本文整理汇总了Java中javax.security.auth.message.MessageInfo类的典型用法代码示例。如果您正苦于以下问题:Java MessageInfo类的具体用法?Java MessageInfo怎么用?Java MessageInfo使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
MessageInfo类属于javax.security.auth.message包,在下文中一共展示了MessageInfo类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: validateRequest
import javax.security.auth.message.MessageInfo; //导入依赖的package包/类
@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
LOGGER.log(Level.FINE, "Validating request @" + request.getMethod() + " " + request.getRequestURI());
String login = (String) request.getSession().getAttribute("login");
String groups = (String) request.getSession().getAttribute("groups");
CallerPrincipalCallback callerPrincipalCallback = new CallerPrincipalCallback(clientSubject, login);
GroupPrincipalCallback groupPrincipalCallback = new GroupPrincipalCallback(clientSubject, new String[]{groups});
Callback[] callbacks = new Callback[]{callerPrincipalCallback, groupPrincipalCallback};
try {
callbackHandler.handle(callbacks);
} catch (IOException | UnsupportedCallbackException e) {
throw new AuthException(e.getMessage());
}
return AuthStatus.SUCCESS;
}
示例2: validateRequest
import javax.security.auth.message.MessageInfo; //导入依赖的package包/类
@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
LOGGER.log(Level.FINE, "Validating request @" + request.getMethod() + " " + request.getRequestURI());
CallerPrincipalCallback callerPrincipalCallback = new CallerPrincipalCallback(clientSubject, "");
GroupPrincipalCallback groupPrincipalCallback = new GroupPrincipalCallback(clientSubject, new String[]{UserGroupMapping.GUEST_ROLE_ID});
Callback[] callbacks = {callerPrincipalCallback, groupPrincipalCallback};
try {
callbackHandler.handle(callbacks);
} catch (IOException | UnsupportedCallbackException e) {
throw new AuthException(e.getMessage());
}
return AuthStatus.SUCCESS;
}
示例3: validateRequest
import javax.security.auth.message.MessageInfo; //导入依赖的package包/类
@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage();
AuthServices.addCORSHeaders(response);
LOGGER.log(Level.FINE, "validateRequest @" + request.getMethod() + " " + request.getRequestURI());
if (isOptionsRequest(request)) {
return AuthStatus.SUCCESS;
}
CustomSAM module = getModule(messageInfo);
if (module != null) {
return module.validateRequest(messageInfo, clientSubject, serviceSubject);
}
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
return AuthStatus.FAILURE;
}
示例4: secureResponse
import javax.security.auth.message.MessageInfo; //导入依赖的package包/类
@Override
public AuthStatus secureResponse(MessageInfo messageInfo, Subject serviceSubject) throws AuthException {
HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage();
AuthServices.addCORSHeaders(response);
LOGGER.log(Level.FINE, "secureResponse @" + request.getMethod() + " " + request.getRequestURI());
if (isOptionsRequest(request)) {
return AuthStatus.SEND_SUCCESS;
}
CustomSAM module = getModule(messageInfo);
if (module != null) {
return module.secureResponse(messageInfo, serviceSubject);
}
return AuthStatus.SEND_FAILURE;
}
示例5: cleanSubject
import javax.security.auth.message.MessageInfo; //导入依赖的package包/类
/**
* Removes the <code>authenticated</code> group and the user ID from the
* principal set.
*
* @param messageInfo
* message info
* @param subject
* subject
*/
@Override
public void cleanSubject(final MessageInfo messageInfo,
final Subject subject) throws AuthException {
final HttpServletRequest req = (HttpServletRequest) messageInfo.getRequestMessage();
final String subjectCookie = getSubject(req);
final Iterator<Principal> iterator = subject.getPrincipals().iterator();
while (iterator.hasNext()) {
final Principal principal = iterator.next();
if ("authenticated".equals(principal.getName())) {
iterator.remove();
}
if (principal.getName().equals(subjectCookie)) {
iterator.remove();
}
}
// Does nothing.
}
示例6: testFailLoginInvalidMethod
import javax.security.auth.message.MessageInfo; //导入依赖的package包/类
/**
* Tests the login endpoint PUT operation.
*/
@Test(expected = AuthException.class)
public void testFailLoginInvalidMethod() throws Exception {
final TestServerAuthModule module = new TestServerAuthModule();
final MessagePolicy mockRequestPolicy = mock(MessagePolicy.class);
when(mockRequestPolicy.isMandatory()).thenReturn(true);
final CallbackHandler h = mock(CallbackHandler.class);
module.initialize(mockRequestPolicy, null, h, options);
final MessageInfo messageInfo = mock(MessageInfo.class);
final HttpServletRequest servletRequest = mock(HttpServletRequest.class);
when(servletRequest.getMethod()).thenReturn("PUT");
when(servletRequest.isSecure()).thenReturn(true);
when(servletRequest.getRequestURI()).thenReturn("/util/j_security_check");
when(servletRequest.getContextPath()).thenReturn("/util");
when(servletRequest.getParameter("state")).thenReturn("/rooted/page");
when(servletRequest.getParameter("nonce")).thenReturn("abc");
when(messageInfo.getRequestMessage()).thenReturn(servletRequest);
final Subject client = new Subject();
module.validateRequest(messageInfo, client, null);
}
示例7: testFailLoginInvalidState
import javax.security.auth.message.MessageInfo; //导入依赖的package包/类
/**
* Tests the login endpoint GET operation.
*/
@Test(expected = AuthException.class)
public void testFailLoginInvalidState() throws Exception {
final TestServerAuthModule module = new TestServerAuthModule();
final MessagePolicy mockRequestPolicy = mock(MessagePolicy.class);
when(mockRequestPolicy.isMandatory()).thenReturn(true);
final CallbackHandler h = mock(CallbackHandler.class);
module.initialize(mockRequestPolicy, null, h, options);
final MessageInfo messageInfo = mock(MessageInfo.class);
final HttpServletRequest servletRequest = mock(HttpServletRequest.class);
when(servletRequest.getMethod()).thenReturn("GET");
when(servletRequest.isSecure()).thenReturn(true);
when(servletRequest.getRequestURI()).thenReturn("/util/j_security_check");
when(servletRequest.getContextPath()).thenReturn("/util");
when(servletRequest.getParameter("state")).thenReturn("http://www.trajano.net/");
when(messageInfo.getRequestMessage()).thenReturn(servletRequest);
final Subject client = new Subject();
module.validateRequest(messageInfo, client, null);
}
示例8: testFailLoginInvalidState2
import javax.security.auth.message.MessageInfo; //导入依赖的package包/类
/**
* Tests the login endpoint GET operation.
*/
@Test(expected = AuthException.class)
public void testFailLoginInvalidState2() throws Exception {
final TestServerAuthModule module = new TestServerAuthModule();
final MessagePolicy mockRequestPolicy = mock(MessagePolicy.class);
when(mockRequestPolicy.isMandatory()).thenReturn(true);
final CallbackHandler h = mock(CallbackHandler.class);
module.initialize(mockRequestPolicy, null, h, options);
final MessageInfo messageInfo = mock(MessageInfo.class);
final HttpServletRequest servletRequest = mock(HttpServletRequest.class);
when(servletRequest.getMethod()).thenReturn("GET");
when(servletRequest.isSecure()).thenReturn(true);
when(servletRequest.getRequestURI()).thenReturn("/util/j_security_check");
when(servletRequest.getContextPath()).thenReturn("/util");
when(servletRequest.getParameter("state")).thenReturn("some/non/rooted/page");
when(messageInfo.getRequestMessage()).thenReturn(servletRequest);
final Subject client = new Subject();
module.validateRequest(messageInfo, client, null);
}
示例9: testFailLoginInvalidState3
import javax.security.auth.message.MessageInfo; //导入依赖的package包/类
/**
* Tests the login endpoint GET operation.
*/
@Test(expected = AuthException.class)
public void testFailLoginInvalidState3() throws Exception {
final TestServerAuthModule module = new TestServerAuthModule();
final MessagePolicy mockRequestPolicy = mock(MessagePolicy.class);
when(mockRequestPolicy.isMandatory()).thenReturn(true);
final CallbackHandler h = mock(CallbackHandler.class);
module.initialize(mockRequestPolicy, null, h, options);
final MessageInfo messageInfo = mock(MessageInfo.class);
final HttpServletRequest servletRequest = mock(HttpServletRequest.class);
when(servletRequest.getMethod()).thenReturn("GET");
when(servletRequest.isSecure()).thenReturn(true);
when(servletRequest.getRequestURI()).thenReturn("/util/j_security_check");
when(servletRequest.getContextPath()).thenReturn("/util");
when(servletRequest.getParameter("state")).thenReturn("/foo/../../abc");
when(messageInfo.getRequestMessage()).thenReturn(servletRequest);
final Subject client = new Subject();
module.validateRequest(messageInfo, client, null);
}
示例10: testFailLoginInvalidState4
import javax.security.auth.message.MessageInfo; //导入依赖的package包/类
/**
* Tests the login endpoint GET operation.
*/
@Test(expected = AuthException.class)
public void testFailLoginInvalidState4() throws Exception {
final TestServerAuthModule module = new TestServerAuthModule();
final MessagePolicy mockRequestPolicy = mock(MessagePolicy.class);
when(mockRequestPolicy.isMandatory()).thenReturn(true);
final CallbackHandler h = mock(CallbackHandler.class);
module.initialize(mockRequestPolicy, null, h, options);
final MessageInfo messageInfo = mock(MessageInfo.class);
final HttpServletRequest servletRequest = mock(HttpServletRequest.class);
when(servletRequest.getMethod()).thenReturn("GET");
when(servletRequest.isSecure()).thenReturn(true);
when(servletRequest.getRequestURI()).thenReturn("/util/j_security_check");
when(servletRequest.getContextPath()).thenReturn("/util");
when(servletRequest.getParameter("state")).thenReturn("//url.com/foo/../../abc");
when(messageInfo.getRequestMessage()).thenReturn(servletRequest);
final Subject client = new Subject();
module.validateRequest(messageInfo, client, null);
}
示例11: testFailLoginMissingNonce
import javax.security.auth.message.MessageInfo; //导入依赖的package包/类
/**
* Tests the login endpoint GET operation.
*/
@Test(expected = AuthException.class)
public void testFailLoginMissingNonce() throws Exception {
final TestServerAuthModule module = new TestServerAuthModule();
final MessagePolicy mockRequestPolicy = mock(MessagePolicy.class);
when(mockRequestPolicy.isMandatory()).thenReturn(true);
final CallbackHandler h = mock(CallbackHandler.class);
module.initialize(mockRequestPolicy, null, h, options);
final MessageInfo messageInfo = mock(MessageInfo.class);
final HttpServletRequest servletRequest = mock(HttpServletRequest.class);
when(servletRequest.getMethod()).thenReturn("GET");
when(servletRequest.isSecure()).thenReturn(true);
when(servletRequest.getRequestURI()).thenReturn("/util/j_security_check");
when(servletRequest.getContextPath()).thenReturn("/util");
when(servletRequest.getParameter("state")).thenReturn("/www.trajano.net/");
when(messageInfo.getRequestMessage()).thenReturn(servletRequest);
final Subject client = new Subject();
module.validateRequest(messageInfo, client, null);
}
示例12: testFailLoginMissingState
import javax.security.auth.message.MessageInfo; //导入依赖的package包/类
/**
* Tests the login endpoint GET operation.
*/
@Test(expected = AuthException.class)
public void testFailLoginMissingState() throws Exception {
final TestServerAuthModule module = new TestServerAuthModule();
final MessagePolicy mockRequestPolicy = mock(MessagePolicy.class);
when(mockRequestPolicy.isMandatory()).thenReturn(true);
final CallbackHandler h = mock(CallbackHandler.class);
module.initialize(mockRequestPolicy, null, h, options);
final MessageInfo messageInfo = mock(MessageInfo.class);
final HttpServletRequest servletRequest = mock(HttpServletRequest.class);
when(servletRequest.getMethod()).thenReturn("GET");
when(servletRequest.isSecure()).thenReturn(true);
when(servletRequest.getRequestURI()).thenReturn("/util/j_security_check");
when(servletRequest.getContextPath()).thenReturn("/util");
when(messageInfo.getRequestMessage()).thenReturn(servletRequest);
final Subject client = new Subject();
module.validateRequest(messageInfo, client, null);
}
示例13: testFailLoginNotSecure
import javax.security.auth.message.MessageInfo; //导入依赖的package包/类
/**
* Tests the login endpoint GET operation.
*/
@Test(expected = AuthException.class)
public void testFailLoginNotSecure() throws Exception {
final TestServerAuthModule module = new TestServerAuthModule();
final MessagePolicy mockRequestPolicy = mock(MessagePolicy.class);
when(mockRequestPolicy.isMandatory()).thenReturn(true);
final CallbackHandler h = mock(CallbackHandler.class);
module.initialize(mockRequestPolicy, null, h, options);
final MessageInfo messageInfo = mock(MessageInfo.class);
final HttpServletRequest servletRequest = mock(HttpServletRequest.class);
when(servletRequest.getMethod()).thenReturn("GET");
when(servletRequest.isSecure()).thenReturn(false);
when(servletRequest.getRequestURI()).thenReturn("/util/j_security_check");
when(servletRequest.getContextPath()).thenReturn("/util");
when(messageInfo.getRequestMessage()).thenReturn(servletRequest);
final Subject client = new Subject();
module.validateRequest(messageInfo, client, null);
}
示例14: testNoAuthNeededWithoutSSL
import javax.security.auth.message.MessageInfo; //导入依赖的package包/类
/**
* The policy has determined it is not mandatory without SSL.
*/
@Test
public void testNoAuthNeededWithoutSSL() throws Exception {
final TestServerAuthModule module = new TestServerAuthModule();
final CallbackHandler h = mock(CallbackHandler.class);
final MessagePolicy mockRequestPolicy = mock(MessagePolicy.class);
when(mockRequestPolicy.isMandatory()).thenReturn(false);
module.initialize(mockRequestPolicy, null, h, options);
final MessageInfo messageInfo = mock(MessageInfo.class);
final HttpServletRequest servletRequest = mock(HttpServletRequest.class);
when(servletRequest.getMethod()).thenReturn("GET");
when(servletRequest.isSecure()).thenReturn(false);
when(servletRequest.getRequestURI()).thenReturn("/util/ejb2");
when(servletRequest.getContextPath()).thenReturn("/util");
when(messageInfo.getRequestMessage()).thenReturn(servletRequest);
final Subject client = new Subject();
assertEquals(AuthStatus.SUCCESS, module.validateRequest(messageInfo, client, null));
verifyZeroInteractions(h);
}
示例15: testNoAuthNeededWithSSL
import javax.security.auth.message.MessageInfo; //导入依赖的package包/类
/**
* The policy has determined it is not mandatory.
*/
@Test
public void testNoAuthNeededWithSSL() throws Exception {
final TestServerAuthModule module = new TestServerAuthModule();
final MessagePolicy mockRequestPolicy = mock(MessagePolicy.class);
when(mockRequestPolicy.isMandatory()).thenReturn(false);
final CallbackHandler h = mock(CallbackHandler.class);
module.initialize(mockRequestPolicy, null, h, options);
final MessageInfo messageInfo = mock(MessageInfo.class);
final HttpServletRequest servletRequest = mock(HttpServletRequest.class);
when(servletRequest.getMethod()).thenReturn("GET");
when(servletRequest.isSecure()).thenReturn(true);
when(servletRequest.getRequestURI()).thenReturn("/util/ejb2");
when(servletRequest.getContextPath()).thenReturn("/util");
when(messageInfo.getRequestMessage()).thenReturn(servletRequest);
final Subject client = new Subject();
assertEquals(AuthStatus.SUCCESS, module.validateRequest(messageInfo, client, null));
verifyZeroInteractions(h);
}