示例#1
0
  /*
   * Check for the AuthContext Exceptions
   */
  private void checkACException(AuthXMLResponse authResponse, AuthContextLocal acl) {
    AuthLoginException ale = acl.getLoginException();
    if (ale == null) {
      return;
    }

    /*
     * this code does not allow client to remotely select locale.
     * but this is a problem comes with the AuthContext API, cannot
     * be simply solved here.
     */
    if ((ale.getL10NMessage(locale) != null) && ((ale.getL10NMessage(locale)).length() > 0)) {
      authResponse.setErrorMessage(ale.getL10NMessage(locale));
    }
    authResponse.setIsException(true);
  }
示例#2
0
  /**
   * Performs the Login for the given AuthContext
   *
   * @param type authentication index type
   * @param indexName authentication index name
   * @param principal principal name of the user to be authenticated
   * @param password password for the user
   * @param subject authentication subject
   * @param pCookieMode <code>true</code>persistent Cookie exists, <code>false</code> otherwise
   * @param envMap Environment map, this is applicable only when the type is <code>
   *     AuthContext.IndexType.RESOURCE</code>
   * @param locale locale setting
   * @throws AuthLoginException if error occurs during login
   */
  protected void login(
      AuthContext.IndexType type,
      String indexName,
      Principal principal,
      char[] password,
      Subject subject,
      boolean pCookieMode,
      Map envMap,
      String locale)
      throws AuthLoginException {
    try {
      /*if (!getStatus().equals(AuthContext.Status.NOT_STARTED)) {
          if (authDebug.messageEnabled()) {
              authDebug.message("AuthContextLocal::login called " +
              "when the current login status is : " + getStatus());
          }
          throw new AuthLoginException(amAuthContextLocal,
              "invalidMethod", new Object[]{getStatus()});
      }*/

      // switch the login status
      loginStatus = AuthContext.Status.IN_PROGRESS;

      String redirectUrl = null;
      // specially processing for resouce/IP/Environement based auth
      if ((type != null) && type.equals(AuthContext.IndexType.RESOURCE)) {
        // this is resouce/IP/Env based authentication
        // call Policy Decision Util to find out the actual auth type
        // required by policy
        List result = Collections.EMPTY_LIST;
        try {
          result = PolicyDecisionUtils.doResourceIPEnvAuth(indexName, organizationName, envMap);
        } catch (PolicyException pe) {
          // ignore, continue to default realm based authentication
          // may need to revisit this in the future
          authDebug.warning(
              "AuthContextLocal.login() policy error " + "indexName=" + indexName, pe);
          type = null;
          indexName = null;
        }
        if (authDebug.messageEnabled()) {
          authDebug.message("AuthContextLocal.login: policy decision=" + result);
        }
        if (result.size() == 2) {
          type = (AuthContext.IndexType) result.get(0);
          indexName = (String) result.get(1);
        } else if (result.size() == 1) {
          // this is the redirection case (Policy Redirection Advice)
          redirectUrl = (String) result.get(0);
          // append goto parameter for federation case
          Set tmp = (Set) envMap.get(ISAuthConstants.GOTO_PARAM);
          if ((tmp != null) && !tmp.isEmpty()) {
            String gotoParam = (String) tmp.iterator().next();
            if ((gotoParam != null) && (gotoParam.length() != 0)) {
              if ((redirectUrl != null) && (redirectUrl.indexOf("?") != -1)) {
                redirectUrl =
                    redirectUrl
                        + "&"
                        + ISAuthConstants.GOTO_PARAM
                        + "="
                        + URLEncDec.encode(gotoParam);
              } else {
                redirectUrl =
                    redirectUrl
                        + "?"
                        + ISAuthConstants.GOTO_PARAM
                        + "="
                        + URLEncDec.encode(gotoParam);
              }
            }
          }
          type = null;
          indexName = null;
        } else {
          // no policy decision, use default realm login
          type = null;
          indexName = null;
        }
      }
      HashMap loginParamsMap = new HashMap();

      loginParamsMap.put(INDEX_TYPE, type);
      loginParamsMap.put(INDEX_NAME, indexName);
      loginParamsMap.put(PRINCIPAL, principal);
      loginParamsMap.put(PASSWORD, password);
      loginParamsMap.put(SUBJECT, subject);
      loginParamsMap.put(PCOOKIE, Boolean.valueOf(pCookieMode));
      loginParamsMap.put(LOCALE, locale);
      if (redirectUrl != null) {
        loginParamsMap.put(REDIRECT_URL, redirectUrl);
      }

      if (authDebug.messageEnabled()) {
        authDebug.message("loginParamsMap : " + loginParamsMap.toString());
      }

      authDebug.message("calling AMLoginContext::exceuteLogin : ");
      amlc.executeLogin(loginParamsMap);
      authDebug.message("after AMLoginContext::exceuteLogin : ");
      if (amlc.getStatus() == LoginStatus.AUTH_SUCCESS) {
        loginStatus = AuthContext.Status.SUCCESS;
      } else if (amlc.getStatus() == LoginStatus.AUTH_FAILED) {
        loginStatus = AuthContext.Status.FAILED;
      }
      if (authDebug.messageEnabled()) {
        authDebug.message("Status at the end of login() : " + loginStatus);
      }
    } catch (AuthLoginException e) {
      if (authDebug.messageEnabled()) {
        authDebug.message("Exception in ac.login : " + e.toString());
      }
      throw e;
    }
  }