return new ChallengeResult(true, UNAUTHORIZED);
for (AuthenticationMechanism mechanism : mechanisms) { AuthenticationMechanism.ChallengeResult challengeResult = mechanism.sendChallenge(exchange, securityContext); if (challengeResult.getDesiredResponseCode() != null) { exchange.setResponseCode(challengeResult.getDesiredResponseCode());
throw UndertowMessages.MESSAGES.sendChallengeReturnedNull(mechanism); if (result.isChallengeSent()) { challengeSent = true; Integer desiredCode = result.getDesiredResponseCode(); if (desiredCode != null && (chosenStatusCode == null || chosenStatusCode.equals(StatusCodes.OK))) { chosenStatusCode = desiredCode;
return new ChallengeResult(true); } catch (Exception e) { logger.samlSPHandleRequestError(e);
return new ChallengeResult(true); } catch (Exception e) { logger.samlSPHandleRequestError(e);
for (AuthenticationMechanism mechanism : mechanisms) { AuthenticationMechanism.ChallengeResult challengeResult = mechanism.sendChallenge(exchange, securityContext); if (challengeResult.getDesiredResponseCode() != null) { exchange.setResponseCode(challengeResult.getDesiredResponseCode());
for (AuthenticationMechanism mechanism : mechanisms) { AuthenticationMechanism.ChallengeResult challengeResult = mechanism.sendChallenge(exchange, securityContext); if (challengeResult.getDesiredResponseCode() != null) { exchange.setResponseCode(challengeResult.getDesiredResponseCode());
throw UndertowMessages.MESSAGES.sendChallengeReturnedNull(mechanism); if (result.isChallengeSent()) { challengeSent = true; Integer desiredCode = result.getDesiredResponseCode(); if (desiredCode != null && (chosenStatusCode == null || chosenStatusCode.equals(StatusCodes.OK))) { chosenStatusCode = desiredCode;
return new ChallengeResult(true, UNAUTHORIZED);
throw UndertowMessages.MESSAGES.sendChallengeReturnedNull(mechanism); if (result.isChallengeSent()) { challengeSent = true; Integer desiredCode = result.getDesiredResponseCode(); if (desiredCode != null && (chosenStatusCode == null || chosenStatusCode.equals(StatusCodes.OK))) { chosenStatusCode = desiredCode;
return new ChallengeResult(true, UNAUTHORIZED);
return new ChallengeResult(true, UNAUTHORIZED);
return new ChallengeResult(true, UNAUTHORIZED);
@Override public ChallengeResult sendChallenge(final HttpServerExchange exchange, final SecurityContext securityContext) { NegotiationContext negContext = exchange.getAttachment(NegotiationContext.ATTACHMENT_KEY); String header = NEGOTIATION_PLAIN; if (negContext != null) { byte[] responseChallenge = negContext.useResponseToken(); exchange.putAttachment(NegotiationContext.ATTACHMENT_KEY, null); if (responseChallenge != null) { header = NEGOTIATE_PREFIX + FlexBase64.encodeString(responseChallenge, false); } } else { Subject server = null; try { server = subjectFactory.getSubjectForHost(getHostName(exchange)); } catch (GeneralSecurityException e) { // Deliberately ignore - no Subject so don't offer GSSAPI is our main concern here. } if (server == null) { return ChallengeResult.NOT_SENT; } } exchange.getResponseHeaders().add(WWW_AUTHENTICATE, header); if(logger.isDebugEnabled()) logger.debug("Sending GSSAPI challenge for %s", exchange); return new ChallengeResult(true, UNAUTHORIZED); }
@Override public ChallengeResult sendChallenge(HttpServerExchange exchange, SecurityContext securityContext) { final String header; NegotiationMessage responseMessage = exchange.getAttachment(MESSAGE_KEY); if (responseMessage != null) { ByteArrayOutputStream responseMessageOS = new ByteArrayOutputStream(); try { responseMessage.writeTo(responseMessageOS, true); } catch (IOException e) { // Only using ByteArrayOutputStreams, should not actually hit this. throw new IllegalStateException(e); } String responseHeader = responseMessageOS.toString(); MessageTrace.logResponseBase64(responseHeader); header = NEGOTIATE_PREFIX + responseHeader; } else { header = NEGOTIATION_PLAIN; } exchange.getResponseHeaders().put(WWW_AUTHENTICATE, header); // Mechanisms must not set their own status code, however due to UNDERTOW-548 we need to as when paired with // FORM auth the ServletFormAuthenticationMechanism gets in there early and sets it to 200. exchange.setStatusCode(UNAUTHORIZED); return new ChallengeResult(true, UNAUTHORIZED); }
public ChallengeResult sendChallenge(final HttpServerExchange exchange, final SecurityContext securityContext) { NegotiationContext negContext = exchange.getAttachment(NegotiationContext.ATTACHMENT_KEY); String header = NEGOTIATION_PLAIN; if (negContext != null) { byte[] responseChallenge = negContext.useResponseToken(); exchange.putAttachment(NegotiationContext.ATTACHMENT_KEY, null); if (responseChallenge != null) { header = NEGOTIATE_PREFIX + FlexBase64.encodeString(responseChallenge, false); } } else { Subject server = null; try { server = subjectFactory.getSubjectForHost(getHostName(exchange)); } catch (GeneralSecurityException e) { // Deliberately ignore - no Subject so don't offer GSSAPI is our main concern here. } if (server == null) { return ChallengeResult.NOT_SENT; } } exchange.getResponseHeaders().add(WWW_AUTHENTICATE, header); UndertowLogger.SECURITY_LOGGER.debugf("Sending GSSAPI challenge for %s", exchange); return new ChallengeResult(true, UNAUTHORIZED); }
@Override public ChallengeResult sendChallenge(HttpServerExchange exchange, SecurityContext securityContext) { ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY); HttpServletRequest request = (HttpServletRequest) servletRequestContext.getServletRequest(); HttpServletResponse response = (HttpServletResponse) servletRequestContext.getServletResponse(); String samlRequest = request.getParameter(GeneralConstants.SAML_REQUEST_KEY); HttpSession session = request.getSession(true); try { // General User Request if (!isNotNull(samlRequest) && !response.isCommitted()) { session.setAttribute(INITIAL_LOCATION_STORED, true); storeInitialLocation(exchange); return generalUserRequest(exchange, securityContext); } } catch (Exception e) { throw new RuntimeException("Could not send authn request to identity provider.", e); } if (response.isCommitted()) { return new ChallengeResult(true); } return new ChallengeResult(false); }
@Override public ChallengeResult sendChallenge(HttpServerExchange exchange, SecurityContext securityContext) { ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY); HttpServletRequest request = (HttpServletRequest) servletRequestContext.getServletRequest(); HttpServletResponse response = (HttpServletResponse) servletRequestContext.getServletResponse(); String samlRequest = request.getParameter(GeneralConstants.SAML_REQUEST_KEY); HttpSession session = request.getSession(true); try { // General User Request if (!isNotNull(samlRequest) && !response.isCommitted()) { session.setAttribute(INITIAL_LOCATION_STORED, true); storeInitialLocation(exchange); return generalUserRequest(exchange, securityContext); } } catch (Exception e) { throw new RuntimeException("Could not send authn request to identity provider.", e); } if (response.isCommitted()) { return new ChallengeResult(true); } return new ChallengeResult(false); }
public ChallengeResult sendChallenge(final HttpServerExchange exchange, final SecurityContext securityContext) { NegotiationContext negContext = exchange.getAttachment(NegotiationContext.ATTACHMENT_KEY); String header = NEGOTIATION_PLAIN; if (negContext != null) { byte[] responseChallenge = negContext.useResponseToken(); exchange.putAttachment(NegotiationContext.ATTACHMENT_KEY, null); if (responseChallenge != null) { header = NEGOTIATE_PREFIX + FlexBase64.encodeString(responseChallenge, false); } } else { Subject server = null; try { server = subjectFactory.getSubjectForHost(getHostName(exchange)); } catch (GeneralSecurityException e) { // Deliberately ignore - no Subject so don't offer GSSAPI is our main concern here. } if (server == null) { return ChallengeResult.NOT_SENT; } } exchange.getResponseHeaders().add(WWW_AUTHENTICATE, header); UndertowLogger.SECURITY_LOGGER.debugf("Sending GSSAPI challenge for %s", exchange); return new ChallengeResult(true, UNAUTHORIZED); }
public ChallengeResult sendChallenge(final HttpServerExchange exchange, final SecurityContext securityContext) { if (exchange.getRequestPath().endsWith(postLocation) && exchange.getRequestMethod().equals(Methods.POST)) { UndertowLogger.SECURITY_LOGGER.debugf("Serving form auth error page %s for %s", loginPage, exchange); // This method would no longer be called if authentication had already occurred. Integer code = servePage(exchange, errorPage); return new ChallengeResult(true, code); } else { UndertowLogger.SECURITY_LOGGER.debugf("Serving login form %s for %s", loginPage, exchange); // we need to store the URL storeInitialLocation(exchange); // TODO - Rather than redirecting, in order to make this mechanism compatible with the other mechanisms we need to // return the actual error page not a redirect. Integer code = servePage(exchange, loginPage); return new ChallengeResult(true, code); } }