public JASPICSecurityContext(final HttpServerExchange exchange, final AuthenticationMode mode, final IdentityManager identityManager, final String securityDomain) { super (exchange, mode, identityManager); this.exchange = exchange; this.manager = new JASPIServerAuthenticationManager(securityDomain, new JBossCallbackHandler()); }
/** * <p> * JASPIC 1.1 specification: if there is an {@code AuthConfigProvider} for the {@code HttpServlet} layer and * application context, then @{@code logout} must acquire a {@code ServerAuthContext} and call {@code cleanSubject} * on the acquired context. * </p> * <p> * The specified {@code Subject} should be non-null and should be the {@code Subject} returning from the most recent * call to {@code validateRequest}. In our case, that {@code Subject} is set in the underlying security context, so * we must retrieve it from there before calling {@code cleanSubject}. * </p> * <p> * Once {@code cleanSubject} returns, {@code logout} must perform the regular (non-JASPIC) {@code logout} processing. * </p> */ @Override public void logout() { if (!isAuthenticated()) return; // call cleanSubject() if there is an AuthConfigProvider for the HttpServlet layer and appContext. String appContext = this.buildAppContext(); if (AuthConfigFactory.getFactory().getConfigProvider(layer, appContext, null) != null) { Subject authenticatedSubject = this.getAuthenticatedSubject(); MessageInfo messageInfo = this.buildMessageInfo(); this.manager.cleanSubject(messageInfo, authenticatedSubject, layer, appContext, handler); } // following the return from cleanSubject(), logout must perform the regular logout processing. super.logout(); }
@Override public void handleRequest(HttpServerExchange exchange) throws Exception { try { next.handleRequest(exchange); } finally { try { JASPICContext context = exchange.getAttachment(JASPICContext.ATTACHMENT_KEY); if (!JASPICAuthenticationMechanism.wasAuthExceptionThrown(exchange) && context != null) { ServletRequestContext requestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY); String applicationIdentifier = JASPICAuthenticationMechanism.buildApplicationIdentifier(requestContext); UndertowLogger.ROOT_LOGGER.debugf("secureResponse for layer [%s] and applicationContextIdentifier [%s].", JASPICAuthenticationMechanism.JASPI_HTTP_SERVLET_LAYER, applicationIdentifier); context.getSam().secureResponse(context.getMessageInfo(), new Subject(), JASPICAuthenticationMechanism.JASPI_HTTP_SERVLET_LAYER, applicationIdentifier, context.getCbh()); // A SAM can unwrap the HTTP request/response objects - update the servlet request context with the values found in the message info. ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY); servletRequestContext.setServletRequest((HttpServletRequest) context.getMessageInfo().getRequestMessage()); servletRequestContext.setServletResponse((HttpServletResponse) context.getMessageInfo().getResponseMessage()); } } catch (Exception e) { UndertowLogger.ROOT_LOGGER.errorInvokingSecureResponse(e); } } }
Account authenticatedAccount = null; boolean isValid = sam.isValid(messageInfo, new Subject(), JASPI_HTTP_SERVLET_LAYER, applicationIdentifier, cbh); jaspicSecurityContext.setCachedAuthenticatedAccount(null);
/** Validate that the given credential is correct for principal. This returns the value from invoking isValid(principal, credential, null). @param principal - the security domain principal attempting access @param credential - the proof of identity offered by the principal @return true if the principal was authenticated, false otherwise. */ public boolean isValid(Principal principal, Object credential) { return isValid(principal, credential, null); }
static void copySubject(Subject fromSubject, Subject toSubject) { copySubject(fromSubject, toSubject, false); } static void copySubject(Subject fromSubject, Subject toSubject, boolean setReadOnly)
static String toString(Subject subject) { ToStringSubjectAction action = new ToStringSubjectAction(subject); String info = (String) AccessController.doPrivileged(action); return info; } }
static Object setContextInfo(String key, Object value) { SetContextInfoAction action = new SetContextInfoAction(key, value); Object prevInfo = AccessController.doPrivileged(action); return prevInfo; }
/** Validate that the given credential is correct for principal. This returns the value from invoking isValid(principal, credential, null). @param principal - the security domain principal attempting access @param credential - the proof of identity offered by the principal @return true if the principal was authenticated, false otherwise. */ public boolean isValid(Principal principal, Object credential) { return isValid(principal, credential, null); }
synchronized int release() { int users = activeUsers --; if( needsDestroy == true && users == 0 ) { if( trace ) log.trace("needsDestroy is true, doing logout"); logout(); } return users; } synchronized void logout()
private JASPIServerAuthenticationManager createJASPIAuthenticationManager() { return new JASPIServerAuthenticationManager(this.securityDomain, new JBossCallbackHandler()); }
public boolean isValid(MessageInfo requestMessage,Subject clientSubject, String layer, CallbackHandler handler) { return this.isValid(requestMessage, clientSubject, layer, PolicyContext.getContextID(), handler); }
/** Validate that the given credential is correct for principal. This returns the value from invoking isValid(principal, credential, null). @param principal - the security domain principal attempting access @param credential - the proof of identity offered by the principal @return true if the principal was authenticated, false otherwise. */ public boolean isValid(Principal principal, Object credential) { return isValid(principal, credential, null); }
static void copySubject(Subject fromSubject, Subject toSubject) { copySubject(fromSubject, toSubject, false); } static void copySubject(Subject fromSubject, Subject toSubject, boolean setReadOnly)
static String toString(Subject subject) { ToStringSubjectAction action = new ToStringSubjectAction(subject); String info = (String) AccessController.doPrivileged(action); return info; } }
static Object setContextInfo(String key, Object value) { SetContextInfoAction action = new SetContextInfoAction(key, value); Object prevInfo = AccessController.doPrivileged(action); return prevInfo; }
public JASPICSecurityContext(final HttpServerExchange exchange, final AuthenticationMode mode, final IdentityManager identityManager, final String securityDomain) { super (exchange, mode, identityManager); this.exchange = exchange; this.manager = new JASPIServerAuthenticationManager(securityDomain, new JBossCallbackHandler()); }
public JASPICSecurityContext(final HttpServerExchange exchange, final AuthenticationMode mode, final IdentityManager identityManager, final String securityDomain) { super (exchange, mode, identityManager); this.exchange = exchange; this.manager = new JASPIServerAuthenticationManager(securityDomain, new JBossCallbackHandler()); }
private JASPIServerAuthenticationManager createJASPIAuthenticationManager() { return new JASPIServerAuthenticationManager(this.securityDomain, new JBossCallbackHandler()); }
private JASPIServerAuthenticationManager createJASPIAuthenticationManager() { return new JASPIServerAuthenticationManager(this.securityDomain, new JBossCallbackHandler()); }