本文整理汇总了Java中javax.security.auth.message.MessageInfo.getRequestMessage方法的典型用法代码示例。如果您正苦于以下问题:Java MessageInfo.getRequestMessage方法的具体用法?Java MessageInfo.getRequestMessage怎么用?Java MessageInfo.getRequestMessage使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类javax.security.auth.message.MessageInfo的用法示例。
在下文中一共展示了MessageInfo.getRequestMessage方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: validateRequest
import javax.security.auth.message.MessageInfo; //导入方法依赖的package包/类
@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
LOGGER.log(Level.FINE, "Validating request @" + request.getMethod() + " " + request.getRequestURI());
String login = (String) request.getSession().getAttribute("login");
String groups = (String) request.getSession().getAttribute("groups");
CallerPrincipalCallback callerPrincipalCallback = new CallerPrincipalCallback(clientSubject, login);
GroupPrincipalCallback groupPrincipalCallback = new GroupPrincipalCallback(clientSubject, new String[]{groups});
Callback[] callbacks = new Callback[]{callerPrincipalCallback, groupPrincipalCallback};
try {
callbackHandler.handle(callbacks);
} catch (IOException | UnsupportedCallbackException e) {
throw new AuthException(e.getMessage());
}
return AuthStatus.SUCCESS;
}
示例2: validateRequest
import javax.security.auth.message.MessageInfo; //导入方法依赖的package包/类
@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
LOGGER.log(Level.FINE, "Validating request @" + request.getMethod() + " " + request.getRequestURI());
CallerPrincipalCallback callerPrincipalCallback = new CallerPrincipalCallback(clientSubject, "");
GroupPrincipalCallback groupPrincipalCallback = new GroupPrincipalCallback(clientSubject, new String[]{UserGroupMapping.GUEST_ROLE_ID});
Callback[] callbacks = {callerPrincipalCallback, groupPrincipalCallback};
try {
callbackHandler.handle(callbacks);
} catch (IOException | UnsupportedCallbackException e) {
throw new AuthException(e.getMessage());
}
return AuthStatus.SUCCESS;
}
示例3: validateRequest
import javax.security.auth.message.MessageInfo; //导入方法依赖的package包/类
@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage();
AuthServices.addCORSHeaders(response);
LOGGER.log(Level.FINE, "validateRequest @" + request.getMethod() + " " + request.getRequestURI());
if (isOptionsRequest(request)) {
return AuthStatus.SUCCESS;
}
CustomSAM module = getModule(messageInfo);
if (module != null) {
return module.validateRequest(messageInfo, clientSubject, serviceSubject);
}
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
return AuthStatus.FAILURE;
}
示例4: secureResponse
import javax.security.auth.message.MessageInfo; //导入方法依赖的package包/类
@Override
public AuthStatus secureResponse(MessageInfo messageInfo, Subject serviceSubject) throws AuthException {
HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage();
AuthServices.addCORSHeaders(response);
LOGGER.log(Level.FINE, "secureResponse @" + request.getMethod() + " " + request.getRequestURI());
if (isOptionsRequest(request)) {
return AuthStatus.SEND_SUCCESS;
}
CustomSAM module = getModule(messageInfo);
if (module != null) {
return module.secureResponse(messageInfo, serviceSubject);
}
return AuthStatus.SEND_FAILURE;
}
示例5: cleanSubject
import javax.security.auth.message.MessageInfo; //导入方法依赖的package包/类
/**
* Removes the <code>authenticated</code> group and the user ID from the
* principal set.
*
* @param messageInfo
* message info
* @param subject
* subject
*/
@Override
public void cleanSubject(final MessageInfo messageInfo,
final Subject subject) throws AuthException {
final HttpServletRequest req = (HttpServletRequest) messageInfo.getRequestMessage();
final String subjectCookie = getSubject(req);
final Iterator<Principal> iterator = subject.getPrincipals().iterator();
while (iterator.hasNext()) {
final Principal principal = iterator.next();
if ("authenticated".equals(principal.getName())) {
iterator.remove();
}
if (principal.getName().equals(subjectCookie)) {
iterator.remove();
}
}
// Does nothing.
}
示例6: validateRequest
import javax.security.auth.message.MessageInfo; //导入方法依赖的package包/类
@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage();
LOGGER.log(Level.FINE, "Validating request @" + request.getMethod() + " " + request.getRequestURI());
String authorization = request.getHeader("Authorization");
String[] splitAuthorization = authorization.split(" ");
String jwt = splitAuthorization[1];
JWTokenUserGroupMapping jwTokenUserGroupMapping = JWTokenFactory.validateAuthToken(key, jwt);
if (jwTokenUserGroupMapping != null) {
UserGroupMapping userGroupMapping = jwTokenUserGroupMapping.getUserGroupMapping();
CallerPrincipalCallback callerPrincipalCallback = new CallerPrincipalCallback(clientSubject, userGroupMapping.getLogin());
GroupPrincipalCallback groupPrincipalCallback = new GroupPrincipalCallback(clientSubject, new String[]{userGroupMapping.getGroupName()});
Callback[] callbacks = new Callback[]{callerPrincipalCallback, groupPrincipalCallback};
try {
callbackHandler.handle(callbacks);
} catch (IOException | UnsupportedCallbackException e) {
throw new AuthException(e.getMessage());
}
JWTokenFactory.refreshTokenIfNeeded(key, response, jwTokenUserGroupMapping);
return AuthStatus.SUCCESS;
}
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
return AuthStatus.FAILURE;
}
示例7: canHandle
import javax.security.auth.message.MessageInfo; //导入方法依赖的package包/类
@Override
public boolean canHandle(MessageInfo messageInfo) {
HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
// Check in headers
String authorization = request.getHeader("Authorization");
if (authorization != null && authorization.startsWith("Bearer ")) {
return authorization.split(" ").length == 2;
}
return false;
}
示例8: canHandle
import javax.security.auth.message.MessageInfo; //导入方法依赖的package包/类
@Override
public boolean canHandle(MessageInfo messageInfo) {
HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
HttpSession session = request.getSession(false);
if(session == null){
return false;
}
String login = (String) session.getAttribute("login");
String groups = (String) session.getAttribute("groups");
return login != null && !login.isEmpty() && groups != null && !groups.isEmpty();
}
示例9: setRegisterSession
import javax.security.auth.message.MessageInfo; //导入方法依赖的package包/类
@SuppressWarnings("unchecked")
public static void setRegisterSession(MessageInfo messageInfo, String username, List<String> roles) {
messageInfo.getMap().put("javax.servlet.http.registerSession", TRUE.toString());
HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
request.setAttribute(LOGGEDIN_USERNAME, username);
// TODO: check for existing roles and add
request.setAttribute(LOGGEDIN_ROLES, roles);
}
示例10: canHandle
import javax.security.auth.message.MessageInfo; //导入方法依赖的package包/类
@Override
public boolean canHandle(MessageInfo messageInfo) {
HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
String authorization = request.getHeader("Authorization");
return authorization != null && authorization.startsWith("Basic ") && authorization.split(" ").length == 2;
}
示例11: canHandle
import javax.security.auth.message.MessageInfo; //导入方法依赖的package包/类
@Override
public boolean canHandle(MessageInfo messageInfo) {
HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
return AuthServices.isPublicRequestURI(request.getContextPath(), request.getRequestURI());
}
示例12: validateRequest
import javax.security.auth.message.MessageInfo; //导入方法依赖的package包/类
@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject)
throws AuthException {
_logger.debug("Enter validateRequest");
if (!requiresAuthentication(messageInfo)) {
_logger.debug("Returning success, auth policy not mandatory");
return AuthStatus.SUCCESS;
}
HttpServletRequest req = (HttpServletRequest) messageInfo.getRequestMessage();
HttpServletResponse resp = (HttpServletResponse) messageInfo.getResponseMessage();
try {
UserAccount account = (UserAccount) req.getSession().getAttribute(USER_ACCOUNT_SESSION_KEY);
if (account != null) {
_logger.debug("Returning success, user already logged in");
addPrincipalsToSubject(clientSubject, account);
return AuthStatus.SUCCESS;
}
if (!req.getRequestURI().endsWith(LOGIN_PAGE)) {
redirectToLoginPage(req, resp);
return AuthStatus.SEND_CONTINUE;
}
if ("GET".equals(req.getMethod())) {
forwardToLoginPage(req, resp, "GET request");
return AuthStatus.SEND_CONTINUE;
}
String userName = req.getParameter("j_username");
String password = req.getParameter("j_password");
String otp = req.getParameter("j_otp");
if (userName == null || password == null || otp == null) {
_logger.debug("Returning failure, missing request parameter(s)");
forwardToFailedLoginPage(req, resp, null);
return AuthStatus.SEND_CONTINUE;
}
UserAccount userAccount = _accountMap.get(userName);
if (userAccount != null
&& userAccount.getHashedPassword().equals(
PasswordEncoder.encodePasswordForUser(userName, userAccount.getSalt(), password))
&& YubicoClient.isValidOTPFormat(otp)) {
_logger.debug("Verifying Yubikey for {}...", userName);
VerificationResponse response = _yubicoClient.verify(otp);
if (response.isOk()) {
if (response.getPublicId().equals(userAccount.getPublicYubiId())) {
addPrincipalsToSubject(clientSubject, userAccount);
req.getSession().setAttribute(USER_ACCOUNT_SESSION_KEY, userAccount);
String originalUri = (String) req.getSession().getAttribute(ORIGINAL_URI_SESSION_KEY);
if (originalUri != null) {
_logger.debug("Login successful for {}, redirecting to {}", userName, originalUri);
resp.sendRedirect(originalUri);
return AuthStatus.SEND_CONTINUE;
} else {
_logger.debug("Login successful for {}, returning success", userName);
return AuthStatus.SUCCESS;
}
} else {
_logger.warn("Login attempt for {} with wrong Yubikey {}!", userName, response.getPublicId());
}
} else {
_logger.info("Failed to verify Yubikey for {}, response not OK", userName);
}
}
forwardToFailedLoginPage(req, resp, "authentication failed");
return AuthStatus.SEND_CONTINUE;
} catch (Exception e) {
_logger.error("Authentication failed with exception", e);
throw new AuthException(e.getMessage());
}
}
示例13: getAuthContextID
import javax.security.auth.message.MessageInfo; //导入方法依赖的package包/类
@SuppressWarnings("rawtypes")
public String getAuthContextID(MessageInfo messageInfo)
{
SOAPMessage request = (SOAPMessage) messageInfo.getRequestMessage();
if (request == null)
{
return null;
}
String authContext = null;
MimeHeaders headers = request.getMimeHeaders();
if (headers != null)
{
String[] soapActions = headers.getHeader("SOAPAction");
if (soapActions != null && soapActions.length > 0)
{
authContext = soapActions[0];
if (!StringUtils.isEmpty(authContext))
{
return authContext;
}
}
}
SOAPPart soapMessage = request.getSOAPPart();
if (soapMessage != null)
{
try
{
SOAPEnvelope envelope = soapMessage.getEnvelope();
if (envelope != null)
{
SOAPBody body = envelope.getBody();
if (body != null)
{
Iterator it = body.getChildElements();
while (it.hasNext())
{
Object o = it.next();
if (o instanceof SOAPElement)
{
QName name = ((SOAPElement) o).getElementQName();
return name.getLocalPart();
}
}
}
}
}
catch (SOAPException se)
{
//ignore;
Logger.getLogger(JBossWSClientAuthConfig.class).trace(se);
}
}
return null;
}
示例14: getAuthContextID
import javax.security.auth.message.MessageInfo; //导入方法依赖的package包/类
@SuppressWarnings("rawtypes")
public String getAuthContextID(MessageInfo messageInfo)
{
SOAPMessage request = (SOAPMessage) messageInfo.getRequestMessage();
if (request == null)
{
return null;
}
String authContext = null;
MimeHeaders headers = request.getMimeHeaders();
if (headers != null)
{
String[] soapActions = headers.getHeader("SOAPAction");
if (soapActions != null && soapActions.length > 0)
{
authContext = soapActions[0];
if (!StringUtils.isEmpty(authContext))
{
return authContext;
}
}
}
SOAPPart soapMessage = request.getSOAPPart();
if (soapMessage != null)
{
try
{
SOAPEnvelope envelope = soapMessage.getEnvelope();
if (envelope != null)
{
SOAPBody body = envelope.getBody();
if (body != null)
{
Iterator it = body.getChildElements();
while (it.hasNext())
{
Object o = it.next();
if (o instanceof SOAPElement)
{
QName name = ((SOAPElement) o).getElementQName();
return name.getLocalPart();
}
}
}
}
}
catch (SOAPException se)
{
//ignore;
Logger.getLogger(JBossWSServerAuthConfig.class).trace(se);
}
}
return null;
}
示例15: validateRequest
import javax.security.auth.message.MessageInfo; //导入方法依赖的package包/类
/**
* <p>
* Checks for the presence of the cookie, if it is present it will use that
* as the subject if not it will redirect to a login screen.
* </p>
* {@inheritDoc}
*/
@Override
public AuthStatus validateRequest(final MessageInfo messageInfo,
final Subject client,
final Subject serviceSubject)
throws AuthException {
final HttpServletRequest req = (HttpServletRequest) messageInfo.getRequestMessage();
final HttpServletResponse resp = (HttpServletResponse) messageInfo.getResponseMessage();
try {
final String localRequestUri = req.getRequestURI().substring(req.getContextPath().length());
if (LOGIN_ENDPOINT.equals(localRequestUri)) {
return handleLoginEndpoint(req, resp);
}
if (LOGOUT_ENDPOINT.equals(localRequestUri)) {
return handleLogoutEndpoint(req, resp);
}
// Allow if authentication is not required.
if (!mandatory) {
return AuthStatus.SUCCESS;
}
// require SSL if mandatory
if (!req.isSecure()) {
resp.sendError(HttpURLConnection.HTTP_FORBIDDEN, "SSL Required");
return AuthStatus.SEND_FAILURE;
}
final String subject = getSubject(req);
// Check if there is no subject then redirect to login endpoint
if (subject == null) {
return handleRedirectToLoginEndpoint(req, resp);
}
handler.handle(new Callback[] {
new CallerPrincipalCallback(client, subject),
new GroupPrincipalCallback(client, GROUPS)
});
return AuthStatus.SUCCESS;
} catch (final IOException
| ServletException
| UnsupportedCallbackException e) {
LOG.throwing(TestServerAuthModule.class.getName(), "validateRequest", e);
throw new AuthException(e.getMessage());
}
}