Examples with JASPICallbackHandler - org.jboss.security.auth.callback.JASPICallbackHandler

Example 1 with JASPICallbackHandler

use of org.jboss.security.auth.callback.JASPICallbackHandler in project wildfly by wildfly.

the class JASPICAuthenticationMechanism method authenticate.

@Override
public AuthenticationMechanismOutcome authenticate(final HttpServerExchange exchange, final SecurityContext sc) {
    exchange.putAttachment(AUTH_RUN, true);
    final ServletRequestContext requestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
    final JASPIServerAuthenticationManager sam = createJASPIAuthenticationManager();
    final GenericMessageInfo messageInfo = createMessageInfo(exchange, sc);
    final String applicationIdentifier = buildApplicationIdentifier(requestContext);
    final JASPICallbackHandler cbh = new JASPICallbackHandler();
    exchange.putAttachment(JASPICContext.ATTACHMENT_KEY, new JASPICContext(messageInfo, sam, cbh));
    UndertowLogger.ROOT_LOGGER.debugf("validateRequest for layer [%s] and applicationContextIdentifier [%s]", JASPI_HTTP_SERVLET_LAYER, applicationIdentifier);
    Account cachedAccount = null;
    final JASPICSecurityContext jaspicSecurityContext = (JASPICSecurityContext) exchange.getSecurityContext();
    final AuthenticatedSessionManager sessionManager = exchange.getAttachment(AuthenticatedSessionManager.ATTACHMENT_KEY);
    if (sessionManager != null) {
        AuthenticatedSessionManager.AuthenticatedSession authSession = sessionManager.lookupSession(exchange);
        if (authSession != null) {
            cachedAccount = authSession.getAccount();
            // SAM modules via request.getUserPrincipal().
            if (cachedAccount != null) {
                jaspicSecurityContext.setCachedAuthenticatedAccount(cachedAccount);
            }
        }
    }
    AuthenticationMechanismOutcome outcome = AuthenticationMechanismOutcome.NOT_AUTHENTICATED;
    Account authenticatedAccount = null;
    boolean isValid = sam.isValid(messageInfo, new Subject(), JASPI_HTTP_SERVLET_LAYER, applicationIdentifier, cbh);
    jaspicSecurityContext.setCachedAuthenticatedAccount(null);
    if (isValid) {
        // The CBH filled in the JBOSS SecurityContext, we need to create an Undertow account based on that
        org.jboss.security.SecurityContext jbossSct = SecurityActions.getSecurityContext();
        authenticatedAccount = createAccount(cachedAccount, jbossSct);
        updateSubjectRoles(jbossSct);
    }
    // authType resolution (check message info first, then check for the configured auth method, then use mech-specific name).
    String authType = (String) messageInfo.getMap().get(JASPI_AUTH_TYPE);
    if (authType == null)
        authType = this.configuredAuthMethod != null ? this.configuredAuthMethod : MECHANISM_NAME;
    if (isValid && authenticatedAccount != null) {
        outcome = AuthenticationMechanismOutcome.AUTHENTICATED;
        Object registerObj = messageInfo.getMap().get(JASPI_REGISTER_SESSION);
        boolean cache = false;
        if (registerObj != null && (registerObj instanceof String)) {
            cache = Boolean.valueOf((String) registerObj);
        }
        sc.authenticationComplete(authenticatedAccount, authType, cache);
    } else if (isValid && authenticatedAccount == null && !isMandatory(requestContext)) {
        outcome = AuthenticationMechanismOutcome.NOT_ATTEMPTED;
    } else {
        outcome = AuthenticationMechanismOutcome.NOT_AUTHENTICATED;
        sc.authenticationFailed("JASPIC authentication failed.", authType);
        // make sure we don't return status OK if the AuthException was thrown
        if (wasAuthExceptionThrown(exchange) && !statusIndicatesError(exchange)) {
            exchange.setResponseCode(DEFAULT_ERROR_CODE);
        }
    }
    // A SAM can wrap the HTTP request/response objects - update the servlet request context with the values found in the message info.
    ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
    servletRequestContext.setServletRequest((HttpServletRequest) messageInfo.getRequestMessage());
    servletRequestContext.setServletResponse((HttpServletResponse) messageInfo.getResponseMessage());
    return outcome;
}

Also used : Account(io.undertow.security.idm.Account) ServletRequestContext(io.undertow.servlet.handlers.ServletRequestContext) Subject(javax.security.auth.Subject) GenericMessageInfo(org.jboss.security.auth.message.GenericMessageInfo) AuthenticatedSessionManager(io.undertow.security.api.AuthenticatedSessionManager) JASPICallbackHandler(org.jboss.security.auth.callback.JASPICallbackHandler) JASPIServerAuthenticationManager(org.jboss.security.plugins.auth.JASPIServerAuthenticationManager)

Aggregations

AuthenticatedSessionManager (io.undertow.security.api.AuthenticatedSessionManager)1 Account (io.undertow.security.idm.Account)1 ServletRequestContext (io.undertow.servlet.handlers.ServletRequestContext)1 Subject (javax.security.auth.Subject)1 JASPICallbackHandler (org.jboss.security.auth.callback.JASPICallbackHandler)1 GenericMessageInfo (org.jboss.security.auth.message.GenericMessageInfo)1 JASPIServerAuthenticationManager (org.jboss.security.plugins.auth.JASPIServerAuthenticationManager)1