Пример #1
0
  /**
   * Return value is based on the presents and value of the {@code
   * X-JASPI-AUTH-MODULE-ONE-VALIDATE-REQUEST} request header.
   *
   * @param messageInfo {@inheritDoc}
   * @param clientSubject {@inheritDoc}
   * @param serviceSubject {@inheritDoc}
   * @return {@inheritDoc}
   * @throws AuthException {@inheritDoc}
   */
  @SuppressWarnings("unchecked")
  @Override
  public AuthStatus validateRequest(
      MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {

    HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();

    String header = request.getHeader(AUTH_MODULE_ONE_VALIDATE_REQUEST_HEADER_NAME.toLowerCase());

    clientSubject.getPrincipals().clear();
    clientSubject
        .getPrincipals()
        .add(
            new Principal() {
              @Override
              public String getName() {
                return AUTH_MODULE_ONE_PRINCIPAL;
              }
            });

    Map<String, Object> context =
        (Map<String, Object>) messageInfo.getMap().get(JaspiRuntime.ATTRIBUTE_AUTH_CONTEXT);
    context.put(AUTH_MODULE_ONE_CONTEXT_ENTRY, true);

    if (SUCCESS_AUTH_STATUS.equalsIgnoreCase(header)) {
      return AuthStatus.SUCCESS;
    }

    if (SEND_SUCCESS_AUTH_STATUS.equalsIgnoreCase(header)) {
      return AuthStatus.SEND_SUCCESS;
    }

    if (SEND_FAILURE_AUTH_STATUS.equalsIgnoreCase(header)) {
      return AuthStatus.SEND_FAILURE;
    }

    if (SEND_CONTINUE_AUTH_STATUS.equalsIgnoreCase(header)) {
      return AuthStatus.SEND_CONTINUE;
    }

    if (FAILURE_AUTH_STATUS.equalsIgnoreCase(header)) {
      return AuthStatus.FAILURE;
    }

    if (NULL_AUTH_STATUS.equalsIgnoreCase(header)) {
      return null;
    }

    throw new AuthException(
        AUTH_MODULE_ONE_VALIDATE_REQUEST_HEADER_NAME
            + " header not set, so throwing AuthException.");
  }
Пример #2
0
  /**
   * Return value is based on the presents and value of the {@code
   * X-JASPI-AUTH-MODULE-ONE-SECURE-RESPONSE} request header.
   *
   * @param messageInfo {@inheritDoc}
   * @param serviceSubject {@inheritDoc}
   * @return {@inheritDoc}
   * @throws AuthException {@inheritDoc}
   */
  @Override
  public AuthStatus secureResponse(MessageInfo messageInfo, Subject serviceSubject)
      throws AuthException {

    HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();

    String header = request.getHeader(AUTH_MODULE_ONE_SECURE_RESPONSE_HEADER_NAME.toLowerCase());

    if (SUCCESS_AUTH_STATUS.equalsIgnoreCase(header)) {
      return AuthStatus.SUCCESS;
    }

    if (SEND_SUCCESS_AUTH_STATUS.equalsIgnoreCase(header)) {
      return AuthStatus.SEND_SUCCESS;
    }

    if (SEND_FAILURE_AUTH_STATUS.equalsIgnoreCase(header)) {
      return AuthStatus.SEND_FAILURE;
    }

    if (SEND_CONTINUE_AUTH_STATUS.equalsIgnoreCase(header)) {
      return AuthStatus.SEND_CONTINUE;
    }

    if (FAILURE_AUTH_STATUS.equalsIgnoreCase(header)) {
      return AuthStatus.FAILURE;
    }

    if (NULL_AUTH_STATUS.equalsIgnoreCase(header)) {
      return null;
    }

    throw new AuthException(
        AUTH_MODULE_ONE_SECURE_RESPONSE_HEADER_NAME
            + " header not set, so throwing AuthException.");
  }