javax.security.auth.message.MessageInfo Java Examples

@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {

    HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
    HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage();
    AuthServices.addCORSHeaders(response);

    LOGGER.log(Level.FINE, "validateRequest @" + request.getMethod() + " " + request.getRequestURI());

    if (isOptionsRequest(request)) {
        return AuthStatus.SUCCESS;
    }

    CustomSAM module = getModule(messageInfo);

    if (module != null) {
        return module.validateRequest(messageInfo, clientSubject, serviceSubject);
    }

    response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);

    return AuthStatus.FAILURE;
}
 

@Override
protected boolean validate(Subject clientSubject, MessageInfo messageInfo) throws AuthException
{
 //Construct Callbacks
   NameCallback nc = new NameCallback("Dummy");
   PasswordCallback pc = new PasswordCallback("B" , true);
   try
   {
      this.callbackHandler.handle(new Callback[]{nc,pc});
      String userName = nc.getName();
      String pwd = new String(pc.getPassword());
      
      //Check the options
      if(!(userName.equals(options.get("principal"))
            && (pwd.equals(options.get("pass")))))
      {
         return false;
      }
            
   }
   catch (Exception e)
   {
      throw new AuthException(e.getLocalizedMessage());
   } 
   return true;
}
 

@Override
public AuthenticationStatus authenticate(final HttpServletRequest request,
                                         final HttpServletResponse response,
                                         final AuthenticationParameters parameters) {

    try {
        final MessageInfo messageInfo = new TomEEMessageInfo(request, response, true, parameters);
        final ServerAuthContext serverAuthContext = getServerAuthContext(request);
        final AuthStatus authStatus = serverAuthContext.validateRequest(messageInfo, new Subject(), null);

        return mapToAuthenticationStatus(authStatus);

    } catch (final AuthException e) {
        return AuthenticationStatus.SEND_FAILURE;
    }
}
 

/**
 * @see ClientAuthContext#validateResponse(javax.security.auth.message.MessageInfo, javax.security.auth.Subject, javax.security.auth.Subject)
 */ 
@SuppressWarnings("rawtypes")
public AuthStatus validateResponse(MessageInfo messageInfo, Subject clientSubject, 
      Subject serviceSubject) throws AuthException
{
   Iterator iter = config.getClientAuthModules().iterator();
   AuthStatus status = null;
   while(iter.hasNext())
   {
      status = ((ClientAuthModule)iter.next()).validateResponse(messageInfo,clientSubject,
                                                                             serviceSubject);
      if(status == AuthStatus.FAILURE)
         break;
   }
   return status;
}
 

@Override
public AuthStatus secureResponse(MessageInfo messageInfo, Subject serviceSubject) throws AuthException {

    HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
    HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage();
    AuthServices.addCORSHeaders(response);

    LOGGER.log(Level.FINE, "secureResponse @" + request.getMethod() + " " + request.getRequestURI());

    if (isOptionsRequest(request)) {
        return AuthStatus.SEND_SUCCESS;
    }

    CustomSAM module = getModule(messageInfo);

    if (module != null) {
        return module.secureResponse(messageInfo, serviceSubject);
    }

    return AuthStatus.SEND_FAILURE;
}
 

@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {

    HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
    LOGGER.log(Level.FINE, "Validating request @" + request.getMethod() + " " + request.getRequestURI());

    CallerPrincipalCallback callerPrincipalCallback = new CallerPrincipalCallback(clientSubject, "");
    GroupPrincipalCallback groupPrincipalCallback = new GroupPrincipalCallback(clientSubject, new String[]{UserGroupMapping.GUEST_ROLE_ID});
    Callback[] callbacks = {callerPrincipalCallback, groupPrincipalCallback};

    try {
        callbackHandler.handle(callbacks);
    } catch (IOException | UnsupportedCallbackException e) {
        throw new AuthException(e.getMessage());
    }

    return AuthStatus.SUCCESS;

}
 

@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject)
        throws AuthException {

    HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();

    Callback[] callbacks;

    if (request.getParameter("doLogin") != null) {
        callbacks = new Callback[]{new CallerPrincipalCallback(clientSubject, "test"),
                new GroupPrincipalCallback(clientSubject, new String[]{"architect"})};
    } else {
        callbacks = new Callback[]{new CallerPrincipalCallback(clientSubject, (Principal) null)};
    }

    try {
        handler.handle(callbacks);
    } catch (IOException | UnsupportedCallbackException e) {
        throw (AuthException) new AuthException().initCause(e);
    }

    cdi(messageInfo, "vr");

    return SUCCESS;
}
 

@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {

    HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
    LOGGER.log(Level.FINE, "Validating request @" + request.getMethod() + " " + request.getRequestURI());

    String login = (String) request.getSession().getAttribute("login");
    String groups = (String) request.getSession().getAttribute("groups");

    CallerPrincipalCallback callerPrincipalCallback = new CallerPrincipalCallback(clientSubject, login);
    GroupPrincipalCallback groupPrincipalCallback = new GroupPrincipalCallback(clientSubject, new String[]{groups});
    Callback[] callbacks = new Callback[]{callerPrincipalCallback, groupPrincipalCallback};

    try {
        callbackHandler.handle(callbacks);
    } catch (IOException | UnsupportedCallbackException e) {
        throw new AuthException(e.getMessage());
    }

    return AuthStatus.SUCCESS;
}
 

private void cdi(final MessageInfo messageInfo, final String msg) throws AuthException {
    final HttpServletRequest request = HttpServletRequest.class.cast(messageInfo.getRequestMessage());
    final HttpServletResponse response = HttpServletResponse.class.cast(messageInfo.getResponseMessage());
    if (request.getParameter("bean") != null) {
        final TheBean cdiBean = CDI.current().select(TheBean.class).get();
        cdiBean.set(msg);
        try {
            response.getWriter().write(String.valueOf(request.getAttribute("cdi")));
        } catch (final IOException e) {
            throw new AuthException(e.getMessage());
        }
    }
}
 

/**
 * @see ClientAuthContext#cleanSubject(javax.security.auth.message.MessageInfo, javax.security.auth.Subject)
 */
@SuppressWarnings({"rawtypes"})
public void cleanSubject(MessageInfo messageInfo, Subject subject) 
throws AuthException
{ 
   Iterator iter = config.getClientAuthModules().iterator();
   while(iter.hasNext())
   {
      ((ClientAuthModule)iter.next()).cleanSubject(messageInfo,subject); 
   } 
}
 

@Override
public AuthStatus validateRequest(final MessageInfo messageInfo, final Subject clientSubject,
                                  final Subject serviceSubject)
        throws AuthException {

    final HttpMessageContext httpMessageContext =
            httpMessageContext(handler, messageInfo, clientSubject, serviceSubject);

    final HttpAuthenticationMechanism authenticationMechanism =
            CDI.current()
               .select(TomEESecurityServletAuthenticationMechanismMapper.class)
               .get()
               .getCurrentAuthenticationMechanism(httpMessageContext);

    final AuthenticationStatus authenticationStatus;
    try {
        authenticationStatus =
                authenticationMechanism.validateRequest(httpMessageContext.getRequest(),
                                                        httpMessageContext.getResponse(),
                                                        httpMessageContext);


    } catch (final AuthenticationException e) {
        final AuthException authException = new AuthException(e.getMessage());
        authException.initCause(e);
        throw authException;
    }

    return mapToAuthStatus(authenticationStatus);
}
 

public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException
{
   //Clear out the principals and credentials
   subject.getPrincipals().clear();
   subject.getPublicCredentials().clear();
   subject.getPrivateCredentials().clear();
}
 

@SuppressWarnings("unchecked") // JASPIC API uses raw types
@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject,
        Subject serviceSubject) throws AuthException {
    for (int moduleIndex = 0; moduleIndex < modules.size(); moduleIndex++) {
        ServerAuthModule module = modules.get(moduleIndex);
        AuthStatus result = module.validateRequest(messageInfo, clientSubject, serviceSubject);
        if (result != AuthStatus.SEND_FAILURE) {
            messageInfo.getMap().put("moduleIndex", Integer.valueOf(moduleIndex));
            return result;
        }
    }
    return AuthStatus.SEND_FAILURE;
}
 

@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
    try {

        // The JASPIC protocol for "do nothing"
        handler.handle(new Callback[] { new CallerPrincipalCallback(clientSubject, (Principal) null) });
        
        return SUCCESS;

    } catch (IOException | UnsupportedCallbackException e) {
        throw (AuthException) new AuthException().initCause(e);
    }
}
 

public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException
{
   if(loginContext != null)
      try
      {
         loginContext.logout();
      }
      catch (LoginException e)
      {
         throw new AuthException(e.getLocalizedMessage());
      } 
}
 

@Override
protected boolean validate(Subject clientSubject, MessageInfo messageInfo) throws AuthException
{
   try
   {
      loginContext = SecurityActions.createLoginContext(getSecurityDomainName(), clientSubject, this.callbackHandler);
      loginContext.login();
      return true;
   }
   catch (Exception e)
   {
       throw new AuthException(e.getLocalizedMessage());
   }   
}
 

public static TomEEHttpMessageContext httpMessageContext(
        final CallbackHandler handler,
        final MessageInfo messageInfo,
        final Subject clientSubject,
        final Subject serviceSubject) {
    return new TomEEHttpMessageContext(handler, messageInfo, clientSubject, serviceSubject);
}
 

/**
 * @see ServerAuthContext#cleanSubject(javax.security.auth.message.MessageInfo, javax.security.auth.Subject)
 */
public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException
{ 
   for(ServerAuthModule sam:modules)
   {
      sam.cleanSubject(messageInfo, subject);
   }
}
 

/**
 * @see ServerAuthContext#validateRequest(javax.security.auth.message.MessageInfo, javax.security.auth.Subject, javax.security.auth.Subject)
 */
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, 
      Subject serviceSubject) throws AuthException
{ 
   List<ServerAuthModule> supportingModules = new ArrayList<ServerAuthModule>();
   
   Class requestType = messageInfo.getRequestMessage().getClass();
   Class[] requestInterfaces = requestType.getInterfaces(); 
   
   List<Class> intfaee = Arrays.asList(requestInterfaces);
   
   for(ServerAuthModule sam:modules)
   { 
      List<Class> supportedTypes = Arrays.asList(sam.getSupportedMessageTypes());
      
      //Check the interfaces
      for(Class clazz:intfaee)
      {
         if(supportedTypes.contains(clazz) && !supportingModules.contains(sam)) 
            supportingModules.add(sam);
      } 
      
      //Check the class type also
      if((supportedTypes.contains(Object.class) || supportedTypes.contains(requestType))
            && !supportingModules.contains(sam)) 
         supportingModules.add(sam); 
   }
   if(supportingModules.size() == 0)
      throw PicketBoxMessages.MESSAGES.noServerAuthModuleForRequestType(requestType);

   AuthStatus authStatus = invokeModules(messageInfo, clientSubject, serviceSubject);
   return authStatus;
}
 

private TomEEHttpMessageContext(
        final CallbackHandler handler,
        final MessageInfo messageInfo,
        final Subject clientSubject,
        final Subject serviceSubject) {
    this.handler = handler;
    this.messageInfo = messageInfo;
    this.clientSubject = clientSubject;
    this.serviceSubject = serviceSubject;
}
 

@Override
public void logout(Request request) {
    AuthConfigProvider provider = getJaspicProvider();
    if (provider != null) {
        MessageInfo messageInfo = new MessageInfoImpl(request, request.getResponse(), true);
        Subject client = (Subject) request.getNote(Constants.REQ_JASPIC_SUBJECT_NOTE);
        if (client != null) {
            ServerAuthContext serverAuthContext;
            try {
                ServerAuthConfig serverAuthConfig = provider.getServerAuthConfig("HttpServlet",
                        jaspicAppContextID, CallbackHandlerImpl.getInstance());
                String authContextID = serverAuthConfig.getAuthContextID(messageInfo);
                serverAuthContext = serverAuthConfig.getAuthContext(authContextID, null, null);
                serverAuthContext.cleanSubject(messageInfo, client);
            } catch (AuthException e) {
                log.debug(sm.getString("authenticator.jaspicCleanSubjectFail"), e);
            }
        }
    }

    Principal p = request.getPrincipal();
    if (p instanceof TomcatPrincipal) {
        try {
            ((TomcatPrincipal) p).logout();
        } catch (Throwable t) {
            ExceptionUtils.handleThrowable(t);
            log.debug(sm.getString("authenticator.tomcatPrincipalLogoutFail"), t);
        }
    }

    register(request, request.getResponse(), null, null, null, null);
}
 

/**
 * This method delegates to a login module if configured in the module options.
 * The sub classes will need to validate the request 
 */
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, 
      Subject serviceSubject) 
throws AuthException
{
   String loginModuleName = (String) options.get("login-module-delegate");
   if(loginModuleName != null)
   {
      ClassLoader tcl = SecurityActions.getContextClassLoader();
      try
      {
         Class clazz = tcl.loadClass(loginModuleName);
         LoginModule lm = (LoginModule) clazz.newInstance();
         lm.initialize(clientSubject, callbackHandler, new HashMap(), options);
         lm.login();
         lm.commit();
      }
      catch (Exception e)
      {
         throw new AuthException(e.getLocalizedMessage());
      }
   } 
   else
   {
      return validate(clientSubject, messageInfo) ? AuthStatus.SUCCESS : AuthStatus.FAILURE;
   } 
   
   return AuthStatus.SUCCESS;
}
 

@Override
public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException {
    CustomSAM module = getModule(messageInfo);
    if (module != null) {
        module.cleanSubject(messageInfo, subject);
    }
}
 

@Override
protected boolean validate(Subject clientSubject, MessageInfo messageInfo) throws AuthException
{  
   callbackHandler = new JBossCallbackHandler(getUserName(messageInfo),
         getCredential(messageInfo)); 
   return super.validate(clientSubject, messageInfo);
}
 

private Principal getUserName(MessageInfo messageInfo)
{
   Object requestInfo =  messageInfo.getRequestMessage();
   String userNameParam = (String) options.get("userNameParam");
   if(requestInfo instanceof HttpServletRequest == false)
      throw PicketBoxMessages.MESSAGES.invalidType(HttpServletRequest.class.getName());
   HttpServletRequest hsr = (HttpServletRequest)requestInfo;
   return new SimplePrincipal(hsr.getParameter(userNameParam));
}
 

/**
 * @see ClientAuthModule#secureRequest(javax.security.auth.message.MessageInfo, javax.security.auth.Subject)
 */
public AuthStatus secureRequest(MessageInfo param, Subject source) 
throws AuthException
{ 
   source.getPrincipals().add(this.principal);
   source.getPublicCredentials().add(this.credential);
   return AuthStatus.SUCCESS;
}
 

/**
 * @see ClientAuthModule#validateResponse(javax.security.auth.message.MessageInfo, javax.security.auth.Subject, javax.security.auth.Subject)
 */
public AuthStatus validateResponse(MessageInfo messageInfo, Subject source, Subject recipient) throws AuthException
{  
   //Custom check: Check that the source of the response and the recipient
   // of the response have identical credentials
   Set sourceSet = source.getPrincipals(SimplePrincipal.class);
   Set recipientSet = recipient.getPrincipals(SimplePrincipal.class);
   if(sourceSet == null && recipientSet == null)
      throw new AuthException();
   if(sourceSet.size() != recipientSet.size())
      throw new AuthException(PicketBoxMessages.MESSAGES.sizeMismatchMessage("source", "recipient"));
   return AuthStatus.SUCCESS;
}
 

@Override
public boolean canHandle(MessageInfo messageInfo) {
    HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
    HttpSession session = request.getSession(false);

    if(session == null){
        return false;
    }

    String login = (String) session.getAttribute("login");
    String groups = (String) session.getAttribute("groups");
    return login != null && !login.isEmpty() && groups != null && !groups.isEmpty();
}
 

@Override
public boolean canHandle(MessageInfo messageInfo) {
    HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();

    // Check in headers
    String authorization = request.getHeader("Authorization");
    if (authorization != null && authorization.startsWith("Bearer ")) {
        return authorization.split(" ").length == 2;
    }

    return false;
}
 

@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {

    HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
    HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage();

    LOGGER.log(Level.FINE, "Validating request @" + request.getMethod() + " " + request.getRequestURI());

    String authorization = request.getHeader("Authorization");
    String[] splitAuthorization = authorization.split(" ");
    String jwt = splitAuthorization[1];

    JWTokenUserGroupMapping jwTokenUserGroupMapping = JWTokenFactory.validateAuthToken(key, jwt);

    if (jwTokenUserGroupMapping != null) {

        UserGroupMapping userGroupMapping = jwTokenUserGroupMapping.getUserGroupMapping();
        CallerPrincipalCallback callerPrincipalCallback = new CallerPrincipalCallback(clientSubject, userGroupMapping.getLogin());
        GroupPrincipalCallback groupPrincipalCallback = new GroupPrincipalCallback(clientSubject, new String[]{userGroupMapping.getGroupName()});
        Callback[] callbacks = new Callback[]{callerPrincipalCallback, groupPrincipalCallback};

        try {
            callbackHandler.handle(callbacks);
        } catch (IOException | UnsupportedCallbackException e) {
            throw new AuthException(e.getMessage());
        }

        JWTokenFactory.refreshTokenIfNeeded(key, response, jwTokenUserGroupMapping);

        return AuthStatus.SUCCESS;
    }

    response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
    return AuthStatus.FAILURE;

}