Examples with MessagePolicy javax.security.auth.message.MessagePolicy used on opensource projects

Search in sources :

Example 1 with MessagePolicy

use of javax.security.auth.message.MessagePolicy in project Payara by payara.

the class AuthMessagePolicy method getMessagePolicy.

public static MessagePolicy getMessagePolicy(String authSource, String authRecipient, boolean mandatory) {
    boolean sourceSender = SENDER.equals(authSource);
    boolean sourceContent = CONTENT.equals(authSource);
    boolean recipientAuth = authRecipient != null;
    boolean beforeContent = BEFORE_CONTENT.equals(authRecipient);
    List<TargetPolicy> targetPolicies = new ArrayList<TargetPolicy>();
    if (recipientAuth && beforeContent) {
        targetPolicies.add(new TargetPolicy(null, () -> AUTHENTICATE_RECIPIENT));
        if (sourceSender) {
            targetPolicies.add(new TargetPolicy(null, () -> AUTHENTICATE_SENDER));
        } else if (sourceContent) {
            targetPolicies.add(new TargetPolicy(null, () -> AUTHENTICATE_CONTENT));
        }
    } else {
        if (sourceSender) {
            targetPolicies.add(new TargetPolicy(null, () -> AUTHENTICATE_SENDER));
        } else if (sourceContent) {
            targetPolicies.add(new TargetPolicy(null, () -> AUTHENTICATE_CONTENT));
        }
        if (recipientAuth) {
            targetPolicies.add(new TargetPolicy(null, () -> AUTHENTICATE_RECIPIENT));
        }
    }
    return new MessagePolicy(targetPolicies.toArray(new TargetPolicy[targetPolicies.size()]), mandatory);
}
Also used : MessagePolicy(javax.security.auth.message.MessagePolicy) TargetPolicy(javax.security.auth.message.MessagePolicy.TargetPolicy) ArrayList(java.util.ArrayList)

Example 2 with MessagePolicy

use of javax.security.auth.message.MessagePolicy in project Payara by payara.

the class ConfigDomainParser method parseIDEntry.

private void parseIDEntry(ProviderConfig pConfig, Map<String, GFServerConfigProvider.InterceptEntry> newConfig, String intercept) throws IOException {
    String id = pConfig.getProviderId();
    String type = pConfig.getProviderType();
    String moduleClass = pConfig.getClassName();
    MessagePolicy requestPolicy = parsePolicy((RequestPolicy) pConfig.getRequestPolicy());
    MessagePolicy responsePolicy = parsePolicy((ResponsePolicy) pConfig.getResponsePolicy());
    // get the module options
    Map<String, Object> options = new HashMap<>();
    List<Property> pList = pConfig.getProperty();
    if (pList != null) {
        Iterator<Property> pit = pList.iterator();
        while (pit.hasNext()) {
            Property property = pit.next();
            try {
                options.put(property.getName(), PropertyExpander.expand(property.getValue(), false));
            } catch (ExpandException ee) {
                // interpret value itself.
                if (_logger.isLoggable(Level.FINE)) {
                    _logger.log(Level.FINE, "jmac.unexpandedproperty");
                }
                options.put(property.getName(), property.getValue());
            }
        }
    }
    if (_logger.isLoggable(FINE)) {
        _logger.fine("ID Entry: " + "\n    module class: " + moduleClass + "\n    id: " + id + "\n    type: " + type + "\n    request policy: " + requestPolicy + "\n    response policy: " + responsePolicy + "\n    options: " + options);
    }
    // create ID entry
    GFServerConfigProvider.IDEntry idEntry = new GFServerConfigProvider.IDEntry(type, moduleClass, requestPolicy, responsePolicy, options);
    GFServerConfigProvider.InterceptEntry intEntry = newConfig.get(intercept);
    if (intEntry == null) {
        throw new IOException("intercept entry for " + intercept + " must be specified before ID entries");
    }
    if (intEntry.idMap == null) {
        intEntry.idMap = new HashMap<>();
    }
    // map id to Intercept
    intEntry.idMap.put(id, idEntry);
}
Also used : HashMap(java.util.HashMap) ExpandException(sun.security.util.PropertyExpander.ExpandException) IOException(java.io.IOException) AuthMessagePolicy(com.sun.enterprise.security.jmac.AuthMessagePolicy) MessagePolicy(javax.security.auth.message.MessagePolicy) Property(org.jvnet.hk2.config.types.Property)

Example 3 with MessagePolicy

use of javax.security.auth.message.MessagePolicy in project Payara by payara.

the class ClientAuthConfigImpl method createAuthContext.

@Override
@SuppressWarnings("unchecked")
protected <M> M createAuthContext(String authContextID, Map<String, ?> properties) throws AuthException {
    if (!authContextHelper.isProtected(new ClientAuthModule[0], authContextID)) {
        return null;
    }
    ClientAuthContext context = new ClientAuthContext() {

        ClientAuthModule[] module = init();

        ClientAuthModule[] init() throws AuthException {
            ClientAuthModule[] clientModules;
            try {
                clientModules = authContextHelper.getModules(new ClientAuthModule[0], authContextID);
            } catch (AuthException ae) {
                logIfLevel(SEVERE, ae, "ClientAuthContext: ", authContextID, "of AppContext: ", getAppContext(), "unable to load client auth modules");
                throw ae;
            }
            MessagePolicy requestPolicy = policyDelegate.getRequestPolicy(authContextID, properties);
            MessagePolicy responsePolicy = policyDelegate.getResponsePolicy(authContextID, properties);
            boolean noModules = true;
            for (int i = 0; i < clientModules.length; i++) {
                if (clientModules[i] != null) {
                    if (isLoggable(FINE)) {
                        logIfLevel(FINE, null, "ClientAuthContext: ", authContextID, "of AppContext: ", getAppContext(), "initializing module");
                    }
                    noModules = false;
                    checkMessageTypes(clientModules[i].getSupportedMessageTypes());
                    clientModules[i].initialize(requestPolicy, responsePolicy, callbackHandler, authContextHelper.getInitProperties(i, properties));
                }
            }
            if (noModules) {
                logIfLevel(WARNING, null, "CLientAuthContext: ", authContextID, "of AppContext: ", getAppContext(), "contains no Auth Modules");
            }
            return clientModules;
        }

        @Override
        public AuthStatus validateResponse(MessageInfo arg0, Subject arg1, Subject arg2) throws AuthException {
            AuthStatus[] status = new AuthStatus[module.length];
            for (int i = 0; i < module.length; i++) {
                if (module[i] == null) {
                    continue;
                }
                if (isLoggable(FINE)) {
                    logIfLevel(FINE, null, "ClientAuthContext: ", authContextID, "of AppContext: ", getAppContext(), "calling vaidateResponse on module");
                }
                status[i] = module[i].validateResponse(arg0, arg1, arg2);
                if (authContextHelper.exitContext(validateResponseSuccessValues, i, status[i])) {
                    return authContextHelper.getReturnStatus(validateResponseSuccessValues, SEND_FAILURE, status, i);
                }
            }
            return authContextHelper.getReturnStatus(validateResponseSuccessValues, SEND_FAILURE, status, status.length - 1);
        }

        @Override
        public AuthStatus secureRequest(MessageInfo arg0, Subject arg1) throws AuthException {
            AuthStatus[] status = new AuthStatus[module.length];
            for (int i = 0; i < module.length; i++) {
                if (module[i] == null) {
                    continue;
                }
                if (isLoggable(FINE)) {
                    logIfLevel(FINE, null, "ClientAuthContext: ", authContextID, "of AppContext: ", getAppContext(), "calling secureResponse on module");
                }
                status[i] = module[i].secureRequest(arg0, arg1);
                if (authContextHelper.exitContext(secureResponseSuccessValues, i, status[i])) {
                    return authContextHelper.getReturnStatus(secureResponseSuccessValues, AuthStatus.SEND_FAILURE, status, i);
                }
            }
            return authContextHelper.getReturnStatus(secureResponseSuccessValues, AuthStatus.SEND_FAILURE, status, status.length - 1);
        }

        @Override
        public void cleanSubject(MessageInfo arg0, Subject arg1) throws AuthException {
            for (int i = 0; i < module.length; i++) {
                if (module[i] == null) {
                    continue;
                }
                if (isLoggable(FINE)) {
                    logIfLevel(FINE, null, "ClientAuthContext: ", authContextID, "of AppContext: ", getAppContext(), "calling cleanSubject on module");
                }
                module[i].cleanSubject(arg0, arg1);
            }
        }
    };
    return (M) context;
}
Also used : MessagePolicy(javax.security.auth.message.MessagePolicy) ClientAuthModule(javax.security.auth.message.module.ClientAuthModule) AuthStatus(javax.security.auth.message.AuthStatus) AuthException(javax.security.auth.message.AuthException) ClientAuthContext(javax.security.auth.message.config.ClientAuthContext) Subject(javax.security.auth.Subject) MessageInfo(javax.security.auth.message.MessageInfo)

Example 4 with MessagePolicy

use of javax.security.auth.message.MessagePolicy in project Payara by payara.

the class ConfigXMLParser method parseIDEntry.

// duplicate implementation for clientbeans config
private void parseIDEntry(ProviderConfig pConfig, Map newConfig, String intercept) throws IOException {
    String id = pConfig.getProviderId();
    String type = pConfig.getProviderType();
    String moduleClass = pConfig.getClassName();
    MessagePolicy requestPolicy = parsePolicy(pConfig.getRequestPolicy());
    MessagePolicy responsePolicy = parsePolicy(pConfig.getResponsePolicy());
    // get the module options
    Map options = new HashMap();
    List<Property> props = pConfig.getProperty();
    for (Property prop : props) {
        try {
            options.put(prop.getName(), PropertyExpander.expand(prop.getValue(), false));
        } catch (sun.security.util.PropertyExpander.ExpandException ee) {
            // interpret value itself.
            if (_logger.isLoggable(Level.WARNING)) {
                _logger.warning("jaspic.unexpandedproperty");
            }
            options.put(prop.getName(), prop.getValue());
        }
    }
    if (_logger.isLoggable(Level.FINE)) {
        _logger.fine("ID Entry: " + "\n    module class: " + moduleClass + "\n    id: " + id + "\n    type: " + type + "\n    request policy: " + requestPolicy + "\n    response policy: " + responsePolicy + "\n    options: " + options);
    }
    // create ID entry
    GFServerConfigProvider.IDEntry idEntry = new GFServerConfigProvider.IDEntry(type, moduleClass, requestPolicy, responsePolicy, options);
    GFServerConfigProvider.InterceptEntry intEntry = (GFServerConfigProvider.InterceptEntry) newConfig.get(intercept);
    if (intEntry == null) {
        throw new IOException("intercept entry for " + intercept + " must be specified before ID entries");
    }
    if (intEntry.getIdMap() == null) {
        intEntry.setIdMap(new HashMap());
    }
    // map id to Intercept
    intEntry.getIdMap().put(id, idEntry);
}
Also used : GFServerConfigProvider(com.sun.enterprise.security.jaspic.config.GFServerConfigProvider) HashMap(java.util.HashMap) PropertyExpander(sun.security.util.PropertyExpander) IOException(java.io.IOException) AuthMessagePolicy(com.sun.enterprise.security.jaspic.AuthMessagePolicy) MessagePolicy(javax.security.auth.message.MessagePolicy) HashMap(java.util.HashMap) Map(java.util.Map)

Example 5 with MessagePolicy

use of javax.security.auth.message.MessagePolicy in project Payara by payara.

the class AuthMessagePolicy method getSOAPPolicies.

public static MessagePolicy[] getSOAPPolicies(MessageSecurityBindingDescriptor binding, String operation, boolean onePolicy) {
    MessagePolicy requestPolicy = null;
    MessagePolicy responsePolicy = null;
    if (binding != null) {
        List<MessageSecurityDescriptor> messageSecurityDescriptors = null;
        String layer = binding.getAttributeValue(AUTH_LAYER);
        if (SOAP.equals(layer)) {
            messageSecurityDescriptors = binding.getMessageSecurityDescriptors();
        }
        if (messageSecurityDescriptors != null) {
            if (onePolicy) {
                if (messageSecurityDescriptors.size() > 0) {
                    MessageSecurityDescriptor msd = messageSecurityDescriptors.get(0);
                    requestPolicy = getMessagePolicy(msd.getRequestProtectionDescriptor());
                    responsePolicy = getMessagePolicy(msd.getResponseProtectionDescriptor());
                }
            } else {
                // try to match
                MessageSecurityDescriptor matchMsd = null;
                for (int i = 0; i < messageSecurityDescriptors.size(); i++) {
                    MessageSecurityDescriptor msd = messageSecurityDescriptors.get(i);
                    List<MessageDescriptor> msgDescs = msd.getMessageDescriptors();
                    for (int j = i + 1; j < msgDescs.size(); j++) {
                        // XXX don't know how to get JavaMethod from operation
                        MessageDescriptor msgDesc = (MessageDescriptor) msgDescs.get(j);
                        String opName = msgDesc.getOperationName();
                        if ((opName == null && matchMsd == null)) {
                            matchMsd = msd;
                        } else if (opName != null && opName.equals(operation)) {
                            matchMsd = msd;
                            break;
                        }
                    }
                    if (matchMsd != null) {
                        requestPolicy = getMessagePolicy(matchMsd.getRequestProtectionDescriptor());
                        responsePolicy = getMessagePolicy(matchMsd.getResponseProtectionDescriptor());
                    }
                }
            }
        }
    }
    return new MessagePolicy[] { requestPolicy, responsePolicy };
}
Also used : MessageDescriptor(com.sun.enterprise.deployment.runtime.common.MessageDescriptor) MessagePolicy(javax.security.auth.message.MessagePolicy) MessageSecurityDescriptor(com.sun.enterprise.deployment.runtime.common.MessageSecurityDescriptor) WebServiceEndpoint(com.sun.enterprise.deployment.WebServiceEndpoint)

Aggregations

MessagePolicy (javax.security.auth.message.MessagePolicy)11 AuthMessagePolicy (com.sun.enterprise.security.jaspic.AuthMessagePolicy)3 IOException (java.io.IOException)3 ArrayList (java.util.ArrayList)3 HashMap (java.util.HashMap)3 WebServiceEndpoint (com.sun.enterprise.deployment.WebServiceEndpoint)2 MessageDescriptor (com.sun.enterprise.deployment.runtime.common.MessageDescriptor)2 MessageSecurityDescriptor (com.sun.enterprise.deployment.runtime.common.MessageSecurityDescriptor)2 AuthMessagePolicy (com.sun.enterprise.security.jmac.AuthMessagePolicy)2 TargetPolicy (javax.security.auth.message.MessagePolicy.TargetPolicy)2 Property (org.jvnet.hk2.config.types.Property)2 GFServerConfigProvider (com.sun.enterprise.security.jaspic.config.GFServerConfigProvider)1 Map (java.util.Map)1 Subject (javax.security.auth.Subject)1 AuthException (javax.security.auth.message.AuthException)1 AuthStatus (javax.security.auth.message.AuthStatus)1 MessageInfo (javax.security.auth.message.MessageInfo)1 ClientAuthContext (javax.security.auth.message.config.ClientAuthContext)1 ClientAuthModule (javax.security.auth.message.module.ClientAuthModule)1 PropertyExpander (sun.security.util.PropertyExpander)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial