本文整理汇总了Java中javax.security.enterprise.authentication.mechanism.http.HttpMessageContext.responseUnauthorized方法的典型用法代码示例。如果您正苦于以下问题:Java HttpMessageContext.responseUnauthorized方法的具体用法?Java HttpMessageContext.responseUnauthorized怎么用?Java HttpMessageContext.responseUnauthorized使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类javax.security.enterprise.authentication.mechanism.http.HttpMessageContext的用法示例。
在下文中一共展示了HttpMessageContext.responseUnauthorized方法的8个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: validateRequest
import javax.security.enterprise.authentication.mechanism.http.HttpMessageContext; //导入方法依赖的package包/类
@Override
public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext) throws AuthenticationException {
String authorizationHeader = request.getHeader("Authorization");
if (authorizationHeader != null && authorizationHeader.startsWith(BEARER)) {
String token = authorizationHeader.substring(BEARER.length());
JWTCredential credential = tokenHandler.retrieveCredential(token);
if (credential == null) {
httpMessageContext.responseUnauthorized();
}
CredentialValidationResult result = identityStoreHandler.validate(credential);
if (result.getStatus() == VALID) {
return httpMessageContext.notifyContainerAboutLogin(
result.getCallerPrincipal(), result.getCallerGroups());
} else {
return httpMessageContext.responseUnauthorized();
}
}
return httpMessageContext.responseUnauthorized();
}
示例2: validateToken
import javax.security.enterprise.authentication.mechanism.http.HttpMessageContext; //导入方法依赖的package包/类
/**
* To validate the JWT token e.g Signature check, JWT claims check(expiration) etc
*
* @param token The JWT access tokens
* @param context
* @return the AuthenticationStatus to notify the container
*/
private AuthenticationStatus validateToken(String token, HttpMessageContext context) {
try {
if (tokenProvider.validateToken(token)) {
JwtCredential credential = tokenProvider.getCredential(token);
//fire an @Authenticated CDI event.
authenticatedEvent.fire(new UserInfo(credential.getPrincipal(), credential.getAuthorities()));
return context.notifyContainerAboutLogin(credential.getPrincipal(), credential.getAuthorities());
}
// if token invalid, response with unauthorized status
return context.responseUnauthorized();
} catch (ExpiredJwtException eje) {
LOGGER.log(Level.INFO, "Security exception for user {0} - {1}", new String[]{eje.getClaims().getSubject(), eje.getMessage()});
return context.responseUnauthorized();
}
}
示例3: validateRequest
import javax.security.enterprise.authentication.mechanism.http.HttpMessageContext; //导入方法依赖的package包/类
@Override
public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext) throws AuthenticationException {
if (request.getHeader("MY-API-KEY") != null && request.getHeader("MY-API-KEY") != null) {
final String key = request.getHeader("MY-API-KEY");
if (key != null && key.equalsIgnoreCase("DUKE ROCKS")) {
return httpMessageContext.notifyContainerAboutLogin(
"app", new HashSet<>(asList("foo")));
} else {
return httpMessageContext.responseUnauthorized();
}
}
return httpMessageContext.doNothing();
}
示例4: validateRequest
import javax.security.enterprise.authentication.mechanism.http.HttpMessageContext; //导入方法依赖的package包/类
@Override
public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext) throws AuthenticationException {
if (request.getParameter("login:username") != null && request.getParameter("login:password") != null) {
String name = request.getParameter("login:username");
Password password = new Password(request.getParameter("login:password"));
CredentialValidationResult result = identityStore.validate(
new UsernamePasswordCredential(name, password));
if (result.getStatus() == VALID) {
return httpMessageContext.notifyContainerAboutLogin(
result.getCallerPrincipal(), result.getCallerGroups());
} else {
return httpMessageContext.responseUnauthorized();
}
}
return httpMessageContext.doNothing();
}
示例5: validateRequest
import javax.security.enterprise.authentication.mechanism.http.HttpMessageContext; //导入方法依赖的package包/类
@Override
public AuthenticationStatus validateRequest(HttpServletRequest req, HttpServletResponse res, HttpMessageContext context) {
CredentialValidationResult result = idStoreHandler.validate(
new UsernamePasswordCredential(
req.getParameter("name"), req.getParameter("password")));
if (result.getStatus() == VALID) {
return context.notifyContainerAboutLogin(result);
} else {
return context.responseUnauthorized();
}
}
示例6: validateRequest
import javax.security.enterprise.authentication.mechanism.http.HttpMessageContext; //导入方法依赖的package包/类
@Override
public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, HttpMessageContext context) {
LOGGER.log(Level.INFO, "validateRequest: {0}", request.getRequestURI());
// Get the (caller) name and password from the request
// NOTE: This is for the smallest possible example only. In practice
// putting the password in a request query parameter is highly insecure
String name = request.getParameter("username");
String password = request.getParameter("password");
String token = extractToken(context);
if (name != null && password != null
&& "POST".equals(request.getMethod())
&& request.getRequestURI().endsWith("/auth/login")) {
LOGGER.log(Level.INFO, "user credentials : {0}, {1}", new String[]{name, password});
// validation of the credential using the identity store
CredentialValidationResult result = identityStoreHandler.validate(new UsernamePasswordCredential(name, password));
if (result.getStatus() == CredentialValidationResult.Status.VALID) {
// Communicate the details of the authenticated user to the container and return SUCCESS.
return createToken(result, context);
}
// if the authentication failed, we return the unauthorized status in the http response
return context.responseUnauthorized();
} else if (token != null) {
// validation of the jwt credential
return validateToken(token, context);
} else if (context.isProtected()) {
// A protected resource is a resource for which a constraint has been defined.
// if there are no credentials and the resource is protected, we response with unauthorized status
return context.responseUnauthorized();
}
// there are no credentials AND the resource is not protected,
// SO Instructs the container to "do nothing"
return context.doNothing();
}
示例7: validateRequest
import javax.security.enterprise.authentication.mechanism.http.HttpMessageContext; //导入方法依赖的package包/类
@Override
public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext) throws AuthenticationException {
final String name = request.getParameter("name");
final String pwd = request.getParameter("password");
if (name != null && pwd != null ) {
// Get the (caller) name and password from the request
// NOTE: This is for the smallest possible example only. In practice
// putting the password in a request query parameter is highly
// insecure
Password password = new Password(pwd);
// Delegate the {credentials in -> identity data out} function to
// the Identity Store
CredentialValidationResult result = identityStoreHandler.validate(
new UsernamePasswordCredential(name, password));
if (result.getStatus() == VALID) {
// Communicate the details of the authenticated user to the
// container. In many cases the underlying handler will just store the details
// and the container will actually handle the login after we return from
// this method.
return httpMessageContext.notifyContainerAboutLogin(
result.getCallerPrincipal(), result.getCallerGroups());
}
return httpMessageContext.responseUnauthorized();
}
return httpMessageContext.doNothing();
}
示例8: validateRequest
import javax.security.enterprise.authentication.mechanism.http.HttpMessageContext; //导入方法依赖的package包/类
@Override
public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext) throws AuthenticationException {
if (request.getParameter("name") != null && request.getParameter("password") != null) {
// Get the (caller) name and password from the request
// NOTE: This is for the smallest possible example only. In practice
// putting the password in a request query parameter is highly
// insecure
String name = request.getParameter("name");
Password password = new Password(request.getParameter("password"));
// Delegate the {credentials in -> identity data out} function to
// the Identity Store
CredentialValidationResult result = identityStore.validate(
new UsernamePasswordCredential(name, password));
if (result.getStatus() == VALID) {
// Communicate the details of the authenticated user to the
// container. In many cases the underlying handler will just store the details
// and the container will actually handle the login after we return from
// this method.
return httpMessageContext.notifyContainerAboutLogin(
result.getCallerPrincipal(), result.getCallerGroups());
} else {
return httpMessageContext.responseUnauthorized();
}
}
return httpMessageContext.doNothing();
}