private AuthenticationResponse authorizeHeader(SecurityEnvironment env) { List<String> authorization = env.headers().get("Authorization"); AuthenticationResponse response = null; // attempt to validate each authorization, first one that succeeds will finish processing and return for (String authorizationValue : authorization) { if (authorizationValue.toLowerCase().startsWith("signature ")) { response = signatureHeader(CollectionsHelper.listOf(authorizationValue.substring("singature ".length())), env); if (response.status().isSuccess()) { // that was a good header, let's return the response return response; } } } // we have reached the end - all headers validated, none fit, fail or abstain if (optional) { return AuthenticationResponse.abstain(); } // challenge return challenge(env, (null == response) ? "No Signature authorization header" : response.description().orElse("Unknown problem")); }
private CompletionStage<AuthenticationResponse> enhance(Subject subject, AuthenticationResponse previousResponse) { String username = subject.principal().getName(); List<? extends Grant> grants = roleCache.computeValue(username, () -> getGrantsFromServer(username)) .orElse(CollectionsHelper.listOf()); AuthenticationResponse.Builder builder = AuthenticationResponse.builder(); builder.user(buildSubject(subject, grants)); previousResponse.service().ifPresent(builder::service); previousResponse.description().ifPresent(builder::description); builder.requestHeaders(previousResponse.requestHeaders()); AuthenticationResponse response = builder.build(); return CompletableFuture.completedFuture(response); }
} else { context.setTraceSuccess(false); context.setTraceDescription(response.description().orElse(responseStatus.toString())); context.setTraceThrowable(response.throwable().orElse(null)); context.setShouldFinish(true); } else { context.setTraceSuccess(false); context.setTraceDescription(response.description().orElse(responseStatus.toString())); context.setShouldFinish(true); abortRequest(context, logger().finest("Authentication failed, but was optional, so assuming anonymous"); } else { context.setTraceDescription(response.description().orElse(responseStatus.toString())); context.setTraceThrowable(response.throwable().orElse(null)); context.setTraceSuccess(false); default: context.setTraceSuccess(false); context.setTraceDescription(response.description().orElse("UNKNOWN_RESPONSE: " + responseStatus)); context.setShouldFinish(true); SecurityException throwable = new SecurityException("Invalid SecurityStatus returned: " + responseStatus);
.failure(AuditEvent.AUTHN_TYPE_PREFIX + ".authenticate", "Provider %s. Message: %s") .addParam(AuditEvent.AuditParam.plain("provider", providerInstance.getClass().getName())) .addParam(AuditEvent.AuditParam.plain("message", response.description().orElse(null)));
builder.description("Composite flag forbids this response: " + thisResponse.status()); thisResponse.description().map(builder::description); thisResponse.throwable().map(builder::throwable); throw new AsyncAtnException(builder.build());
} else { context.setTraceSuccess(false); context.setTraceDescription(response.description().orElse(responseStatus.toString())); context.setTraceThrowable(response.throwable().orElse(null)); context.setShouldFinish(true); } else { context.setTraceSuccess(false); context.setTraceDescription(response.description().orElse(responseStatus.toString())); context.setShouldFinish(true); abortRequest(context, logger().finest("Authentication failed, but was optional, so assuming anonymous"); } else { context.setTraceDescription(response.description().orElse(responseStatus.toString())); context.setTraceThrowable(response.throwable().orElse(null)); context.setTraceSuccess(false); default: context.setTraceSuccess(false); context.setTraceDescription(response.description().orElse("UNKNOWN_RESPONSE: " + responseStatus)); context.setShouldFinish(true); SecurityException throwable = new SecurityException("Invalid SecurityStatus returned: " + responseStatus);