Package org.jboss.security

Examples of org.jboss.security.ServerAuthenticationManager

193
194
195
196
197
198
199
200
201
202
203
     * </p>
     *
     * @return a reference to the instantiated {@code ServerAuthenticationManager} instance.
     */
    protected ServerAuthenticationManager getServerAuthenticationManager() {
        ServerAuthenticationManager sam = null;
        // if the default authentication manager is to be used, just instantiate it.
        if (this.serverAuthenticationManagerClass ==  null) {
            SecurityContext context = SecurityActions.getSecurityContext();
            if (context != null) {
                WebLogger.WEB_SECURITY_LOGGER.debugf("Instantiating JASPI authentication manager with security domain %s",
View Full Code Here
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
        // put bits of information needed by tomcat server auth modules
        messageInfo.getMap().put("CACHE", String.valueOf(cache));
        messageInfo.getMap().put("javax.security.auth.message.MessagePolicy.isMandatory", "true");

        WebJASPICallbackHandler cbh = new WebJASPICallbackHandler();
        ServerAuthenticationManager sam = getServerAuthenticationManager();
        String appContext = request.getLocalName() + " " + request.getContextPath();
        Subject clientSubject = new Subject();
        if (sam != null) {
            result = sam.isValid(messageInfo, clientSubject, messageLayer, appContext, cbh);
        }

        // the authentication process has been a success. We need to register the principal, username, password and roles
        // with the container
        if (result) {
            PasswordValidationCallback pvc = cbh.getPasswordValidationCallback();
            CallerPrincipalCallback cpc = cbh.getCallerPrincipalCallback();
            GroupPrincipalCallback gpc = cbh.getGroupPrincipalCallback();

            // get the client principal from the callback.
            Principal clientPrincipal = cpc.getPrincipal();
            if (clientPrincipal == null) {
                clientPrincipal = new SimplePrincipal(cpc.getName());
            }

            // if the client principal is not a jboss generic principal, we need to build one before registering.
            if (!(clientPrincipal instanceof JBossGenericPrincipal))
                clientPrincipal = this.buildJBossPrincipal(clientSubject, clientPrincipal, gpc);

            String passwordString = (pvc != null && pvc.getPassword() != null) ? new String(pvc.getPassword()) : null;
            String passwordUsername = (pvc != null && pvc.getUsername() != null) ? pvc.getUsername() : null;
            this.register(request, response, clientPrincipal, authMethod, passwordUsername, passwordString);

            if (this.secureResponse)
                sam.secureResponse(messageInfo, new Subject(), messageLayer, appContext, cbh);
        }

        return result;
    }
View Full Code Here
196
197
198
199
200
201
202
203
204
205
206
     * </p>
     *
     * @return a reference to the instantiated {@code ServerAuthenticationManager} instance.
     */
    protected ServerAuthenticationManager getServerAuthenticationManager() {
        ServerAuthenticationManager sam = null;
        // if the default authentication manager is to be used, just instantiate it.
        if (this.serverAuthenticationManagerClass ==  null) {
            SecurityContext context = SecurityActions.getSecurityContext();
            if (context != null) {
                WebLogger.WEB_SECURITY_LOGGER.debugf("Instantiating JASPI authentication manager with security domain %s",
View Full Code Here
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
            // authentication here is not mandatory.
            messageInfo.getMap().put("javax.security.auth.message.MessagePolicy.isMandatory", "false");

            WebJASPICallbackHandler cbh = new WebJASPICallbackHandler();
            ServerAuthenticationManager sam = new JASPIServerAuthenticationManager();

            String appContext = request.getLocalName() + " " + request.getContextPath();
            String messageLayer = "HttpServlet";

            boolean isValid = sam.isValid(messageInfo, new Subject(), messageLayer, appContext, cbh);
            if (isValid) {
                WebLogger.WEB_SECURITY_LOGGER.debugf("JASPI validation for unprotected request context %s succeeded", request.getServletPath());
                sam.secureResponse(messageInfo, new Subject(),  messageLayer, appContext, cbh);
            }
            else {
                // just log an error - this situation indicates a problem with the JASPI implementation but the call is
                // safe to proceed to the unprotected resource.
                WebLogger.WEB_SECURITY_LOGGER.failJASPIValidation(request.getServletPath());
View Full Code Here
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
        // put bits of information needed by tomcat server auth modules
        messageInfo.getMap().put("CACHE", String.valueOf(cache));
        messageInfo.getMap().put("javax.security.auth.message.MessagePolicy.isMandatory", "true");

        WebJASPICallbackHandler cbh = new WebJASPICallbackHandler();
        ServerAuthenticationManager sam = getServerAuthenticationManager();
        String appContext = request.getLocalName() + " " + request.getContextPath();
        Subject clientSubject = new Subject();
        if (sam != null) {
            result = sam.isValid(messageInfo, clientSubject, messageLayer, appContext, cbh);
        }

        // the authentication process has been a success. We need to register the principal, username, password and roles
        // with the container
        if (result) {
            PasswordValidationCallback pvc = cbh.getPasswordValidationCallback();
            CallerPrincipalCallback cpc = cbh.getCallerPrincipalCallback();

            // get the client principal from the callback.
            Principal clientPrincipal = cpc.getPrincipal();
            if (clientPrincipal == null) {
                clientPrincipal = new SimplePrincipal(cpc.getName());
            }

            // if the client principal is not a jboss generic principal, we need to build one before registering.
            if (!(clientPrincipal instanceof JBossGenericPrincipal))
                clientPrincipal = this.buildJBossPrincipal(clientSubject, clientPrincipal);

            this.register(request, response, clientPrincipal, authMethod, pvc.getUsername(),
                    new String(pvc.getPassword()));

            if (this.secureResponse)
                sam.secureResponse(messageInfo, new Subject(), messageLayer, appContext, cbh);
        }

        return result;
    }
View Full Code Here
192
193
194
195
196
197
198
199
200
201
202
     * </p>
     *
     * @return a reference to the instantiated {@code ServerAuthenticationManager} instance.
     */
    protected ServerAuthenticationManager getServerAuthenticationManager() {
        ServerAuthenticationManager sam = null;
        // if the default authentication manager is to be used, just instantiate it.
        if (this.serverAuthenticationManagerClass ==  null) {
            SecurityContext context = SecurityActions.getSecurityContext();
            if (context != null) {
                WebLogger.WEB_SECURITY_LOGGER.debugf("Instantiating JASPI authentication manager with security domain %s",
View Full Code Here
65
66
67
68
69
70
71
72
   @Override
   public void testLogin() throws Exception
   {
      HttpServletRequest hsr = getHttpServletRequest("jduke", "theduke");
      MessageInfo mi = new GenericMessageInfo(hsr, (HttpServletResponse) null);
      ServerAuthenticationManager am = new JASPIServerAuthenticationManager(securityDomain, acbh);
      assertTrue(am.isValid(mi, (Subject)null, "HTTP", new JBossCallbackHandler()));
   }
View Full Code Here
74
75
76
77
78
79
80
81
   @Override
   public void testUnsuccessfulLogin() throws Exception
   {
      HttpServletRequest hsr = getHttpServletRequest("jduke", "BAD");
      MessageInfo mi = new GenericMessageInfo(hsr, (HttpServletResponse) null);
      ServerAuthenticationManager am = new JASPIServerAuthenticationManager(securityDomain, acbh);
      assertFalse(am.isValid(mi, (Subject)null, "HTTP", null));
   }
View Full Code Here
TOP

Related Classes of org.jboss.security.ServerAuthenticationManager

  • org.jboss.as.web.security.jaspi.WebJASPIAuthenticator
  • org.jboss.as.web.security.jaspi.WebJASPIOptionalAuthenticator
  • org.jboss.test.authentication.WebJASPIAuthMgrUnitTestCase
  • org.jboss.web.tomcat.security.jaspi.TomcatJASPIAuthenticator
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.