Search in sources :

Example 6 with MessagePolicy

use of javax.security.auth.message.MessagePolicy in project Payara by payara.

the class AuthMessagePolicy method getSOAPPolicies.

public static MessagePolicy[] getSOAPPolicies(MessageSecurityBindingDescriptor binding, String operation, boolean onePolicy) {
    MessagePolicy requestPolicy = null;
    MessagePolicy responsePolicy = null;
    if (binding != null) {
        ArrayList<MessageSecurityDescriptor> msgSecDescs = null;
        String layer = binding.getAttributeValue(MessageSecurityBindingDescriptor.AUTH_LAYER);
        if (SOAP.equals(layer)) {
            msgSecDescs = binding.getMessageSecurityDescriptors();
        }
        if (msgSecDescs != null) {
            if (onePolicy) {
                if (msgSecDescs.size() > 0) {
                    MessageSecurityDescriptor msd = msgSecDescs.get(0);
                    requestPolicy = getMessagePolicy(msd.getRequestProtectionDescriptor());
                    responsePolicy = getMessagePolicy(msd.getResponseProtectionDescriptor());
                }
            } else {
                // try to match
                MessageSecurityDescriptor matchMsd = null;
                for (int i = 0; i < msgSecDescs.size(); i++) {
                    MessageSecurityDescriptor msd = msgSecDescs.get(i);
                    ArrayList msgDescs = msd.getMessageDescriptors();
                    for (int j = i + 1; j < msgDescs.size(); j++) {
                        // XXX don't know how to get JavaMethod from operation
                        MessageDescriptor msgDesc = (MessageDescriptor) msgDescs.get(j);
                        String opName = msgDesc.getOperationName();
                        if ((opName == null && matchMsd == null)) {
                            matchMsd = msd;
                        } else if (opName != null && opName.equals(operation)) {
                            matchMsd = msd;
                            break;
                        }
                    }
                    if (matchMsd != null) {
                        requestPolicy = getMessagePolicy(matchMsd.getRequestProtectionDescriptor());
                        responsePolicy = getMessagePolicy(matchMsd.getResponseProtectionDescriptor());
                    }
                }
            }
        }
    }
    return new MessagePolicy[] { requestPolicy, responsePolicy };
}
Also used : MessageDescriptor(com.sun.enterprise.deployment.runtime.common.MessageDescriptor) MessagePolicy(javax.security.auth.message.MessagePolicy) ArrayList(java.util.ArrayList) MessageSecurityDescriptor(com.sun.enterprise.deployment.runtime.common.MessageSecurityDescriptor) WebServiceEndpoint(com.sun.enterprise.deployment.WebServiceEndpoint)

Example 7 with MessagePolicy

use of javax.security.auth.message.MessagePolicy in project Payara by payara.

the class GFServerConfigProvider method getEntry.

Entry getEntry(String intercept, String id, MessagePolicy requestPolicy, MessagePolicy responsePolicy, String type) {
    // get the parsed module config and DD information
    Map<String, InterceptEntry> configMap;
    try {
        rwLock.readLock().lock();
        configMap = parser.getConfigMap();
    } finally {
        rwLock.readLock().unlock();
    }
    if (configMap == null) {
        return null;
    }
    // get the module config info for this intercept
    InterceptEntry intEntry = configMap.get(intercept);
    if (intEntry == null || intEntry.idMap == null) {
        if (logger.isLoggable(FINE)) {
            logger.fine("module config has no IDs configured for [" + intercept + "]");
        }
        return null;
    }
    // look up the DD's provider ID in the module config
    IDEntry idEntry = null;
    if (id == null || (idEntry = (IDEntry) intEntry.idMap.get(id)) == null) {
        if (logger.isLoggable(FINE)) {
            logger.fine("DD did not specify ID, " + "or DD-specified ID for [" + intercept + "] not found in config -- " + "attempting to look for default ID");
        }
        String defaultID;
        if (CLIENT.equals(type)) {
            defaultID = intEntry.defaultClientID;
        } else {
            defaultID = intEntry.defaultServerID;
        }
        idEntry = (IDEntry) intEntry.idMap.get(defaultID);
        if (idEntry == null) {
            if (logger.isLoggable(FINE)) {
                logger.fine("no default config ID for [" + intercept + "]");
            }
            return null;
        }
    }
    // check provider-type
    if (idEntry.type.indexOf(type) < 0) {
        if (logger.isLoggable(FINE)) {
            logger.fine("request type [" + type + "] does not match config type [" + idEntry.type + "]");
        }
        return null;
    }
    // check whether a policy is set
    // default;
    MessagePolicy reqP = requestPolicy != null || responsePolicy != null ? requestPolicy : idEntry.requestPolicy;
    // default;
    MessagePolicy respP = requestPolicy != null || responsePolicy != null ? responsePolicy : idEntry.responsePolicy;
    // optimization: if policy was not set, return null
    if (reqP == null && respP == null) {
        if (logger.isLoggable(FINE)) {
            logger.fine("no policy applies");
        }
        return null;
    }
    // return the configured modules with the correct policies
    Entry entry = new Entry(idEntry.moduleClassName, reqP, respP, idEntry.options);
    if (logger.isLoggable(FINE)) {
        logger.fine("getEntry for: " + intercept + " -- " + id + "\n    module class: " + entry.moduleClassName + "\n    options: " + entry.options + "\n    request policy: " + entry.requestPolicy + "\n    response policy: " + entry.responsePolicy);
    }
    return entry;
}
Also used : MessagePolicy(javax.security.auth.message.MessagePolicy) AuthMessagePolicy(com.sun.enterprise.security.jmac.AuthMessagePolicy)

Example 8 with MessagePolicy

use of javax.security.auth.message.MessagePolicy in project Payara by payara.

the class SimpleSAMAuthContext method validateRequest.

@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
    MessagePolicy requestPolicy = new MessagePolicy(new MessagePolicy.TargetPolicy[] { new MessagePolicy.TargetPolicy((MessagePolicy.Target[]) null, new MessagePolicy.ProtectionPolicy() {

        public String getID() {
            return MessagePolicy.ProtectionPolicy.AUTHENTICATE_SENDER;
        }
    }) }, true);
    sam.initialize(requestPolicy, null, handler, options);
    return sam.validateRequest(messageInfo, clientSubject, serviceSubject);
}
Also used : MessagePolicy(javax.security.auth.message.MessagePolicy)

Example 9 with MessagePolicy

use of javax.security.auth.message.MessagePolicy in project Payara by payara.

the class ConfigDomainParser method parseIDEntry.

private void parseIDEntry(ProviderConfig pConfig, Map<String, GFServerConfigProvider.InterceptEntry> newConfig, String intercept) throws IOException {
    String id = pConfig.getProviderId();
    String type = pConfig.getProviderType();
    String moduleClass = pConfig.getClassName();
    MessagePolicy requestPolicy = parsePolicy((RequestPolicy) pConfig.getRequestPolicy());
    MessagePolicy responsePolicy = parsePolicy((ResponsePolicy) pConfig.getResponsePolicy());
    // get the module options
    Map<String, Object> options = new HashMap<>();
    List<Property> pList = pConfig.getProperty();
    if (pList != null) {
        Iterator<Property> pit = pList.iterator();
        while (pit.hasNext()) {
            Property property = pit.next();
            try {
                options.put(property.getName(), expand(property.getValue()));
            } catch (IllegalStateException ee) {
                // interpret value itself.
                if (_logger.isLoggable(FINE)) {
                    _logger.log(FINE, "jaspic.unexpandedproperty");
                }
                options.put(property.getName(), property.getValue());
            }
        }
    }
    if (_logger.isLoggable(FINE)) {
        _logger.fine("ID Entry: " + "\n    module class: " + moduleClass + "\n    id: " + id + "\n    type: " + type + "\n    request policy: " + requestPolicy + "\n    response policy: " + responsePolicy + "\n    options: " + options);
    }
    // create ID entry
    GFServerConfigProvider.IDEntry idEntry = new GFServerConfigProvider.IDEntry(type, moduleClass, requestPolicy, responsePolicy, options);
    GFServerConfigProvider.InterceptEntry intEntry = newConfig.get(intercept);
    if (intEntry == null) {
        throw new IOException("intercept entry for " + intercept + " must be specified before ID entries");
    }
    if (intEntry.idMap == null) {
        intEntry.idMap = new HashMap<>();
    }
    // map id to Intercept
    intEntry.idMap.put(id, idEntry);
}
Also used : HashMap(java.util.HashMap) IOException(java.io.IOException) AuthMessagePolicy(com.sun.enterprise.security.jaspic.AuthMessagePolicy) MessagePolicy(javax.security.auth.message.MessagePolicy) Property(org.jvnet.hk2.config.types.Property)

Example 10 with MessagePolicy

use of javax.security.auth.message.MessagePolicy in project Payara by payara.

the class AuthMessagePolicy method getMessagePolicy.

public static MessagePolicy getMessagePolicy(String authSource, String authRecipient, boolean mandatory) {
    boolean sourceSender = SENDER.equals(authSource);
    boolean sourceContent = CONTENT.equals(authSource);
    boolean recipientAuth = authRecipient != null;
    boolean beforeContent = BEFORE_CONTENT.equals(authRecipient);
    List<TargetPolicy> targetPolicies = new ArrayList<TargetPolicy>();
    if (recipientAuth && beforeContent) {
        targetPolicies.add(new TargetPolicy(null, () -> AUTHENTICATE_RECIPIENT));
        if (sourceSender) {
            targetPolicies.add(new TargetPolicy(null, () -> AUTHENTICATE_SENDER));
        } else if (sourceContent) {
            targetPolicies.add(new TargetPolicy(null, () -> AUTHENTICATE_CONTENT));
        }
    } else {
        if (sourceSender) {
            targetPolicies.add(new TargetPolicy(null, () -> AUTHENTICATE_SENDER));
        } else if (sourceContent) {
            targetPolicies.add(new TargetPolicy(null, () -> AUTHENTICATE_CONTENT));
        }
        if (recipientAuth) {
            targetPolicies.add(new TargetPolicy(null, () -> AUTHENTICATE_RECIPIENT));
        }
    }
    return new MessagePolicy(targetPolicies.toArray(new TargetPolicy[targetPolicies.size()]), mandatory);
}
Also used : MessagePolicy(javax.security.auth.message.MessagePolicy) TargetPolicy(javax.security.auth.message.MessagePolicy.TargetPolicy) ArrayList(java.util.ArrayList)

Aggregations

MessagePolicy (javax.security.auth.message.MessagePolicy)11 AuthMessagePolicy (com.sun.enterprise.security.jaspic.AuthMessagePolicy)3 IOException (java.io.IOException)3 ArrayList (java.util.ArrayList)3 HashMap (java.util.HashMap)3 WebServiceEndpoint (com.sun.enterprise.deployment.WebServiceEndpoint)2 MessageDescriptor (com.sun.enterprise.deployment.runtime.common.MessageDescriptor)2 MessageSecurityDescriptor (com.sun.enterprise.deployment.runtime.common.MessageSecurityDescriptor)2 AuthMessagePolicy (com.sun.enterprise.security.jmac.AuthMessagePolicy)2 TargetPolicy (javax.security.auth.message.MessagePolicy.TargetPolicy)2 Property (org.jvnet.hk2.config.types.Property)2 GFServerConfigProvider (com.sun.enterprise.security.jaspic.config.GFServerConfigProvider)1 Map (java.util.Map)1 Subject (javax.security.auth.Subject)1 AuthException (javax.security.auth.message.AuthException)1 AuthStatus (javax.security.auth.message.AuthStatus)1 MessageInfo (javax.security.auth.message.MessageInfo)1 ClientAuthContext (javax.security.auth.message.config.ClientAuthContext)1 ClientAuthModule (javax.security.auth.message.module.ClientAuthModule)1 PropertyExpander (sun.security.util.PropertyExpander)1