public CallbackHandler createCallbackHandler() { return createCommonCallbackHandler(integrated); }
ElytronServerAuthContext(final List<AuthenticationModuleDefinition> serverAuthModuleDefinitions) { List<AuthModuleWrapper> authModules = new ArrayList<>(serverAuthModuleDefinitions.size()); for (AuthenticationModuleDefinition authenticationModuleDefinition : serverAuthModuleDefinitions) { authModules.add(new AuthModuleWrapper(authenticationModuleDefinition.getFlag(), authenticationModuleDefinition.getOptions(), authenticationModuleDefinition.getServerAuthModuleFactory().get())); } this.authModules = authModules; }
/** * @see javax.security.auth.message.ServerAuth#cleanSubject(javax.security.auth.message.MessageInfo, javax.security.auth.Subject) */ @Override public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException { assert initialised : "Not initialised"; if (messageInfo instanceof ElytronMessageInfo) ((ElytronMessageInfo) messageInfo).setState(State.CLEAN); for (int i = authModules.size() - 1; i > 0; i--) { ServerAuthModule sam = authModules.get(i).getModule(); sam.cleanSubject(messageInfo, subject); } }
switch (getState()) { case NEW: super.setResponseMessage(responseMessage); break; case VALIDATE: { ServletResponse current = (ServletResponse) getResponseMessage(); ServletResponse unwrapped = (HttpServletResponse) responseMessage; while (unwrapped != null) { if (unwrapped == current) { super.setResponseMessage(responseMessage); return; unwrapped = unwrap(unwrapped); ServletResponse unwrapped = (ServletResponse) getRequestMessage(); while (unwrapped != null) { if (responseMessage == unwrapped) { super.setResponseMessage(responseMessage); return; unwrapped = unwrap(unwrapped);
switch (getState()) { case NEW: super.setRequestMessage(requestMessage); break; case VALIDATE: { ServletRequest current = (ServletRequest) getRequestMessage(); ServletRequest unwrapped = (HttpServletRequest) requestMessage; while (unwrapped != null) { if (unwrapped == current) { super.setRequestMessage(requestMessage); return; unwrapped = unwrap(unwrapped); ServletRequest unwrapped = (ServletRequest) getRequestMessage(); while (unwrapped != null) { if (requestMessage == unwrapped) { super.setRequestMessage(requestMessage); return; unwrapped = unwrap(unwrapped);
assert initialised : "Not initialised"; if (messageInfo instanceof ElytronMessageInfo) ((ElytronMessageInfo) messageInfo).setState(State.VALIDATE); final ServerAuthModule sam = wrapper.getModule(); switch (wrapper.getFlag()) { case REQUIRED: if (requiredResult == null || (toIndex(currentResult) > toIndex(requiredResult))) { requiredResult = currentResult; } else if (optionalResult == null || (toIndex(currentResult) < toIndex(optionalResult))) { optionalResult = currentResult; if (optionalResult == null || (toIndex(currentResult) < toIndex(optionalResult))) { optionalResult = currentResult;
/** * @see javax.security.auth.message.ServerAuth#secureResponse(javax.security.auth.message.MessageInfo, javax.security.auth.Subject) */ @Override public AuthStatus secureResponse(MessageInfo messageInfo, Subject serviceSubject) throws AuthException { assert initialised : "Not initialised"; if (messageInfo instanceof ElytronMessageInfo) ((ElytronMessageInfo) messageInfo).setState(State.SECURE); AuthStatus result = null; for (int i = authModules.size() - 1; i >= 0; i--) { ServerAuthModule sam = authModules.get(i).getModule(); AuthStatus currentResult = sam.secureResponse(messageInfo, serviceSubject); if (currentResult == null || currentResult == AuthStatus.SUCCESS || currentResult == AuthStatus.FAILURE) { throw log.invalidAuthStatus(currentResult, sam.getClass().getName()); } if (result == null || toIndex(currentResult) > toIndex(result)) { result = currentResult; } if (currentResult == AuthStatus.SEND_FAILURE) { break; } } return result; }
@Override public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { try { doPrivileged((PrivilegedExceptionAction<Void>) () -> { handleOne(callbacks, 0); return null; }); } catch (Exception e) { if (e instanceof PrivilegedActionException) { if (e.getCause() instanceof UnsupportedCallbackException) { throw (UnsupportedCallbackException) e.getCause(); } else if (e.getCause() instanceof IOException) { throw (IOException) e.getCause(); } } throw new IOException(e); } }
void initialise(final Subject serviceSubject, final CallbackHandler callbackHandler, final Map properties) throws AuthException { assert initialised == false : "Already initialised"; this.serviceSubject = serviceSubject; for (AuthModuleWrapper wrapper : authModules) { ServerAuthModule sam = wrapper.getModule(); Map combined = new HashMap(properties); combined.putAll(wrapper.getOptions()); // TODO Pass in appropriate MessagePolicy instances. // TODO MessagePolicy is actually defined in 3.7.4 sam.initialize(null, null, callbackHandler, combined); } initialised = true; }
@Override public String getAuthContextID(MessageInfo messageInfo) { checkNotNullParam("messageInfo", messageInfo); checkNotNullParam("messageInfo.requestMessage", messageInfo.getRequestMessage()); checkNotNullParam("messageInfo.responseMessage", messageInfo.getResponseMessage()); ElytronServerAuthContext serverAuthContext = new ElytronServerAuthContext(serverAuthModuleDefinitions); serverAuthContext.testMessageInfo(messageInfo); String identifier = UUID.randomUUID().toString(); contextMap.put(identifier, serverAuthContext); return identifier; }
@Override public ServerAuthContext getAuthContext(String authContextId, Subject serviceSubject, Map properties) throws AuthException { // The runtime is required to call this method immediately after getAuthContextID. ElytronServerAuthContext serverAuthContext = contextMap.remove(authContextId); if (serverAuthContext == null) throw log.unrecognisedAuthContextId(authContextId); serverAuthContext.initialise(serviceSubject, callbackHandler, properties); return serverAuthContext; }
/** * Add a {@link Supplier<ServerAuthModule>} to be used to create a {@link ServerAuthModule} instance for this message layer * and application context combination. * * @param serverAuthModuleFactory the {@link Supplier<ServerAuthModule>} to be added to the list of module factories. * @param flag the flag to control the handling of the auth module. * @param options the configuration options to pass to the module during initialisation. * @return this {@link JaspiConfigurationBuilder} to allow chaining of commands. * @throws IllegalStateException if the configuration has already been registered. */ public JaspiConfigurationBuilder addAuthModuleFactory(final Supplier<ServerAuthModule> serverAuthModuleFactory, final Flag flag, final Map options) { assertNotRegistered(); serverAuthModules.add(new AuthenticationModuleDefinition(serverAuthModuleFactory, flag, options)); return this; }
public static JaspiAuthenticationContext newInstance(final SecurityDomain securityDomain, final boolean integrated) { final SecurityManager sm = System.getSecurityManager(); if (sm != null) { sm.checkPermission(CREATE_AUTH_CONTEXT); } return new JaspiAuthenticationContext(checkNotNullParam("securityDomain", securityDomain), integrated); }
/** * Register the assembled configuration against the supplied {@link AuthConfigFactory}. * * @param authConfigFactory the {@link AuthConfigFactory} to register the configuration against. * @return The registration ID returned by the factory on registration. * @throws IllegalStateException if the configuration has already been registered. */ public String register(AuthConfigFactory authConfigFactory) { assertNotRegistered(); registered = true; return authConfigFactory.registerConfigProvider( new ElytronAuthConfigProvider(messageLayer, applicationContext, serverAuthModules), messageLayer, applicationContext, description); }
/** * @see javax.security.auth.message.config.AuthConfigProvider#getServerAuthConfig(java.lang.String, java.lang.String, * javax.security.auth.callback.CallbackHandler) */ @Override public ServerAuthConfig getServerAuthConfig(String layer, String appContext, CallbackHandler callbackHandler) throws AuthException, SecurityException { // The layer and appContext values are required to match the values used to obtain this provider, however unless we // create a new instance each time we can not really enforce that - but it does mean as per JSR-196 2.1.1.1 these must // not be null. checkNotNullParam("layer", layer); checkNotNullParam("appContext", appContext); // We can however double check the values match the configuration this provider should be used for. if ( !serverAuthModuleDefinitions.isEmpty() && (messageLayer == null || messageLayer.equals(layer)) && (applicationContext == null || applicationContext.equals(appContext))) { return new ElytronServerAuthConfig(this.messageLayer, this.applicationContext, callbackHandler, serverAuthModuleDefinitions); } return EMPTY_SERVER_AUTH_CONFIG; }
/** * Test that the request and response messages in the supplied {@link MessageInfo} are compatible * * @param messageInfo the {@link MessageInfo} to test is compatible with the {@link ServerAuthModule} instances. * @throws IllegalArgumentException */ void testMessageInfo(MessageInfo messageInfo) throws IllegalArgumentException { Object requestMessage = messageInfo.getRequestMessage(); Object responseMessage = messageInfo.getResponseMessage(); for (AuthModuleWrapper wrapper : authModules) { ServerAuthModule sam = wrapper.getModule(); boolean requestAccepted = false; boolean responseAccepted = false; for (Class acceptedType : sam.getSupportedMessageTypes()) { if (acceptedType.isInstance(requestMessage)) requestAccepted = true; if (acceptedType.isInstance(responseMessage)) responseAccepted = true; if (responseAccepted && requestAccepted) { break; } } if (requestAccepted == false) throw log.unsupportedMessageType(requestMessage.getClass().getName(), sam.getClass().getName()); if (responseAccepted == false) throw log.unsupportedMessageType(responseMessage.getClass().getName(), sam.getClass().getName()); } }
/** * Get the authorized identity result of this authentication. * * @return the authorized identity * @throws IllegalStateException if the authentication is incomplete */ public SecurityIdentity getAuthorizedIdentity() throws IllegalStateException { SecurityIdentity securityIdentity = this.securityIdentity; if (securityIdentity != null && roles.size() > 0) { if (log.isTraceEnabled()) { Iterator<String> rolesIterator = roles.iterator(); StringBuilder sb = new StringBuilder(rolesIterator.next()); while (rolesIterator.hasNext()) { sb.append(",").append(rolesIterator.next()); } log.tracef("Assigning roles '%s' to resulting SecurityIdentity", sb.toString()); } Roles roles = Roles.fromSet(this.roles); RoleMapper roleMapper = RoleMapper.constant(roles); SecurityIdentity temp = securityIdentity; securityIdentity = doPrivileged((PrivilegedAction<SecurityIdentity>) (() -> temp.withDefaultRoleMapper(roleMapper))); } else { log.trace("No roles request of CallbackHandler."); } return securityIdentity; }
public CallbackHandler createCallbackHandler() { return createCommonCallbackHandler(integrated); }
public CallbackHandler createCallbackHandler() { return createCommonCallbackHandler(integrated); }