List of usage examples for javax.security.auth.message MessagePolicy isMandatory
public boolean isMandatory()
From source file:net.java.jaspicoil.SimpleBasicServerAuthModule.java
/** * Initialize this module with request and response message policies to * enforce, a CallbackHandler, and any module-specific configuration * properties. The request policy and the response policy must not both be * null./*from w ww . j av a 2s.c om*/ * * @param requestPolicy * The request policy this module must enforce, or null. * @param responsePolicy * The response policy this module must enforce, or null. * @param handler * CallbackHandler used to request information. * @param options * A Map of module-specific configuration properties. * @throws AuthException * If module initialization fails, including for the case where * the options argument contains elements that are not supported * by the module. */ public void initialize(MessagePolicy requestPolicy, MessagePolicy responsePolicy, CallbackHandler handler, Map options) throws AuthException { this.handler = handler; // If none policy was provided, we assume this provider is mandatory. // This is unfortunately required as some container workaround this.mandatory = requestPolicy != null ? requestPolicy.isMandatory() : true; this.jaasContextName = (String) options.get(JAAS_LOGIN_CONTEXT); }
From source file:net.java.jaspicoil.MSPacSpnegoServerAuthModule.java
/** * Initialize this module with request and response message policies to * enforce, a CallbackHandler, and any module-specific configuration * properties. The request policy and the response policy must not both be * null.//from w ww. jav a 2 s . c o m * * @param requestPolicy * The request policy this module must enforce, or null. * @param responsePolicy * The response policy this module must enforce, or null. * @param handler * CallbackHandler used to request information. * @param options * A Map of module-specific configuration properties. * @throws AuthException * If module initialization fails, including for the case where * the options argument contains elements that are not supported * by the module. */ @SuppressWarnings({ "rawtypes", "unchecked" }) public void initialize(MessagePolicy requestPolicy, MessagePolicy responsePolicy, CallbackHandler handler, Map options) throws AuthException { boolean useDelegatedLoginModule = false; // If no options or empty options was provided get away and display some // usage log // Please note that some AS such as JBoss 7 call this method twice. if (options == null || options.isEmpty()) { LOG.warning(String.format( "Options is either empty or null this time. Please make sure that " + "at least the parameter %s and %s are set in the JASPIC provider configuration.", SERVICE_PRINCIPAL_NAME_KEY, KEYTAB_LOCATION_KEY)); return; } this.requestPolicy = requestPolicy; this.responsePolicy = responsePolicy; // If none policy was provided, we assume this provider is mandatory. // This is unfortunately required as some container issue workaround this.mandatory = requestPolicy != null ? requestPolicy.isMandatory() : true; this.handler = handler; this.options = options; this.debug = options.containsKey(DEBUG_OPTIONS_KEY); // Set the debug level according to the logger config and the JASPIC // config this.debugLevel = LOG.isLoggable(Level.FINE) && !this.debug ? Level.FINE : Level.INFO; debug("Debug was set ({0},{1})", this.debug, this.debugLevel); this.jaasContextName = (String) options.get(JAAS_CONTEXT_KEY); debug("Jaas context name was set {0}", this.jaasContextName); if (this.jaasContextName == null && this.loginModuleName != null) { debug("There was no JAAS context parameter set on the JASPIC so using the default passed from the application server"); this.jaasContextName = this.loginModuleName; useDelegatedLoginModule = true; } this.policyContextID = (String) options.get(POLICY_CONTEXT_OPTIONS_KEY); debug("Policy context set to {0}", this.policyContextID); this.servicePrincipal = (String) options.get(SERVICE_PRINCIPAL_NAME_KEY); debug("Principal set to {0}", this.servicePrincipal); // If there was no delegated LoginModule found we must set a SPN if (!useDelegatedLoginModule && this.servicePrincipal == null) { LOG.severe("A valid SPN must be configured for JASPIC connector with the property " + SERVICE_PRINCIPAL_NAME_KEY); return; } // Get the secure groups final String groupList = (String) options.get(SECURE_GROUP_SIDS_KEY); if (groupList != null && !"".equals(groupList.trim())) { this.secureGroups = Collections .unmodifiableSet(new HashSet<String>(Arrays.asList(groupList.trim().split(",")))); debug("Secure groups set as: {0}", this.secureGroups); } // Get the mandatory groups final String mandatoryGroupList = (String) options.get(MANDATORY_GROUPS_KEY); if (mandatoryGroupList != null && !"".equals(mandatoryGroupList.trim())) { this.mandatoryGroups = Collections .unmodifiableSet(new HashSet<String>(Arrays.asList(mandatoryGroupList.trim().split(",")))); debug("Mandatory groups set as: {0}", this.mandatoryGroups); } final String administratorGroupList = (String) options.get(ADMINISTRATOR_GROUPS_KEY); if (administratorGroupList != null && !"".equals(administratorGroupList.trim())) { this.administratorGroups = Collections .unmodifiableSet(new HashSet<String>(Arrays.asList(administratorGroupList.trim().split(",")))); debug("Administrator groups set as: {0}", this.mandatoryGroups); } final String administratorOnlyUriList = (String) options.get(ADMINISTRATOR_ONLY_URIS_KEY); if (administratorOnlyUriList != null && !"".equals(administratorOnlyUriList.trim())) { this.administratorOnlyUris = Collections.unmodifiableSet( new HashSet<String>(Arrays.asList(administratorOnlyUriList.trim().split(",")))); debug("Administrator restricted URIs set as: {0}", this.mandatoryGroups); } final String sessionAttributeList = (String) options.get(SESSION_ATTRIBUTES_KEY); if (sessionAttributeList != null && !"".equals(sessionAttributeList.trim())) { final String[] pairs = sessionAttributeList.trim().split(","); final Map<String, String> attributes = new HashMap<String, String>(); for (final String pair : pairs) { final String[] vals = pair.split("="); attributes.put(vals[0], vals[1]); } this.sessionAttributes = Collections.unmodifiableMap(attributes); debug("Session attributes was set to {0}", this.sessionAttributes); } final String keyTabLocationString = (String) options.get(KEYTAB_LOCATION_KEY); if (!useDelegatedLoginModule && keyTabLocationString == null) { LOG.severe("A valid key tab location must be configured for JASPIC connector with the property " + KEYTAB_LOCATION_KEY); return; } if (keyTabLocationString != null) { // Try to reference the indicated keytab try { this.keyTabLocation = new URL(keyTabLocationString); debug("Keytab location was set to {0}", this.keyTabLocation); } catch (final MalformedURLException e) { LOG.log(Level.WARNING, "Unable to build " + KEYTAB_LOCATION_KEY + " from the parameter value " + options.get(KEYTAB_LOCATION_KEY), e); } } URL groupMappingSource = null; try { final String groupParam = (String) options.get(GROUP_MAPPING_KEY); if (groupParam != null && !"".equals(groupParam.trim())) { groupMappingSource = new URL(groupParam); } } catch (final MalformedURLException e) { LOG.log(Level.WARNING, "Unable to build " + GROUP_MAPPING_KEY + " from the parameter value " + options.get(GROUP_MAPPING_KEY), e); } if (groupMappingSource != null) { final Properties groupMapping = new Properties(); try { InputStream groupMappingInputstream = null; try { groupMappingInputstream = groupMappingSource.openStream(); groupMapping.load(groupMappingInputstream); } finally { if (groupMappingInputstream != null) { groupMappingInputstream.close(); } } this.groupMapping = groupMapping; debug("Group mapping was set to {0}", this.groupMapping); } catch (final IOException ioex) { LOG.log(Level.WARNING, "Unable to load " + GROUP_MAPPING_KEY + " from the indicated ressource " + options.get(GROUP_MAPPING_KEY), ioex); } } try { // Load the serviceSubject from a LoginModule, this is required to // get the Kerberos Key this.serviceSubject = initializeKerberosServerContext(this.jaasContextName, this.servicePrincipal, this.keyTabLocation, this.debug); debug("Service subject was set to {0}", this.serviceSubject); } catch (final LoginException e) { final AuthException aex = new AuthException("Kerberos service context initialization failed"); aex.initCause(e); throw aex; } this.smartcardSecuredUsersOnly = Boolean.parseBoolean((String) options.get(SMARTCARD_SECURED_USERS_ONLY)); debug("Only accept smartcard secured users ? {0}", this.smartcardSecuredUsersOnly); this.delegatedSecuredUsersOnly = Boolean.parseBoolean((String) options.get(DELEGATED_SECURED_USERS_ONLY)); debug("Only accept delegated (KCD) users ? {0}", this.delegatedSecuredUsersOnly); this.userHeader = (String) options.get(USER_HEADER_KEY); debug("User header set to {0}", this.userHeader); // TODO Add some fetchExtraGroupsScript handling that will use // javax.script to execute // an idea is to use the first line as //#!!mime/type the mimetype will // be extracted out to known which engine to call }