.Map)
Principal(java.security.Principal)
BeforeMethod(org.testng.annotations.BeforeMethod)
Example 8 with MessageInfo
use of javax.security.auth.message.MessageInfo in project wildfly by wildfly.
the class JASPICSecurityContext method logout.
/**
* <p>
* JASPIC 1.1 specification: if there is an {@code AuthConfigProvider} for the {@code HttpServlet} layer and
* application context, then @{@code logout} must acquire a {@code ServerAuthContext} and call {@code cleanSubject}
* on the acquired context.
* </p>
* <p>
* The specified {@code Subject} should be non-null and should be the {@code Subject} returning from the most recent
* call to {@code validateRequest}. In our case, that {@code Subject} is set in the underlying security context, so
* we must retrieve it from there before calling {@code cleanSubject}.
* </p>
* <p>
* Once {@code cleanSubject} returns, {@code logout} must perform the regular (non-JASPIC) {@code logout} processing.
* </p>
*/
@Override
public void logout() {
if (!isAuthenticated())
return;
// call cleanSubject() if there is an AuthConfigProvider for the HttpServlet layer and appContext.
String appContext = this.buildAppContext();
if (AuthConfigFactory.getFactory().getConfigProvider(layer, appContext, null) != null) {
Subject authenticatedSubject = this.getAuthenticatedSubject();
MessageInfo messageInfo = this.buildMessageInfo();
this.manager.cleanSubject(messageInfo, authenticatedSubject, layer, appContext, handler);
}
// following the return from cleanSubject(), logout must perform the regular logout processing.
super.logout();
}
Also used :
Subject(javax.security.auth.Subject)
MessageInfo(javax.security.auth.message.MessageInfo)
GenericMessageInfo(org.jboss.security.auth.message.GenericMessageInfo)
Example 9 with MessageInfo
use of javax.security.auth.message.MessageInfo in project Payara by payara.
the class ClientAuthConfigImpl method createAuthContext.
@Override
@SuppressWarnings("unchecked")
protected <M> M createAuthContext(String authContextID, Map<String, ?> properties) throws AuthException {
if (!authContextHelper.isProtected(new ClientAuthModule[0], authContextID)) {
return null;
}
ClientAuthContext context = new ClientAuthContext() {
ClientAuthModule[] module = init();
ClientAuthModule[] init() throws AuthException {
ClientAuthModule[] clientModules;
try {
clientModules = authContextHelper.getModules(new ClientAuthModule[0], authContextID);
} catch (AuthException ae) {
logIfLevel(SEVERE, ae, "ClientAuthContext: ", authContextID, "of AppContext: ", getAppContext(), "unable to load client auth modules");
throw ae;
}
MessagePolicy requestPolicy = policyDelegate.getRequestPolicy(authContextID, properties);
MessagePolicy responsePolicy = policyDelegate.getResponsePolicy(authContextID, properties);
boolean noModules = true;
for (int i = 0; i < clientModules.length; i++) {
if (clientModules[i] != null) {
if (isLoggable(FINE)) {
logIfLevel(FINE, null, "ClientAuthContext: ", authContextID, "of AppContext: ", getAppContext(), "initializing module");
}
noModules = false;
checkMessageTypes(clientModules[i].getSupportedMessageTypes());
clientModules[i].initialize(requestPolicy, responsePolicy, callbackHandler, authContextHelper.getInitProperties(i, properties));
}
}
if (noModules) {
logIfLevel(WARNING, null, "CLientAuthContext: ", authContextID, "of AppContext: ", getAppContext(), "contains no Auth Modules");
}
return clientModules;
}
@Override
public AuthStatus validateResponse(MessageInfo arg0, Subject arg1, Subject arg2) throws AuthException {
AuthStatus[] status = new AuthStatus[module.length];
for (int i = 0; i < module.length; i++) {
if (module[i] == null) {
continue;
}
if (isLoggable(FINE)) {
logIfLevel(FINE, null, "ClientAuthContext: ", authContextID, "of AppContext: ", getAppContext(), "calling vaidateResponse on module");
}
status[i] = module[i].validateResponse(arg0, arg1, arg2);
if (authContextHelper.exitContext(validateResponseSuccessValues, i, status[i])) {
return authContextHelper.getReturnStatus(validateResponseSuccessValues, SEND_FAILURE, status, i);
}
}
return authContextHelper.getReturnStatus(validateResponseSuccessValues, SEND_FAILURE, status, status.length - 1);
}
@Override
public AuthStatus secureRequest(MessageInfo arg0, Subject arg1) throws AuthException {
AuthStatus[] status = new AuthStatus[module.length];
for (int i = 0; i < module.length; i++) {
if (module[i] == null) {
continue;
}
if (isLoggable(FINE)) {
logIfLevel(FINE, null, "ClientAuthContext: ", authContextID, "of AppContext: ", getAppContext(), "calling secureResponse on module");
}
status[i] = module[i].secureRequest(arg0, arg1);
if (authContextHelper.exitContext(secureResponseSuccessValues, i, status[i])) {
return authContextHelper.getReturnStatus(secureResponseSuccessValues, AuthStatus.SEND_FAILURE, status, i);
}
}
return authContextHelper.getReturnStatus(secureResponseSuccessValues, AuthStatus.SEND_FAILURE, status, status.length - 1);
}
@Override
public void cleanSubject(MessageInfo arg0, Subject arg1) throws AuthException {
for (int i = 0; i < module.length; i++) {
if (module[i] == null) {
continue;
}
if (isLoggable(FINE)) {
logIfLevel(FINE, null, "ClientAuthContext: ", authContextID, "of AppContext: ", getAppContext(), "calling cleanSubject on module");
}
module[i].cleanSubject(arg0, arg1);
}
}
};
return (M) context;
}
Also used :
MessagePolicy(javax.security.auth.message.MessagePolicy)
ClientAuthModule(javax.security.auth.message.module.ClientAuthModule)
AuthStatus(javax.security.auth.message.AuthStatus)
AuthException(javax.security.auth.message.AuthException)
ClientAuthContext(javax.security.auth.message.config.ClientAuthContext)
Subject(javax.security.auth.Subject)
MessageInfo(javax.security.auth.message.MessageInfo)
Example 10 with MessageInfo
use of javax.security.auth.message.MessageInfo in project Payara by payara.
the class RealmAdapter method invokePostAuthenticateDelegate.
/**
* Post authentication for given request and response.
*
* @param request Request we are processing
* @param response Response we are creating
* @param context The Context to which client of this class is attached.
* @exception IOException if an input/output error occurs
*/
@Override
public boolean invokePostAuthenticateDelegate(HttpRequest request, HttpResponse response, Context context) throws IOException {
boolean result = false;
ServerAuthContext serverAuthContext = null;
try {
if (httpServletHelper != null) {
HttpServletRequest req = (HttpServletRequest) request.getRequest();
MessageInfo messageInfo = (MessageInfo) req.getAttribute(MESSAGE_INFO);
if (messageInfo != null) {
// JSR 196 is enabled for this application
serverAuthContext = (ServerAuthContext) messageInfo.getMap().get(SERVER_AUTH_CONTEXT);
if (serverAuthContext != null) {
try {
context.fireContainerEvent(BEFORE_POST_AUTHENTICATION, null);
result = SUCCESS.equals(serverAuthContext.secureResponse(messageInfo, null));
} finally {
context.fireContainerEvent(AFTER_POST_AUTHENTICATION, null);
}
}
}
}
} catch (AuthException ex) {
throw new IOException(ex);
} finally {
if (httpServletHelper != null && serverAuthContext != null) {
if (request instanceof HttpRequestWrapper) {
request.removeNote(WRAPPED_REQUEST);
}
if (response instanceof HttpResponseWrapper) {
request.removeNote(WRAPPED_RESPONSE);
}
}
}
return result;
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
AuthException(javax.security.auth.message.AuthException)
IOException(java.io.IOException)
ServerAuthContext(javax.security.auth.message.config.ServerAuthContext)
MessageInfo(javax.security.auth.message.MessageInfo)
Aggregations
MessageInfo (javax.security.auth.message.MessageInfo)16
HttpServletRequest (javax.servlet.http.HttpServletRequest)11
Subject (javax.security.auth.Subject)10
HashMap (java.util.HashMap)8
Map (java.util.Map)7
Test (org.testng.annotations.Test)7
Principal (java.security.Principal)6
AuthException (javax.security.auth.message.AuthException)6
HttpServletResponse (javax.servlet.http.HttpServletResponse)6
Callback (javax.security.auth.callback.Callback)5
SSOToken (com.iplanet.sso.SSOToken)4
ServerAuthContext (javax.security.auth.message.config.ServerAuthContext)4
Jwt (org.forgerock.json.jose.jwt.Jwt)4
JwtClaimsSet (org.forgerock.json.jose.jwt.JwtClaimsSet)4
SSOTokenID (com.iplanet.sso.SSOTokenID)3
SSOException (com.iplanet.sso.SSOException)2
SecurityContext (com.sun.enterprise.security.SecurityContext)2
AuthenticationException (com.sun.identity.authentication.spi.AuthenticationException)2
SMSException (com.sun.identity.sm.SMSException)2
AuthStatus (javax.security.auth.message.AuthStatus)2
