-
Notifications
You must be signed in to change notification settings - Fork 30
/
TSFailureClientAuthModule.java
265 lines (239 loc) · 11.9 KB
/
TSFailureClientAuthModule.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
/*
* Copyright (c) 2007, 2020 Oracle and/or its affiliates. All rights reserved.
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v. 2.0, which is available at
* http://www.eclipse.org/legal/epl-2.0.
*
* This Source Code may also be made available under the following Secondary
* Licenses when the conditions for such availability set forth in the
* Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
* version 2 with the GNU Classpath Exception, which is available at
* https://www.gnu.org/software/classpath/license.html.
*
* SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
*/
package ee.jakarta.tck.authentication.test.basic.sam.module.soap;
import ee.jakarta.tck.authentication.test.common.logging.server.TSLogger;
import jakarta.security.auth.message.AuthException;
import jakarta.security.auth.message.AuthStatus;
import jakarta.security.auth.message.MessageInfo;
import jakarta.security.auth.message.MessagePolicy;
import jakarta.xml.soap.MessageFactory;
import jakarta.xml.soap.SOAPBody;
import jakarta.xml.soap.SOAPEnvelope;
import jakarta.xml.soap.SOAPException;
import jakarta.xml.soap.SOAPMessage;
import jakarta.xml.soap.SOAPPart;
import java.util.Map;
import java.util.logging.Level;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.namespace.QName;
/**
*
* @author Raja Perumal
*/
public class TSFailureClientAuthModule implements jakarta.security.auth.message.module.ClientAuthModule {
private static TSLogger logger = null;
private static Map options = null;
/**
* Creates a new instance of ClientAuthModuleImpl
*/
public TSFailureClientAuthModule() {
}
/**
* Initialize this module with request and response message policies to enforce, a CallbackHandler, and any
* module-specific configuration properties.
*
* <p>
* The request policy and the response policy must not both be null.
*
* @param requestPolicy the request policy this module must enforce, or null.
*
* @param responsePolicy the response policy this module must enforce, or null.
*
* @param handler CallbackHandler used to request information.
*
* @param options a Map of module-specific configuration properties.
*
* @exception AuthException if module initialization fails, including for the case where the options argument contains
* elements that are not supported by the module.
*/
@Override
public void initialize(MessagePolicy reqPolicy, MessagePolicy resPolicy, CallbackHandler handler, Map optns) throws AuthException {
options = optns;
// Get the reference to TSLogger from the Map "options"
if (options.get("TSLogger") != null)
logger = (TSLogger) options.get("TSLogger");
}
/**
* Get the one or more Class objects representing the message types supported by the module.
*
* @return an array of Class objects where each element defines a message type supported by the module. A module should
* return an array containing at least one element. An empty array indicates that the module will attempt to support any
* message type. This method never returns null.
*/
@Override
public Class[] getSupportedMessageTypes() {
Class[] classarray = { jakarta.xml.soap.SOAPMessage.class };
logMsg("TSFailureClientAuthModule.getSupportedMessageTypes called");
return classarray;
}
/**
* Secure a service request message before sending it to the service.
* <p>
* This method is called to transform the request message acquired by calling getRequestMessage (on messageInfo) into
* the mechanism specific form to be sent by the runtime.
* <p>
* This method conveys the outcome of its message processing either by returning an AuthStatus value or by throwing an
* AuthException.
*
* @param messageInfo a contextual object that encapsulates the client request and server response objects, and that may
* be used to save state across a sequence of calls made to the methods of this interface for the purpose of completing
* a secure message exchange.
*
* @param clientSubject a Subject that represents the source of the service request, or null. It may be used by the
* method implementation as the source of Principals or credentials to be used to secure the request. If the Subject is
* not null, the method implementation may add additional Principals or credentials (pertaining to the source of the
* service request) to the Subject.
*
* @return an AuthStatus object representing the completion status of the processing performed by the method. The
* AuthStatus values that may be returned by this method are defined as follows:
* <ul>
* <li>AuthStatus.SUCCESS when the application request message was successfully secured. The secured request message may
* be obtained by calling by getRequestMessage on messageInfo.
*
* <li>AuthStatus.SEND_CONTINUE to indicate that the application request message (within messageInfo) was replaced with
* a security message that should elicit a security-specific response from the peer security system. This status value
* also indicates that the application message has not yet been secured.
*
* This status value serves to inform the calling runtime that (in order to successfully complete the message exchange)
* it will need to be capable of continuing the message dialog by conducting at least one additional request/response
* exchange after having received the security-specific response elicited by sending the security message.
*
* When this status value is returned, the corresponding invocation of <code>validateResponse</code> must be able to
* obtain the original application request message.
*
* <li>AuthStatus.FAILURE to indicate that a failure occured while securing the request message, and that an appropriate
* failure response message is available by calling getResponseMessage on messageInfo.
* </ul>
*
* @exception AuthException when the message processing failed without establishing a failure response message (in
* messageInfo).
*/
@Override
public AuthStatus secureRequest(MessageInfo messageInfo, Subject clientSubject) throws AuthException {
String msg = "TSFailureClientAuthModule.secureRequest called";
logMsg(msg);
SOAPMessage smsg = null;
try {
MessageFactory mf = MessageFactory.newInstance();
smsg = mf.createMessage();
if (smsg != null) {
setSOAPFault(smsg);
}
} catch (SOAPException ex) {
ex.printStackTrace();
}
// set the response message with SOAP Fault
messageInfo.setResponseMessage(smsg);
return AuthStatus.FAILURE;
}
/**
* Validate a received service response.
* <p>
* This method is called to transform the mechanism specific response message acquired by calling getResponseMessage (on
* messageInfo) into the validated application message to be returned to the message processing runtime. If the response
* message is a (mechanism specific) meta-message, the method implementation must attempt to transform the meta-message
* into the next mechanism specific request message to be sent by the runtime.
* <p>
* This method conveys the outcome of its message processing either by returning an AuthStatus value or by throwing an
* AuthException.
*
* @param messageInfo a contextual object that encapsulates the client request and server response objects, and that may
* be used to save state across a sequence of calls made to the methods of this interface for the purpose of completing
* a secure message exchange.
*
* @param clientSubject a Subject that represents the recipient of the service response, or null. It may be used by the
* method implementation as the source of Principals or credentials to be used to validate the response. If the Subject
* is not null, the method implementation may add additional Principals or credentials (pertaining to the recipient of
* the service request) to the Subject.
*
* @param serviceSubject a Subject that represents the source of the service response, or null. If the Subject is not
* null, the method implementation may add additional Principals or credentials (pertaining to the source of the service
* response) to the Subject.
*
* @return an AuthStatus object representing the completion status of the processing performed by the method. The
* AuthStatus values that may be returned by this method are defined as follows:
* <ul>
* <li>AuthStatus.SUCCESS when the application response message was successfully validated. The validated message is
* available by calling getResponseMessage on messageInfo.
*
* <li>AuthStatus.SEND_CONTINUE to indicate that response validation is incomplete, and that a continuation request was
* returned as the request message within messageInfo.
*
* This status value serves to inform the calling runtime that (in order to successfully complete the message exchange)
* it will need to be capable of continuing the message dialog by conducting at least one additional request/response
* exchange.
*
* <li>AuthStatus.FAILURE to indicate that validation of the response failed, and that a failure response message has
* been established in messageInfo.
* </ul>
*
* @exception AuthException when the message processing failed without establishing a failure response message (in
* messageInfo).
*/
@Override
public AuthStatus validateResponse(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
String msg = "TSFailureClientAuthModule.validateResponse called";
logMsg(msg);
SOAPMessage smsg = (SOAPMessage) messageInfo.getResponseMessage();
if (smsg != null) {
setSOAPFault(smsg);
}
return AuthStatus.FAILURE;
}
/**
* Remove implementation specific principals and credentials from the subject.
*
* @param messageInfo a contextual object that encapsulates the client request and server response objects, and that may
* be used to save state across a sequence of calls made to the methods of this interface for the purpose of completing
* a secure message exchange.
*
* @param subject the Subject instance from which the Principals and credentials are to be removed.
*
* @exception AuthException if an error occurs during the Subject processing.
*/
@Override
public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException {
logMsg("TSFailureClientAuthModule.cleanSubject called");
// remove the contents of the subject and return an empty subject
subject = null;
}
public void logMsg(String str) {
if (logger != null) {
logger.log(Level.INFO, str);
} else {
System.out.println("*** TSLogger Not Initialized properly ***");
System.out.println("*** TSSVLogMessage : ***" + str);
}
}
private void setSOAPFault(SOAPMessage smsg) {
SOAPPart soap = smsg.getSOAPPart();
if (soap != null) {
try {
SOAPEnvelope envelope = soap.getEnvelope();
if (envelope != null) {
SOAPBody body = envelope.getBody();
if (body != null) {
QName qname = new QName("Client");
body.addFault(qname, "Error in Client");
}
}
} catch (SOAPException se) {
logger.log(Level.INFO, "Error adding SOAP Fault", se);
}
}
}
}