Examples with CallerPrincipalCallback javax.security.auth.message.callback.CallerPrincipalCallback used on opensource projects

Example 26 with CallerPrincipalCallback

use of javax.security.auth.message.callback.CallerPrincipalCallback in project javaee7-samples by javaee-samples.

the class TestWrappingServerAuthModule method validateRequest.

@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
    try {
        handler.handle(new Callback[] { new CallerPrincipalCallback(clientSubject, "test"), new GroupPrincipalCallback(clientSubject, new String[] { "architect" }) });
    } catch (IOException | UnsupportedCallbackException e) {
        throw (AuthException) new AuthException().initCause(e);
    }
    // Wrap the request - the resource to be invoked should get to see this
    messageInfo.setRequestMessage(new TestHttpServletRequestWrapper((HttpServletRequest) messageInfo.getRequestMessage()));
    // Wrap the response - the resource to be invoked should get to see this
    messageInfo.setResponseMessage(new TestHttpServletResponseWrapper((HttpServletResponse) messageInfo.getResponseMessage()));
    return SUCCESS;
}

Example 27 with CallerPrincipalCallback

use of javax.security.auth.message.callback.CallerPrincipalCallback in project javaee7-samples by javaee-samples.

the class TestServerAuthModule method validateRequest.

@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
    HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
    Callback[] callbacks;
    if (request.getParameter("doLogin") != null) {
        callbacks = new Callback[] { new CallerPrincipalCallback(clientSubject, "test"), new GroupPrincipalCallback(clientSubject, new String[] { "architect" }) };
    } else {
        // The JASPIC protocol for "do nothing"
        callbacks = new Callback[] { new CallerPrincipalCallback(clientSubject, (Principal) null) };
    }
    try {
        handler.handle(callbacks);
    } catch (IOException | UnsupportedCallbackException e) {
        throw (AuthException) new AuthException().initCause(e);
    }
    return SUCCESS;
}

Example 28 with CallerPrincipalCallback

use of javax.security.auth.message.callback.CallerPrincipalCallback in project javaee7-samples by javaee-samples.

the class TestServerAuthModule method validateRequest.

@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
    HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
    Callback[] callbacks;
    if (request.getParameter("doLogin") != null) {
        // For the test perform a login by directly "returning" the details of the authenticated user.
        // Normally credentials would be checked and the details fetched from some repository
        callbacks = new Callback[] { // The name of the authenticated user
        new CallerPrincipalCallback(clientSubject, "test"), // the roles of the authenticated user
        new GroupPrincipalCallback(clientSubject, new String[] { "architect" }) };
    } else {
        // The JASPIC protocol for "do nothing"
        callbacks = new Callback[] { new CallerPrincipalCallback(clientSubject, (Principal) null) };
    }
    try {
        // Communicate the details of the authenticated user to the container. In many
        // cases the handler will just store the details and the container will actually handle
        // the login after we return from this method.
        handler.handle(callbacks);
    } catch (IOException | UnsupportedCallbackException e) {
        throw (AuthException) new AuthException().initCause(e);
    }
    return SUCCESS;
}

Example 29 with CallerPrincipalCallback

use of javax.security.auth.message.callback.CallerPrincipalCallback in project javaee7-samples by javaee-samples.

the class TestServerAuthModule method validateRequest.

@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
    HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
    Callback[] callbacks;
    if (request.getParameter("doLogin") != null) {
        // For the test perform a login by directly "returning" the details of the authenticated user.
        // Normally credentials would be checked and the details fetched from some repository
        callbacks = new Callback[] { // The name of the authenticated user
        new CallerPrincipalCallback(clientSubject, "test"), // the roles of the authenticated user
        new GroupPrincipalCallback(clientSubject, new String[] { "architect" }) };
    } else {
        // The JASPIC protocol for "do nothing"
        callbacks = new Callback[] { new CallerPrincipalCallback(clientSubject, (Principal) null) };
    }
    try {
        // Communicate the details of the authenticated user to the container. In many
        // cases the handler will just store the details and the container will actually handle
        // the login after we return from this method.
        handler.handle(callbacks);
    } catch (IOException | UnsupportedCallbackException e) {
        throw (AuthException) new AuthException().initCause(e);
    }
    return SUCCESS;
}

Example 30 with CallerPrincipalCallback

use of javax.security.auth.message.callback.CallerPrincipalCallback in project wildfly by wildfly.

the class SimpleServerAuthModule method validateRequest.

public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
    HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
    HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage();
    final String authType = request.getHeader(AUTH_TYPE_HEADER);
    final String username = request.getHeader(USERNAME_HEADER);
    final String password = request.getHeader(PASSWORD_HEADER);
    final String roles = request.getHeader(ROLES_HEADER);
    final String session = request.getHeader(SESSION_HEADER);
    if (username == null || username.length() == 0 || ((password == null || password.length() == 0) && !ANONYMOUS.equals(username))) {
        sendChallenge(response);
        return AuthStatus.SEND_CONTINUE;
    }
    final boolean validated;
    if ("anonymous".equals(username)) {
        // Skip Authentication.
        validated = true;
    } else if (selfValidating) {
        // In this mode the ServerAuthModule is taking over it's own validation and only using Callbacks to establish the identity.
        validated = "user1".equals(username) && "password1".equals(password);
    } else {
        PasswordValidationCallback pvc = new PasswordValidationCallback(serviceSubject, username, password.toCharArray());
        try {
            handle(pvc);
        } finally {
            pvc.clearPassword();
        }
        validated = pvc.getResult();
    }
    if (validated) {
        if ("anonymous".equals(username)) {
            handle(new CallerPrincipalCallback(clientSubject, (Principal) null));
        } else {
            handle(new CallerPrincipalCallback(clientSubject, new NamePrincipal(username)));
        }
        if (roles != null) {
            handle(new GroupPrincipalCallback(clientSubject, roles.split(",")));
        }
        if (defaultRoles != null) {
            handle(new GroupPrincipalCallback(clientSubject, defaultRoles));
        }
        Map map = messageInfo.getMap();
        if (authType != null) {
            map.put(AUTH_TYPE, authType);
        }
        if ("register".equals(session)) {
            System.out.println("Requesting session registration");
            map.put(SESSION, Boolean.TRUE.toString());
        }
        return AuthStatus.SUCCESS;
    } else {
        // It is a failure as authentication was deliberately attempted and the supplied username / password failed validation.
        sendChallenge(response);
        return AuthStatus.SEND_FAILURE;
    }
}