Java源码示例:javax.security.enterprise.AuthenticationException
示例1
@Override
public AuthenticationStatus validateRequest(HttpServletRequest request,
HttpServletResponse response,
HttpMessageContext httpMessageContext)
throws AuthenticationException {
AbstractBearerTokenExtractor extractor = new BearerTokenExtractor(request, authContextInfo);
String bearerToken = extractor.getBearerToken();
if (bearerToken != null) {
try {
JsonWebToken jwtPrincipal = jwtParser.parse(bearerToken);
producer.setJsonWebToken(jwtPrincipal);
Set<String> groups = jwtPrincipal.getGroups();
MechanismLogging.log.success();
return httpMessageContext.notifyContainerAboutLogin(jwtPrincipal, groups);
} catch (Exception e) {
MechanismLogging.log.unableToValidateBearerToken(e);
return httpMessageContext.responseUnauthorized();
}
} else {
MechanismLogging.log.noUsableBearerTokenFound();
return httpMessageContext.isProtected() ? httpMessageContext.responseUnauthorized()
: httpMessageContext.doNothing();
}
}
示例2
@Override
public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext) throws AuthenticationException {
if (httpMessageContext.isAuthenticationRequest()) {
Credential credential = httpMessageContext.getAuthParameters().getCredential();
if (!(credential instanceof CallerOnlyCredential)) {
throw new IllegalStateException("Invalid mechanism");
}
CallerOnlyCredential callerOnlyCredential = (CallerOnlyCredential) credential;
if ("user".equals(callerOnlyCredential.getCaller())) {
return httpMessageContext.notifyContainerAboutLogin(callerOnlyCredential.getCaller(), new HashSet<>(Arrays.asList("role1","role2")));
} else{
throw new AuthenticationException();
}
}
return httpMessageContext.doNothing();
}
示例3
@Override
public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response,
HttpMessageContext httpMessageContext) throws AuthenticationException {
// ...
String name = request.getParameter("name");
String password = request.getParameter("password");
if (name != null && password != null) {
CredentialValidationResult result = identityStoreHandler.validate(new UsernamePasswordCredential(name, password));
return httpMessageContext.notifyContainerAboutLogin(result);
}
return httpMessageContext.doNothing();
}
示例4
@Override
public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext) throws AuthenticationException {
String name = request.getParameter("name");
Password password = new Password(request.getParameter("password"));
// Delegate the {credentials in -> identity data out} function to
// the Identity Store
CredentialValidationResult result = identityStoreHandler.validate(
new UsernamePasswordCredential(name, password));
if (result.getStatus() == VALID) {
// Communicate the details of the authenticated user to the
// container. In many cases the underlying handler will just store the details
// and the container will actually handle the login after we return from
// this method.
return httpMessageContext.notifyContainerAboutLogin(
result.getCallerPrincipal(), result.getCallerGroups());
}
return httpMessageContext.responseUnauthorized();
}
示例5
@Override
public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext) throws AuthenticationException {
String name = request.getParameter("name");
Password password = new Password(request.getParameter("password"));
// Delegate the {credentials in -> identity data out} function to
// the Identity Store
CredentialValidationResult result = identityStoreHandler.validate(
new UsernamePasswordCredential(name, password));
if (result.getStatus() == VALID) {
// Communicate the details of the authenticated user to the
// container. In many cases the underlying handler will just store the details
// and the container will actually handle the login after we return from
// this method.
return httpMessageContext.notifyContainerAboutLogin(
result.getCallerPrincipal(), result.getCallerGroups());
}
return httpMessageContext.responseUnauthorized();
}
示例6
@Override
public AuthenticationStatus validateRequest(final HttpServletRequest request,
final HttpServletResponse response,
final HttpMessageContext httpMessageContext)
throws AuthenticationException {
if (!httpMessageContext.isProtected()) {
return httpMessageContext.doNothing();
}
try {
final CredentialValidationResult result =
identityStoreHandler.validate(parseAuthenticationHeader(request.getHeader(AUTHORIZATION)));
if (result.getStatus().equals(VALID)) {
return httpMessageContext.notifyContainerAboutLogin(result);
}
} catch (final IllegalArgumentException | IllegalStateException e) {
// Something was sent in the header was not valid. Fallthrough to the authenticate challenge again.
}
response.setHeader("WWW-Authenticate", "Basic");
return httpMessageContext.responseUnauthorized();
}
示例7
@Override
public AuthenticationStatus validateRequest(final HttpServletRequest request,
final HttpServletResponse response,
final HttpMessageContext httpMessageContext)
throws AuthenticationException {
if (httpMessageContext.isAuthenticationRequest()) {
try {
final CredentialValidationResult result =
identityStoreHandler.validate(httpMessageContext.getAuthParameters().getCredential());
if (result.getStatus().equals(VALID)) {
return httpMessageContext.notifyContainerAboutLogin(result);
}
} catch (final IllegalArgumentException | IllegalStateException e) {
// Something was sent in the header was not valid.
}
return httpMessageContext.responseUnauthorized();
}
return httpMessageContext.doNothing();
}
示例8
@Override
public AuthenticationStatus validateRequest(
HttpServletRequest request,
HttpServletResponse response,
HttpMessageContext context) throws AuthenticationException {
Credential credential = context.getAuthParameters().getCredential();
if (credential != null) {
return context.notifyContainerAboutLogin(identityStore.validate(credential));
} else {
return context.doNothing();
}
}
示例9
@Override
public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext) throws AuthenticationException {
if (httpMessageContext.isAuthenticationRequest()) {
Credential credential = httpMessageContext.getAuthParameters().getCredential();
if (!(credential instanceof UsernamePasswordCredential)) {
throw new IllegalStateException("Invalid mechanism");
}
return httpMessageContext.notifyContainerAboutLogin(identityStore.validate(credential));
}
return httpMessageContext.doNothing();
}
示例10
@Override
public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext) throws AuthenticationException {
if (httpMessageContext.isAuthenticationRequest()) {
Credential credential = httpMessageContext.getAuthParameters().getCredential();
if (!(credential instanceof CallerOnlyCredential)) {
throw new IllegalStateException("Invalid mechanism");
}
CallerOnlyCredential callerOnlyCredential = (CallerOnlyCredential) credential;
if (null == callerOnlyCredential.getCaller()) {
throw new AuthenticationException();
} else switch (callerOnlyCredential.getCaller()) {
case "user1":
return httpMessageContext.notifyContainerAboutLogin(callerOnlyCredential.getCaller(), new HashSet<>(asList(Roles.ROLE1)));
case "user2":
return httpMessageContext.notifyContainerAboutLogin(callerOnlyCredential.getCaller(), new HashSet<>(asList(Roles.ROLE2)));
case "user3":
return httpMessageContext.notifyContainerAboutLogin(callerOnlyCredential.getCaller(), new HashSet<>(asList(Roles.ROLE3)));
default:
throw new AuthenticationException();
}
}
return httpMessageContext.doNothing();
}
示例11
@Override
public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext) throws AuthenticationException {
if (httpMessageContext.isAuthenticationRequest()) {
Credential credential = httpMessageContext.getAuthParameters().getCredential();
if (!(credential instanceof CallerOnlyCredential)) {
throw new IllegalStateException("Invalid mechanism");
}
CallerOnlyCredential callerOnlyCredential = (CallerOnlyCredential) credential;
if (null == callerOnlyCredential.getCaller()) {
throw new AuthenticationException();
} else switch (callerOnlyCredential.getCaller()) {
case Roles.ADMIN:
return httpMessageContext.notifyContainerAboutLogin(callerOnlyCredential.getCaller(), new HashSet<>(asList(Roles.ADMIN)));
case Roles.USER:
return httpMessageContext.notifyContainerAboutLogin(callerOnlyCredential.getCaller(), new HashSet<>(asList(Roles.USER)));
default:
throw new AuthenticationException();
}
}
return httpMessageContext.doNothing();
}
示例12
@Override
public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext) throws AuthenticationException {
final String name = request.getParameter("name");
final String pwd = request.getParameter("password");
if (name != null && pwd != null ) {
// Get the (caller) name and password from the request
// NOTE: This is for the smallest possible example only. In practice
// putting the password in a request query parameter is highly
// insecure
Password password = new Password(pwd);
// Delegate the {credentials in -> identity data out} function to
// the Identity Store
CredentialValidationResult result = identityStoreHandler.validate(
new UsernamePasswordCredential(name, password));
if (result.getStatus() == VALID) {
// Communicate the details of the authenticated user to the
// container. In many cases the underlying handler will just store the details
// and the container will actually handle the login after we return from
// this method.
return httpMessageContext.notifyContainerAboutLogin(
result.getCallerPrincipal(), result.getCallerGroups());
}
return httpMessageContext.responseUnauthorized();
}
return httpMessageContext.doNothing();
}
示例13
@Override
public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext) throws AuthenticationException {
final String name = request.getParameter("name");
final String pwd = request.getParameter("password");
if (name != null && pwd != null ) {
// Get the (caller) name and password from the request
// NOTE: This is for the smallest possible example only. In practice
// putting the password in a request query parameter is highly
// insecure
Password password = new Password(pwd);
// Delegate the {credentials in -> identity data out} function to
// the Identity Store
CredentialValidationResult result = identityStoreHandler.validate(
new UsernamePasswordCredential(name, password));
if (result.getStatus() == VALID) {
// Communicate the details of the authenticated user to the
// container. In many cases the underlying handler will just store the details
// and the container will actually handle the login after we return from
// this method.
return httpMessageContext.notifyContainerAboutLogin(
result.getCallerPrincipal(), result.getCallerGroups());
}
return httpMessageContext.responseUnauthorized();
}
return httpMessageContext.doNothing();
}
示例14
@Override
public AuthStatus validateRequest(final MessageInfo messageInfo, final Subject clientSubject,
final Subject serviceSubject)
throws AuthException {
final HttpMessageContext httpMessageContext =
httpMessageContext(handler, messageInfo, clientSubject, serviceSubject);
final HttpAuthenticationMechanism authenticationMechanism =
CDI.current()
.select(TomEESecurityServletAuthenticationMechanismMapper.class)
.get()
.getCurrentAuthenticationMechanism(httpMessageContext);
final AuthenticationStatus authenticationStatus;
try {
authenticationStatus =
authenticationMechanism.validateRequest(httpMessageContext.getRequest(),
httpMessageContext.getResponse(),
httpMessageContext);
} catch (final AuthenticationException e) {
final AuthException authException = new AuthException(e.getMessage());
authException.initCause(e);
throw authException;
}
return mapToAuthStatus(authenticationStatus);
}
示例15
@Override
public AuthenticationStatus validateRequest(final HttpServletRequest request,
final HttpServletResponse response,
final HttpMessageContext httpMessageContext)
throws AuthenticationException {
return httpMessageContext.doNothing();
}
示例16
@Override
public AuthenticationStatus validateRequest(final HttpServletRequest request, final HttpServletResponse response,
final HttpMessageContext httpMessageContext)
throws AuthenticationException {
final String username = request.getParameter("j_username");
final String password = request.getParameter("j_password");
if (validateForm(httpMessageContext.getRequest(), username, password)) {
return httpMessageContext.notifyContainerAboutLogin(
identityStoreHandler.validate(new UsernamePasswordCredential(username, password)));
}
return httpMessageContext.doNothing();
}
示例17
@Override
public AuthenticationStatus validateRequest(HttpServletRequest request,
HttpServletResponse response,
HttpMessageContext httpMessageContext)
throws AuthenticationException {
return getWrapped().validateRequest(request, response, httpMessageContext);
}
示例18
@Override
public AuthenticationStatus secureResponse(HttpServletRequest request,
HttpServletResponse response,
HttpMessageContext httpMessageContext)
throws AuthenticationException {
return getWrapped().secureResponse(request, response, httpMessageContext);
}
示例19
@Override
public AuthenticationStatus validateRequest(HttpServletRequest httpServletRequest,
HttpServletResponse httpServletResponse,
HttpMessageContext httpMessageContext) throws AuthenticationException {
String username = httpServletRequest.getParameter("username");
String password = httpServletRequest.getParameter("password");
//Mocking UserDetail, but in real life, we can find it from a database.
UserDetail userDetail = findByUserNameAndPassword(username, password);
if (userDetail != null) {
return httpMessageContext.notifyContainerAboutLogin(
new CustomPrincipal(userDetail),
new HashSet<>(userDetail.getRoles()));
}
return httpMessageContext.responseUnauthorized();
}
示例20
@Override
public AuthenticationStatus validateRequest(final HttpServletRequest request, final HttpServletResponse response,
final HttpMessageContext httpMessageContext)
throws AuthenticationException {
return delegate.validateRequest(request, response, httpMessageContext);
}
示例21
@Override
public AuthenticationStatus secureResponse(final HttpServletRequest request, final HttpServletResponse response,
final HttpMessageContext httpMessageContext)
throws AuthenticationException {
return delegate.secureResponse(request, response, httpMessageContext);
}
示例22
AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response,
HttpMessageContext httpMessageContext)
throws AuthenticationException;
示例23
default AuthenticationStatus secureResponse(HttpServletRequest request, HttpServletResponse response,
HttpMessageContext httpMessageContext)
throws AuthenticationException {
return SUCCESS;
}
