Examples with CallerPrincipalCallback javax.security.auth.message.callback.CallerPrincipalCallback used on opensource projects

Example 6 with CallerPrincipalCallback

use of javax.security.auth.message.callback.CallerPrincipalCallback in project Payara by payara.

the class RestMonitoringAuthModule method validateRequest.

@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
    if (securityEnabled) {
        HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
        HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage();
        HttpSession session = request.getSession();
        // Check if our session has already been authenticated
        Principal userPrincipal = request.getUserPrincipal();
        if (userPrincipal != null) {
            try {
                handler.handle(new Callback[] { new CallerPrincipalCallback(clientSubject, userPrincipal) });
                return AuthStatus.SUCCESS;
            } catch (IOException | UnsupportedCallbackException ex) {
                AuthException ae = new AuthException();
                ae.initCause(ex);
                throw ae;
            }
        }
        // See if the username / password has been passed in...
        String username = request.getParameter("j_username");
        String password = request.getParameter("j_password");
        if ((username == null) || (password == null) || !request.getMethod().equalsIgnoreCase("post")) {
            // Not passed in, show the login page...
            String origPath = request.getRequestURI();
            String queryString = request.getQueryString();
            if ((queryString != null) && (!queryString.isEmpty())) {
                origPath += "?" + queryString;
            }
            session.setAttribute(ORIG_REQUEST_PATH, origPath);
            RequestDispatcher rd = request.getRequestDispatcher(LOGIN_PAGE);
            try {
                rd.forward(request, response);
            } catch (Exception ex) {
                AuthException authException = new AuthException();
                authException.initCause(ex);
                throw authException;
            }
            return AuthStatus.SEND_CONTINUE;
        }
        // Authenticate the details
        PasswordValidationCallback pvCallback = new PasswordValidationCallback(clientSubject, username, password.toCharArray());
        try {
            handler.handle(new Callback[] { pvCallback });
        } catch (Exception ex) {
            AuthException ae = new AuthException();
            ae.initCause(ex);
            throw ae;
        }
        // Register the session as authenticated
        messageInfo.getMap().put("javax.servlet.http.registerSession", Boolean.TRUE.toString());
        // Redirect to original path
        try {
            String origRequest = (String) session.getAttribute(ORIG_REQUEST_PATH);
            if ((origRequest == null)) {
                origRequest = contextRoot;
            }
            response.sendRedirect(response.encodeRedirectURL(origRequest));
        } catch (Exception ex) {
            AuthException ae = new AuthException();
            ae.initCause(ex);
            throw ae;
        }
        // Continue...
        return AuthStatus.SUCCESS;
    } else {
        Callback[] callbacks = new Callback[] { new CallerPrincipalCallback(clientSubject, DEFAULT_USER_NAME) };
        try {
            handler.handle(callbacks);
        } catch (IOException | UnsupportedCallbackException ex) {
            Logger.getLogger(RestMonitoringAuthModule.class.getName()).log(Level.SEVERE, null, ex);
        }
        return AuthStatus.SUCCESS;
    }
}

Example 7 with CallerPrincipalCallback

use of javax.security.auth.message.callback.CallerPrincipalCallback in project Payara by payara.

the class ConnectorCallbackHandler method handleCallerPrincipalCallbackWithMapping.

public Callback handleCallerPrincipalCallbackWithMapping(CallerPrincipalCallback cpc) {
    CallerPrincipalCallback asCPC;
    Principal eisPrincipal = cpc.getPrincipal();
    String eisName = cpc.getName();
    Principal asPrincipal = getMappedPrincipal(eisPrincipal, eisName);
    asCPC = new CallerPrincipalCallback(cpc.getSubject(), asPrincipal);
    return asCPC;
/*
        Set<Principal> principals = cpc.getSubject().getPrincipals();
        for (Principal p : principals) {
            Principal mappedPrincipal = (Principal) securityMap.get(p);
            if (mappedPrincipal != null) {
                DistinguishedPrincipalCredential dpc = new DistinguishedPrincipalCredential(mappedPrincipal);
                cpc.getSubject().getPublicCredentials().add(dpc);
            }
        }
        SecurityContext.setCurrent(new SecurityContext(cpc.getSubject()));
*/
}

Example 8 with CallerPrincipalCallback

use of javax.security.auth.message.callback.CallerPrincipalCallback in project Payara by payara.

the class BaseContainerCallbackHandler method processCallback.

/**
 * gets the appropriate callback processor and hands the callback to
 * processor to process the callback.
 */
protected void processCallback(Callback callback) throws UnsupportedCallbackException {
    if (callback instanceof CallerPrincipalCallback) {
        processCallerPrincipal((CallerPrincipalCallback) callback);
    } else if (callback instanceof GroupPrincipalCallback) {
        processGroupPrincipal((GroupPrincipalCallback) callback);
    } else if (callback instanceof PasswordValidationCallback) {
        processPasswordValidation((PasswordValidationCallback) callback);
    } else if (callback instanceof PrivateKeyCallback) {
        processPrivateKey((PrivateKeyCallback) callback);
    } else if (callback instanceof TrustStoreCallback) {
        TrustStoreCallback tstoreCallback = (TrustStoreCallback) callback;
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, "JMAC: In TrustStoreCallback Processor");
        }
        tstoreCallback.setTrustStore(sslUtils.getMergedTrustStore());
    } else if (callback instanceof CertStoreCallback) {
        processCertStore((CertStoreCallback) callback);
    } else if (callback instanceof SecretKeyCallback) {
        processSecretKey((SecretKeyCallback) callback);
    } else {
        // the isSupportedCallback method already takes care of this case
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, "JMAC: UnsupportedCallback : " + callback.getClass().getName());
        }
        throw new UnsupportedCallbackException(callback);
    }
}

Example 9 with CallerPrincipalCallback

use of javax.security.auth.message.callback.CallerPrincipalCallback in project javaee7-samples by javaee-samples.

the class TestServerAuthModule method validateRequest.

@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
    HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
    Callback[] callbacks;
    if (request.getParameter("doLogin") != null) {
        // For the test perform a login by directly "returning" the details of the authenticated user.
        // Normally credentials would be checked and the details fetched from some repository
        callbacks = new Callback[] { // The name of the authenticated user
        new CallerPrincipalCallback(clientSubject, "test"), // the roles of the authenticated user
        new GroupPrincipalCallback(clientSubject, new String[] { "architect" }) };
    } else {
        // The JASPIC protocol for "do nothing"
        callbacks = new Callback[] { new CallerPrincipalCallback(clientSubject, (Principal) null) };
    }
    try {
        // Communicate the details of the authenticated user to the container. In many
        // cases the handler will just store the details and the container will actually handle
        // the login after we return from this method.
        handler.handle(callbacks);
    } catch (IOException | UnsupportedCallbackException e) {
        throw (AuthException) new AuthException().initCause(e);
    }
    return SUCCESS;
}

Example 10 with CallerPrincipalCallback

use of javax.security.auth.message.callback.CallerPrincipalCallback in project javaee7-samples by javaee-samples.

the class TestServerAuthModule method validateRequest.

@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
    HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
    Callback[] callbacks;
    if (request.getAttribute("doLogin") != null) {
        // notice "getAttribute" here, this is set by the Servlet
        // For the test perform a login by directly "returning" the details of the authenticated user.
        // Normally credentials would be checked and the details fetched from some repository
        callbacks = new Callback[] { // The name of the authenticated user
        new CallerPrincipalCallback(clientSubject, "test"), // the roles of the authenticated user
        new GroupPrincipalCallback(clientSubject, new String[] { "architect" }) };
    } else {
        // The JASPIC protocol for "do nothing"
        callbacks = new Callback[] { new CallerPrincipalCallback(clientSubject, (Principal) null) };
    }
    try {
        // Communicate the details of the authenticated user to the container. In many
        // cases the handler will just store the details and the container will actually handle
        // the login after we return from this method.
        handler.handle(callbacks);
    } catch (IOException | UnsupportedCallbackException e) {
        throw (AuthException) new AuthException().initCause(e);
    }
    return SUCCESS;
}