Example 1 with GenericMessageInfo
use of org.jboss.security.auth.message.GenericMessageInfo in project jbossws-cxf by jbossws.
the class JaspiServerAuthenticator method validateRequest.
public void validateRequest(SoapMessage message) {
SOAPMessage soapMessage = message.getContent(SOAPMessage.class);
MessageInfo messageInfo = new GenericMessageInfo(soapMessage, null);
AuthStatus authStatus;
try {
authStatus = sctx.validateRequest(messageInfo, null, null);
} catch (AuthException e) {
if (isSOAP12(message)) {
SoapFault soap12Fault = new SoapFault(e.getMessage(), Soap12.getInstance().getReceiver());
throw soap12Fault;
} else {
throw new SoapFault(e.getMessage(), new QName("", "jaspi AuthException"));
}
}
Message response = null;
if (messageInfo.getResponseMessage() != null && !message.getExchange().isOneWay()) {
Endpoint e = message.getExchange().getEndpoint();
response = new MessageImpl();
response.setExchange(message.getExchange());
response = e.getBinding().createMessage(response);
message.getExchange().setOutMessage(response);
response.setContent(SOAPMessage.class, messageInfo.getResponseMessage());
if (AuthStatus.SEND_CONTINUE == authStatus) {
response.put(Message.RESPONSE_CODE, Integer.valueOf(303));
}
if (AuthStatus.SEND_FAILURE == authStatus) {
response.put(Message.RESPONSE_CODE, Integer.valueOf(500));
}
message.getInterceptorChain().abort();
InterceptorChain chain = OutgoingChainInterceptor.getOutInterceptorChain(message.getExchange());
response.setInterceptorChain(chain);
chain.doInterceptStartingAfter(response, SoapPreProtocolOutInterceptor.class.getName());
}
}
Also used :
InterceptorChain(org.apache.cxf.interceptor.InterceptorChain)
SoapFault(org.apache.cxf.binding.soap.SoapFault)
SoapPreProtocolOutInterceptor(org.apache.cxf.binding.soap.interceptor.SoapPreProtocolOutInterceptor)
Message(org.apache.cxf.message.Message)
SoapMessage(org.apache.cxf.binding.soap.SoapMessage)
SOAPMessage(javax.xml.soap.SOAPMessage)
Endpoint(org.apache.cxf.endpoint.Endpoint)
AuthStatus(javax.security.auth.message.AuthStatus)
QName(javax.xml.namespace.QName)
GenericMessageInfo(org.jboss.security.auth.message.GenericMessageInfo)
AuthException(javax.security.auth.message.AuthException)
SOAPMessage(javax.xml.soap.SOAPMessage)
MessageImpl(org.apache.cxf.message.MessageImpl)
MessageInfo(javax.security.auth.message.MessageInfo)
GenericMessageInfo(org.jboss.security.auth.message.GenericMessageInfo)
Example 2 with GenericMessageInfo
use of org.jboss.security.auth.message.GenericMessageInfo in project wildfly by wildfly.
the class JASPICAuthenticationMechanism method createMessageInfo.
private GenericMessageInfo createMessageInfo(final HttpServerExchange exchange, final SecurityContext securityContext) {
ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
GenericMessageInfo messageInfo = new GenericMessageInfo();
messageInfo.setRequestMessage(servletRequestContext.getServletRequest());
messageInfo.setResponseMessage(servletRequestContext.getServletResponse());
messageInfo.getMap().put("javax.security.auth.message.MessagePolicy.isMandatory", isMandatory(servletRequestContext).toString());
// additional context data, useful to provide access to Undertow resources during the modules processing
messageInfo.getMap().put(SECURITY_CONTEXT_ATTACHMENT_KEY, securityContext);
messageInfo.getMap().put(HTTP_SERVER_EXCHANGE_ATTACHMENT_KEY, exchange);
return messageInfo;
}
Also used :
ServletRequestContext(io.undertow.servlet.handlers.ServletRequestContext)
GenericMessageInfo(org.jboss.security.auth.message.GenericMessageInfo)
Example 3 with GenericMessageInfo
use of org.jboss.security.auth.message.GenericMessageInfo in project wildfly by wildfly.
the class JASPICAuthenticationMechanism method authenticate.
@Override
public AuthenticationMechanismOutcome authenticate(final HttpServerExchange exchange, final SecurityContext sc) {
exchange.putAttachment(AUTH_RUN, true);
final ServletRequestContext requestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
final JASPIServerAuthenticationManager sam = createJASPIAuthenticationManager();
final GenericMessageInfo messageInfo = createMessageInfo(exchange, sc);
final String applicationIdentifier = buildApplicationIdentifier(requestContext);
final JASPICallbackHandler cbh = new JASPICallbackHandler();
exchange.putAttachment(JASPICContext.ATTACHMENT_KEY, new JASPICContext(messageInfo, sam, cbh));
UndertowLogger.ROOT_LOGGER.debugf("validateRequest for layer [%s] and applicationContextIdentifier [%s]", JASPI_HTTP_SERVLET_LAYER, applicationIdentifier);
Account cachedAccount = null;
final JASPICSecurityContext jaspicSecurityContext = (JASPICSecurityContext) exchange.getSecurityContext();
final AuthenticatedSessionManager sessionManager = exchange.getAttachment(AuthenticatedSessionManager.ATTACHMENT_KEY);
if (sessionManager != null) {
AuthenticatedSessionManager.AuthenticatedSession authSession = sessionManager.lookupSession(exchange);
if (authSession != null) {
cachedAccount = authSession.getAccount();
// SAM modules via request.getUserPrincipal().
if (cachedAccount != null) {
jaspicSecurityContext.setCachedAuthenticatedAccount(cachedAccount);
}
}
}
AuthenticationMechanismOutcome outcome = AuthenticationMechanismOutcome.NOT_AUTHENTICATED;
Account authenticatedAccount = null;
boolean isValid = sam.isValid(messageInfo, new Subject(), JASPI_HTTP_SERVLET_LAYER, applicationIdentifier, cbh);
jaspicSecurityContext.setCachedAuthenticatedAccount(null);
if (isValid) {
// The CBH filled in the JBOSS SecurityContext, we need to create an Undertow account based on that
org.jboss.security.SecurityContext jbossSct = SecurityActions.getSecurityContext();
authenticatedAccount = createAccount(cachedAccount, jbossSct);
updateSubjectRoles(jbossSct);
}
// authType resolution (check message info first, then check for the configured auth method, then use mech-specific name).
String authType = (String) messageInfo.getMap().get(JASPI_AUTH_TYPE);
if (authType == null)
authType = this.configuredAuthMethod != null ? this.configuredAuthMethod : MECHANISM_NAME;
if (isValid && authenticatedAccount != null) {
outcome = AuthenticationMechanismOutcome.AUTHENTICATED;
Object registerObj = messageInfo.getMap().get(JASPI_REGISTER_SESSION);
boolean cache = false;
if (registerObj != null && (registerObj instanceof String)) {
cache = Boolean.valueOf((String) registerObj);
}
sc.authenticationComplete(authenticatedAccount, authType, cache);
} else if (isValid && authenticatedAccount == null && !isMandatory(requestContext)) {
outcome = AuthenticationMechanismOutcome.NOT_ATTEMPTED;
} else {
outcome = AuthenticationMechanismOutcome.NOT_AUTHENTICATED;
sc.authenticationFailed("JASPIC authentication failed.", authType);
// make sure we don't return status OK if the AuthException was thrown
if (wasAuthExceptionThrown(exchange) && !statusIndicatesError(exchange)) {
exchange.setResponseCode(DEFAULT_ERROR_CODE);
}
}
// A SAM can wrap the HTTP request/response objects - update the servlet request context with the values found in the message info.
ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
servletRequestContext.setServletRequest((HttpServletRequest) messageInfo.getRequestMessage());
servletRequestContext.setServletResponse((HttpServletResponse) messageInfo.getResponseMessage());
return outcome;
}
Also used :
Account(io.undertow.security.idm.Account)
ServletRequestContext(io.undertow.servlet.handlers.ServletRequestContext)
Subject(javax.security.auth.Subject)
GenericMessageInfo(org.jboss.security.auth.message.GenericMessageInfo)
AuthenticatedSessionManager(io.undertow.security.api.AuthenticatedSessionManager)
JASPICallbackHandler(org.jboss.security.auth.callback.JASPICallbackHandler)
JASPIServerAuthenticationManager(org.jboss.security.plugins.auth.JASPIServerAuthenticationManager)
Example 4 with GenericMessageInfo
use of org.jboss.security.auth.message.GenericMessageInfo in project wildfly by wildfly.
the class JASPICSecurityContext method buildMessageInfo.
/**
* <p>
* Builds the {@code MessageInfo} instance for the {@code cleanSubject()} call.
* </p>
*
* @return the constructed {@code MessageInfo} object.
*/
private MessageInfo buildMessageInfo() {
ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
GenericMessageInfo messageInfo = new GenericMessageInfo();
messageInfo.setRequestMessage(servletRequestContext.getServletRequest());
messageInfo.setResponseMessage(servletRequestContext.getServletResponse());
// when calling cleanSubject, isMandatory must be set to true.
messageInfo.getMap().put("javax.security.auth.message.MessagePolicy.isMandatory", "true");
return messageInfo;
}
Also used :
ServletRequestContext(io.undertow.servlet.handlers.ServletRequestContext)
GenericMessageInfo(org.jboss.security.auth.message.GenericMessageInfo)
Example 5 with GenericMessageInfo
use of org.jboss.security.auth.message.GenericMessageInfo in project jbossws-cxf by jbossws.
the class JaspiServerAuthenticator method secureResponse.
public void secureResponse(SoapMessage message) {
SOAPMessage request = message.getExchange().getInMessage().get(SOAPMessage.class);
SOAPMessage response = message.getContent(SOAPMessage.class);
MessageInfo messageInfo = new GenericMessageInfo(request, response);
AuthStatus authStatus = null;
try {
authStatus = sctx.secureResponse(messageInfo, null);
} catch (AuthException e) {
if (isSOAP12(message)) {
SoapFault soap12Fault = new SoapFault(e.getMessage(), Soap12.getInstance().getReceiver());
throw soap12Fault;
} else {
throw new SoapFault(e.getMessage(), new QName("", "jaspi AuthException"));
}
}
if (messageInfo.getResponseMessage() != null && !message.getExchange().isOneWay()) {
if (AuthStatus.SEND_CONTINUE == authStatus) {
message.put(Message.RESPONSE_CODE, Integer.valueOf(303));
}
if (AuthStatus.SEND_FAILURE == authStatus) {
message.put(Message.RESPONSE_CODE, Integer.valueOf(500));
}
}
}
Also used :
SoapFault(org.apache.cxf.binding.soap.SoapFault)
AuthStatus(javax.security.auth.message.AuthStatus)
QName(javax.xml.namespace.QName)
GenericMessageInfo(org.jboss.security.auth.message.GenericMessageInfo)
AuthException(javax.security.auth.message.AuthException)
SOAPMessage(javax.xml.soap.SOAPMessage)
MessageInfo(javax.security.auth.message.MessageInfo)
GenericMessageInfo(org.jboss.security.auth.message.GenericMessageInfo)
Aggregations
GenericMessageInfo (org.jboss.security.auth.message.GenericMessageInfo)7
AuthException (javax.security.auth.message.AuthException)4
AuthStatus (javax.security.auth.message.AuthStatus)4
MessageInfo (javax.security.auth.message.MessageInfo)4
QName (javax.xml.namespace.QName)4
SOAPMessage (javax.xml.soap.SOAPMessage)4
SoapFault (org.apache.cxf.binding.soap.SoapFault)4
ServletRequestContext (io.undertow.servlet.handlers.ServletRequestContext)3
Subject (javax.security.auth.Subject)3
Properties (java.util.Properties)2
ClientAuthContext (javax.security.auth.message.config.ClientAuthContext)2
AuthenticatedSessionManager (io.undertow.security.api.AuthenticatedSessionManager)1
Account (io.undertow.security.idm.Account)1
SoapMessage (org.apache.cxf.binding.soap.SoapMessage)1
SoapPreProtocolOutInterceptor (org.apache.cxf.binding.soap.interceptor.SoapPreProtocolOutInterceptor)1
Endpoint (org.apache.cxf.endpoint.Endpoint)1
InterceptorChain (org.apache.cxf.interceptor.InterceptorChain)1
Message (org.apache.cxf.message.Message)1
MessageImpl (org.apache.cxf.message.MessageImpl)1
JASPICallbackHandler (org.jboss.security.auth.callback.JASPICallbackHandler)1
