Example 6 with MessagePolicy
use of javax.security.auth.message.MessagePolicy in project Payara by payara.
the class AuthMessagePolicy method getSOAPPolicies.
public static MessagePolicy[] getSOAPPolicies(MessageSecurityBindingDescriptor binding, String operation, boolean onePolicy) {
MessagePolicy requestPolicy = null;
MessagePolicy responsePolicy = null;
if (binding != null) {
ArrayList<MessageSecurityDescriptor> msgSecDescs = null;
String layer = binding.getAttributeValue(MessageSecurityBindingDescriptor.AUTH_LAYER);
if (SOAP.equals(layer)) {
msgSecDescs = binding.getMessageSecurityDescriptors();
}
if (msgSecDescs != null) {
if (onePolicy) {
if (msgSecDescs.size() > 0) {
MessageSecurityDescriptor msd = msgSecDescs.get(0);
requestPolicy = getMessagePolicy(msd.getRequestProtectionDescriptor());
responsePolicy = getMessagePolicy(msd.getResponseProtectionDescriptor());
}
} else {
// try to match
MessageSecurityDescriptor matchMsd = null;
for (int i = 0; i < msgSecDescs.size(); i++) {
MessageSecurityDescriptor msd = msgSecDescs.get(i);
ArrayList msgDescs = msd.getMessageDescriptors();
for (int j = i + 1; j < msgDescs.size(); j++) {
// XXX don't know how to get JavaMethod from operation
MessageDescriptor msgDesc = (MessageDescriptor) msgDescs.get(j);
String opName = msgDesc.getOperationName();
if ((opName == null && matchMsd == null)) {
matchMsd = msd;
} else if (opName != null && opName.equals(operation)) {
matchMsd = msd;
break;
}
}
if (matchMsd != null) {
requestPolicy = getMessagePolicy(matchMsd.getRequestProtectionDescriptor());
responsePolicy = getMessagePolicy(matchMsd.getResponseProtectionDescriptor());
}
}
}
}
}
return new MessagePolicy[] { requestPolicy, responsePolicy };
}
Also used :
MessageDescriptor(com.sun.enterprise.deployment.runtime.common.MessageDescriptor)
MessagePolicy(javax.security.auth.message.MessagePolicy)
ArrayList(java.util.ArrayList)
MessageSecurityDescriptor(com.sun.enterprise.deployment.runtime.common.MessageSecurityDescriptor)
WebServiceEndpoint(com.sun.enterprise.deployment.WebServiceEndpoint)
Example 7 with MessagePolicy
use of javax.security.auth.message.MessagePolicy in project Payara by payara.
the class GFServerConfigProvider method getEntry.
Entry getEntry(String intercept, String id, MessagePolicy requestPolicy, MessagePolicy responsePolicy, String type) {
// get the parsed module config and DD information
Map<String, InterceptEntry> configMap;
try {
rwLock.readLock().lock();
configMap = parser.getConfigMap();
} finally {
rwLock.readLock().unlock();
}
if (configMap == null) {
return null;
}
// get the module config info for this intercept
InterceptEntry intEntry = configMap.get(intercept);
if (intEntry == null || intEntry.idMap == null) {
if (logger.isLoggable(FINE)) {
logger.fine("module config has no IDs configured for [" + intercept + "]");
}
return null;
}
// look up the DD's provider ID in the module config
IDEntry idEntry = null;
if (id == null || (idEntry = (IDEntry) intEntry.idMap.get(id)) == null) {
if (logger.isLoggable(FINE)) {
logger.fine("DD did not specify ID, " + "or DD-specified ID for [" + intercept + "] not found in config -- " + "attempting to look for default ID");
}
String defaultID;
if (CLIENT.equals(type)) {
defaultID = intEntry.defaultClientID;
} else {
defaultID = intEntry.defaultServerID;
}
idEntry = (IDEntry) intEntry.idMap.get(defaultID);
if (idEntry == null) {
if (logger.isLoggable(FINE)) {
logger.fine("no default config ID for [" + intercept + "]");
}
return null;
}
}
// check provider-type
if (idEntry.type.indexOf(type) < 0) {
if (logger.isLoggable(FINE)) {
logger.fine("request type [" + type + "] does not match config type [" + idEntry.type + "]");
}
return null;
}
// check whether a policy is set
// default;
MessagePolicy reqP = requestPolicy != null || responsePolicy != null ? requestPolicy : idEntry.requestPolicy;
// default;
MessagePolicy respP = requestPolicy != null || responsePolicy != null ? responsePolicy : idEntry.responsePolicy;
// optimization: if policy was not set, return null
if (reqP == null && respP == null) {
if (logger.isLoggable(FINE)) {
logger.fine("no policy applies");
}
return null;
}
// return the configured modules with the correct policies
Entry entry = new Entry(idEntry.moduleClassName, reqP, respP, idEntry.options);
if (logger.isLoggable(FINE)) {
logger.fine("getEntry for: " + intercept + " -- " + id + "\n module class: " + entry.moduleClassName + "\n options: " + entry.options + "\n request policy: " + entry.requestPolicy + "\n response policy: " + entry.responsePolicy);
}
return entry;
}
Also used :
MessagePolicy(javax.security.auth.message.MessagePolicy)
AuthMessagePolicy(com.sun.enterprise.security.jmac.AuthMessagePolicy)
Example 8 with MessagePolicy
use of javax.security.auth.message.MessagePolicy in project Payara by payara.
the class SimpleSAMAuthContext method validateRequest.
@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
MessagePolicy requestPolicy = new MessagePolicy(new MessagePolicy.TargetPolicy[] { new MessagePolicy.TargetPolicy((MessagePolicy.Target[]) null, new MessagePolicy.ProtectionPolicy() {
public String getID() {
return MessagePolicy.ProtectionPolicy.AUTHENTICATE_SENDER;
}
}) }, true);
sam.initialize(requestPolicy, null, handler, options);
return sam.validateRequest(messageInfo, clientSubject, serviceSubject);
}
Also used :
MessagePolicy(javax.security.auth.message.MessagePolicy)
Example 9 with MessagePolicy
use of javax.security.auth.message.MessagePolicy in project Payara by payara.
the class ConfigDomainParser method parseIDEntry.
private void parseIDEntry(ProviderConfig pConfig, Map<String, GFServerConfigProvider.InterceptEntry> newConfig, String intercept) throws IOException {
String id = pConfig.getProviderId();
String type = pConfig.getProviderType();
String moduleClass = pConfig.getClassName();
MessagePolicy requestPolicy = parsePolicy((RequestPolicy) pConfig.getRequestPolicy());
MessagePolicy responsePolicy = parsePolicy((ResponsePolicy) pConfig.getResponsePolicy());
// get the module options
Map<String, Object> options = new HashMap<>();
List<Property> pList = pConfig.getProperty();
if (pList != null) {
Iterator<Property> pit = pList.iterator();
while (pit.hasNext()) {
Property property = pit.next();
try {
options.put(property.getName(), expand(property.getValue()));
} catch (IllegalStateException ee) {
// interpret value itself.
if (_logger.isLoggable(FINE)) {
_logger.log(FINE, "jaspic.unexpandedproperty");
}
options.put(property.getName(), property.getValue());
}
}
}
if (_logger.isLoggable(FINE)) {
_logger.fine("ID Entry: " + "\n module class: " + moduleClass + "\n id: " + id + "\n type: " + type + "\n request policy: " + requestPolicy + "\n response policy: " + responsePolicy + "\n options: " + options);
}
// create ID entry
GFServerConfigProvider.IDEntry idEntry = new GFServerConfigProvider.IDEntry(type, moduleClass, requestPolicy, responsePolicy, options);
GFServerConfigProvider.InterceptEntry intEntry = newConfig.get(intercept);
if (intEntry == null) {
throw new IOException("intercept entry for " + intercept + " must be specified before ID entries");
}
if (intEntry.idMap == null) {
intEntry.idMap = new HashMap<>();
}
// map id to Intercept
intEntry.idMap.put(id, idEntry);
}
Also used :
HashMap(java.util.HashMap)
IOException(java.io.IOException)
AuthMessagePolicy(com.sun.enterprise.security.jaspic.AuthMessagePolicy)
MessagePolicy(javax.security.auth.message.MessagePolicy)
Property(org.jvnet.hk2.config.types.Property)
Example 10 with MessagePolicy
use of javax.security.auth.message.MessagePolicy in project Payara by payara.
the class AuthMessagePolicy method getMessagePolicy.
public static MessagePolicy getMessagePolicy(String authSource, String authRecipient, boolean mandatory) {
boolean sourceSender = SENDER.equals(authSource);
boolean sourceContent = CONTENT.equals(authSource);
boolean recipientAuth = authRecipient != null;
boolean beforeContent = BEFORE_CONTENT.equals(authRecipient);
List<TargetPolicy> targetPolicies = new ArrayList<TargetPolicy>();
if (recipientAuth && beforeContent) {
targetPolicies.add(new TargetPolicy(null, () -> AUTHENTICATE_RECIPIENT));
if (sourceSender) {
targetPolicies.add(new TargetPolicy(null, () -> AUTHENTICATE_SENDER));
} else if (sourceContent) {
targetPolicies.add(new TargetPolicy(null, () -> AUTHENTICATE_CONTENT));
}
} else {
if (sourceSender) {
targetPolicies.add(new TargetPolicy(null, () -> AUTHENTICATE_SENDER));
} else if (sourceContent) {
targetPolicies.add(new TargetPolicy(null, () -> AUTHENTICATE_CONTENT));
}
if (recipientAuth) {
targetPolicies.add(new TargetPolicy(null, () -> AUTHENTICATE_RECIPIENT));
}
}
return new MessagePolicy(targetPolicies.toArray(new TargetPolicy[targetPolicies.size()]), mandatory);
}
Also used :
MessagePolicy(javax.security.auth.message.MessagePolicy)
TargetPolicy(javax.security.auth.message.MessagePolicy.TargetPolicy)
ArrayList(java.util.ArrayList)
Aggregations
MessagePolicy (javax.security.auth.message.MessagePolicy)11
AuthMessagePolicy (com.sun.enterprise.security.jaspic.AuthMessagePolicy)3
IOException (java.io.IOException)3
ArrayList (java.util.ArrayList)3
HashMap (java.util.HashMap)3
WebServiceEndpoint (com.sun.enterprise.deployment.WebServiceEndpoint)2
MessageDescriptor (com.sun.enterprise.deployment.runtime.common.MessageDescriptor)2
MessageSecurityDescriptor (com.sun.enterprise.deployment.runtime.common.MessageSecurityDescriptor)2
AuthMessagePolicy (com.sun.enterprise.security.jmac.AuthMessagePolicy)2
TargetPolicy (javax.security.auth.message.MessagePolicy.TargetPolicy)2
Property (org.jvnet.hk2.config.types.Property)2
GFServerConfigProvider (com.sun.enterprise.security.jaspic.config.GFServerConfigProvider)1
Map (java.util.Map)1
Subject (javax.security.auth.Subject)1
AuthException (javax.security.auth.message.AuthException)1
AuthStatus (javax.security.auth.message.AuthStatus)1
MessageInfo (javax.security.auth.message.MessageInfo)1
ClientAuthContext (javax.security.auth.message.config.ClientAuthContext)1
ClientAuthModule (javax.security.auth.message.module.ClientAuthModule)1
PropertyExpander (sun.security.util.PropertyExpander)1
