@Override public AuthStatus secureResponse(MessageInfo messageInfo, Subject serviceSubject) throws AuthException { HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage(); HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage(); if ("cdi".equals(request.getParameter("tech"))) { callCDIBean(request, response, "secureResponse"); } else if ("ejb".equals(request.getParameter("tech"))) { callEJBBean(response, "secureResponse"); } return SEND_SUCCESS; }
@Override public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException { HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage(); HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage(); if ("cdi".equals(request.getParameter("tech"))) { callCDIBean(request, response, "cleanSubject"); } else if ("ejb".equals(request.getParameter("tech"))) { callEJBBean(response, "cleanSubject"); } }
@Override public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException { try { HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage(); HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage(); if ("include".equals(request.getParameter("dispatch"))) { request.getRequestDispatcher("/includedServlet") .include(request, response); // "Do nothing", required protocol when returning SUCCESS handler.handle(new Callback[] { new CallerPrincipalCallback(clientSubject, (Principal) null) }); // When using includes, the response stays open and the main // resource can also write to the response return SUCCESS; } else { request.getRequestDispatcher("/forwardedServlet") .forward(request, response); // MUST NOT invoke the resource, so CAN NOT return SUCCESS here. return SEND_CONTINUE; } } catch (IOException | ServletException | UnsupportedCallbackException e) { throw (AuthException) new AuthException().initCause(e); } }
HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage(); HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage();
/** * Test that the request and response messages in the supplied {@link MessageInfo} are compatible * * @param messageInfo the {@link MessageInfo} to test is compatible with the {@link ServerAuthModule} instances. * @throws IllegalArgumentException */ void testMessageInfo(MessageInfo messageInfo) throws IllegalArgumentException { Object requestMessage = messageInfo.getRequestMessage(); Object responseMessage = messageInfo.getResponseMessage(); for (AuthModuleWrapper wrapper : authModules) { ServerAuthModule sam = wrapper.getModule(); boolean requestAccepted = false; boolean responseAccepted = false; for (Class acceptedType : sam.getSupportedMessageTypes()) { if (acceptedType.isInstance(requestMessage)) requestAccepted = true; if (acceptedType.isInstance(responseMessage)) responseAccepted = true; if (responseAccepted && requestAccepted) { break; } } if (requestAccepted == false) throw log.unsupportedMessageType(requestMessage.getClass().getName(), sam.getClass().getName()); if (responseAccepted == false) throw log.unsupportedMessageType(responseMessage.getClass().getName(), sam.getClass().getName()); } }
@Override public String getAuthContextID(MessageInfo messageInfo) { checkNotNullParam("messageInfo", messageInfo); checkNotNullParam("messageInfo.requestMessage", messageInfo.getRequestMessage()); checkNotNullParam("messageInfo.responseMessage", messageInfo.getResponseMessage()); ElytronServerAuthContext serverAuthContext = new ElytronServerAuthContext(serverAuthModuleDefinitions); serverAuthContext.testMessageInfo(messageInfo); String identifier = UUID.randomUUID().toString(); contextMap.put(identifier, serverAuthContext); return identifier; }
@Override public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException { HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage(); HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage(); if ("cdi".equals(request.getParameter("tech"))) { callCDIBean(request, response, "validateRequest"); } else if ("ejb".equals(request.getParameter("tech"))) { callEJBBean(response, "validateRequest"); } try { handler.handle(new Callback[] { new CallerPrincipalCallback(clientSubject, "test"), new GroupPrincipalCallback(clientSubject, new String[] { "architect" }) }); return SUCCESS; } catch (IOException | UnsupportedCallbackException e) { throw (AuthException) new AuthException().initCause(e); } }
@Override public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException { HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage(); Callback[] callbacks; if (request.getParameter("doLogin") != null) { callbacks = new Callback[] { new CallerPrincipalCallback(clientSubject, "test"), new GroupPrincipalCallback(clientSubject, new String[] { "architect" }) }; } else { // The JASPIC protocol for "do nothing" callbacks = new Callback[] { new CallerPrincipalCallback(clientSubject, (Principal) null) }; } try { handler.handle(callbacks); } catch (IOException | UnsupportedCallbackException e) { throw (AuthException) new AuthException().initCause(e); } return SUCCESS; }
@Override public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException { HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage(); Callback[] callbacks; if (request.getParameter("doLogin") != null) { callbacks = new Callback[] { new CallerPrincipalCallback(clientSubject, "test"), new GroupPrincipalCallback(clientSubject, new String[] { "architect" }) }; } else { // The JASPIC protocol for "do nothing" callbacks = new Callback[] { new CallerPrincipalCallback(clientSubject, (Principal) null) }; } try { handler.handle(callbacks); } catch (IOException | UnsupportedCallbackException e) { throw (AuthException) new AuthException().initCause(e); } return SUCCESS; }
@Override public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException { HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage(); Callback[] callbacks; if (request.getParameter("doLogin") != null) { // For the test perform a login by directly "returning" the details of the authenticated user. // Normally credentials would be checked and the details fetched from some repository callbacks = new Callback[] { // The name of the authenticated user new CallerPrincipalCallback(clientSubject, "test"), // the roles of the authenticated user new GroupPrincipalCallback(clientSubject, new String[] { "architect" }) }; } else { // The JASPIC protocol for "do nothing" callbacks = new Callback[] { new CallerPrincipalCallback(clientSubject, (Principal) null) }; } try { // Communicate the details of the authenticated user to the container. In many // cases the handler will just store the details and the container will actually handle // the login after we return from this method. handler.handle(callbacks); } catch (IOException | UnsupportedCallbackException e) { throw (AuthException) new AuthException().initCause(e); } return SUCCESS; }
@Override public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException { HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage(); Callback[] callbacks; if (request.getParameter("doLogin") != null) { // For the test perform a login by directly "returning" the details of the authenticated user. // Normally credentials would be checked and the details fetched from some repository callbacks = new Callback[] { // The name of the authenticated user new CallerPrincipalCallback(clientSubject, "test"), // the roles of the authenticated user new GroupPrincipalCallback(clientSubject, new String[] { "architect" }) }; } else { // The JASPIC protocol for "do nothing" callbacks = new Callback[] { new CallerPrincipalCallback(clientSubject, (Principal) null) }; } try { // Communicate the details of the authenticated user to the container. In many // cases the handler will just store the details and the container will actually handle // the login after we return from this method. handler.handle(callbacks); } catch (IOException | UnsupportedCallbackException e) { throw (AuthException) new AuthException().initCause(e); } return SUCCESS; }
@Override public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException { HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage(); Callback[] callbacks; if (request.getParameter("doLogin") != null) { // For the test perform a login by directly "returning" the details of the authenticated user. // Normally credentials would be checked and the details fetched from some repository callbacks = new Callback[] { // The name of the authenticated user new CallerPrincipalCallback(clientSubject, "test"), // the roles of the authenticated user new GroupPrincipalCallback(clientSubject, new String[] { "architect" }) }; } else { // The JASPIC protocol for "do nothing" callbacks = new Callback[] { new CallerPrincipalCallback(clientSubject, (Principal) null) }; } try { // Communicate the details of the authenticated user to the container. In many // cases the handler will just store the details and the container will actually handle // the login after we return from this method. handler.handle(callbacks); } catch (IOException | UnsupportedCallbackException e) { throw (AuthException) new AuthException().initCause(e); } return SUCCESS; }
@Override public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException { HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage(); Callback[] callbacks; if (request.getAttribute("doLogin") != null) { // notice "getAttribute" here, this is set by the Servlet // For the test perform a login by directly "returning" the details of the authenticated user. // Normally credentials would be checked and the details fetched from some repository callbacks = new Callback[] { // The name of the authenticated user new CallerPrincipalCallback(clientSubject, "test"), // the roles of the authenticated user new GroupPrincipalCallback(clientSubject, new String[] { "architect" }) }; } else { // The JASPIC protocol for "do nothing" callbacks = new Callback[] { new CallerPrincipalCallback(clientSubject, (Principal) null) }; } try { // Communicate the details of the authenticated user to the container. In many // cases the handler will just store the details and the container will actually handle // the login after we return from this method. handler.handle(callbacks); } catch (IOException | UnsupportedCallbackException e) { throw (AuthException) new AuthException().initCause(e); } return SUCCESS; }
@Override public AuthStatus secureResponse(MessageInfo messageInfo, Subject serviceSubject) throws AuthException { HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage(); // Unwrap the request if (request instanceof TestHttpServletRequestWrapper) { messageInfo.setRequestMessage(((TestHttpServletRequestWrapper) request).getRequest()); } HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage(); if (response instanceof TestHttpServletResponseWrapper) { messageInfo.setResponseMessage(((TestHttpServletResponseWrapper) response).getResponse()); } return SEND_SUCCESS; }
throws AuthException { HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage(); Callback[] callbacks;
final ServerAuthModule sam = wrapper.getModule(); final Object originalRequest = messageInfo.getRequestMessage(); final Object originalResponse = messageInfo.getResponseMessage(); } else if (currentResult != AuthStatus.SUCCESS && (originalRequest != messageInfo.getRequestMessage() || originalResponse != messageInfo.getResponseMessage())) {
@Override public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException { try { handler.handle(new Callback[] { new CallerPrincipalCallback(clientSubject, "test"), new GroupPrincipalCallback(clientSubject, new String[] { "architect" }) }); } catch (IOException | UnsupportedCallbackException e) { throw (AuthException) new AuthException().initCause(e); } // Wrap the request - the resource to be invoked should get to see this messageInfo.setRequestMessage(new TestHttpServletRequestWrapper( (HttpServletRequest) messageInfo.getRequestMessage()) ); // Wrap the response - the resource to be invoked should get to see this messageInfo.setResponseMessage(new TestHttpServletResponseWrapper( (HttpServletResponse) messageInfo.getResponseMessage()) ); return SUCCESS; }
@Override public void handleRequest(HttpServerExchange exchange) throws Exception { try { next.handleRequest(exchange); } finally { try { JASPICContext context = exchange.getAttachment(JASPICContext.ATTACHMENT_KEY); if (!JASPICAuthenticationMechanism.wasAuthExceptionThrown(exchange) && context != null) { ServletRequestContext requestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY); String applicationIdentifier = JASPICAuthenticationMechanism.buildApplicationIdentifier(requestContext); UndertowLogger.ROOT_LOGGER.debugf("secureResponse for layer [%s] and applicationContextIdentifier [%s].", JASPICAuthenticationMechanism.JASPI_HTTP_SERVLET_LAYER, applicationIdentifier); context.getSam().secureResponse(context.getMessageInfo(), new Subject(), JASPICAuthenticationMechanism.JASPI_HTTP_SERVLET_LAYER, applicationIdentifier, context.getCbh()); // A SAM can unwrap the HTTP request/response objects - update the servlet request context with the values found in the message info. ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY); servletRequestContext.setServletRequest((HttpServletRequest) context.getMessageInfo().getRequestMessage()); servletRequestContext.setServletResponse((HttpServletResponse) context.getMessageInfo().getResponseMessage()); } } catch (Exception e) { UndertowLogger.ROOT_LOGGER.errorInvokingSecureResponse(e); } } }
/** * Create an HttpServletAuthParam with MessageInfo object. * @param messageInfo * */ public HttpServletAuthParam(MessageInfo messageInfo) { this.request = (HttpServletRequest)messageInfo.getRequestMessage(); this.response = (HttpServletResponse)messageInfo.getResponseMessage(); }
private void secureResponseJspic(Request request, Response response, JaspicState state) { try { state.serverAuthContext.secureResponse(state.messageInfo, null); request.setRequest((HttpServletRequest) state.messageInfo.getRequestMessage()); response.setResponse((HttpServletResponse) state.messageInfo.getResponseMessage()); } catch (AuthException e) { log.warn(sm.getString("authenticator.jaspicSecureResponseFail"), e); } }