Examples of javax.security.auth.message.config.ServerAuthContext

Package javax.security.auth.message.config

Examples of javax.security.auth.message.config.ServerAuthContext

javax.security.auth.message.config.ServerAuthContext
This ServerAuthContext class encapsulates ServerAuthModules that are used to secure requests made as a client. A caller typically uses this class in the following manner:
1. Retrieve an instance of this class via AuthContextFactory.getAuthContext.
2. Invoke validateRequest.
  ServerAuthContext implementation invokes encapsulated ServerAuthModule(s). Module(s) verify or decrypt response as necessary.
3. Authentication complete.
  
  Perform authorization check on authenticated identity and, if successful, dispatch to requested service application.
4. Service Application Finished.
5. Invoke secureResponse.
  ServerAuthContext implementation invokes encapsulated ServerAuthModule(s). Module(s) secure response (sign and encrypt response, for example).
6. Send final response to client.
7. Invoke disposeSubject method (as necessary) to clean up any authentication state in Subject.
  A ServerAuthContext instance may be used concurrently by multiple callers.
A ServerAuthContext instance may be used concurrently by multiple callers.

Implementations of this interface are responsible for constructing and initializing the encapsulated modules. The initialization step includes passing the relevant request and response MessagePolicy objects to the encapsulated modules. The MessagePolicy objects are obtained from the ServerAuthConfig instance that was provided when this ServerAuthContext instance was created. @See AuthContextFactory#getAuthContext for more information.

Implementations also have custom logic to determine what modules to invoke, and in what order. In addition, this custom logic may control whether subsequent modules are invoked based on the success or failure of previously invoked modules.

The caller is responsible for passing in a state Map that can be used by underlying modules to save and communicate state across a sequence of calls from secureRequest to validateResponse to disposeSubject. The same Map instance must be passed to all methods in the call sequence. Furthermore, each call sequence should be passed its own unique shared state Map instance.
@author Anil Saldhana @author Charlie Lai, Ron Monzillo (Javadoc for JSR-196) @since May 12, 2006 @version $Revision: 45179 $

      assertNotNull("ServerAuthConfig is not null", serverConfig);


      MessageInfo mi = new GenericMessageInfo(new Object(), new Object());
      String authContextID = serverConfig.getAuthContextID(mi);
      assertNotNull("AuthContext ID != null", authContextID);
      ServerAuthContext sctx = serverConfig.getAuthContext(authContextID, new Subject(), new HashMap());
      assertNotNull("ServerAuthContext != null", sctx);
      Subject clientSubject = new Subject();
      Subject serviceSubject = new Subject();
      AuthStatus status = sctx.validateRequest(mi, clientSubject, serviceSubject);
      assertEquals(AuthStatus.SUCCESS, status);
   }

View Full Code Here

      assertNotNull("ServerAuthConfig is not null", serverConfig);


      MessageInfo mi = new GenericMessageInfo(new Object(), new Object());
      String authContextID = serverConfig.getAuthContextID(mi);
      assertNotNull("AuthContext ID != null", authContextID);
      ServerAuthContext sctx = serverConfig.getAuthContext(authContextID, new Subject(), new HashMap());
      assertNotNull("ServerAuthContext != null", sctx);
      Subject clientSubject = new Subject();
      Subject serviceSubject = new Subject();
      try
      {
         AuthStatus status = sctx.validateRequest(mi, clientSubject, serviceSubject);
         assertEquals(AuthStatus.FAILURE, status);
      }
      catch (AuthException ae)
      {
         // Pass

View Full Code Here

         AuthConfigProvider provider = factory.getConfigProvider(layer,contextID,null); 
         if(provider == null)
            throw new IllegalStateException("Provider is null for "+ layer + " for "+ contextID);
         
         ServerAuthConfig serverConfig = provider.getServerAuthConfig(layer,contextID,handler);  
         ServerAuthContext sctx = serverConfig.getAuthContext(contextID, 
               new Subject(), new HashMap());
         if(clientSubject == null)
            clientSubject = new Subject();
         Subject serviceSubject = new Subject();
         status = sctx.validateRequest(requestMessage, clientSubject, serviceSubject); 
         //TODO: Add caching
      }
      catch(AuthException ae)
      {
         if(trace)

View Full Code Here

    */
   public ServerAuthContext getAuthContext(String operation, Map properties) 
   throws AuthException
   { 
      MBeanServer server = MBeanServerLocator.locateJBoss(); 
      ServerAuthContext sc = null;
      if(layer.equals(SecurityConstants.SERVLET_LAYER))
      { 
         try
         {
            ObjectName oname = new ObjectName("jboss.security:service=JASPISecurityManager");

View Full Code Here

            HttpResponse response,
            Context context)
            throws IOException {


        boolean result = false;
        ServerAuthContext sAC = null;
        try {
            if (helper != null) {
                HttpServletRequest req = (HttpServletRequest) request.getRequest();
                MessageInfo messageInfo =
                        (MessageInfo) req.getAttribute(MESSAGE_INFO);
                if (messageInfo != null) {
                    //JSR 196 is enabled for this application
                    sAC = (ServerAuthContext) messageInfo.getMap().get(SERVER_AUTH_CONTEXT);
                    if (sAC != null) {
                        AuthStatus authStatus =
                                sAC.secureResponse(messageInfo,
                                null); //null serviceSubject
                        result = AuthStatus.SUCCESS.equals(authStatus);
                    }
                }
            }

View Full Code Here

            //Issue  - 9578 - produce user challenge if call originates from HttpRequest.authenticate
            if (isMandatory || calledFromAuthenticate) {
                messageInfo.getMap().put(HttpServletConstants.IS_MANDATORY,
                        Boolean.TRUE.toString());
            }
            ServerAuthContext sAC =
                    helper.getServerAuthContext(messageInfo,
                    null); // null serviceSubject
            if (sAC != null) {
                AuthStatus authStatus =
                        sAC.validateRequest(messageInfo, subject,
                        null); // null serviceSubject
                rvalue = AuthStatus.SUCCESS.equals(authStatus);


                if (rvalue) { // cache it only if validateRequest = true
                    messageInfo.getMap().put(SERVER_AUTH_CONTEXT, sAC);

View Full Code Here

                        (HttpServletResponse) req.getResponse().getResponse());
            }
            messageInfo.getMap().put(HttpServletConstants.IS_MANDATORY,
                        Boolean.TRUE.toString());
            try {
                ServerAuthContext sAC = helper.getServerAuthContext(messageInfo,null);
                if (sAC != null) {
                    /*
                     * Check for the default/server-generated/unauthenticated
                     * security context.
                     */
                    final SecurityContext securityContext = SecurityContext.getCurrent();
                    Subject subject = securityContext.didServerGenerateCredentials() ?
                            new Subject() : securityContext.getSubject();
                    
                    if (subject == null) {
                        subject = new Subject();
                    }
                    if (subject.isReadOnly()) {
                        _logger.log(Level.WARNING, "Read-only subject found during logout processing");
                    }
                    sAC.cleanSubject(messageInfo, subject);
                }
            } catch (AuthException ex) {
                throw new RuntimeException(ex);
            } finally {
                doLogout(req, true);

View Full Code Here

            HttpResponse response,
            Context context)
            throws IOException {


        boolean result = false;
        ServerAuthContext sAC = null;
        try {
            if (helper != null) {
                HttpServletRequest req = (HttpServletRequest) request.getRequest();
                MessageInfo messageInfo =
                        (MessageInfo) req.getAttribute(MESSAGE_INFO);
                if (messageInfo != null) {
                    //JSR 196 is enabled for this application
                    sAC = (ServerAuthContext) messageInfo.getMap().get(SERVER_AUTH_CONTEXT);
                    if (sAC != null) {
                        AuthStatus authStatus =
                                sAC.secureResponse(messageInfo,
                                null); //null serviceSubject
                        result = AuthStatus.SUCCESS.equals(authStatus);
                    }
                }
            }

View Full Code Here

            //Issue  - 9578 - produce user challenge if call originates from HttpRequest.authenticate
            if (isMandatory || calledFromAuthenticate) {
                messageInfo.getMap().put(HttpServletConstants.IS_MANDATORY,
                        Boolean.TRUE.toString());
            }
            ServerAuthContext sAC =
                    helper.getServerAuthContext(messageInfo,
                    null); // null serviceSubject
            if (sAC != null) {
                AuthStatus authStatus =
                        sAC.validateRequest(messageInfo, subject,
                        null); // null serviceSubject
                rvalue = AuthStatus.SUCCESS.equals(authStatus);


                if (rvalue) { // cache it only if validateRequest = true
                    messageInfo.getMap().put(SERVER_AUTH_CONTEXT, sAC);

View Full Code Here

            HttpResponse response,
            Context context)
            throws IOException {


        boolean result = false;
        ServerAuthContext sAC = null;
        try {
            if (helper != null) {
                HttpServletRequest req = (HttpServletRequest) request.getRequest();
                MessageInfo messageInfo =
                        (MessageInfo) req.getAttribute(MESSAGE_INFO);
                if (messageInfo != null) {
                    //JSR 196 is enabled for this application
                    sAC = (ServerAuthContext) messageInfo.getMap().get(SERVER_AUTH_CONTEXT);
                    if (sAC != null) {
                        AuthStatus authStatus =
                                sAC.secureResponse(messageInfo,
                                null); //null serviceSubject
                        result = AuthStatus.SUCCESS.equals(authStatus);
                    }
                }
            }

View Full Code Here

0 1 2 3 4 5 6

TOP

Related Classes of javax.security.auth.message.config.ServerAuthContext

com.sun.enterprise.security.jmac.config.GFServerConfigProvider$GFServerAuthConfig

com.sun.jaspic.config.helper.ServerAuthConfigHelper

com.sun.web.security.RealmAdapter

org.apache.geronimo.jetty8.security.auth.GeronimoJaspiAuthenticator

org.apache.geronimo.tomcat.security.authentication.jaspic.JaspicAuthenticator

org.eclipse.jetty.security.jaspi.JaspiAuthenticator

org.jboss.security.auth.message.config.JBossServerAuthConfig

org.jboss.security.plugins.auth.JaasSecurityManagerBase

org.jboss.security.plugins.auth.JASPIServerAuthenticationManager

org.jboss.security.plugins.JBossAuthenticationManager

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.