Examples with HttpMessageContext javax.security.enterprise.authentication.mechanism.http.HttpMessageContext used on opensource projects

Search in sources :

Example 1 with HttpMessageContext

use of javax.security.enterprise.authentication.mechanism.http.HttpMessageContext in project tomee by apache.

the class RememberMeInterceptor method validateRequest.

private AuthenticationStatus validateRequest(final InvocationContext invocationContext) throws Exception {
    final HttpMessageContext httpMessageContext = (HttpMessageContext) invocationContext.getParameters()[2];
    final RememberMe rememberMe = TomEEELInvocationHandler.of(RememberMe.class, getRememberMe(), getElProcessor(invocationContext, httpMessageContext));
    final Optional<Cookie> cookie = getCookie(httpMessageContext.getRequest(), rememberMe.cookieName());
    if (cookie.isPresent() && !isEmpty(cookie.get().getValue())) {
        final RememberMeCredential rememberMeCredential = new RememberMeCredential(cookie.get().getValue());
        final CredentialValidationResult validate = rememberMeIdentityStore.get().validate(rememberMeCredential);
        if (VALID.equals(validate.getStatus())) {
            return httpMessageContext.notifyContainerAboutLogin(validate);
        } else {
            cookie.get().setMaxAge(0);
            httpMessageContext.getResponse().addCookie(cookie.get());
        }
    }
    final AuthenticationStatus status = (AuthenticationStatus) invocationContext.proceed();
    if (SUCCESS.equals(status) && httpMessageContext.getCallerPrincipal() != null) {
        if (rememberMe.isRememberMe()) {
            final CallerPrincipal principal = new CallerPrincipal(httpMessageContext.getCallerPrincipal().getName());
            final Set<String> groups = httpMessageContext.getGroups();
            final String loginToken = rememberMeIdentityStore.get().generateLoginToken(principal, groups);
            final Cookie rememberMeCookie = new Cookie(rememberMe.cookieName(), loginToken);
            rememberMeCookie.setPath(isEmpty(httpMessageContext.getRequest().getContextPath()) ? "/" : httpMessageContext.getRequest().getContextPath());
            rememberMeCookie.setMaxAge(rememberMe.cookieMaxAgeSeconds());
            rememberMeCookie.setHttpOnly(rememberMe.cookieHttpOnly());
            rememberMeCookie.setSecure(rememberMe.cookieSecureOnly());
            httpMessageContext.getResponse().addCookie(rememberMeCookie);
        }
    }
    return status;
}
Also used : Cookie(javax.servlet.http.Cookie) AuthenticationStatus(javax.security.enterprise.AuthenticationStatus) CredentialValidationResult(javax.security.enterprise.identitystore.CredentialValidationResult) RememberMe(javax.security.enterprise.authentication.mechanism.http.RememberMe) HttpMessageContext(javax.security.enterprise.authentication.mechanism.http.HttpMessageContext) CallerPrincipal(javax.security.enterprise.CallerPrincipal) RememberMeCredential(javax.security.enterprise.credential.RememberMeCredential)

Example 2 with HttpMessageContext

use of javax.security.enterprise.authentication.mechanism.http.HttpMessageContext in project tomee by apache.

the class LoginToContinueInterceptor method validateRequest.

private AuthenticationStatus validateRequest(final InvocationContext invocationContext) throws Exception {
    final HttpMessageContext httpMessageContext = (HttpMessageContext) invocationContext.getParameters()[2];
    clearStaleState(httpMessageContext);
    if (httpMessageContext.getAuthParameters().isNewAuthentication()) {
        return processCallerInitiatedAuthentication(invocationContext, httpMessageContext);
    } else {
        return processContainerInitiatedAuthentication(invocationContext, httpMessageContext);
    }
}
Also used : HttpMessageContext(javax.security.enterprise.authentication.mechanism.http.HttpMessageContext)

Example 3 with HttpMessageContext

use of javax.security.enterprise.authentication.mechanism.http.HttpMessageContext in project tomee by apache.

the class TomEESecurityServerAuthModule method cleanSubject.

@Override
public void cleanSubject(final MessageInfo messageInfo, final Subject subject) throws AuthException {
    final HttpMessageContext httpMessageContext = httpMessageContext(handler, messageInfo, subject, null);
    CDI.current().select(TomEESecurityServletAuthenticationMechanismMapper.class).get().getCurrentAuthenticationMechanism(httpMessageContext).cleanSubject(httpMessageContext.getRequest(), httpMessageContext.getResponse(), httpMessageContext);
}
Also used : TomEESecurityServletAuthenticationMechanismMapper(org.apache.tomee.security.cdi.TomEESecurityServletAuthenticationMechanismMapper) HttpMessageContext(javax.security.enterprise.authentication.mechanism.http.HttpMessageContext)

Example 4 with HttpMessageContext

use of javax.security.enterprise.authentication.mechanism.http.HttpMessageContext in project tomee by apache.

the class TomEESecurityServerAuthModule method validateRequest.

@Override
public AuthStatus validateRequest(final MessageInfo messageInfo, final Subject clientSubject, final Subject serviceSubject) throws AuthException {
    final HttpMessageContext httpMessageContext = httpMessageContext(handler, messageInfo, clientSubject, serviceSubject);
    final HttpAuthenticationMechanism authenticationMechanism = CDI.current().select(TomEESecurityServletAuthenticationMechanismMapper.class).get().getCurrentAuthenticationMechanism(httpMessageContext);
    final AuthenticationStatus authenticationStatus;
    try {
        authenticationStatus = authenticationMechanism.validateRequest(httpMessageContext.getRequest(), httpMessageContext.getResponse(), httpMessageContext);
    } catch (final AuthenticationException e) {
        final AuthException authException = new AuthException(e.getMessage());
        authException.initCause(e);
        throw authException;
    }
    return mapToAuthStatus(authenticationStatus);
}
Also used : AuthenticationStatus(javax.security.enterprise.AuthenticationStatus) AuthenticationException(javax.security.enterprise.AuthenticationException) HttpAuthenticationMechanism(javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism) AuthException(javax.security.auth.message.AuthException) HttpMessageContext(javax.security.enterprise.authentication.mechanism.http.HttpMessageContext)

Example 5 with HttpMessageContext

use of javax.security.enterprise.authentication.mechanism.http.HttpMessageContext in project tomee by apache.

the class AutoApplySessionInterceptor method validateRequest.

private AuthenticationStatus validateRequest(final InvocationContext invocationContext) throws Exception {
    final HttpMessageContext httpMessageContext = (HttpMessageContext) invocationContext.getParameters()[2];
    final Principal principal = httpMessageContext.getRequest().getUserPrincipal();
    if (principal == null) {
        final Object authenticationStatus = invocationContext.proceed();
        if (AuthenticationStatus.SUCCESS.equals(authenticationStatus)) {
            httpMessageContext.getMessageInfo().getMap().put("javax.servlet.http.registerSession", "true");
        }
        return (AuthenticationStatus) authenticationStatus;
    } else {
        final CallerPrincipalCallback callerPrincipalCallback = new CallerPrincipalCallback(httpMessageContext.getClientSubject(), principal);
        httpMessageContext.getHandler().handle(new Callback[] { callerPrincipalCallback });
        return AuthenticationStatus.SUCCESS;
    }
}
Also used : AuthenticationStatus(javax.security.enterprise.AuthenticationStatus) CallerPrincipalCallback(javax.security.auth.message.callback.CallerPrincipalCallback) HttpMessageContext(javax.security.enterprise.authentication.mechanism.http.HttpMessageContext) Principal(java.security.Principal)

Aggregations

HttpMessageContext (javax.security.enterprise.authentication.mechanism.http.HttpMessageContext)7 AuthenticationStatus (javax.security.enterprise.AuthenticationStatus)4 AuthException (javax.security.auth.message.AuthException)2 AuthenticationException (javax.security.enterprise.AuthenticationException)2 HttpAuthenticationMechanism (javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism)2 RememberMe (javax.security.enterprise.authentication.mechanism.http.RememberMe)2 Cookie (javax.servlet.http.Cookie)2 Principal (java.security.Principal)1 CallerPrincipalCallback (javax.security.auth.message.callback.CallerPrincipalCallback)1 CallerPrincipal (javax.security.enterprise.CallerPrincipal)1 RememberMeCredential (javax.security.enterprise.credential.RememberMeCredential)1 CredentialValidationResult (javax.security.enterprise.identitystore.CredentialValidationResult)1 TomEESecurityServletAuthenticationMechanismMapper (org.apache.tomee.security.cdi.TomEESecurityServletAuthenticationMechanismMapper)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial