Example 1 with GroupPrincipalCallback
use of javax.security.auth.message.callback.GroupPrincipalCallback in project jetty.project by eclipse.
the class JaspiAuthenticator method validateRequest.
public Authentication validateRequest(JaspiMessageInfo messageInfo) throws ServerAuthException {
try {
String authContextId = _authConfig.getAuthContextID(messageInfo);
ServerAuthContext authContext = _authConfig.getAuthContext(authContextId, _serviceSubject, _authProperties);
Subject clientSubject = new Subject();
AuthStatus authStatus = authContext.validateRequest(messageInfo, clientSubject, _serviceSubject);
if (authStatus == AuthStatus.SEND_CONTINUE)
return Authentication.SEND_CONTINUE;
if (authStatus == AuthStatus.SEND_FAILURE)
return Authentication.SEND_FAILURE;
if (authStatus == AuthStatus.SUCCESS) {
Set<UserIdentity> ids = clientSubject.getPrivateCredentials(UserIdentity.class);
UserIdentity userIdentity;
if (ids.size() > 0) {
userIdentity = ids.iterator().next();
} else {
CallerPrincipalCallback principalCallback = _callbackHandler.getThreadCallerPrincipalCallback();
if (principalCallback == null) {
return Authentication.UNAUTHENTICATED;
}
Principal principal = principalCallback.getPrincipal();
if (principal == null) {
String principalName = principalCallback.getName();
Set<Principal> principals = principalCallback.getSubject().getPrincipals();
for (Principal p : principals) {
if (p.getName().equals(principalName)) {
principal = p;
break;
}
}
if (principal == null) {
return Authentication.UNAUTHENTICATED;
}
}
GroupPrincipalCallback groupPrincipalCallback = _callbackHandler.getThreadGroupPrincipalCallback();
String[] groups = groupPrincipalCallback == null ? null : groupPrincipalCallback.getGroups();
userIdentity = _identityService.newUserIdentity(clientSubject, principal, groups);
}
HttpSession session = ((HttpServletRequest) messageInfo.getRequestMessage()).getSession(false);
Authentication cached = (session == null ? null : (SessionAuthentication) session.getAttribute(SessionAuthentication.__J_AUTHENTICATED));
if (cached != null)
return cached;
return new UserAuthentication(getAuthMethod(), userIdentity);
}
if (authStatus == AuthStatus.SEND_SUCCESS) {
// we are processing a message in a secureResponse dialog.
return Authentication.SEND_SUCCESS;
}
if (authStatus == AuthStatus.FAILURE) {
HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage();
response.sendError(HttpServletResponse.SC_FORBIDDEN);
return Authentication.SEND_FAILURE;
}
// should not happen
throw new IllegalStateException("No AuthStatus returned");
} catch (IOException | AuthException e) {
throw new ServerAuthException(e);
}
}
Also used :
HttpSession(javax.servlet.http.HttpSession)
UserIdentity(org.eclipse.jetty.server.UserIdentity)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
AuthException(javax.security.auth.message.AuthException)
ServerAuthException(org.eclipse.jetty.security.ServerAuthException)
SessionAuthentication(org.eclipse.jetty.security.authentication.SessionAuthentication)
IOException(java.io.IOException)
ServerAuthException(org.eclipse.jetty.security.ServerAuthException)
UserAuthentication(org.eclipse.jetty.security.UserAuthentication)
Subject(javax.security.auth.Subject)
ServerAuthContext(javax.security.auth.message.config.ServerAuthContext)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
CallerPrincipalCallback(javax.security.auth.message.callback.CallerPrincipalCallback)
GroupPrincipalCallback(javax.security.auth.message.callback.GroupPrincipalCallback)
AuthStatus(javax.security.auth.message.AuthStatus)
DeferredAuthentication(org.eclipse.jetty.security.authentication.DeferredAuthentication)
SessionAuthentication(org.eclipse.jetty.security.authentication.SessionAuthentication)
UserAuthentication(org.eclipse.jetty.security.UserAuthentication)
Authentication(org.eclipse.jetty.server.Authentication)
Principal(java.security.Principal)
Example 2 with GroupPrincipalCallback
use of javax.security.auth.message.callback.GroupPrincipalCallback in project jetty.project by eclipse.
the class ServletCallbackHandler method handle.
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (Callback callback : callbacks) {
// jaspi to server communication
if (callback instanceof CallerPrincipalCallback) {
_callerPrincipals.set((CallerPrincipalCallback) callback);
} else if (callback instanceof GroupPrincipalCallback) {
_groupPrincipals.set((GroupPrincipalCallback) callback);
} else if (callback instanceof PasswordValidationCallback) {
PasswordValidationCallback passwordValidationCallback = (PasswordValidationCallback) callback;
Subject subject = passwordValidationCallback.getSubject();
UserIdentity user = _loginService.login(passwordValidationCallback.getUsername(), passwordValidationCallback.getPassword(), null);
if (user != null) {
passwordValidationCallback.setResult(true);
passwordValidationCallback.getSubject().getPrincipals().addAll(user.getSubject().getPrincipals());
passwordValidationCallback.getSubject().getPrivateCredentials().add(user);
}
} else if (callback instanceof CredentialValidationCallback) {
CredentialValidationCallback credentialValidationCallback = (CredentialValidationCallback) callback;
Subject subject = credentialValidationCallback.getSubject();
LoginCallback loginCallback = new LoginCallbackImpl(subject, credentialValidationCallback.getUsername(), credentialValidationCallback.getCredential());
UserIdentity user = _loginService.login(credentialValidationCallback.getUsername(), credentialValidationCallback.getCredential(), null);
if (user != null) {
loginCallback.setUserPrincipal(user.getUserPrincipal());
credentialValidationCallback.getSubject().getPrivateCredentials().add(loginCallback);
credentialValidationCallback.setResult(true);
credentialValidationCallback.getSubject().getPrincipals().addAll(user.getSubject().getPrincipals());
credentialValidationCallback.getSubject().getPrivateCredentials().add(user);
}
} else // TODO implement these
if (callback instanceof CertStoreCallback) {
} else if (callback instanceof PrivateKeyCallback) {
} else if (callback instanceof SecretKeyCallback) {
} else if (callback instanceof TrustStoreCallback) {
} else {
throw new UnsupportedCallbackException(callback);
}
}
}
Also used :
LoginCallback(org.eclipse.jetty.security.authentication.LoginCallback)
SecretKeyCallback(javax.security.auth.message.callback.SecretKeyCallback)
TrustStoreCallback(javax.security.auth.message.callback.TrustStoreCallback)
CertStoreCallback(javax.security.auth.message.callback.CertStoreCallback)
UserIdentity(org.eclipse.jetty.server.UserIdentity)
CredentialValidationCallback(org.eclipse.jetty.security.jaspi.callback.CredentialValidationCallback)
Subject(javax.security.auth.Subject)
CallerPrincipalCallback(javax.security.auth.message.callback.CallerPrincipalCallback)
LoginCallbackImpl(org.eclipse.jetty.security.authentication.LoginCallbackImpl)
GroupPrincipalCallback(javax.security.auth.message.callback.GroupPrincipalCallback)
TrustStoreCallback(javax.security.auth.message.callback.TrustStoreCallback)
LoginCallback(org.eclipse.jetty.security.authentication.LoginCallback)
GroupPrincipalCallback(javax.security.auth.message.callback.GroupPrincipalCallback)
PasswordValidationCallback(javax.security.auth.message.callback.PasswordValidationCallback)
CredentialValidationCallback(org.eclipse.jetty.security.jaspi.callback.CredentialValidationCallback)
CallerPrincipalCallback(javax.security.auth.message.callback.CallerPrincipalCallback)
CertStoreCallback(javax.security.auth.message.callback.CertStoreCallback)
PrivateKeyCallback(javax.security.auth.message.callback.PrivateKeyCallback)
SecretKeyCallback(javax.security.auth.message.callback.SecretKeyCallback)
Callback(javax.security.auth.callback.Callback)
PasswordValidationCallback(javax.security.auth.message.callback.PasswordValidationCallback)
PrivateKeyCallback(javax.security.auth.message.callback.PrivateKeyCallback)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
Example 3 with GroupPrincipalCallback
use of javax.security.auth.message.callback.GroupPrincipalCallback in project jetty.project by eclipse.
the class ServletCallbackHandler method getThreadGroupPrincipalCallback.
public GroupPrincipalCallback getThreadGroupPrincipalCallback() {
GroupPrincipalCallback groupPrincipalCallback = _groupPrincipals.get();
_groupPrincipals.set(null);
return groupPrincipalCallback;
}
Also used :
GroupPrincipalCallback(javax.security.auth.message.callback.GroupPrincipalCallback)
Example 4 with GroupPrincipalCallback
use of javax.security.auth.message.callback.GroupPrincipalCallback in project jetty.project by eclipse.
the class HttpHeaderAuthModule method validateRequest.
/**
* Validation occurs here.
*/
@Override
public AuthStatus validateRequest(final MessageInfo messageInfo, final Subject client, final Subject serviceSubject) throws AuthException {
// Take the request from the messageInfo structure.
final HttpServletRequest req = (HttpServletRequest) messageInfo.getRequestMessage();
try {
// Get the user name from the header. If not there then fail authentication.
final String userName = req.getHeader("X-Forwarded-User");
if (userName == null) {
return AuthStatus.FAILURE;
}
// Store the user name that was in the header and also set a group.
handler.handle(new Callback[] { new CallerPrincipalCallback(client, userName), new GroupPrincipalCallback(client, new String[] { "users" }) });
return AuthStatus.SUCCESS;
} catch (final Exception e) {
throw new AuthException(e.getMessage());
}
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
CallerPrincipalCallback(javax.security.auth.message.callback.CallerPrincipalCallback)
GroupPrincipalCallback(javax.security.auth.message.callback.GroupPrincipalCallback)
AuthException(javax.security.auth.message.AuthException)
AuthException(javax.security.auth.message.AuthException)
Example 5 with GroupPrincipalCallback
use of javax.security.auth.message.callback.GroupPrincipalCallback in project javaee7-samples by javaee-samples.
the class TestLifecycleAuthModule method validateRequest.
@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage();
try {
response.getWriter().write("validateRequest invoked\n");
boolean isMandatory = Boolean.valueOf((String) messageInfo.getMap().get("javax.security.auth.message.MessagePolicy.isMandatory"));
response.getWriter().write("isMandatory: " + isMandatory + "\n");
handler.handle(new Callback[] { new CallerPrincipalCallback(clientSubject, "test"), new GroupPrincipalCallback(clientSubject, new String[] { "architect" }) });
} catch (IOException | UnsupportedCallbackException e) {
throw (AuthException) new AuthException().initCause(e);
}
return SUCCESS;
}
Also used :
CallerPrincipalCallback(javax.security.auth.message.callback.CallerPrincipalCallback)
GroupPrincipalCallback(javax.security.auth.message.callback.GroupPrincipalCallback)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
AuthException(javax.security.auth.message.AuthException)
IOException(java.io.IOException)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
Aggregations
GroupPrincipalCallback (javax.security.auth.message.callback.GroupPrincipalCallback)20
CallerPrincipalCallback (javax.security.auth.message.callback.CallerPrincipalCallback)19
UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)15
AuthException (javax.security.auth.message.AuthException)14
IOException (java.io.IOException)13
HttpServletRequest (javax.servlet.http.HttpServletRequest)13
Callback (javax.security.auth.callback.Callback)12
Principal (java.security.Principal)11
HttpServletResponse (javax.servlet.http.HttpServletResponse)4
Subject (javax.security.auth.Subject)3
PasswordValidationCallback (javax.security.auth.message.callback.PasswordValidationCallback)3
CertStoreCallback (javax.security.auth.message.callback.CertStoreCallback)2
PrivateKeyCallback (javax.security.auth.message.callback.PrivateKeyCallback)2
SecretKeyCallback (javax.security.auth.message.callback.SecretKeyCallback)2
TrustStoreCallback (javax.security.auth.message.callback.TrustStoreCallback)2
LoginCallbackImpl (org.eclipse.jetty.security.authentication.LoginCallbackImpl)2
CredentialValidationCallback (org.eclipse.jetty.security.jaspi.callback.CredentialValidationCallback)2
UserIdentity (org.eclipse.jetty.server.UserIdentity)2
LoginException (javax.security.auth.login.LoginException)1
AuthStatus (javax.security.auth.message.AuthStatus)1
