Examples of ServerAuthContext

com.sun.enterprise.security.jauth.ServerAuthContext
This ServerAuthContext class manages AuthModules that may be used to validate client requests. A caller typically uses this class in the following manner:
1. Retrieve an instance of this class via AuthConfig.getServerAuthContext.
2. Receive initial client request and pass it to validateRequest.
  Configured plug-in modules validate credentials present in request (for example, decrypt and verify a signature). If credentials valid and sufficient, return. Otherwise throw an AuthException.
3. Authentication complete.
  Perform authorization check on authenticated identity and, if successful, dispatch to requested service application.
4. Service application finished.
5. Invoke secureResponse.
  Configured modules secure response (sign and encrypt it, for example).
6. Send final response to client.
7. The disposeSubject method may be invoked it necessary to clean up any authentication state in the Subject.
An instance may reuse module instances it previous created. As a result a single module instance may be used to process different requests from different clients. It is the module implementation's responsibility to properly store and restore any state necessary to associate new requests with previous responses. A module that does not need to do so may remain completely stateless.
Instances of this class have custom logic to determine what modules to invoke, and in what order. In addition, this custom logic may control whether subsequent modules are invoked based on the success or failure of previously invoked modules.
The caller is responsible for passing in a state Map that can be used by underlying modules to save state across a sequence of calls from validateRequest to secureResponse to disposeSubject. The same Map instance must be passed to all methods in the call sequence. Furthermore, each call sequence should be passed its own unique shared state Map instance. @version %I%, %G% @see AuthConfig @see SOAPAuthParam
javax.security.auth.message.config.ServerAuthContext
This ServerAuthContext class encapsulates ServerAuthModules that are used to secure requests made as a client. A caller typically uses this class in the following manner:
1. Retrieve an instance of this class via AuthContextFactory.getAuthContext.
2. Invoke validateRequest.
  ServerAuthContext implementation invokes encapsulated ServerAuthModule(s). Module(s) verify or decrypt response as necessary.
3. Authentication complete.
  
  Perform authorization check on authenticated identity and, if successful, dispatch to requested service application.
4. Service Application Finished.
5. Invoke secureResponse.
  ServerAuthContext implementation invokes encapsulated ServerAuthModule(s). Module(s) secure response (sign and encrypt response, for example).
6. Send final response to client.
7. Invoke disposeSubject method (as necessary) to clean up any authentication state in Subject.
  A ServerAuthContext instance may be used concurrently by multiple callers.
A ServerAuthContext instance may be used concurrently by multiple callers.

Implementations of this interface are responsible for constructing and initializing the encapsulated modules. The initialization step includes passing the relevant request and response MessagePolicy objects to the encapsulated modules. The MessagePolicy objects are obtained from the ServerAuthConfig instance that was provided when this ServerAuthContext instance was created. @See AuthContextFactory#getAuthContext for more information.

Implementations also have custom logic to determine what modules to invoke, and in what order. In addition, this custom logic may control whether subsequent modules are invoked based on the success or failure of previously invoked modules.

The caller is responsible for passing in a state Map that can be used by underlying modules to save and communicate state across a sequence of calls from secureRequest to validateResponse to disposeSubject. The same Map instance must be passed to all methods in the call sequence. Furthermore, each call sequence should be passed its own unique shared state Map instance.
@author Anil Saldhana @author Charlie Lai, Ron Monzillo (Javadoc for JSR-196) @since May 12, 2006 @version $Revision: 45179 $

Examples of com.sun.enterprise.security.jauth.ServerAuthContext

            }
            
            msgContext = rpcFactory.createSOAPMessageContext();
            SOAPMessage message = createSOAPMessage(req, headers);
                        
      ServerAuthContext sAC = null;
      boolean wssSucceded = true;
            
            if (message != null) {                                
                
                msgContext.setMessage(message);

View Full Code Here

Examples of com.sun.enterprise.security.jauth.ServerAuthContext

  (String authLayer, MessageSecurityBindingDescriptor binding, 
   CallbackHandler cbh) throws AuthException {
  ServerAuthConfig rvalue = null;
  String provider = null;
  ArrayList descriptors = null;
  ServerAuthContext defaultContext = null;
  if (binding != null) {
      String layer = binding.getAttributeValue
    (MessageSecurityBindingDescriptor.AUTH_LAYER);
      if (authLayer != null && layer.equals(authLayer)) {
    provider = binding.getAttributeValue

View Full Code Here

Examples of com.sun.enterprise.security.jauth.ServerAuthContext

    }


    public boolean validateRequest(Object serverAuthConfig, StreamingHandler implementor, SOAPMessageContext context) {
        ServerAuthConfig authConfig = (ServerAuthConfig) serverAuthConfig;
        if (authConfig != null) {
            ServerAuthContext sAC = authConfig.getAuthContext((StreamingHandler) implementor, context.getMessage());
            req.set(new WeakReference<SOAPMessage>(context.getMessage()));
            if (sAC != null) {
                try {
                    return WebServiceSecurity.validateRequest(context, sAC);
                } catch (AuthException ex) {

View Full Code Here

Examples of com.sun.enterprise.security.jauth.ServerAuthContext

    public void secureResponse(Object serverAuthConfig, StreamingHandler implementor,SOAPMessageContext msgContext) {
        if (serverAuthConfig != null) {
            ServerAuthConfig config = (ServerAuthConfig)serverAuthConfig;
            SOAPMessage reqmsg = (req.get() != null) ? req.get().get() : msgContext.getMessage();
            try{
                ServerAuthContext sAC = config.getAuthContext(implementor, reqmsg);
                if (sAC != null) {
                    try {
                        WebServiceSecurity.secureResponse(msgContext, sAC);
                    } catch (AuthException ex) {
                        _logger.log(Level.SEVERE, LogUtils.EXCEPTION_THROWN, ex);

View Full Code Here

Examples of com.sun.enterprise.security.jauth.ServerAuthContext

    }


    public boolean validateRequest(Object serverAuthConfig, StreamingHandler implementor, SOAPMessageContext context) {
        ServerAuthConfig authConfig = (ServerAuthConfig) serverAuthConfig;
        if (authConfig != null) {
            ServerAuthContext sAC = authConfig.getAuthContext((StreamingHandler) implementor, context.getMessage());
            req.set(new WeakReference<SOAPMessage>(context.getMessage()));
            if (sAC != null) {
                try {
                    return WebServiceSecurity.validateRequest(context, sAC);
                } catch (AuthException ex) {

View Full Code Here

Examples of com.sun.enterprise.security.jauth.ServerAuthContext

    public void secureResponse(Object serverAuthConfig, StreamingHandler implementor,SOAPMessageContext msgContext) {
        if (serverAuthConfig != null) {
            ServerAuthConfig config = (ServerAuthConfig)serverAuthConfig;
            SOAPMessage reqmsg = (req.get() != null) ? req.get().get() : msgContext.getMessage();
            try{
                ServerAuthContext sAC = config.getAuthContext(implementor, reqmsg);
                if (sAC != null) {
                    try {
                        WebServiceSecurity.secureResponse(msgContext, sAC);
                    } catch (AuthException ex) {
                        _logger.log(Level.SEVERE, null, ex);

View Full Code Here

Examples of com.sun.enterprise.security.jauth.ServerAuthContext

    }


    public boolean validateRequest(Object serverAuthConfig, StreamingHandler implementor, SOAPMessageContext context) {
        ServerAuthConfig authConfig = (ServerAuthConfig) serverAuthConfig;
        if (authConfig != null) {
            ServerAuthContext sAC = authConfig.getAuthContext((StreamingHandler) implementor, context.getMessage());
            req.set(new WeakReference<SOAPMessage>(context.getMessage()));
            if (sAC != null) {
                try {
                    return WebServiceSecurity.validateRequest(context, sAC);
                } catch (AuthException ex) {

View Full Code Here

Examples of com.sun.enterprise.security.jauth.ServerAuthContext

    public void secureResponse(Object serverAuthConfig, StreamingHandler implementor,SOAPMessageContext msgContext) {
        if (serverAuthConfig != null) {
            ServerAuthConfig config = (ServerAuthConfig)serverAuthConfig;
            SOAPMessage reqmsg = (req.get() != null) ? req.get().get() : msgContext.getMessage();
            try{
                ServerAuthContext sAC = config.getAuthContext(implementor, reqmsg);
                if (sAC != null) {
                    try {
                        WebServiceSecurity.secureResponse(msgContext, sAC);
                    } catch (AuthException ex) {
                        _logger.log(Level.SEVERE, null, ex);

View Full Code Here

Examples of javax.security.auth.message.config.ServerAuthContext

    public AuthResult validateRequest(Request request, Response response, boolean isAuthMandatory) throws ServerAuthException {
        try {
            MessageInfo messageInfo = new JaspicMessageInfo(request, response, isAuthMandatory);
            request.setNote(MESSAGE_INFO_KEY, messageInfo);
            String authContextId = serverAuthConfig.getAuthContextID(messageInfo);
            ServerAuthContext authContext = serverAuthConfig.getAuthContext(authContextId, serviceSubject, authProperties);
            Subject clientSubject = new Subject();


            AuthStatus authStatus = authContext.validateRequest(messageInfo, clientSubject, serviceSubject);
            if (authStatus == AuthStatus.SEND_CONTINUE)
                return new AuthResult(TomcatAuthStatus.SEND_CONTINUE, null);
            if (authStatus == AuthStatus.SEND_FAILURE)
                return new AuthResult(TomcatAuthStatus.SEND_FAILURE, null);

View Full Code Here

Examples of javax.security.auth.message.config.ServerAuthContext

        JaspicMessageInfo messageInfo = (JaspicMessageInfo)request.getNote(MESSAGE_INFO_KEY);
        if (messageInfo==null) throw new NullPointerException("MeesageInfo from request missing: " + request);
        try
        {
            String authContextId = serverAuthConfig.getAuthContextID(messageInfo);
            ServerAuthContext authContext = serverAuthConfig.getAuthContext(authContextId,serviceSubject,authProperties);
            // TODO authContext.cleanSubject(messageInfo,validatedUser.getUserIdentity().getSubject());
            AuthStatus status = authContext.secureResponse(messageInfo,serviceSubject);
            return (AuthStatus.SEND_SUCCESS.equals(status));
        }
        catch (AuthException e)
        {
            throw new ServerAuthException(e);

View Full Code Here

0 1 2 3 4 5

TOP

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.