1 |
|
/*
|
|
1 |
|
/*
|
|
1 |
|
/*
|
2 |
|
* License
d to the A
pache Soft
ware Found
ation (ASF
) under on
e or more
|
|
2 |
|
* License
d to the A
pache Soft
ware Found
ation (ASF
) under on
e or more
|
|
2 |
|
* License
d to the A
pache Soft
ware Found
ation (ASF
) under on
e or more
|
3 |
|
* contrib
utor licen
se agreeme
nts. See
the NOTICE
file dist
ributed wi
th
|
|
3 |
|
* contrib
utor licen
se agreeme
nts. See
the NOTICE
file dist
ributed wi
th
|
|
3 |
|
* contrib
utor licen
se agreeme
nts. See
the NOTICE
file dist
ributed wi
th
|
4 |
|
* this wo
rk for add
itional in
formation
regarding
copyright
ownership.
|
|
4 |
|
* this wo
rk for add
itional in
formation
regarding
copyright
ownership.
|
|
4 |
|
* this wo
rk for add
itional in
formation
regarding
copyright
ownership.
|
5 |
|
* The ASF
licenses
this file
to You und
er the Apa
che Licens
e, Version
2.0
|
|
5 |
|
* The ASF
licenses
this file
to You und
er the Apa
che Licens
e, Version
2.0
|
|
5 |
|
* The ASF
licenses
this file
to You und
er the Apa
che Licens
e, Version
2.0
|
6 |
|
* (the "L
icense");
you may no
t use this
file exce
pt in comp
liance wit
h
|
|
6 |
|
* (the "L
icense");
you may no
t use this
file exce
pt in comp
liance wit
h
|
|
6 |
|
* (the "L
icense");
you may no
t use this
file exce
pt in comp
liance wit
h
|
7 |
|
* the Lic
ense. You
may obtai
n a copy o
f the Lice
nse at
|
|
7 |
|
* the Lic
ense. You
may obtai
n a copy o
f the Lice
nse at
|
|
7 |
|
* the Lic
ense. You
may obtai
n a copy o
f the Lice
nse at
|
8 |
|
*
|
|
8 |
|
*
|
|
8 |
|
*
|
9 |
|
* ht
tp://www.a
pache.org/
licenses/L
ICENSE-2.0
|
|
9 |
|
* ht
tp://www.a
pache.org/
licenses/L
ICENSE-2.0
|
|
9 |
|
* ht
tp://www.a
pache.org/
licenses/L
ICENSE-2.0
|
10 |
|
*
|
|
10 |
|
*
|
|
10 |
|
*
|
11 |
|
* Unless
required b
y applicab
le law or
agreed to
in writing
, software
|
|
11 |
|
* Unless
required b
y applicab
le law or
agreed to
in writing
, software
|
|
11 |
|
* Unless
required b
y applicab
le law or
agreed to
in writing
, software
|
12 |
|
* distrib
uted under
the Licen
se is dist
ributed on
an "AS IS
" BASIS,
|
|
12 |
|
* distrib
uted under
the Licen
se is dist
ributed on
an "AS IS
" BASIS,
|
|
12 |
|
* distrib
uted under
the Licen
se is dist
ributed on
an "AS IS
" BASIS,
|
13 |
|
* WITHOUT
WARRANTIE
S OR CONDI
TIONS OF A
NY KIND, e
ither expr
ess or imp
lied.
|
|
13 |
|
* WITHOUT
WARRANTIE
S OR CONDI
TIONS OF A
NY KIND, e
ither expr
ess or imp
lied.
|
|
13 |
|
* WITHOUT
WARRANTIE
S OR CONDI
TIONS OF A
NY KIND, e
ither expr
ess or imp
lied.
|
14 |
|
* See the
License f
or the spe
cific lang
uage gover
ning permi
ssions and
|
|
14 |
|
* See the
License f
or the spe
cific lang
uage gover
ning permi
ssions and
|
|
14 |
|
* See the
License f
or the spe
cific lang
uage gover
ning permi
ssions and
|
15 |
|
* limitat
ions under
the Licen
se.
|
|
15 |
|
* limitat
ions under
the Licen
se.
|
|
15 |
|
* limitat
ions under
the Licen
se.
|
16 |
|
*/
|
|
16 |
|
*/
|
|
16 |
|
*/
|
17 |
|
package or
g.apache.c
atalina.au
thenticato
r;
|
|
17 |
|
package or
g.apache.c
atalina.au
thenticato
r;
|
|
17 |
|
package or
g.apache.c
atalina.au
thenticato
r;
|
18 |
|
|
|
18 |
|
|
|
18 |
|
|
19 |
|
import jav
a.io.IOExc
eption;
|
|
19 |
|
import jav
a.io.IOExc
eption;
|
|
19 |
|
import jav
a.io.IOExc
eption;
|
20 |
|
import jav
a.security
.Principal
;
|
|
20 |
|
import jav
a.security
.Principal
;
|
|
20 |
|
import jav
a.security
.Principal
;
|
21 |
|
import jav
a.security
.cert.X509
Certificat
e;
|
|
21 |
|
import jav
a.security
.cert.X509
Certificat
e;
|
|
21 |
|
import jav
a.security
.cert.X509
Certificat
e;
|
22 |
|
import jav
a.text.Sim
pleDateFor
mat;
|
|
22 |
|
import jav
a.text.Sim
pleDateFor
mat;
|
|
22 |
|
import jav
a.text.Sim
pleDateFor
mat;
|
23 |
|
import jav
a.util.Dat
e;
|
|
23 |
|
import jav
a.util.Dat
e;
|
|
23 |
|
import jav
a.util.Dat
e;
|
24 |
|
import jav
a.util.Loc
ale;
|
|
24 |
|
import jav
a.util.Loc
ale;
|
|
24 |
|
import jav
a.util.Loc
ale;
|
|
|
|
|
25 |
|
import jav
a.util.Map
;
|
|
25 |
|
import jav
a.util.Map
;
|
|
|
|
|
|
|
|
|
26 |
|
import jav
a.util.Opt
ional;
|
|
|
|
|
26 |
|
import jav
a.util.Set
;
|
|
27 |
|
import jav
a.util.Set
;
|
25 |
|
|
|
27 |
|
|
|
28 |
|
|
|
|
|
|
28 |
|
import jav
ax.securit
y.auth.Sub
ject;
|
|
29 |
|
import jav
ax.securit
y.auth.Sub
ject;
|
|
|
|
|
29 |
|
import jav
ax.securit
y.auth.cal
lback.Call
backHandle
r;
|
|
|
|
|
|
|
|
|
30 |
|
import jav
ax.securit
y.auth.mes
sage.AuthE
xception;
|
|
30 |
|
import jav
ax.securit
y.auth.mes
sage.AuthE
xception;
|
|
|
|
|
31 |
|
import jav
ax.securit
y.auth.mes
sage.AuthS
tatus;
|
|
31 |
|
import jav
ax.securit
y.auth.mes
sage.AuthS
tatus;
|
|
|
|
|
32 |
|
import jav
ax.securit
y.auth.mes
sage.Messa
geInfo;
|
|
32 |
|
import jav
ax.securit
y.auth.mes
sage.Messa
geInfo;
|
|
|
|
|
33 |
|
import jav
ax.securit
y.auth.mes
sage.confi
g.AuthConf
igFactory;
|
|
33 |
|
import jav
ax.securit
y.auth.mes
sage.confi
g.AuthConf
igFactory;
|
|
|
|
|
34 |
|
import jav
ax.securit
y.auth.mes
sage.confi
g.AuthConf
igProvider
;
|
|
34 |
|
import jav
ax.securit
y.auth.mes
sage.confi
g.AuthConf
igProvider
;
|
|
|
|
|
35 |
|
import jav
ax.securit
y.auth.mes
sage.confi
g.ClientAu
thConfig;
|
|
|
|
|
|
|
|
|
36 |
|
import jav
ax.securit
y.auth.mes
sage.confi
g.Registra
tionListen
er;
|
|
35 |
|
import jav
ax.securit
y.auth.mes
sage.confi
g.Registra
tionListen
er;
|
|
|
|
|
37 |
|
import jav
ax.securit
y.auth.mes
sage.confi
g.ServerAu
thConfig;
|
|
36 |
|
import jav
ax.securit
y.auth.mes
sage.confi
g.ServerAu
thConfig;
|
|
|
|
|
38 |
|
import jav
ax.securit
y.auth.mes
sage.confi
g.ServerAu
thContext;
|
|
37 |
|
import jav
ax.securit
y.auth.mes
sage.confi
g.ServerAu
thContext;
|
|
|
|
|
39 |
|
import jav
ax.servlet
.ServletCo
ntext;
|
|
38 |
|
import jav
ax.servlet
.ServletCo
ntext;
|
26 |
|
import jav
ax.servlet
.ServletEx
ception;
|
|
40 |
|
import jav
ax.servlet
.ServletEx
ception;
|
|
39 |
|
import jav
ax.servlet
.ServletEx
ception;
|
27 |
|
import jav
ax.servlet
.http.Cook
ie;
|
|
41 |
|
import jav
ax.servlet
.http.Cook
ie;
|
|
40 |
|
import jav
ax.servlet
.http.Cook
ie;
|
28 |
|
import jav
ax.servlet
.http.Http
ServletReq
uest;
|
|
42 |
|
import jav
ax.servlet
.http.Http
ServletReq
uest;
|
|
41 |
|
import jav
ax.servlet
.http.Http
ServletReq
uest;
|
29 |
|
import jav
ax.servlet
.http.Http
ServletRes
ponse;
|
|
43 |
|
import jav
ax.servlet
.http.Http
ServletRes
ponse;
|
|
42 |
|
import jav
ax.servlet
.http.Http
ServletRes
ponse;
|
30 |
|
|
|
44 |
|
|
|
43 |
|
|
31 |
|
import org
.apache.ca
talina.Aut
henticator
;
|
|
45 |
|
import org
.apache.ca
talina.Aut
henticator
;
|
|
44 |
|
import org
.apache.ca
talina.Aut
henticator
;
|
32 |
|
import org
.apache.ca
talina.Con
tainer;
|
|
46 |
|
import org
.apache.ca
talina.Con
tainer;
|
|
45 |
|
import org
.apache.ca
talina.Con
tainer;
|
33 |
|
import org
.apache.ca
talina.Con
text;
|
|
47 |
|
import org
.apache.ca
talina.Con
text;
|
|
46 |
|
import org
.apache.ca
talina.Con
text;
|
34 |
|
import org
.apache.ca
talina.Glo
bals;
|
|
48 |
|
import org
.apache.ca
talina.Glo
bals;
|
|
47 |
|
import org
.apache.ca
talina.Glo
bals;
|
35 |
|
import org
.apache.ca
talina.Lif
ecycleExce
ption;
|
|
49 |
|
import org
.apache.ca
talina.Lif
ecycleExce
ption;
|
|
48 |
|
import org
.apache.ca
talina.Lif
ecycleExce
ption;
|
36 |
|
import org
.apache.ca
talina.Man
ager;
|
|
50 |
|
import org
.apache.ca
talina.Man
ager;
|
|
49 |
|
import org
.apache.ca
talina.Man
ager;
|
37 |
|
import org
.apache.ca
talina.Rea
lm;
|
|
51 |
|
import org
.apache.ca
talina.Rea
lm;
|
|
50 |
|
import org
.apache.ca
talina.Rea
lm;
|
38 |
|
import org
.apache.ca
talina.Ses
sion;
|
|
52 |
|
import org
.apache.ca
talina.Ses
sion;
|
|
51 |
|
import org
.apache.ca
talina.Ses
sion;
|
39 |
|
import org
.apache.ca
talina.Tom
catPrincip
al;
|
|
53 |
|
import org
.apache.ca
talina.Tom
catPrincip
al;
|
|
52 |
|
import org
.apache.ca
talina.Tom
catPrincip
al;
|
40 |
|
import org
.apache.ca
talina.Val
ve;
|
|
54 |
|
import org
.apache.ca
talina.Val
ve;
|
|
53 |
|
import org
.apache.ca
talina.Val
ve;
|
41 |
|
import org
.apache.ca
talina.Wra
pper;
|
|
55 |
|
import org
.apache.ca
talina.Wra
pper;
|
|
54 |
|
import org
.apache.ca
talina.Wra
pper;
|
|
|
|
|
56 |
|
import org
.apache.ca
talina.aut
henticator
.jaspic.Ca
llbackHand
lerImpl;
|
|
55 |
|
import org
.apache.ca
talina.aut
henticator
.jaspic.Ca
llbackHand
lerImpl;
|
|
|
|
|
57 |
|
import org
.apache.ca
talina.aut
henticator
.jaspic.Me
ssageInfoI
mpl;
|
|
56 |
|
import org
.apache.ca
talina.aut
henticator
.jaspic.Me
ssageInfoI
mpl;
|
42 |
|
import org
.apache.ca
talina.con
nector.Req
uest;
|
|
58 |
|
import org
.apache.ca
talina.con
nector.Req
uest;
|
|
57 |
|
import org
.apache.ca
talina.con
nector.Req
uest;
|
43 |
|
import org
.apache.ca
talina.con
nector.Res
ponse;
|
|
59 |
|
import org
.apache.ca
talina.con
nector.Res
ponse;
|
|
58 |
|
import org
.apache.ca
talina.con
nector.Res
ponse;
|
44 |
|
import org
.apache.ca
talina.rea
lm.Generic
Principal;
|
|
60 |
|
import org
.apache.ca
talina.rea
lm.Generic
Principal;
|
|
59 |
|
import org
.apache.ca
talina.rea
lm.Generic
Principal;
|
45 |
|
import org
.apache.ca
talina.uti
l.SessionI
dGenerator
Base;
|
|
61 |
|
import org
.apache.ca
talina.uti
l.SessionI
dGenerator
Base;
|
|
60 |
|
import org
.apache.ca
talina.uti
l.SessionI
dGenerator
Base;
|
46 |
|
import org
.apache.ca
talina.uti
l.Standard
SessionIdG
enerator;
|
|
62 |
|
import org
.apache.ca
talina.uti
l.Standard
SessionIdG
enerator;
|
|
61 |
|
import org
.apache.ca
talina.uti
l.Standard
SessionIdG
enerator;
|
47 |
|
import org
.apache.ca
talina.val
ves.ValveB
ase;
|
|
63 |
|
import org
.apache.ca
talina.val
ves.ValveB
ase;
|
|
62 |
|
import org
.apache.ca
talina.val
ves.ValveB
ase;
|
48 |
|
import org
.apache.co
yote.Actio
nCode;
|
|
64 |
|
import org
.apache.co
yote.Actio
nCode;
|
|
63 |
|
import org
.apache.co
yote.Actio
nCode;
|
49 |
|
import org
.apache.ju
li.logging
.Log;
|
|
65 |
|
import org
.apache.ju
li.logging
.Log;
|
|
64 |
|
import org
.apache.ju
li.logging
.Log;
|
50 |
|
import org
.apache.ju
li.logging
.LogFactor
y;
|
|
66 |
|
import org
.apache.ju
li.logging
.LogFactor
y;
|
|
65 |
|
import org
.apache.ju
li.logging
.LogFactor
y;
|
51 |
|
import org
.apache.to
mcat.util.
ExceptionU
tils;
|
|
67 |
|
import org
.apache.to
mcat.util.
ExceptionU
tils;
|
|
66 |
|
import org
.apache.to
mcat.util.
ExceptionU
tils;
|
52 |
|
import org
.apache.to
mcat.util.
descriptor
.web.Login
Config;
|
|
68 |
|
import org
.apache.to
mcat.util.
descriptor
.web.Login
Config;
|
|
67 |
|
import org
.apache.to
mcat.util.
descriptor
.web.Login
Config;
|
53 |
|
import org
.apache.to
mcat.util.
descriptor
.web.Secur
ityConstra
int;
|
|
69 |
|
import org
.apache.to
mcat.util.
descriptor
.web.Secur
ityConstra
int;
|
|
68 |
|
import org
.apache.to
mcat.util.
descriptor
.web.Secur
ityConstra
int;
|
54 |
|
import org
.apache.to
mcat.util.
http.FastH
ttpDateFor
mat;
|
|
70 |
|
import org
.apache.to
mcat.util.
http.FastH
ttpDateFor
mat;
|
|
69 |
|
import org
.apache.to
mcat.util.
http.FastH
ttpDateFor
mat;
|
55 |
|
import org
.apache.to
mcat.util.
res.String
Manager;
|
|
71 |
|
import org
.apache.to
mcat.util.
res.String
Manager;
|
|
70 |
|
import org
.apache.to
mcat.util.
res.String
Manager;
|
56 |
|
|
|
72 |
|
|
|
71 |
|
|
57 |
|
|
|
|
|
|
|
|
|
|
58 |
|
/**
|
|
73 |
|
/**
|
|
72 |
|
/**
|
59 |
|
* Basic i
mplementat
ion of the
<b>Valve<
/b> interf
ace that e
nforces th
e
|
|
74 |
|
* Basic i
mplementat
ion of the
<b>Valve<
/b> interf
ace that e
nforces th
e
|
|
73 |
|
* Basic i
mplementat
ion of the
<b>Valve<
/b> interf
ace that e
nforces th
e
|
60 |
|
* <code>&
lt;securit
y-constrai
nt></co
de> elemen
ts in the
web applic
ation
|
|
75 |
|
* <code>&
lt;securit
y-constrai
nt></co
de> elemen
ts in the
web applic
ation
|
|
74 |
|
* <code>&
lt;securit
y-constrai
nt></co
de> elemen
ts in the
web applic
ation
|
61 |
|
* deploym
ent descri
ptor.
This funct
ionality i
s implemen
ted as a V
alve
|
|
76 |
|
* deploym
ent descri
ptor. This
functiona
lity is im
plemented
as a Valve
so that
|
|
75 |
|
* deploym
ent descri
ptor. This
functiona
lity is im
plemented
as a Valve
so that
|
62 |
|
*
so that
it can be
omitted in
environme
nts that d
o not requ
ire these
|
|
77 |
|
*
it can be
omitted in
environme
nts that d
o not requ
ire these
features.
|
|
76 |
|
* it can
be omitted
in enviro
nments tha
t do not r
equire the
se feature
s.
|
63 |
|
*
features.
Individual
implement
ations of
each suppo
rted authe
ntication
|
|
78 |
|
*
Individual
implement
ations of
each suppo
rted authe
ntication
method ca
n
|
|
77 |
|
* Individ
ual implem
entations
of each su
pported au
thenticati
on method
can
|
64 |
|
*
method can
subclass t
his base c
lass as re
quired.
|
|
79 |
|
*
subclass t
his base c
lass as re
quired.
|
|
78 |
|
* subclas
s this bas
e class as
required.
|
65 |
|
* <p>
|
|
80 |
|
* <p>
|
|
79 |
|
* <p>
|
66 |
|
* <b>USAG
E CONSTRAI
NT</b>:
When this
class is u
tilized, t
he Context
to
|
|
81 |
|
* <b>USAG
E CONSTRAI
NT</b>: Wh
en this cl
ass is uti
lized, the
Context t
o
which it
|
|
80 |
|
* <b>USAG
E CONSTRAI
NT</b>: Wh
en this cl
ass is uti
lized, the
Context t
o which it
|
67 |
|
*
which it
is attache
d (or a pa
rent Conta
iner in a
hierarchy)
must have
an
|
|
82 |
|
*
is attache
d (or a pa
rent Conta
iner in a
hierarchy)
must have
an
associate
d
|
|
81 |
|
* is atta
ched (or a
parent Co
ntainer in
a hierarc
hy) must h
ave an ass
ociated
|
68 |
|
*
associated
Realm that
can be us
ed for aut
henticatin
g users an
d enumerat
ing
|
|
83 |
|
*
Realm that
can be us
ed for aut
henticatin
g users an
d enumerat
ing
the roles
to
|
|
82 |
|
* Realm t
hat can be
used for
authentica
ting users
and enume
rating the
roles to
|
69 |
|
*
the roles
to
which they
have been
assigned.
|
|
84 |
|
*
which they
have been
assigned.
|
|
83 |
|
* which t
hey have b
een assign
ed.
|
70 |
|
* <p>
|
|
85 |
|
* <p>
|
|
84 |
|
* <p>
|
71 |
|
* <b>USAG
E CONSTRAI
NT</b>: T
his Valve
is only us
eful when
processing
HTTP
|
|
86 |
|
* <b>USAG
E CONSTRAI
NT</b>: Th
is Valve i
s only use
ful when p
rocessing
HTTP
|
|
85 |
|
* <b>USAG
E CONSTRAI
NT</b>: Th
is Valve i
s only use
ful when p
rocessing
HTTP
|
72 |
|
* request
s. Reques
ts of any
other type
will simp
ly be pass
ed through
.
|
|
87 |
|
* request
s. Request
s of any o
ther type
will simpl
y be passe
d through.
|
|
86 |
|
* request
s. Request
s of any o
ther type
will simpl
y be passe
d through.
|
73 |
|
*
|
|
88 |
|
*
|
|
87 |
|
*
|
74 |
|
* @author
Craig R.
McClanahan
|
|
89 |
|
* @author
Craig R.
McClanahan
|
|
88 |
|
* @author
Craig R.
McClanahan
|
75 |
|
*/
|
|
90 |
|
*/
|
|
89 |
|
*/
|
76 |
|
public abs
tract clas
s Authenti
catorBase
extends Va
lveBase
|
|
91 |
|
public abs
tract clas
s Authenti
catorBase
extends Va
lveBase
|
|
90 |
|
public abs
tract clas
s Authenti
catorBase
extends Va
lveBase
|
77 |
|
implements
Authentic
ator
{
|
|
92 |
|
implements
Authentic
ator
, Registra
tionListen
er
{
|
|
91 |
|
im
plements A
uthenticat
or, Regist
rationList
ener {
|
78 |
|
|
|
93 |
|
|
|
92 |
|
|
79 |
|
privat
e static f
inal Log l
og = LogFa
ctory.getL
og(Authent
icatorBase
.class);
|
|
94 |
|
privat
e static f
inal Log l
og = LogFa
ctory.getL
og(Authent
icatorBase
.class);
|
|
93 |
|
privat
e static f
inal Log l
og = LogFa
ctory.getL
og(Authent
icatorBase
.class);
|
80 |
|
|
|
95 |
|
|
|
94 |
|
|
|
|
|
|
96 |
|
/**
|
|
95 |
|
/**
|
|
|
|
|
97 |
|
* "Ex
pires" hea
der always
set to Da
te(1), so
generate o
nce only
|
|
96 |
|
* "Ex
pires" hea
der always
set to Da
te(1), so
generate o
nce only
|
|
|
|
|
98 |
|
*/
|
|
97 |
|
*/
|
|
|
|
|
99 |
|
privat
e static f
inal Strin
g DATE_ONE
=
|
|
98 |
|
privat
e static f
inal Strin
g DATE_ONE
=
|
|
|
|
|
100 |
|
(new Sim
pleDateFor
mat(FastHt
tpDateForm
at.RFC1123
_DATE, Loc
ale.US)).f
ormat(new
Date(1));
|
|
99 |
|
(new Sim
pleDateFor
mat(FastHt
tpDateForm
at.RFC1123
_DATE, Loc
ale.US)).f
ormat(new
Date(1));
|
81 |
|
|
|
101 |
|
|
|
100 |
|
|
82 |
|
//----
----------
----------
----------
----------
----------
Construct
or
|
|
102 |
|
privat
e static f
inal AuthC
onfigProvi
der NO_PRO
VIDER_AVAI
LABLE = ne
w NoOpAuth
ConfigProv
ider();
|
|
|
|
|
83 |
|
public
Authentic
atorBase()
{
|
|
|
|
|
|
|
|
|
84 |
|
su
per(true);
|
|
|
|
|
|
|
|
|
85 |
|
}
|
|
|
|
|
|
|
|
|
86 |
|
|
|
|
|
|
|
|
|
|
87 |
|
// ---
----------
----------
----------
----------
----------
Instance
Variables
|
|
|
|
|
|
|
|
|
88 |
|
|
|
103 |
|
|
|
|
|
|
|
|
|
|
104 |
|
/**
|
|
101 |
|
/**
|
|
|
|
|
105 |
|
* The
string ma
nager for
this packa
ge.
|
|
102 |
|
* The
string ma
nager for
this packa
ge.
|
|
|
|
|
106 |
|
*/
|
|
103 |
|
*/
|
|
|
|
|
107 |
|
protec
ted static
final Str
ingManager
sm = Stri
ngManager.
getManager
(Authentic
atorBase.c
lass);
|
|
104 |
|
protec
ted static
final Str
ingManager
sm = Stri
ngManager.
getManager
(Authentic
atorBase.c
lass);
|
89 |
|
|
|
108 |
|
|
|
105 |
|
|
90 |
|
/**
|
|
109 |
|
/**
|
|
106 |
|
/**
|
91 |
|
* Aut
henticatio
n header
|
|
110 |
|
* Aut
henticatio
n header
|
|
107 |
|
* Aut
henticatio
n header
|
92 |
|
*/
|
|
111 |
|
*/
|
|
108 |
|
*/
|
93 |
|
protec
ted static
final Str
ing AUTH_H
EADER_NAME
= "WWW-Au
thenticate
";
|
|
112 |
|
protec
ted static
final Str
ing AUTH_H
EADER_NAME
= "WWW-Au
thenticate
";
|
|
109 |
|
protec
ted static
final Str
ing AUTH_H
EADER_NAME
= "WWW-Au
thenticate
";
|
94 |
|
|
|
113 |
|
|
|
110 |
|
|
95 |
|
/**
|
|
114 |
|
/**
|
|
111 |
|
/**
|
96 |
|
* Def
ault authe
ntication
realm name
.
|
|
115 |
|
* Def
ault authe
ntication
realm name
.
|
|
112 |
|
* Def
ault authe
ntication
realm name
.
|
97 |
|
*/
|
|
116 |
|
*/
|
|
113 |
|
*/
|
98 |
|
protec
ted static
final Str
ing REALM_
NAME = "Au
thenticati
on require
d";
|
|
117 |
|
protec
ted static
final Str
ing REALM_
NAME = "Au
thenticati
on require
d";
|
|
114 |
|
protec
ted static
final Str
ing REALM_
NAME = "Au
thenticati
on require
d";
|
99 |
|
|
|
118 |
|
|
|
115 |
|
|
|
|
|
|
119 |
|
protec
ted static
String ge
tRealmName
(Context c
ontext) {
|
|
116 |
|
protec
ted static
String ge
tRealmName
(Context c
ontext) {
|
|
|
|
|
120 |
|
if
(context
== null) {
|
|
117 |
|
if
(context
== null) {
|
|
|
|
|
121 |
|
// Very
unlikely
|
|
118 |
|
// Very
unlikely
|
|
|
|
|
122 |
|
return R
EALM_NAME;
|
|
119 |
|
return R
EALM_NAME;
|
|
|
|
|
123 |
|
}
|
|
120 |
|
}
|
|
|
|
|
124 |
|
|
|
121 |
|
|
|
|
|
|
125 |
|
Lo
ginConfig
config = c
ontext.get
LoginConfi
g();
|
|
122 |
|
Lo
ginConfig
config = c
ontext.get
LoginConfi
g();
|
|
|
|
|
126 |
|
if
(config =
= null) {
|
|
123 |
|
if
(config =
= null) {
|
|
|
|
|
127 |
|
return R
EALM_NAME;
|
|
124 |
|
return R
EALM_NAME;
|
|
|
|
|
128 |
|
}
|
|
125 |
|
}
|
|
|
|
|
129 |
|
|
|
126 |
|
|
|
|
|
|
130 |
|
St
ring resul
t = config
.getRealmN
ame();
|
|
127 |
|
St
ring resul
t = config
.getRealmN
ame();
|
|
|
|
|
131 |
|
if
(result =
= null) {
|
|
128 |
|
if
(result =
= null) {
|
|
|
|
|
132 |
|
return R
EALM_NAME;
|
|
129 |
|
return R
EALM_NAME;
|
|
|
|
|
133 |
|
}
|
|
130 |
|
}
|
|
|
|
|
134 |
|
|
|
131 |
|
|
|
|
|
|
135 |
|
re
turn resul
t;
|
|
132 |
|
re
turn resul
t;
|
|
|
|
|
136 |
|
}
|
|
133 |
|
}
|
|
|
|
|
137 |
|
|
|
134 |
|
|
|
|
|
|
138 |
|
// ---
----------
----------
----------
----------
----------
- Construc
tor
|
|
135 |
|
// ---
----------
----------
----------
----------
----------
- Construc
tor
|
|
|
|
|
139 |
|
|
|
136 |
|
|
|
|
|
|
140 |
|
public
Authentic
atorBase()
{
|
|
137 |
|
public
Authentic
atorBase()
{
|
|
|
|
|
141 |
|
su
per(true);
|
|
138 |
|
su
per(true);
|
|
|
|
|
142 |
|
}
|
|
139 |
|
}
|
|
|
|
|
143 |
|
|
|
140 |
|
|
|
|
|
|
144 |
|
// ---
----------
----------
----------
----------
----------
Instance
Variables
|
|
141 |
|
// ---
----------
----------
----------
----------
----------
Instance
Variables
|
|
|
|
|
145 |
|
|
|
142 |
|
|
100 |
|
/**
|
|
146 |
|
/**
|
|
143 |
|
/**
|
101 |
|
* Sho
uld a sess
ion always
be used o
nce a user
is authen
ticated? T
his may
|
|
147 |
|
* Sho
uld a sess
ion always
be used o
nce a user
is authen
ticated? T
his may
|
|
144 |
|
* Sho
uld a sess
ion always
be used o
nce a user
is authen
ticated? T
his may
|
102 |
|
* off
er some pe
rformance
benefits s
ince the s
ession can
then be u
sed to
|
|
148 |
|
* off
er some pe
rformance
benefits s
ince the s
ession can
then be u
sed to
|
|
145 |
|
* off
er some pe
rformance
benefits s
ince the s
ession can
then be u
sed to
|
103 |
|
* cac
he the aut
henticated
Principal
, hence re
moving the
need to
|
|
149 |
|
* cac
he the aut
henticated
Principal
, hence re
moving the
need to
|
|
146 |
|
* cac
he the aut
henticated
Principal
, hence re
moving the
need to
|
104 |
|
* aut
henticate
the user v
ia the Rea
lm on ever
y request.
This may
be of help
|
|
150 |
|
* aut
henticate
the user v
ia the Rea
lm on ever
y request.
This may
be of help
|
|
147 |
|
* aut
henticate
the user v
ia the Rea
lm on ever
y request.
This may
be of help
|
105 |
|
* for
combinati
ons such a
s BASIC au
thenticati
on used wi
th the JND
IRealm or
|
|
151 |
|
* for
combinati
ons such a
s BASIC au
thenticati
on used wi
th the JND
IRealm or
|
|
148 |
|
* for
combinati
ons such a
s BASIC au
thenticati
on used wi
th the JND
IRealm or
|
106 |
|
* Dat
aSourceRea
lms. Howev
er there w
ill also b
e the perf
ormance co
st of
|
|
152 |
|
* Dat
aSourceRea
lms. Howev
er there w
ill also b
e the perf
ormance co
st of
|
|
149 |
|
* Dat
aSourceRea
lms. Howev
er there w
ill also b
e the perf
ormance co
st of
|
107 |
|
* cre
ating and
GC'ing the
session.
By default
, a sessio
n will not
be
|
|
153 |
|
* cre
ating and
GC'ing the
session.
By default
, a sessio
n will not
be
|
|
150 |
|
* cre
ating and
GC'ing the
session.
By default
, a sessio
n will not
be
|
108 |
|
* cre
ated.
|
|
154 |
|
* cre
ated.
|
|
151 |
|
* cre
ated.
|
109 |
|
*/
|
|
155 |
|
*/
|
|
152 |
|
*/
|
110 |
|
protec
ted boolea
n alwaysUs
eSession =
false;
|
|
156 |
|
protec
ted boolea
n alwaysUs
eSession =
false;
|
|
153 |
|
protec
ted boolea
n alwaysUs
eSession =
false;
|
111 |
|
|
|
157 |
|
|
|
154 |
|
|
112 |
|
|
|
|
|
|
|
|
|
|
113 |
|
/**
|
|
158 |
|
/**
|
|
155 |
|
/**
|
114 |
|
* Should w
e cache au
thenticate
d Principa
ls if the
request is
part of
|
|
159 |
|
* Should w
e cache au
thenticate
d Principa
ls if the
request is
part of
an
|
|
156 |
|
* Sho
uld we cac
he authent
icated Pri
ncipals if
the reque
st is part
of an
|
115 |
|
*
an
HTTP sessi
on?
|
|
160 |
|
*
HTTP sessi
on?
|
|
157 |
|
* HTT
P session?
|
116 |
|
*/
|
|
161 |
|
*/
|
|
158 |
|
*/
|
117 |
|
protec
ted boolea
n cache =
true;
|
|
162 |
|
protec
ted boolea
n cache =
true;
|
|
159 |
|
protec
ted boolea
n cache =
true;
|
118 |
|
|
|
163 |
|
|
|
160 |
|
|
119 |
|
|
|
|
|
|
|
|
|
|
120 |
|
/**
|
|
164 |
|
/**
|
|
161 |
|
/**
|
121 |
|
* Sho
uld the se
ssion ID,
if any, be
changed u
pon a succ
essful
|
|
165 |
|
* Sho
uld the se
ssion ID,
if any, be
changed u
pon a succ
essful
|
|
162 |
|
* Sho
uld the se
ssion ID,
if any, be
changed u
pon a succ
essful
|
122 |
|
* aut
henticatio
n to preve
nt a sessi
on fixatio
n attack?
|
|
166 |
|
* aut
henticatio
n to preve
nt a sessi
on fixatio
n attack?
|
|
163 |
|
* aut
henticatio
n to preve
nt a sessi
on fixatio
n attack?
|
123 |
|
*/
|
|
167 |
|
*/
|
|
164 |
|
*/
|
124 |
|
protec
ted boolea
n changeSe
ssionIdOnA
uthenticat
ion = true
;
|
|
168 |
|
protec
ted boolea
n changeSe
ssionIdOnA
uthenticat
ion = true
;
|
|
165 |
|
protec
ted boolea
n changeSe
ssionIdOnA
uthenticat
ion = true
;
|
125 |
|
|
|
169 |
|
|
|
166 |
|
|
126 |
|
/**
|
|
170 |
|
/**
|
|
167 |
|
/**
|
127 |
|
* The
Context t
o which th
is Valve i
s attached
.
|
|
171 |
|
* The
Context t
o which th
is Valve i
s attached
.
|
|
168 |
|
* The
Context t
o which th
is Valve i
s attached
.
|
128 |
|
*/
|
|
172 |
|
*/
|
|
169 |
|
*/
|
129 |
|
protec
ted Contex
t context
= null;
|
|
173 |
|
protec
ted Contex
t context
= null;
|
|
170 |
|
protec
ted Contex
t context
= null;
|
130 |
|
|
|
174 |
|
|
|
171 |
|
|
131 |
|
|
|
|
|
|
|
|
|
|
132 |
|
/**
|
|
175 |
|
/**
|
|
172 |
|
/**
|
133 |
|
* Flag to
determine
if we disa
ble proxy
caching, o
r leave th
e issue
|
|
176 |
|
* Flag to
determine
if we disa
ble proxy
caching, o
r leave th
e issue
up to
|
|
173 |
|
* Fla
g to deter
mine if we
disable p
roxy cachi
ng, or lea
ve the iss
ue up to
|
134 |
|
*
up to
the webapp
developer
.
|
|
177 |
|
*
the webapp
developer
.
|
|
174 |
|
* the
webapp de
veloper.
|
135 |
|
*/
|
|
178 |
|
*/
|
|
175 |
|
*/
|
136 |
|
protec
ted boolea
n disableP
roxyCachin
g = true;
|
|
179 |
|
protec
ted boolea
n disableP
roxyCachin
g = true;
|
|
176 |
|
protec
ted boolea
n disableP
roxyCachin
g = true;
|
137 |
|
|
|
180 |
|
|
|
177 |
|
|
138 |
|
/**
|
|
181 |
|
/**
|
|
178 |
|
/**
|
139 |
|
* Fla
g to deter
mine if we
disable p
roxy cachi
ng with he
aders inco
mpatible
|
|
182 |
|
* Fla
g to deter
mine if we
disable p
roxy cachi
ng with he
aders inco
mpatible
|
|
179 |
|
* Fla
g to deter
mine if we
disable p
roxy cachi
ng with he
aders inco
mpatible
|
140 |
|
* wit
h IE.
|
|
183 |
|
* wit
h IE.
|
|
180 |
|
* wit
h IE.
|
141 |
|
*/
|
|
184 |
|
*/
|
|
181 |
|
*/
|
142 |
|
protec
ted boolea
n securePa
gesWithPra
gma = fals
e;
|
|
185 |
|
protec
ted boolea
n securePa
gesWithPra
gma = fals
e;
|
|
182 |
|
protec
ted boolea
n securePa
gesWithPra
gma = fals
e;
|
143 |
|
|
|
186 |
|
|
|
183 |
|
|
144 |
|
/**
|
|
187 |
|
/**
|
|
184 |
|
/**
|
145 |
|
* The
Java clas
s name of
the secure
random nu
mber gener
ator class
to be
|
|
188 |
|
* The
Java clas
s name of
the secure
random nu
mber gener
ator class
to be
|
|
185 |
|
* The
Java clas
s name of
the secure
random nu
mber gener
ator class
to be
|
146 |
|
* use
d when gen
erating SS
O session
identifier
s. The ran
dom number
generator
|
|
189 |
|
* use
d when gen
erating SS
O session
identifier
s. The ran
dom number
generator
|
|
186 |
|
* use
d when gen
erating SS
O session
identifier
s. The ran
dom number
generator
|
147 |
|
* cla
ss must be
self-seed
ing and ha
ve a zero-
argument c
onstructor
. If not
|
|
190 |
|
* cla
ss must be
self-seed
ing and ha
ve a zero-
argument c
onstructor
. If not
|
|
187 |
|
* cla
ss must be
self-seed
ing and ha
ve a zero-
argument c
onstructor
. If not
|
148 |
|
* spe
cified, an
instance
of {@link
java.secur
ity.Secure
Random} wi
ll be
|
|
191 |
|
* spe
cified, an
instance
of {@link
java.secur
ity.Secure
Random} wi
ll be
|
|
188 |
|
* spe
cified, an
instance
of {@link
java.secur
ity.Secure
Random} wi
ll be
|
149 |
|
* gen
erated.
|
|
192 |
|
* gen
erated.
|
|
189 |
|
* gen
erated.
|
150 |
|
*/
|
|
193 |
|
*/
|
|
190 |
|
*/
|
151 |
|
protec
ted String
secureRan
domClass =
null;
|
|
194 |
|
protec
ted String
secureRan
domClass =
null;
|
|
191 |
|
protec
ted String
secureRan
domClass =
null;
|
152 |
|
|
|
195 |
|
|
|
192 |
|
|
153 |
|
/**
|
|
196 |
|
/**
|
|
193 |
|
/**
|
154 |
|
* The
name of t
he algorit
hm to use
to create
instances
of
|
|
197 |
|
* The
name of t
he algorit
hm to use
to create
instances
of
|
|
194 |
|
* The
name of t
he algorit
hm to use
to create
instances
of
|
155 |
|
* {@l
ink java.s
ecurity.Se
cureRandom
} which ar
e used to
generate S
SO session
|
|
198 |
|
* {@l
ink java.s
ecurity.Se
cureRandom
} which ar
e used to
generate S
SO session
|
|
195 |
|
* {@l
ink java.s
ecurity.Se
cureRandom
} which ar
e used to
generate S
SO session
|
156 |
|
* IDs
. If no al
gorithm is
specified
, SHA1PRNG
is used.
To use the
platform
|
|
199 |
|
* IDs
. If no al
gorithm is
specified
, SHA1PRNG
is used.
To use the
platform
|
|
196 |
|
* IDs
. If no al
gorithm is
specified
, SHA1PRNG
is used.
To use the
platform
|
157 |
|
* def
ault (whic
h may be S
HA1PRNG),
specify th
e empty st
ring. If a
n invalid
|
|
200 |
|
* def
ault (whic
h may be S
HA1PRNG),
specify th
e empty st
ring. If a
n invalid
|
|
197 |
|
* def
ault (whic
h may be S
HA1PRNG),
specify th
e empty st
ring. If a
n invalid
|
158 |
|
* alg
orithm and
/or provid
er is spec
ified the
SecureRand
om instanc
es will be
|
|
201 |
|
* alg
orithm and
/or provid
er is spec
ified the
SecureRand
om instanc
es will be
|
|
198 |
|
* alg
orithm and
/or provid
er is spec
ified the
SecureRand
om instanc
es will be
|
159 |
|
* cre
ated using
the defau
lts. If th
at fails,
the Secure
Random ins
tances
|
|
202 |
|
* cre
ated using
the defau
lts. If th
at fails,
the Secure
Random ins
tances
|
|
199 |
|
* cre
ated using
the defau
lts. If th
at fails,
the Secure
Random ins
tances
|
160 |
|
* wil
l be creat
ed using p
latform de
faults.
|
|
203 |
|
* wil
l be creat
ed using p
latform de
faults.
|
|
200 |
|
* wil
l be creat
ed using p
latform de
faults.
|
161 |
|
*/
|
|
204 |
|
*/
|
|
201 |
|
*/
|
162 |
|
protec
ted String
secureRan
domAlgorit
hm = "SHA1
PRNG";
|
|
205 |
|
protec
ted String
secureRan
domAlgorit
hm = "SHA1
PRNG";
|
|
202 |
|
protec
ted String
secureRan
domAlgorit
hm = "SHA1
PRNG";
|
163 |
|
|
|
206 |
|
|
|
203 |
|
|
164 |
|
/**
|
|
207 |
|
/**
|
|
204 |
|
/**
|
165 |
|
* The
name of t
he provide
r to use t
o create i
nstances o
f
|
|
208 |
|
* The
name of t
he provide
r to use t
o create i
nstances o
f
|
|
205 |
|
* The
name of t
he provide
r to use t
o create i
nstances o
f
|
166 |
|
* {@l
ink java.s
ecurity.Se
cureRandom
} which ar
e used to
generate s
ession SSO
|
|
209 |
|
* {@l
ink java.s
ecurity.Se
cureRandom
} which ar
e used to
generate s
ession SSO
|
|
206 |
|
* {@l
ink java.s
ecurity.Se
cureRandom
} which ar
e used to
generate s
ession SSO
|
167 |
|
* IDs
. If no al
gorithm is
specified
the of SH
A1PRNG def
ault is us
ed. If an
|
|
210 |
|
* IDs
. If no al
gorithm is
specified
the of SH
A1PRNG def
ault is us
ed. If an
|
|
207 |
|
* IDs
. If no al
gorithm is
specified
the of SH
A1PRNG def
ault is us
ed. If an
|
168 |
|
* inv
alid algor
ithm and/o
r provider
is specif
ied the Se
cureRandom
instances
|
|
211 |
|
* inv
alid algor
ithm and/o
r provider
is specif
ied the Se
cureRandom
instances
|
|
208 |
|
* inv
alid algor
ithm and/o
r provider
is specif
ied the Se
cureRandom
instances
|
169 |
|
* wil
l be creat
ed using t
he default
s. If that
fails, th
e SecureRa
ndom
|
|
212 |
|
* wil
l be creat
ed using t
he default
s. If that
fails, th
e SecureRa
ndom
|
|
209 |
|
* wil
l be creat
ed using t
he default
s. If that
fails, th
e SecureRa
ndom
|
170 |
|
* ins
tances wil
l be creat
ed using p
latform de
faults.
|
|
213 |
|
* ins
tances wil
l be creat
ed using p
latform de
faults.
|
|
210 |
|
* ins
tances wil
l be creat
ed using p
latform de
faults.
|
171 |
|
*/
|
|
214 |
|
*/
|
|
211 |
|
*/
|
172 |
|
protec
ted String
secureRan
domProvide
r = null;
|
|
215 |
|
protec
ted String
secureRan
domProvide
r = null;
|
|
212 |
|
protec
ted String
secureRan
domProvide
r = null;
|
173 |
|
|
|
216 |
|
|
|
213 |
|
|
174 |
|
protec
ted Sessio
nIdGenerat
orBase ses
sionIdGene
rator = nu
ll;
|
|
217 |
|
protec
ted Sessio
nIdGenerat
orBase ses
sionIdGene
rator = nu
ll;
|
|
214 |
|
protec
ted Sessio
nIdGenerat
orBase ses
sionIdGene
rator = nu
ll;
|
175 |
|
|
|
218 |
|
|
|
215 |
|
|
176 |
|
/**
|
|
219 |
|
/**
|
|
216 |
|
/**
|
177 |
|
* The
string ma
nager for
this packa
ge.
|
|
220 |
|
* The Sing
leSignOn i
mplementat
ion in our
request p
rocessing
chain,
if there
|
|
217 |
|
* The
SingleSig
nOn implem
entation i
n our requ
est proces
sing chain
, if there
|
178 |
|
*/
|
|
221 |
|
* i
s one.
|
|
218 |
|
* is
one.
|
179 |
|
protec
ted static
final Str
ingManager
sm =
|
|
|
|
|
|
|
|
|
180 |
|
St
ringManage
r.getManag
er(Constan
ts.Package
);
|
|
|
|
|
|
|
|
|
181 |
|
|
|
|
|
|
|
|
|
|
182 |
|
|
|
|
|
|
|
|
|
|
183 |
|
/**
|
|
|
|
|
|
|
|
|
184 |
|
* The Sing
leSignOn i
mplementat
ion in our
request p
rocessing
chain,
|
|
|
|
|
|
|
|
|
185 |
|
* i
f there i
s one.
|
|
|
|
|
|
|
|
|
186 |
|
*/
|
|
222 |
|
*/
|
|
219 |
|
*/
|
187 |
|
protec
ted Single
SignOn sso
= null;
|
|
223 |
|
protec
ted Single
SignOn sso
= null;
|
|
220 |
|
protec
ted Single
SignOn sso
= null;
|
188 |
|
|
|
224 |
|
|
|
221 |
|
|
189 |
|
|
|
225 |
|
privat
e volatile
String ja
spicAppCon
textID = n
ull;
|
|
222 |
|
privat
e volatile
String ja
spicAppCon
textID = n
ull;
|
190 |
|
/**
|
|
226 |
|
private vo
latile
AuthConfig
Provider
jaspicPro
vider = nu
ll;
|
|
223 |
|
private vo
latile
Optional<
AuthConfig
Provider
>
jaspicPro
vider = nu
ll;
|
191 |
|
* "Ex
pires" hea
der always
set to Da
te(1), so
generate o
nce only
|
|
|
|
|
|
|
|
|
192 |
|
*/
|
|
|
|
|
|
|
|
|
193 |
|
privat
e static f
inal Strin
g DATE_ONE
=
|
|
|
|
|
|
|
|
|
194 |
|
(n
ew SimpleD
ateFormat(
FastHttpDa
teFormat.R
FC1123_DAT
E,
|
|
|
|
|
|
|
|
|
195 |
|
Locale.US)
).format(n
ew Date(1)
);
|
|
|
|
|
|
|
|
|
196 |
|
|
|
|
|
|
|
|
|
|
197 |
|
|
|
|
|
|
|
|
|
|
198 |
|
protec
ted static
String ge
tRealmName
(Context c
ontext) {
|
|
|
|
|
|
|
|
|
199 |
|
if
(context
== null) {
|
|
|
|
|
|
|
|
|
200 |
|
// Very
unlikely
|
|
|
|
|
|
|
|
|
201 |
|
return R
EALM_NAME;
|
|
|
|
|
|
|
|
|
202 |
|
}
|
|
|
|
|
|
|
|
|
203 |
|
|
|
|
|
|
|
|
|
|
204 |
|
Lo
ginConfig
config = c
ontext.get
LoginConfi
g();
|
|
|
|
|
|
|
|
|
205 |
|
if
(config =
= null) {
|
|
|
|
|
|
|
|
|
206 |
|
return R
EALM_NAME;
|
|
|
|
|
|
|
|
|
207 |
|
}
|
|
|
|
|
|
|
|
|
208 |
|
|
|
|
|
|
|
|
|
|
209 |
|
St
ring resul
t = config
.getRealmN
ame();
|
|
|
|
|
|
|
|
|
210 |
|
if
(result =
= null) {
|
|
|
|
|
|
|
|
|
211 |
|
return R
EALM_NAME;
|
|
|
|
|
|
|
|
|
212 |
|
}
|
|
|
|
|
|
|
|
|
213 |
|
|
|
|
|
|
|
|
|
|
214 |
|
re
turn resul
t;
|
|
|
|
|
|
|
|
|
215 |
|
}
|
|
|
|
|
|
|
|
|
216 |
|
|
|
227 |
|
|
|
224 |
|
|
217 |
|
|
|
228 |
|
|
|
225 |
|
|
218 |
|
// ---
----------
----------
----------
----------
----------
-------- P
roperties
|
|
229 |
|
// ---
----------
----------
----------
----------
----------
-------- P
roperties
|
|
226 |
|
// ---
----------
----------
----------
----------
----------
-------- P
roperties
|
219 |
|
|
|
230 |
|
|
|
227 |
|
|
220 |
|
|
|
|
|
|
|
|
|
|
221 |
|
public
boolean g
etAlwaysUs
eSession()
{
|
|
231 |
|
public
boolean g
etAlwaysUs
eSession()
{
|
|
228 |
|
public
boolean g
etAlwaysUs
eSession()
{
|
222 |
|
re
turn alway
sUseSessio
n;
|
|
232 |
|
re
turn alway
sUseSessio
n;
|
|
229 |
|
re
turn alway
sUseSessio
n;
|
223 |
|
}
|
|
233 |
|
}
|
|
230 |
|
}
|
224 |
|
|
|
234 |
|
|
|
231 |
|
|
225 |
|
|
|
|
|
|
|
|
|
|
226 |
|
public
void setA
lwaysUseSe
ssion(bool
ean always
UseSession
) {
|
|
235 |
|
public
void setA
lwaysUseSe
ssion(bool
ean always
UseSession
) {
|
|
232 |
|
public
void setA
lwaysUseSe
ssion(bool
ean always
UseSession
) {
|
227 |
|
th
is.alwaysU
seSession
= alwaysUs
eSession;
|
|
236 |
|
th
is.alwaysU
seSession
= alwaysUs
eSession;
|
|
233 |
|
th
is.alwaysU
seSession
= alwaysUs
eSession;
|
228 |
|
}
|
|
237 |
|
}
|
|
234 |
|
}
|
229 |
|
|
|
238 |
|
|
|
235 |
|
|
230 |
|
|
|
|
|
|
|
|
|
|
231 |
|
/**
|
|
239 |
|
/**
|
|
236 |
|
/**
|
232 |
|
* Ret
urn the ca
che authen
ticated Pr
incipals f
lag.
|
|
240 |
|
* Ret
urn the ca
che authen
ticated Pr
incipals f
lag.
|
|
237 |
|
* Ret
urn the ca
che authen
ticated Pr
incipals f
lag.
|
|
|
|
|
241 |
|
*
|
|
238 |
|
*
|
|
|
|
|
242 |
|
* @re
turn <code
>true</cod
e> if auth
enticated
Principals
will be c
ached,
|
|
239 |
|
* @re
turn <code
>true</cod
e> if auth
enticated
Principals
will be c
ached,
|
|
|
|
|
243 |
|
*
other
wise <code
>false</co
de>
|
|
240 |
|
*
other
wise <code
>false</co
de>
|
233 |
|
*/
|
|
244 |
|
*/
|
|
241 |
|
*/
|
234 |
|
public
boolean g
etCache()
{
|
|
245 |
|
public
boolean g
etCache()
{
|
|
242 |
|
public
boolean g
etCache()
{
|
235 |
|
|
|
246 |
|
return
this.cache
;
|
|
243 |
|
re
turn this.
cache;
|
236 |
|
return
(
this.cache
)
;
|
|
|
|
|
|
|
|
|
237 |
|
|
|
|
|
|
|
|
|
|
238 |
|
}
|
|
247 |
|
}
|
|
244 |
|
}
|
239 |
|
|
|
248 |
|
|
|
245 |
|
|
240 |
|
|
|
|
|
|
|
|
|
|
241 |
|
/**
|
|
249 |
|
/**
|
|
246 |
|
/**
|
242 |
|
* Set
the cache
authentic
ated Princ
ipals flag
.
|
|
250 |
|
* Set
the cache
authentic
ated Princ
ipals flag
.
|
|
247 |
|
* Set
the cache
authentic
ated Princ
ipals flag
.
|
243 |
|
*
|
|
251 |
|
*
|
|
248 |
|
*
|
244 |
|
* @param c
ache
The new c
ache flag
|
|
252 |
|
* @param c
ache
|
|
249 |
|
* @pa
ram cache
|
|
|
|
|
253 |
|
*
Th
e new cach
e flag
|
|
250 |
|
*
Th
e new cach
e flag
|
245 |
|
*/
|
|
254 |
|
*/
|
|
251 |
|
*/
|
246 |
|
public
void setC
ache(boole
an cache)
{
|
|
255 |
|
public
void setC
ache(boole
an cache)
{
|
|
252 |
|
public
void setC
ache(boole
an cache)
{
|
247 |
|
|
|
|
|
|
|
|
|
|
248 |
|
th
is.cache =
cache;
|
|
256 |
|
th
is.cache =
cache;
|
|
253 |
|
th
is.cache =
cache;
|
249 |
|
|
|
|
|
|
|
|
|
|
250 |
|
}
|
|
257 |
|
}
|
|
254 |
|
}
|
251 |
|
|
|
258 |
|
|
|
255 |
|
|
252 |
|
|
|
|
|
|
|
|
|
|
253 |
|
/**
|
|
259 |
|
/**
|
|
256 |
|
/**
|
254 |
|
* Ret
urn the Co
ntainer to
which thi
s Valve is
attached.
|
|
260 |
|
* Ret
urn the Co
ntainer to
which thi
s Valve is
attached.
|
|
257 |
|
* Ret
urn the Co
ntainer to
which thi
s Valve is
attached.
|
255 |
|
*/
|
|
261 |
|
*/
|
|
258 |
|
*/
|
256 |
|
@Overr
ide
|
|
262 |
|
@Overr
ide
|
|
259 |
|
@Overr
ide
|
257 |
|
public
Container
getContai
ner() {
|
|
263 |
|
public
Container
getContai
ner() {
|
|
260 |
|
public
Container
getContai
ner() {
|
258 |
|
|
|
264 |
|
return
this.conte
xt
;
|
|
261 |
|
re
turn this.
context;
|
259 |
|
return
(
this.conte
xt
)
;
|
|
|
|
|
|
|
|
|
260 |
|
|
|
|
|
|
|
|
|
|
261 |
|
}
|
|
265 |
|
}
|
|
262 |
|
}
|
262 |
|
|
|
266 |
|
|
|
263 |
|
|
263 |
|
|
|
|
|
|
|
|
|
|
264 |
|
/**
|
|
267 |
|
/**
|
|
264 |
|
/**
|
265 |
|
* Set
the Conta
iner to wh
ich this V
alve is at
tached.
|
|
268 |
|
* Set
the Conta
iner to wh
ich this V
alve is at
tached.
|
|
265 |
|
* Set
the Conta
iner to wh
ich this V
alve is at
tached.
|
266 |
|
*
|
|
269 |
|
*
|
|
266 |
|
*
|
267 |
|
*
@param con
tainer
The contai
ner to whi
ch we are
attached
|
|
270 |
|
* @pa
ram contai
ner
|
|
267 |
|
* @pa
ram contai
ner
|
|
|
|
|
271 |
|
*
The contai
ner to whi
ch we are
attached
|
|
268 |
|
*
Th
e containe
r to which
we are at
tached
|
268 |
|
*/
|
|
272 |
|
*/
|
|
269 |
|
*/
|
269 |
|
@Overr
ide
|
|
273 |
|
@Overr
ide
|
|
270 |
|
@Overr
ide
|
270 |
|
public
void setC
ontainer(C
ontainer c
ontainer)
{
|
|
274 |
|
public
void setC
ontainer(C
ontainer c
ontainer)
{
|
|
271 |
|
public
void setC
ontainer(C
ontainer c
ontainer)
{
|
271 |
|
|
|
275 |
|
|
|
272 |
|
|
272 |
|
if
(containe
r != null
&& !(conta
iner insta
nceof Cont
ext)) {
|
|
276 |
|
if
(containe
r != null
&& !(conta
iner insta
nceof Cont
ext)) {
|
|
273 |
|
if
(containe
r != null
&& !(conta
iner insta
nceof Cont
ext)) {
|
273 |
|
throw new
IllegalArg
umentExcep
tion
|
|
277 |
|
throw new
IllegalArg
umentExcep
tion
(sm.getStr
ing("authe
nticator.n
otContext"
));
|
|
274 |
|
throw ne
w IllegalA
rgumentExc
eption(sm.
getString(
"authentic
ator.notCo
ntext"));
|
274 |
|
(sm.
getString(
"authentic
ator.notCo
ntext"));
|
|
|
|
|
|
|
|
|
275 |
|
}
|
|
278 |
|
}
|
|
275 |
|
}
|
276 |
|
|
|
279 |
|
|
|
276 |
|
|
277 |
|
su
per.setCon
tainer(con
tainer);
|
|
280 |
|
su
per.setCon
tainer(con
tainer);
|
|
277 |
|
su
per.setCon
tainer(con
tainer);
|
278 |
|
th
is.context
= (Contex
t) contain
er;
|
|
281 |
|
th
is.context
= (Contex
t) contain
er;
|
|
278 |
|
th
is.context
= (Contex
t) contain
er;
|
279 |
|
|
|
282 |
|
|
|
279 |
|
|
280 |
|
}
|
|
283 |
|
}
|
|
280 |
|
}
|
281 |
|
|
|
284 |
|
|
|
281 |
|
|
282 |
|
|
|
|
|
|
|
|
|
|
283 |
|
/**
|
|
285 |
|
/**
|
|
282 |
|
/**
|
284 |
|
* Ret
urn the fl
ag that st
ates if we
add heade
rs to disa
ble cachin
g by
|
|
286 |
|
* Ret
urn the fl
ag that st
ates if we
add heade
rs to disa
ble cachin
g by
|
|
283 |
|
* Ret
urn the fl
ag that st
ates if we
add heade
rs to disa
ble cachin
g by
|
285 |
|
* pro
xies.
|
|
287 |
|
* pro
xies.
|
|
284 |
|
* pro
xies.
|
|
|
|
|
288 |
|
*
|
|
285 |
|
*
|
|
|
|
|
289 |
|
* @re
turn <code
>true</cod
e> if the
headers wi
ll be adde
d, otherwi
se
|
|
286 |
|
* @re
turn <code
>true</cod
e> if the
headers wi
ll be adde
d, otherwi
se
|
|
|
|
|
290 |
|
*
<code
>false</co
de>
|
|
287 |
|
*
<code
>false</co
de>
|
286 |
|
*/
|
|
291 |
|
*/
|
|
288 |
|
*/
|
287 |
|
public
boolean g
etDisableP
roxyCachin
g() {
|
|
292 |
|
public
boolean g
etDisableP
roxyCachin
g() {
|
|
289 |
|
public
boolean g
etDisableP
roxyCachin
g() {
|
288 |
|
re
turn disab
leProxyCac
hing;
|
|
293 |
|
re
turn disab
leProxyCac
hing;
|
|
290 |
|
re
turn disab
leProxyCac
hing;
|
289 |
|
}
|
|
294 |
|
}
|
|
291 |
|
}
|
290 |
|
|
|
295 |
|
|
|
292 |
|
|
291 |
|
/**
|
|
296 |
|
/**
|
|
293 |
|
/**
|
292 |
|
* Set
the value
of the fl
ag that st
ates if we
add heade
rs to disa
ble
|
|
297 |
|
* Set
the value
of the fl
ag that st
ates if we
add heade
rs to disa
ble
|
|
294 |
|
* Set
the value
of the fl
ag that st
ates if we
add heade
rs to disa
ble
|
293 |
|
* cac
hing by pr
oxies.
|
|
298 |
|
* cac
hing by pr
oxies.
|
|
295 |
|
* cac
hing by pr
oxies.
|
294 |
|
*
@param noc
ache
<code>true
</code> if
we add he
aders to d
isable pro
xy
|
|
299 |
|
*
|
|
296 |
|
*
|
295 |
|
*
caching,
<code>fals
e</code> i
f we leave
the heade
rs alone.
|
|
300 |
|
* @pa
ram nocach
e
|
|
297 |
|
* @pa
ram nocach
e
|
|
|
|
|
301 |
|
*
<code>true
</code> if
we add he
aders to d
isable pro
xy
caching,
|
|
298 |
|
*
<c
ode>true</
code> if w
e add head
ers to dis
able proxy
caching,
|
|
|
|
|
302 |
|
*
<code>fals
e</code> i
f we leave
the heade
rs alone.
|
|
299 |
|
*
<c
ode>false<
/code> if
we leave t
he headers
alone.
|
296 |
|
*/
|
|
303 |
|
*/
|
|
300 |
|
*/
|
297 |
|
public
void setD
isableProx
yCaching(b
oolean noc
ache) {
|
|
304 |
|
public
void setD
isableProx
yCaching(b
oolean noc
ache) {
|
|
301 |
|
public
void setD
isableProx
yCaching(b
oolean noc
ache) {
|
298 |
|
di
sableProxy
Caching =
nocache;
|
|
305 |
|
di
sableProxy
Caching =
nocache;
|
|
302 |
|
di
sableProxy
Caching =
nocache;
|
299 |
|
}
|
|
306 |
|
}
|
|
303 |
|
}
|
300 |
|
|
|
307 |
|
|
|
304 |
|
|
301 |
|
/**
|
|
308 |
|
/**
|
|
305 |
|
/**
|
302 |
|
* Ret
urn the fl
ag that st
ates, if p
roxy cachi
ng is disa
bled, what
headers
|
|
309 |
|
* Ret
urn the fl
ag that st
ates, if p
roxy cachi
ng is disa
bled, what
headers
|
|
306 |
|
* Ret
urn the fl
ag that st
ates, if p
roxy cachi
ng is disa
bled, what
headers
|
303 |
|
* we
add to dis
able the c
aching.
|
|
310 |
|
* we
add to dis
able the c
aching.
|
|
307 |
|
* we
add to dis
able the c
aching.
|
|
|
|
|
311 |
|
*
|
|
308 |
|
*
|
|
|
|
|
312 |
|
* @re
turn <code
>true</cod
e> if a Pr
agma heade
r should b
e used, ot
herwise
|
|
309 |
|
* @re
turn <code
>true</cod
e> if a Pr
agma heade
r should b
e used, ot
herwise
|
|
|
|
|
313 |
|
*
<code
>false</co
de>
|
|
310 |
|
*
<code
>false</co
de>
|
304 |
|
*/
|
|
314 |
|
*/
|
|
311 |
|
*/
|
305 |
|
public
boolean g
etSecurePa
gesWithPra
gma() {
|
|
315 |
|
public
boolean g
etSecurePa
gesWithPra
gma() {
|
|
312 |
|
public
boolean g
etSecurePa
gesWithPra
gma() {
|
306 |
|
re
turn secur
ePagesWith
Pragma;
|
|
316 |
|
re
turn secur
ePagesWith
Pragma;
|
|
313 |
|
re
turn secur
ePagesWith
Pragma;
|
307 |
|
}
|
|
317 |
|
}
|
|
314 |
|
}
|
308 |
|
|
|
318 |
|
|
|
315 |
|
|
309 |
|
/**
|
|
319 |
|
/**
|
|
316 |
|
/**
|
310 |
|
* Set
the value
of the fl
ag that st
ates what
headers we
add to di
sable
|
|
320 |
|
* Set
the value
of the fl
ag that st
ates what
headers we
add to di
sable
|
|
317 |
|
* Set
the value
of the fl
ag that st
ates what
headers we
add to di
sable
|
311 |
|
* pro
xy caching
.
|
|
321 |
|
* pro
xy caching
.
|
|
318 |
|
* pro
xy caching
.
|
312 |
|
*
@param sec
urePagesWi
thPragma
<code>true
</code> if
we add he
aders whic
h
|
|
322 |
|
*
|
|
319 |
|
*
|
313 |
|
*
are incomp
atible
with downl
oading off
ice docume
nts in IE
under SSL
but
|
|
323 |
|
* @pa
ram secure
PagesWithP
ragma
|
|
320 |
|
* @pa
ram secure
PagesWithP
ragma
|
314 |
|
*
which
fix a cach
ing proble
m in Mozil
la.
|
|
324 |
|
*
<code>true
</code> if
we add he
aders whic
h
are incom
patible
|
|
321 |
|
*
<c
ode>true</
code> if w
e add head
ers which
are incomp
atible
|
|
|
|
|
325 |
|
*
with downl
oading off
ice docume
nts in IE
under SSL
but
which
|
|
322 |
|
*
wi
th downloa
ding offic
e document
s in IE un
der SSL bu
t which
|
|
|
|
|
326 |
|
*
fix a cach
ing proble
m in Mozil
la.
|
|
323 |
|
*
fi
x a cachin
g problem
in Mozilla
.
|
315 |
|
*/
|
|
327 |
|
*/
|
|
324 |
|
*/
|
316 |
|
public
void setS
ecurePages
WithPragma
(boolean s
ecurePages
WithPragma
) {
|
|
328 |
|
public
void setS
ecurePages
WithPragma
(boolean s
ecurePages
WithPragma
) {
|
|
325 |
|
public
void setS
ecurePages
WithPragma
(boolean s
ecurePages
WithPragma
) {
|
317 |
|
th
is.secureP
agesWithPr
agma = sec
urePagesWi
thPragma;
|
|
329 |
|
th
is.secureP
agesWithPr
agma = sec
urePagesWi
thPragma;
|
|
326 |
|
th
is.secureP
agesWithPr
agma = sec
urePagesWi
thPragma;
|
318 |
|
}
|
|
330 |
|
}
|
|
327 |
|
}
|
319 |
|
|
|
331 |
|
|
|
328 |
|
|
320 |
|
/**
|
|
332 |
|
/**
|
|
329 |
|
/**
|
321 |
|
* Ret
urn the fl
ag that st
ates if we
should ch
ange the s
ession ID
of an
|
|
333 |
|
* Ret
urn the fl
ag that st
ates if we
should ch
ange the s
ession ID
of an
|
|
330 |
|
* Ret
urn the fl
ag that st
ates if we
should ch
ange the s
ession ID
of an
|
322 |
|
* exi
sting sess
ion upon s
uccessful
authentica
tion.
|
|
334 |
|
* exi
sting sess
ion upon s
uccessful
authentica
tion.
|
|
331 |
|
* exi
sting sess
ion upon s
uccessful
authentica
tion.
|
323 |
|
*
|
|
335 |
|
*
|
|
332 |
|
*
|
324 |
|
* @re
turn <code
>true</cod
e> to chan
ge session
ID upon s
uccessful
|
|
336 |
|
* @re
turn <code
>true</cod
e> to chan
ge session
ID upon s
uccessful
|
|
333 |
|
* @re
turn <code
>true</cod
e> to chan
ge session
ID upon s
uccessful
|
325 |
|
*
authe
ntication,
<code>fal
se</code>
to do not
perform th
e change.
|
|
337 |
|
*
authe
ntication,
<code>fal
se</code>
to do not
perform th
e change.
|
|
334 |
|
*
authe
ntication,
<code>fal
se</code>
to do not
perform th
e change.
|
326 |
|
*/
|
|
338 |
|
*/
|
|
335 |
|
*/
|
327 |
|
public
boolean g
etChangeSe
ssionIdOnA
uthenticat
ion() {
|
|
339 |
|
public
boolean g
etChangeSe
ssionIdOnA
uthenticat
ion() {
|
|
336 |
|
public
boolean g
etChangeSe
ssionIdOnA
uthenticat
ion() {
|
328 |
|
re
turn chang
eSessionId
OnAuthenti
cation;
|
|
340 |
|
re
turn chang
eSessionId
OnAuthenti
cation;
|
|
337 |
|
re
turn chang
eSessionId
OnAuthenti
cation;
|
329 |
|
}
|
|
341 |
|
}
|
|
338 |
|
}
|
330 |
|
|
|
342 |
|
|
|
339 |
|
|
331 |
|
/**
|
|
343 |
|
/**
|
|
340 |
|
/**
|
332 |
|
* Set
the value
of the fl
ag that st
ates if we
should ch
ange the s
ession ID
|
|
344 |
|
* Set
the value
of the fl
ag that st
ates if we
should ch
ange the s
ession ID
|
|
341 |
|
* Set
the value
of the fl
ag that st
ates if we
should ch
ange the s
ession ID
|
333 |
|
* of
an existin
g session
upon succe
ssful auth
entication
.
|
|
345 |
|
* of
an existin
g session
upon succe
ssful auth
entication
.
|
|
342 |
|
* of
an existin
g session
upon succe
ssful auth
entication
.
|
334 |
|
*
|
|
346 |
|
*
|
|
343 |
|
*
|
335 |
|
* @param c
hangeSessi
onIdOnAuth
entication
|
|
347 |
|
* @param c
hangeSessi
onIdOnAuth
entication
<code>tru
e</code> t
o change
|
|
344 |
|
* @pa
ram change
SessionIdO
nAuthentic
ation <cod
e>true</co
de> to cha
nge
|
336 |
|
*
<c
ode>true</
code> to c
hange sess
ion ID upo
n successf
ul
|
|
348 |
|
*
session ID
upon succ
essful
authentica
tion, <cod
e>false</c
ode>
|
|
345 |
|
*
se
ssion ID u
pon succes
sful authe
ntication,
<code>fal
se</code>
|
337 |
|
*
authentica
tion, <cod
e>false</c
ode>
to do not
perform t
he
|
|
349 |
|
*
to
do not pe
rform the
change.
|
|
346 |
|
*
to
do not pe
rform the
change.
|
338 |
|
*
ch
ange.
|
|
|
|
|
|
|
|
|
339 |
|
*/
|
|
350 |
|
*/
|
|
347 |
|
*/
|
340 |
|
public voi
d setChang
eSessionId
OnAuthenti
cation(
|
|
351 |
|
public voi
d setChang
eSessionId
OnAuthenti
cation(
boolean ch
angeSessio
nIdOnAuthe
ntication)
{
|
|
348 |
|
public
void setC
hangeSessi
onIdOnAuth
entication
(boolean c
hangeSessi
onIdOnAuth
entication
) {
|
341 |
|
boolean
changeSess
ionIdOnAut
henticatio
n) {
|
|
|
|
|
|
|
|
|
342 |
|
th
is.changeS
essionIdOn
Authentica
tion = cha
ngeSession
IdOnAuthen
tication;
|
|
352 |
|
th
is.changeS
essionIdOn
Authentica
tion = cha
ngeSession
IdOnAuthen
tication;
|
|
349 |
|
th
is.changeS
essionIdOn
Authentica
tion = cha
ngeSession
IdOnAuthen
tication;
|
343 |
|
}
|
|
353 |
|
}
|
|
350 |
|
}
|
344 |
|
|
|
354 |
|
|
|
351 |
|
|
345 |
|
/**
|
|
355 |
|
/**
|
|
352 |
|
/**
|
346 |
|
* Ret
urn the se
cure rando
m number g
enerator c
lass name.
|
|
356 |
|
* Ret
urn the se
cure rando
m number g
enerator c
lass name.
|
|
353 |
|
* Ret
urn the se
cure rando
m number g
enerator c
lass name.
|
|
|
|
|
357 |
|
*
|
|
354 |
|
*
|
|
|
|
|
358 |
|
* @re
turn The f
ully quali
fied name
of the Sec
ureRandom
implementa
tion to
|
|
355 |
|
* @re
turn The f
ully quali
fied name
of the Sec
ureRandom
implementa
tion to
|
|
|
|
|
359 |
|
*
use
|
|
356 |
|
*
use
|
347 |
|
*/
|
|
360 |
|
*/
|
|
357 |
|
*/
|
348 |
|
public
String ge
tSecureRan
domClass()
{
|
|
361 |
|
public
String ge
tSecureRan
domClass()
{
|
|
358 |
|
public
String ge
tSecureRan
domClass()
{
|
349 |
|
|
|
362 |
|
return
this.secur
eRandomCla
ss
;
|
|
359 |
|
re
turn this.
secureRand
omClass;
|
350 |
|
return
(
this.secur
eRandomCla
ss
)
;
|
|
|
|
|
|
|
|
|
351 |
|
|
|
|
|
|
|
|
|
|
352 |
|
}
|
|
363 |
|
}
|
|
360 |
|
}
|
353 |
|
|
|
364 |
|
|
|
361 |
|
|
354 |
|
|
|
|
|
|
|
|
|
|
355 |
|
/**
|
|
365 |
|
/**
|
|
362 |
|
/**
|
356 |
|
* Set
the secur
e random n
umber gene
rator clas
s name.
|
|
366 |
|
* Set
the secur
e random n
umber gene
rator clas
s name.
|
|
363 |
|
* Set
the secur
e random n
umber gene
rator clas
s name.
|
357 |
|
*
|
|
367 |
|
*
|
|
364 |
|
*
|
358 |
|
* @param s
ecureRando
mClass
The new s
ecure rand
om number
generator
class
|
|
368 |
|
* @param s
ecureRando
mClass
|
|
365 |
|
* @pa
ram secure
RandomClas
s
|
359 |
|
*
name
|
|
369 |
|
*
Th
e new secu
re random
number gen
erator cla
ss name
|
|
366 |
|
*
Th
e new secu
re random
number gen
erator cla
ss name
|
360 |
|
*/
|
|
370 |
|
*/
|
|
367 |
|
*/
|
361 |
|
public
void setS
ecureRando
mClass(Str
ing secure
RandomClas
s) {
|
|
371 |
|
public
void setS
ecureRando
mClass(Str
ing secure
RandomClas
s) {
|
|
368 |
|
public
void setS
ecureRando
mClass(Str
ing secure
RandomClas
s) {
|
362 |
|
th
is.secureR
andomClass
= secureR
andomClass
;
|
|
372 |
|
th
is.secureR
andomClass
= secureR
andomClass
;
|
|
369 |
|
th
is.secureR
andomClass
= secureR
andomClass
;
|
363 |
|
}
|
|
373 |
|
}
|
|
370 |
|
}
|
364 |
|
|
|
374 |
|
|
|
371 |
|
|
365 |
|
|
|
|
|
|
|
|
|
|
366 |
|
/**
|
|
375 |
|
/**
|
|
372 |
|
/**
|
367 |
|
* Ret
urn the se
cure rando
m number g
enerator a
lgorithm n
ame.
|
|
376 |
|
* Ret
urn the se
cure rando
m number g
enerator a
lgorithm n
ame.
|
|
373 |
|
* Ret
urn the se
cure rando
m number g
enerator a
lgorithm n
ame.
|
|
|
|
|
377 |
|
*
|
|
374 |
|
*
|
|
|
|
|
378 |
|
* @re
turn The n
ame of the
SecureRan
dom algori
thm used
|
|
375 |
|
* @re
turn The n
ame of the
SecureRan
dom algori
thm used
|
368 |
|
*/
|
|
379 |
|
*/
|
|
376 |
|
*/
|
369 |
|
public
String ge
tSecureRan
domAlgorit
hm() {
|
|
380 |
|
public
String ge
tSecureRan
domAlgorit
hm() {
|
|
377 |
|
public
String ge
tSecureRan
domAlgorit
hm() {
|
370 |
|
re
turn secur
eRandomAlg
orithm;
|
|
381 |
|
re
turn secur
eRandomAlg
orithm;
|
|
378 |
|
re
turn secur
eRandomAlg
orithm;
|
371 |
|
}
|
|
382 |
|
}
|
|
379 |
|
}
|
372 |
|
|
|
383 |
|
|
|
380 |
|
|
373 |
|
|
|
|
|
|
|
|
|
|
374 |
|
/**
|
|
384 |
|
/**
|
|
381 |
|
/**
|
375 |
|
* Set
the secur
e random n
umber gene
rator algo
rithm name
.
|
|
385 |
|
* Set
the secur
e random n
umber gene
rator algo
rithm name
.
|
|
382 |
|
* Set
the secur
e random n
umber gene
rator algo
rithm name
.
|
376 |
|
*
|
|
386 |
|
*
|
|
383 |
|
*
|
377 |
|
* @param s
ecureRando
mAlgorithm
The new s
ecure rand
om number
generator
|
|
387 |
|
* @param s
ecureRando
mAlgorithm
|
|
384 |
|
* @pa
ram secure
RandomAlgo
rithm
|
378 |
|
*
algorithm
name
|
|
388 |
|
*
The new se
cure rando
m number g
enerator
algorithm
name
|
|
385 |
|
*
Th
e new secu
re random
number gen
erator alg
orithm nam
e
|
379 |
|
*/
|
|
389 |
|
*/
|
|
386 |
|
*/
|
380 |
|
public
void setS
ecureRando
mAlgorithm
(String se
cureRandom
Algorithm)
{
|
|
390 |
|
public
void setS
ecureRando
mAlgorithm
(String se
cureRandom
Algorithm)
{
|
|
387 |
|
public
void setS
ecureRando
mAlgorithm
(String se
cureRandom
Algorithm)
{
|
381 |
|
th
is.secureR
andomAlgor
ithm = sec
ureRandomA
lgorithm;
|
|
391 |
|
th
is.secureR
andomAlgor
ithm = sec
ureRandomA
lgorithm;
|
|
388 |
|
th
is.secureR
andomAlgor
ithm = sec
ureRandomA
lgorithm;
|
382 |
|
}
|
|
392 |
|
}
|
|
389 |
|
}
|
383 |
|
|
|
393 |
|
|
|
390 |
|
|
384 |
|
|
|
|
|
|
|
|
|
|
385 |
|
/**
|
|
394 |
|
/**
|
|
391 |
|
/**
|
386 |
|
* Ret
urn the se
cure rando
m number g
enerator p
rovider na
me.
|
|
395 |
|
* Ret
urn the se
cure rando
m number g
enerator p
rovider na
me.
|
|
392 |
|
* Ret
urn the se
cure rando
m number g
enerator p
rovider na
me.
|
|
|
|
|
396 |
|
*
|
|
393 |
|
*
|
|
|
|
|
397 |
|
* @re
turn The n
ame of the
SecureRan
dom provid
er
|
|
394 |
|
* @re
turn The n
ame of the
SecureRan
dom provid
er
|
387 |
|
*/
|
|
398 |
|
*/
|
|
395 |
|
*/
|
388 |
|
public
String ge
tSecureRan
domProvide
r() {
|
|
399 |
|
public
String ge
tSecureRan
domProvide
r() {
|
|
396 |
|
public
String ge
tSecureRan
domProvide
r() {
|
389 |
|
re
turn secur
eRandomPro
vider;
|
|
400 |
|
re
turn secur
eRandomPro
vider;
|
|
397 |
|
re
turn secur
eRandomPro
vider;
|
390 |
|
}
|
|
401 |
|
}
|
|
398 |
|
}
|
391 |
|
|
|
402 |
|
|
|
399 |
|
|
392 |
|
|
|
|
|
|
|
|
|
|
393 |
|
/**
|
|
403 |
|
/**
|
|
400 |
|
/**
|
394 |
|
* Set
the secur
e random n
umber gene
rator prov
ider name.
|
|
404 |
|
* Set
the secur
e random n
umber gene
rator prov
ider name.
|
|
401 |
|
* Set
the secur
e random n
umber gene
rator prov
ider name.
|
395 |
|
*
|
|
405 |
|
*
|
|
402 |
|
*
|
396 |
|
* @param s
ecureRando
mProvider
The new s
ecure rand
om number
generator
|
|
406 |
|
* @param s
ecureRando
mProvider
|
|
403 |
|
* @pa
ram secure
RandomProv
ider
|
397 |
|
*
provider n
ame
|
|
407 |
|
*
The new se
cure rando
m number g
enerator
provider n
ame
|
|
404 |
|
*
Th
e new secu
re random
number gen
erator pro
vider name
|
398 |
|
*/
|
|
408 |
|
*/
|
|
405 |
|
*/
|
399 |
|
public
void setS
ecureRando
mProvider(
String sec
ureRandomP
rovider) {
|
|
409 |
|
public
void setS
ecureRando
mProvider(
String sec
ureRandomP
rovider) {
|
|
406 |
|
public
void setS
ecureRando
mProvider(
String sec
ureRandomP
rovider) {
|
400 |
|
th
is.secureR
andomProvi
der = secu
reRandomPr
ovider;
|
|
410 |
|
th
is.secureR
andomProvi
der = secu
reRandomPr
ovider;
|
|
407 |
|
th
is.secureR
andomProvi
der = secu
reRandomPr
ovider;
|
401 |
|
}
|
|
411 |
|
}
|
|
408 |
|
}
|
402 |
|
|
|
412 |
|
|
|
409 |
|
|
403 |
|
|
|
|
|
|
|
|
|
|
404 |
|
|
|
|
|
|
|
|
|
|
405 |
|
// ---
----------
----------
----------
----------
----------
---- Publi
c Methods
|
|
413 |
|
// ---
----------
----------
----------
----------
----------
---- Publi
c Methods
|
|
410 |
|
// ---
----------
----------
----------
----------
----------
---- Publi
c Methods
|
406 |
|
|
|
414 |
|
|
|
411 |
|
|
407 |
|
|
|
|
|
|
|
|
|
|
408 |
|
/**
|
|
415 |
|
/**
|
|
412 |
|
/**
|
409 |
|
* Enf
orce the s
ecurity re
strictions
in the we
b applicat
ion deploy
ment
|
|
416 |
|
* Enf
orce the s
ecurity re
strictions
in the we
b applicat
ion deploy
ment
|
|
413 |
|
* Enf
orce the s
ecurity re
strictions
in the we
b applicat
ion deploy
ment
|
410 |
|
* des
criptor of
our assoc
iated Cont
ext.
|
|
417 |
|
* des
criptor of
our assoc
iated Cont
ext.
|
|
414 |
|
* des
criptor of
our assoc
iated Cont
ext.
|
411 |
|
*
|
|
418 |
|
*
|
|
415 |
|
*
|
412 |
|
* @param r
equest
Request t
o be proce
ssed
|
|
419 |
|
* @param r
equest
|
|
416 |
|
* @pa
ram reques
t
|
413 |
|
*
@param res
ponse
Response t
o be proce
ssed
|
|
420 |
|
*
Re
quest to b
e processe
d
|
|
417 |
|
*
Re
quest to b
e processe
d
|
|
|
|
|
421 |
|
* @pa
ram respon
se
|
|
418 |
|
* @pa
ram respon
se
|
|
|
|
|
422 |
|
*
Response t
o be proce
ssed
|
|
419 |
|
*
Re
sponse to
be process
ed
|
414 |
|
*
|
|
423 |
|
*
|
|
420 |
|
*
|
415 |
|
* @excepti
on IOExcep
tion
if an inp
ut/output
error occu
rs
|
|
424 |
|
* @excepti
on IOExcep
tion
|
|
421 |
|
* @ex
ception IO
Exception
|
416 |
|
*
@exception
ServletEx
ception
if thrown
by a proce
ssing elem
ent
|
|
425 |
|
*
if an in
put/output
error occ
urs
|
|
422 |
|
*
if an in
put/output
error occ
urs
|
|
|
|
|
426 |
|
* @ex
ception Se
rvletExcep
tion
|
|
423 |
|
* @ex
ception Se
rvletExcep
tion
|
|
|
|
|
427 |
|
*
if thrown
by a proce
ssing elem
ent
|
|
424 |
|
*
if throw
n by a pro
cessing el
ement
|
417 |
|
*/
|
|
428 |
|
*/
|
|
425 |
|
*/
|
418 |
|
@Overr
ide
|
|
429 |
|
@Overr
ide
|
|
426 |
|
@Overr
ide
|
419 |
|
public voi
d invoke(R
equest req
uest, Resp
onse respo
nse)
|
|
430 |
|
public voi
d invoke(R
equest req
uest, Resp
onse respo
nse)
throws IO
Exception,
ServletEx
ception {
|
|
427 |
|
public
void invo
ke(Request
request,
Response r
esponse) t
hrows IOEx
ception, S
ervletExce
ption {
|
420 |
|
th
rows IOExc
eption, Se
rvletExcep
tion {
|
|
|
|
|
|
|
|
|
421 |
|
|
|
431 |
|
|
|
428 |
|
|
422 |
|
if
(log.isDe
bugEnabled
()) {
|
|
432 |
|
if
(log.isDe
bugEnabled
()) {
|
|
429 |
|
if
(log.isDe
bugEnabled
()) {
|
423 |
|
log.debug(
"Security
checking r
equest " +
|
|
433 |
|
log.debug(
"Security
checking r
equest " +
request.g
etMethod()
+ " " +
|
|
430 |
|
log.debu
g("Securit
y checking
request "
+ request
.getMethod
() + " " +
|
424 |
|
request.ge
t
Method() +
" " + req
uest.get
RequestURI
());
|
|
434 |
|
request.ge
t
RequestURI
());
|
|
431 |
|
request.ge
tRequestUR
I());
|
425 |
|
}
|
|
435 |
|
}
|
|
432 |
|
}
|
426 |
|
|
|
436 |
|
|
|
433 |
|
|
427 |
|
//
Have we g
ot a cache
d authenti
cated Prin
cipal to r
ecord?
|
|
437 |
|
//
Have we g
ot a cache
d authenti
cated Prin
cipal to r
ecord?
|
|
434 |
|
//
Have we g
ot a cache
d authenti
cated Prin
cipal to r
ecord?
|
428 |
|
if
(cache) {
|
|
438 |
|
if
(cache) {
|
|
435 |
|
if
(cache) {
|
429 |
|
Principa
l principa
l = reques
t.getUserP
rincipal()
;
|
|
439 |
|
Principa
l principa
l = reques
t.getUserP
rincipal()
;
|
|
436 |
|
Principa
l principa
l = reques
t.getUserP
rincipal()
;
|
430 |
|
if (prin
cipal == n
ull) {
|
|
440 |
|
if (prin
cipal == n
ull) {
|
|
437 |
|
if (prin
cipal == n
ull) {
|
431 |
|
Sess
ion sessio
n = reques
t.getSessi
onInternal
(false);
|
|
441 |
|
Sess
ion sessio
n = reques
t.getSessi
onInternal
(false);
|
|
438 |
|
Sess
ion sessio
n = reques
t.getSessi
onInternal
(false);
|
432 |
|
if (
session !=
null) {
|
|
442 |
|
if (
session !=
null) {
|
|
439 |
|
if (
session !=
null) {
|
433 |
|
principal
= session.
getPrincip
al();
|
|
443 |
|
principal
= session.
getPrincip
al();
|
|
440 |
|
principal
= session.
getPrincip
al();
|
434 |
|
if (princi
pal != nul
l) {
|
|
444 |
|
if (princi
pal != nul
l) {
|
|
441 |
|
if (princi
pal != nul
l) {
|
435 |
|
if (lo
g.isDebugE
nabled())
{
|
|
445 |
|
if (lo
g.isDebugE
nabled())
{
|
|
442 |
|
if (lo
g.isDebugE
nabled())
{
|
436 |
|
log.debug(
"We have c
ached auth
type " +
|
|
446 |
|
log.debug(
"We have c
ached auth
type " +
session.g
etAuthType
() +
|
|
443 |
|
lo
g.debug("W
e have cac
hed auth t
ype " + se
ssion.getA
uthType()
+
|
437 |
|
session.
getAuthTyp
e() +
|
|
447 |
|
" for prin
cipal " +
principal
);
|
|
444 |
|
" fo
r principa
l " + prin
cipal);
|
438 |
|
" for prin
cipal " +
|
|
|
|
|
|
|
|
|
439 |
|
session.
getPrincip
al());
|
|
|
|
|
|
|
|
|
440 |
|
}
|
|
448 |
|
}
|
|
445 |
|
}
|
441 |
|
reques
t.setAuthT
ype(sessio
n.getAuthT
ype());
|
|
449 |
|
reques
t.setAuthT
ype(sessio
n.getAuthT
ype());
|
|
446 |
|
reques
t.setAuthT
ype(sessio
n.getAuthT
ype());
|
442 |
|
reques
t.setUserP
rincipal(p
rincipal);
|
|
450 |
|
reques
t.setUserP
rincipal(p
rincipal);
|
|
447 |
|
reques
t.setUserP
rincipal(p
rincipal);
|
443 |
|
}
|
|
451 |
|
}
|
|
448 |
|
}
|
444 |
|
}
|
|
452 |
|
}
|
|
449 |
|
}
|
445 |
|
}
|
|
453 |
|
}
|
|
450 |
|
}
|
446 |
|
}
|
|
454 |
|
}
|
|
451 |
|
}
|
447 |
|
|
|
455 |
|
|
|
452 |
|
|
448 |
|
//
Special h
andling fo
r form-bas
ed logins
to deal wi
th the cas
e
|
|
456 |
|
bo
olean auth
Required =
isContinu
ationRequi
red(reques
t);
|
|
453 |
|
bo
olean auth
Required =
isContinu
ationRequi
red(reques
t);
|
449 |
|
//
where the
login for
m (and the
refore the
"j_securi
ty_check"
URI
|
|
|
|
|
|
|
|
|
450 |
|
//
to which
it submits
) might be
outside t
he secured
area
|
|
|
|
|
|
|
|
|
451 |
|
St
ring conte
xtPath = t
his.contex
t.getPath(
);
|
|
|
|
|
|
|
|
|
452 |
|
St
ring decod
edRequestU
RI = reque
st.getDeco
dedRequest
URI();
|
|
|
|
|
|
|
|
|
453 |
|
if
(decodedR
equestURI.
startsWith
(contextPa
th) &&
|
|
|
|
|
|
|
|
|
454 |
|
deco
dedRequest
URI.endsWi
th(Constan
ts.FORM_AC
TION)) {
|
|
|
|
|
|
|
|
|
455 |
|
if (!aut
henticate(
request, r
esponse))
{
|
|
|
|
|
|
|
|
|
456 |
|
if (
log.isDebu
gEnabled()
) {
|
|
|
|
|
|
|
|
|
457 |
|
log.debug(
" Failed a
uthenticat
e() test ?
?" + decod
edRequestU
RI );
|
|
|
|
|
|
|
|
|
458 |
|
}
|
|
|
|
|
|
|
|
|
459 |
|
retu
rn;
|
|
|
|
|
|
|
|
|
460 |
|
}
|
|
|
|
|
|
|
|
|
461 |
|
}
|
|
|
|
|
|
|
|
|
462 |
|
|
|
|
|
|
|
|
|
|
463 |
|
//
Special h
andling fo
r form-bas
ed logins
to deal wi
th the cas
e where
|
|
|
|
|
|
|
|
|
464 |
|
//
a resourc
e is prote
cted for s
ome HTTP m
ethods but
not prote
cted for
|
|
|
|
|
|
|
|
|
465 |
|
//
GET which
is used a
fter authe
ntication
when redir
ecting to
the
|
|
|
|
|
|
|
|
|
466 |
|
//
protected
resource.
|
|
|
|
|
|
|
|
|
467 |
|
//
TODO: Thi
s is simil
ar to the
FormAuthen
ticator.ma
tchRequest
() logic
|
|
|
|
|
|
|
|
|
468 |
|
//
Is
there a wa
y to remov
e the dupl
ication?
|
|
|
|
|
|
|
|
|
469 |
|
Se
ssion sess
ion = requ
est.getSes
sionIntern
al(false);
|
|
|
|
|
|
|
|
|
470 |
|
if
(session
!= null) {
|
|
|
|
|
|
|
|
|
471 |
|
SavedReq
uest saved
Request =
|
|
|
|
|
|
|
|
|
472 |
|
(SavedRequ
est) sessi
on.getNote
(Constants
.FORM_REQU
EST_NOTE);
|
|
|
|
|
|
|
|
|
473 |
|
if (save
dRequest !
= null &&
|
|
|
|
|
|
|
|
|
474 |
|
decodedReq
uestURI.eq
uals(saved
Request.ge
tDecodedRe
questURI()
) &&
|
|
|
|
|
|
|
|
|
475 |
|
!authentic
ate(reques
t, respons
e)) {
|
|
|
|
|
|
|
|
|
476 |
|
if (
log.isDebu
gEnabled()
) {
|
|
|
|
|
|
|
|
|
477 |
|
log.debug(
" Failed a
uthenticat
e() test")
;
|
|
|
|
|
|
|
|
|
478 |
|
}
|
|
|
|
|
|
|
|
|
479 |
|
/*
|
|
|
|
|
|
|
|
|
480 |
|
* A
SSERT: Aut
henticator
already s
et the app
ropriate
|
|
|
|
|
|
|
|
|
481 |
|
* H
TTP status
code, so
we do not
have to do
anything
|
|
|
|
|
|
|
|
|
482 |
|
* s
pecial
|
|
|
|
|
|
|
|
|
483 |
|
*/
|
|
|
|
|
|
|
|
|
484 |
|
retu
rn;
|
|
|
|
|
|
|
|
|
485 |
|
}
|
|
|
|
|
|
|
|
|
486 |
|
}
|
|
|
|
|
|
|
|
|
487 |
|
|
|
457 |
|
|
|
454 |
|
|
488 |
|
//
The Servl
et may spe
cify secur
ity constr
aints thro
ugh annota
tions.
|
|
458 |
|
//
The Servl
et may spe
cify secur
ity constr
aints thro
ugh annota
tions.
|
|
455 |
|
//
The Servl
et may spe
cify secur
ity constr
aints thro
ugh annota
tions.
|
489 |
|
//
Ensure th
at they ha
ve been pr
ocessed be
fore const
raints are
checked
|
|
459 |
|
//
Ensure th
at they ha
ve been pr
ocessed be
fore const
raints are
checked
|
|
456 |
|
//
Ensure th
at they ha
ve been pr
ocessed be
fore const
raints are
checked
|
490 |
|
Wrapper wr
apper = re
quest.get
MappingDat
a().w
rapper
;
|
|
460 |
|
Wrapper wr
apper = re
quest.get
W
rapper
()
;
|
|
457 |
|
Wr
apper wrap
per = requ
est.getWra
pper();
|
491 |
|
if
(wrapper
!= null) {
|
|
461 |
|
if
(wrapper
!= null) {
|
|
458 |
|
if
(wrapper
!= null) {
|
492 |
|
wrapper.
servletSec
urityAnnot
ationScan(
);
|
|
462 |
|
wrapper.
servletSec
urityAnnot
ationScan(
);
|
|
459 |
|
wrapper.
servletSec
urityAnnot
ationScan(
);
|
493 |
|
}
|
|
463 |
|
}
|
|
460 |
|
}
|
494 |
|
|
|
464 |
|
|
|
461 |
|
|
495 |
|
Re
alm realm
= this.con
text.getRe
alm();
|
|
465 |
|
Re
alm realm
= this.con
text.getRe
alm();
|
|
462 |
|
Re
alm realm
= this.con
text.getRe
alm();
|
496 |
|
//
Is this r
equest URI
subject t
o a securi
ty constra
int?
|
|
466 |
|
//
Is this r
equest URI
subject t
o a securi
ty constra
int?
|
|
463 |
|
//
Is this r
equest URI
subject t
o a securi
ty constra
int?
|
497 |
|
SecurityCo
nstraint
[] constra
ints
|
|
467 |
|
SecurityCo
nstraint
[] constra
ints
= realm.f
indSecurit
yConstrain
ts(request
, this.con
text);
|
|
464 |
|
Se
curityCons
traint[] c
onstraints
= realm.f
indSecurit
yConstrain
ts(request
, this.con
text);
|
498 |
|
= realm.
findSecuri
tyConstrai
nts(reques
t, this.co
ntext);
|
|
468 |
|
|
|
465 |
|
|
|
|
|
|
469 |
|
Au
thConfigPr
ovider jas
picProvide
r = getJas
picProvide
r();
|
|
466 |
|
Au
thConfigPr
ovider jas
picProvide
r = getJas
picProvide
r();
|
|
|
|
|
470 |
|
if
(jaspicPr
ovider !=
null) {
|
|
467 |
|
if
(jaspicPr
ovider !=
null) {
|
|
|
|
|
471 |
|
authRequ
ired = tru
e;
|
|
468 |
|
authRequ
ired = tru
e;
|
|
|
|
|
472 |
|
}
|
|
469 |
|
}
|
499 |
|
|
|
473 |
|
|
|
470 |
|
|
500 |
|
if (constr
aints == n
ull && !co
ntext.getP
reemptiveA
uthenticat
ion()
) {
|
|
474 |
|
if (constr
aints == n
ull && !co
ntext.getP
reemptiveA
uthenticat
ion()
&& !authR
equired
) {
|
|
471 |
|
if
(constrai
nts == nul
l && !cont
ext.getPre
emptiveAut
henticatio
n() && !au
thRequired
) {
|
501 |
|
if (log.
isDebugEna
bled()) {
|
|
475 |
|
if (log.
isDebugEna
bled()) {
|
|
472 |
|
if (log.
isDebugEna
bled()) {
|
502 |
|
log.
debug(" No
t subject
to any con
straint");
|
|
476 |
|
log.
debug(" No
t subject
to any con
straint");
|
|
473 |
|
log.
debug(" No
t subject
to any con
straint");
|
503 |
|
}
|
|
477 |
|
}
|
|
474 |
|
}
|
504 |
|
getNext(
).invoke(r
equest, re
sponse);
|
|
478 |
|
getNext(
).invoke(r
equest, re
sponse);
|
|
475 |
|
getNext(
).invoke(r
equest, re
sponse);
|
505 |
|
return;
|
|
479 |
|
return;
|
|
476 |
|
return;
|
506 |
|
}
|
|
480 |
|
}
|
|
477 |
|
}
|
507 |
|
|
|
481 |
|
|
|
478 |
|
|
508 |
|
//
Make sure
that cons
trained re
sources ar
e not cach
ed by web
proxies
|
|
482 |
|
//
Make sure
that cons
trained re
sources ar
e not cach
ed by web
proxies
|
|
479 |
|
//
Make sure
that cons
trained re
sources ar
e not cach
ed by web
proxies
|
509 |
|
//
or browse
rs as cach
ing can pr
ovide a se
curity hol
e
|
|
483 |
|
//
or browse
rs as cach
ing can pr
ovide a se
curity hol
e
|
|
480 |
|
//
or browse
rs as cach
ing can pr
ovide a se
curity hol
e
|
510 |
|
if
(constrai
nts != nul
l && disab
leProxyCac
hing &&
|
|
484 |
|
if
(constrai
nts != nul
l && disab
leProxyCac
hing &&
|
|
481 |
|
if
(constrai
nts != nul
l && disab
leProxyCac
hing &&
|
511 |
|
!"POST".
equalsIgno
reCase(req
uest.getMe
thod())) {
|
|
485 |
|
!"PO
ST".equals
IgnoreCase
(request.g
etMethod()
)) {
|
|
482 |
|
!"PO
ST".equals
IgnoreCase
(request.g
etMethod()
)) {
|
512 |
|
if (secu
rePagesWit
hPragma) {
|
|
486 |
|
if (secu
rePagesWit
hPragma) {
|
|
483 |
|
if (secu
rePagesWit
hPragma) {
|
513 |
|
// N
ote: These
can cause
problems
with downl
oading fil
es with IE
|
|
487 |
|
// N
ote: These
can cause
problems
with downl
oading fil
es with IE
|
|
484 |
|
// N
ote: These
can cause
problems
with downl
oading fil
es with IE
|
514 |
|
resp
onse.setHe
ader("Prag
ma", "No-c
ache");
|
|
488 |
|
resp
onse.setHe
ader("Prag
ma", "No-c
ache");
|
|
485 |
|
resp
onse.setHe
ader("Prag
ma", "No-c
ache");
|
515 |
|
resp
onse.setHe
ader("Cach
e-Control"
, "no-cach
e");
|
|
489 |
|
resp
onse.setHe
ader("Cach
e-Control"
, "no-cach
e");
|
|
486 |
|
resp
onse.setHe
ader("Cach
e-Control"
, "no-cach
e");
|
516 |
|
} else {
|
|
490 |
|
} else {
|
|
487 |
|
} else {
|
517 |
|
resp
onse.setHe
ader("Cach
e-Control"
, "private
");
|
|
491 |
|
resp
onse.setHe
ader("Cach
e-Control"
, "private
");
|
|
488 |
|
resp
onse.setHe
ader("Cach
e-Control"
, "private
");
|
518 |
|
}
|
|
492 |
|
}
|
|
489 |
|
}
|
519 |
|
response
.setHeader
("Expires"
, DATE_ONE
);
|
|
493 |
|
response
.setHeader
("Expires"
, DATE_ONE
);
|
|
490 |
|
response
.setHeader
("Expires"
, DATE_ONE
);
|
520 |
|
}
|
|
494 |
|
}
|
|
491 |
|
}
|
521 |
|
|
|
495 |
|
|
|
492 |
|
|
522 |
|
in
t i;
|
|
|
|
|
|
|
|
|
523 |
|
if
(constrai
nts != nul
l) {
|
|
496 |
|
if
(constrai
nts != nul
l) {
|
|
493 |
|
if
(constrai
nts != nul
l) {
|
524 |
|
// Enfor
ce any use
r data con
straint fo
r this sec
urity cons
traint
|
|
497 |
|
// Enfor
ce any use
r data con
straint fo
r this sec
urity cons
traint
|
|
494 |
|
// Enfor
ce any use
r data con
straint fo
r this sec
urity cons
traint
|
525 |
|
if (log.
isDebugEna
bled()) {
|
|
498 |
|
if (log.
isDebugEna
bled()) {
|
|
495 |
|
if (log.
isDebugEna
bled()) {
|
526 |
|
log.
debug(" Ca
lling hasU
serDataPer
mission()"
);
|
|
499 |
|
log.
debug(" Ca
lling hasU
serDataPer
mission()"
);
|
|
496 |
|
log.
debug(" Ca
lling hasU
serDataPer
mission()"
);
|
527 |
|
}
|
|
500 |
|
}
|
|
497 |
|
}
|
528 |
|
if (!realm
.hasUserDa
taPermissi
on(request
, response
,
|
|
501 |
|
if (!realm
.hasUserDa
taPermissi
on(request
, response
,
constrain
ts)) {
|
|
498 |
|
if (!rea
lm.hasUser
DataPermis
sion(reque
st, respon
se, constr
aints)) {
|
529 |
|
const
raints)) {
|
|
|
|
|
|
|
|
|
530 |
|
if (
log.isDebu
gEnabled()
) {
|
|
502 |
|
if (
log.isDebu
gEnabled()
) {
|
|
499 |
|
if (
log.isDebu
gEnabled()
) {
|
531 |
|
log.debug(
" Failed h
asUserData
Permission
() test");
|
|
503 |
|
log.debug(
" Failed h
asUserData
Permission
() test");
|
|
500 |
|
log.debug(
" Failed h
asUserData
Permission
() test");
|
532 |
|
}
|
|
504 |
|
}
|
|
501 |
|
}
|
533 |
|
/*
|
|
505 |
|
/*
|
|
502 |
|
/*
|
534 |
|
* ASSERT:
Authentica
tor alread
y set the
appropriat
e
|
|
506 |
|
* ASSERT:
Authentica
tor alread
y set the
appropriat
e
HTTP stat
us
|
|
503 |
|
* A
SSERT: Aut
henticator
already s
et the app
ropriate H
TTP status
|
535 |
|
*
HTTP statu
s
code, so w
e do not h
ave to do
anything s
pecial
|
|
507 |
|
*
code, so w
e do not h
ave to do
anything s
pecial
|
|
504 |
|
* c
ode, so we
do not ha
ve to do a
nything sp
ecial
|
536 |
|
*/
|
|
508 |
|
*/
|
|
505 |
|
*/
|
537 |
|
retu
rn;
|
|
509 |
|
retu
rn;
|
|
506 |
|
retu
rn;
|
538 |
|
}
|
|
510 |
|
}
|
|
507 |
|
}
|
539 |
|
}
|
|
511 |
|
}
|
|
508 |
|
}
|
540 |
|
|
|
512 |
|
|
|
509 |
|
|
541 |
|
//
Since aut
henticate
modifies t
he respons
e on failu
re,
|
|
513 |
|
//
Since aut
henticate
modifies t
he respons
e on failu
re,
|
|
510 |
|
//
Since aut
henticate
modifies t
he respons
e on failu
re,
|
542 |
|
//
we have t
o check fo
r allow-fr
om-all fir
st.
|
|
514 |
|
//
we have t
o check fo
r allow-fr
om-all fir
st.
|
|
511 |
|
//
we have t
o check fo
r allow-fr
om-all fir
st.
|
543 |
|
boolean
a
uth
Requi
r
e
d
;
|
|
515 |
|
boolean
h
a
sA
uth
Const
r
aint = fal
s
e
;
|
|
512 |
|
bo
olean hasA
uthConstra
int = fals
e;
|
544 |
|
if (constr
aints
=
= null) {
|
|
516 |
|
if (constr
aints
!
= null) {
|
|
513 |
|
if
(constrai
nts != nul
l) {
|
545 |
|
authRequ
ired = fal
se;
|
|
517 |
|
h
a
sA
uth
Const
r
aint
= true;
|
|
514 |
|
hasAuthC
onstraint
= true;
|
546 |
|
}
else {
|
|
518 |
|
for
(i
nt i
=
0; i < con
straints.l
ength &&
h
a
sA
uth
Const
r
aint
; i++) {
|
|
515 |
|
for (int
i = 0; i
< constrai
nts.length
&& hasAut
hConstrain
t; i++) {
|
547 |
|
a
uth
Requi
r
ed
= true;
|
|
519 |
|
if
(!constrai
nts[i].get
AuthConstr
aint()) {
|
|
516 |
|
if (
!constrain
ts[i].getA
uthConstra
int()) {
|
548 |
|
for
(i
=
0; i < con
straints.l
ength &&
a
uth
Requi
r
ed
; i++) {
|
|
520 |
|
h
a
sA
uth
Const
r
aint
= false;
|
|
517 |
|
hasAuthCon
straint =
false;
|
549 |
|
if
(!constrai
nts[i].get
AuthConstr
aint()) {
|
|
521 |
|
} else if
(!constrai
nts[i].get
AllRoles()
&&
|
|
518 |
|
} el
se if (!co
nstraints[
i].getAllR
oles() &&
|
550 |
|
a
uth
Requi
r
ed
= false;
|
|
|
|
|
|
|
|
|
551 |
|
break;
|
|
|
|
|
|
|
|
|
552 |
|
} else if
(!constrai
nts[i].get
AllRoles()
&&
|
|
|
|
|
|
|
|
|
553 |
|
!const
raints[i].
getAuthent
icatedUser
s()) {
|
|
522 |
|
!const
raints[i].
getAuthent
icatedUser
s()) {
|
|
519 |
|
!const
raints[i].
getAuthent
icatedUser
s()) {
|
554 |
|
String
[] roles =
constrain
ts[i].find
AuthRoles(
);
|
|
523 |
|
String
[] roles =
constrain
ts[i].find
AuthRoles(
);
|
|
520 |
|
String[] r
oles = con
straints[i
].findAuth
Roles();
|
555 |
|
if
(roles ==
null || ro
les.length
== 0) {
|
|
524 |
|
if
(roles ==
null || ro
les.length
== 0) {
|
|
521 |
|
if (roles
== null ||
roles.len
gth == 0)
{
|
556 |
|
a
uth
Requi
r
ed
= false;
|
|
525 |
|
h
a
sA
uth
Const
r
aint
= false;
|
|
522 |
|
hasAut
hConstrain
t = false;
|
557 |
|
break;
|
|
526 |
|
}
|
|
523 |
|
}
|
558 |
|
}
|
|
527 |
|
}
|
|
524 |
|
}
|
559 |
|
}
|
|
528 |
|
}
|
|
525 |
|
}
|
560 |
|
}
|
|
529 |
|
}
|
|
526 |
|
}
|
|
|
|
|
530 |
|
|
|
527 |
|
|
|
|
|
|
531 |
|
if
(!authReq
uired && h
asAuthCons
traint) {
|
|
528 |
|
if
(!authReq
uired && h
asAuthCons
traint) {
|
|
|
|
|
532 |
|
authRequ
ired = tru
e;
|
|
529 |
|
authRequ
ired = tru
e;
|
561 |
|
}
|
|
533 |
|
}
|
|
530 |
|
}
|
562 |
|
|
|
534 |
|
|
|
531 |
|
|
563 |
|
if
(!authReq
uired && c
ontext.get
Preemptive
Authentica
tion()) {
|
|
535 |
|
if
(!authReq
uired && c
ontext.get
Preemptive
Authentica
tion()) {
|
|
532 |
|
if
(!authReq
uired && c
ontext.get
Preemptive
Authentica
tion()) {
|
564 |
|
authRequ
ired =
|
|
536 |
|
authRequ
ired =
|
|
533 |
|
authRequ
ired =
|
565 |
|
request.ge
tCoyoteReq
uest().get
MimeHeader
s().getVal
ue(
|
|
537 |
|
request.ge
tCoyoteReq
uest().get
MimeHeader
s().getVal
ue(
"authoriza
tion") !=
null;
|
|
534 |
|
request.ge
tCoyoteReq
uest().get
MimeHeader
s().getVal
ue("author
ization")
!= null;
|
566 |
|
"autho
rization")
!= null;
|
|
|
|
|
|
|
|
|
567 |
|
}
|
|
538 |
|
}
|
|
535 |
|
}
|
568 |
|
|
|
539 |
|
|
|
536 |
|
|
569 |
|
if (!authR
equired &&
context.g
etPreempti
veAuthenti
cation()
&&
|
|
540 |
|
if (!authR
equired &&
context.g
etPreempti
veAuthenti
cation()
|
|
537 |
|
if
(!authReq
uired && c
ontext.get
Preemptive
Authentica
tion()
|
570 |
|
HttpServle
tRequest.C
LIENT_CERT
_AUTH.equa
ls(getAuth
Method()))
{
|
|
541 |
|
&&
HttpServle
tRequest.C
LIENT_CERT
_AUTH.equa
ls(getAuth
Method()))
{
|
|
538 |
|
&& H
ttpServlet
Request.CL
IENT_CERT_
AUTH.equal
s(getAuthM
ethod()))
{
|
571 |
|
X509Cert
ificate[]
certs = ge
tRequestCe
rtificates
(request);
|
|
542 |
|
X509Cert
ificate[]
certs = ge
tRequestCe
rtificates
(request);
|
|
539 |
|
X509Cert
ificate[]
certs = ge
tRequestCe
rtificates
(request);
|
572 |
|
authRequ
ired = cer
ts != null
&& certs.
length > 0
;
|
|
543 |
|
authRequ
ired = cer
ts != null
&& certs.
length > 0
;
|
|
540 |
|
authRequ
ired = cer
ts != null
&& certs.
length > 0
;
|
573 |
|
}
|
|
544 |
|
}
|
|
541 |
|
}
|
574 |
|
|
|
545 |
|
|
|
542 |
|
|
575 |
|
if
(authRequi
red) {
|
|
546 |
|
Ja
spicState
jaspicStat
e = null;
|
|
543 |
|
Ja
spicState
jaspicStat
e = null;
|
|
|
|
|
547 |
|
|
|
544 |
|
|
|
|
|
|
548 |
|
if
(authRequi
red) {
|
|
545 |
|
if
(authRequ
ired) {
|
576 |
|
if (log.
isDebugEna
bled()) {
|
|
549 |
|
if (log.
isDebugEna
bled()) {
|
|
546 |
|
if (log.
isDebugEna
bled()) {
|
577 |
|
log.
debug(" Ca
lling auth
enticate()
");
|
|
550 |
|
log.
debug(" Ca
lling auth
enticate()
");
|
|
547 |
|
log.
debug(" Ca
lling auth
enticate()
");
|
578 |
|
}
|
|
551 |
|
}
|
|
548 |
|
}
|
579 |
|
if (
!authentic
ate
(request,
response
)) {
|
|
552 |
|
|
|
549 |
|
|
|
|
|
|
553 |
|
if (jasp
icProvider
!= null)
{
|
|
550 |
|
if (jasp
icProvider
!= null)
{
|
|
|
|
|
554 |
|
jasp
icState =
getJaspicS
tate(jaspi
cProvider,
request,
response,
hasAuthCon
straint);
|
|
551 |
|
jasp
icState =
getJaspicS
tate(jaspi
cProvider,
request,
response,
hasAuthCon
straint);
|
|
|
|
|
555 |
|
if (
jaspicStat
e == null)
{
|
|
552 |
|
if (
jaspicStat
e == null)
{
|
|
|
|
|
556 |
|
return;
|
|
553 |
|
return;
|
|
|
|
|
557 |
|
}
|
|
554 |
|
}
|
|
|
|
|
558 |
|
}
|
|
555 |
|
}
|
|
|
|
|
559 |
|
|
|
556 |
|
|
|
|
|
|
560 |
|
if (jasp
icProvider
== null &
& !doAuthe
nticate(re
quest, res
ponse) ||
|
|
557 |
|
if (jasp
icProvider
== null &
& !doAuthe
nticate(re
quest, res
ponse) ||
|
|
|
|
|
561 |
|
jaspicProv
ider != nu
ll &&
|
|
558 |
|
jaspicProv
ider != nu
ll &&
|
|
|
|
|
562 |
|
!authentic
ate
Jaspic
(request,
response
, jaspicSt
ate, false
)) {
|
|
559 |
|
!a
uthenticat
eJaspic(re
quest, res
ponse, jas
picState,
false)) {
|
580 |
|
if (
log.isDebu
gEnabled()
) {
|
|
563 |
|
if (
log.isDebu
gEnabled()
) {
|
|
560 |
|
if (
log.isDebu
gEnabled()
) {
|
581 |
|
log.debug(
" Failed a
uthenticat
e() test")
;
|
|
564 |
|
log.debug(
" Failed a
uthenticat
e() test")
;
|
|
561 |
|
log.debug(
" Failed a
uthenticat
e() test")
;
|
582 |
|
}
|
|
565 |
|
}
|
|
562 |
|
}
|
583 |
|
/*
|
|
566 |
|
/*
|
|
563 |
|
/*
|
584 |
|
* ASSERT:
Authentica
tor alread
y set the
appropriat
e
|
|
567 |
|
* ASSERT:
Authentica
tor alread
y set the
appropriat
e
HTTP stat
us
|
|
564 |
|
* A
SSERT: Aut
henticator
already s
et the app
ropriate H
TTP status
|
585 |
|
*
HTTP statu
s
code, so w
e do not h
ave to do
anything
|
|
568 |
|
*
code, so w
e do not h
ave to do
anything
special
|
|
565 |
|
* c
ode, so we
do not ha
ve to do a
nything sp
ecial
|
586 |
|
* s
pecial
|
|
|
|
|
|
|
|
|
587 |
|
*/
|
|
569 |
|
*/
|
|
566 |
|
*/
|
588 |
|
retu
rn;
|
|
570 |
|
retu
rn;
|
|
567 |
|
retu
rn;
|
589 |
|
}
|
|
571 |
|
}
|
|
568 |
|
}
|
590 |
|
|
|
572 |
|
|
|
569 |
|
|
591 |
|
}
|
|
573 |
|
}
|
|
570 |
|
}
|
592 |
|
|
|
574 |
|
|
|
571 |
|
|
593 |
|
if
(constrai
nts != nul
l) {
|
|
575 |
|
if
(constrai
nts != nul
l) {
|
|
572 |
|
if
(constrai
nts != nul
l) {
|
594 |
|
if (log.
isDebugEna
bled()) {
|
|
576 |
|
if (log.
isDebugEna
bled()) {
|
|
573 |
|
if (log.
isDebugEna
bled()) {
|
595 |
|
log.
debug(" Ca
lling acce
ssControl(
)");
|
|
577 |
|
log.
debug(" Ca
lling acce
ssControl(
)");
|
|
574 |
|
log.
debug(" Ca
lling acce
ssControl(
)");
|
596 |
|
}
|
|
578 |
|
}
|
|
575 |
|
}
|
597 |
|
if (!realm
.hasResour
cePermissi
on(request
, response
,
|
|
579 |
|
if (!realm
.hasResour
cePermissi
on(request
, response
,
constrain
ts, this.c
ontext)) {
|
|
576 |
|
if (!rea
lm.hasReso
urcePermis
sion(reque
st, respon
se, constr
aints, thi
s.context)
) {
|
598 |
|
const
raints,
|
|
|
|
|
|
|
|
|
599 |
|
this.
context))
{
|
|
|
|
|
|
|
|
|
600 |
|
if (
log.isDebu
gEnabled()
) {
|
|
580 |
|
if (
log.isDebu
gEnabled()
) {
|
|
577 |
|
if (
log.isDebu
gEnabled()
) {
|
601 |
|
log.debug(
" Failed a
ccessContr
ol() test"
);
|
|
581 |
|
log.debug(
" Failed a
ccessContr
ol() test"
);
|
|
578 |
|
log.debug(
" Failed a
ccessContr
ol() test"
);
|
602 |
|
}
|
|
582 |
|
}
|
|
579 |
|
}
|
603 |
|
/*
|
|
583 |
|
/*
|
|
580 |
|
/*
|
604 |
|
* ASSERT:
AccessCont
rol method
has alrea
dy set the
|
|
584 |
|
* ASSERT:
AccessCont
rol method
has alrea
dy set the
appropria
te
|
|
581 |
|
* A
SSERT: Acc
essControl
method ha
s already
set the ap
propriate
|
605 |
|
*
appropriat
e
HTTP statu
s code, so
we do not
have to d
o
|
|
585 |
|
*
HTTP statu
s code, so
we do not
have to d
o
anything
special
|
|
582 |
|
* H
TTP status
code, so
we do not
have to do
anything
special
|
606 |
|
* a
nything sp
ecial
|
|
|
|
|
|
|
|
|
607 |
|
*/
|
|
586 |
|
*/
|
|
583 |
|
*/
|
608 |
|
retu
rn;
|
|
587 |
|
retu
rn;
|
|
584 |
|
retu
rn;
|
609 |
|
}
|
|
588 |
|
}
|
|
585 |
|
}
|
610 |
|
}
|
|
589 |
|
}
|
|
586 |
|
}
|
611 |
|
|
|
590 |
|
|
|
587 |
|
|
612 |
|
//
Any and a
ll specifi
ed constra
ints have
been satis
fied
|
|
591 |
|
//
Any and a
ll specifi
ed constra
ints have
been satis
fied
|
|
588 |
|
//
Any and a
ll specifi
ed constra
ints have
been satis
fied
|
613 |
|
if
(log.isDe
bugEnabled
()) {
|
|
592 |
|
if
(log.isDe
bugEnabled
()) {
|
|
589 |
|
if
(log.isDe
bugEnabled
()) {
|
614 |
|
log.debu
g(" Succes
sfully pas
sed all se
curity con
straints")
;
|
|
593 |
|
log.debu
g(" Succes
sfully pas
sed all se
curity con
straints")
;
|
|
590 |
|
log.debu
g(" Succes
sfully pas
sed all se
curity con
straints")
;
|
615 |
|
}
|
|
594 |
|
}
|
|
591 |
|
}
|
616 |
|
ge
tNext().in
voke(reque
st, respon
se);
|
|
595 |
|
ge
tNext().in
voke(reque
st, respon
se);
|
|
592 |
|
ge
tNext().in
voke(reque
st, respon
se);
|
617 |
|
|
|
596 |
|
|
|
593 |
|
|
|
|
|
|
597 |
|
if
(jaspicPr
ovider !=
null) {
|
|
594 |
|
if
(jaspicPr
ovider !=
null) {
|
|
|
|
|
598 |
|
secureRe
sponseJspi
c(request,
response,
jaspicSta
te);
|
|
595 |
|
secureRe
sponseJspi
c(request,
response,
jaspicSta
te);
|
|
|
|
|
599 |
|
}
|
|
596 |
|
}
|
|
|
|
|
600 |
|
}
|
|
597 |
|
}
|
|
|
|
|
601 |
|
|
|
598 |
|
|
|
|
|
|
602 |
|
|
|
599 |
|
|
|
|
|
|
603 |
|
@Overr
ide
|
|
600 |
|
@Overr
ide
|
|
|
|
|
604 |
|
public
boolean a
uthenticat
e(Request
request, H
ttpServlet
Response h
ttpRespons
e)
|
|
601 |
|
public
boolean a
uthenticat
e(Request
request, H
ttpServlet
Response h
ttpRespons
e)
|
|
|
|
|
605 |
|
throws I
OException
{
|
|
602 |
|
throws I
OException
{
|
|
|
|
|
606 |
|
|
|
603 |
|
|
|
|
|
|
607 |
|
Au
thConfigPr
ovider jas
picProvide
r = getJas
picProvide
r();
|
|
604 |
|
Au
thConfigPr
ovider jas
picProvide
r = getJas
picProvide
r();
|
|
|
|
|
608 |
|
|
|
605 |
|
|
|
|
|
|
609 |
|
if
(jaspicPr
ovider ==
null) {
|
|
606 |
|
if
(jaspicPr
ovider ==
null) {
|
|
|
|
|
610 |
|
return d
oAuthentic
ate(reques
t, httpRes
ponse);
|
|
607 |
|
return d
oAuthentic
ate(reques
t, httpRes
ponse);
|
|
|
|
|
611 |
|
}
else {
|
|
608 |
|
}
else {
|
|
|
|
|
612 |
|
Response
response
= request.
getRespons
e();
|
|
609 |
|
Response
response
= request.
getRespons
e();
|
|
|
|
|
613 |
|
JaspicSt
ate jaspic
State = ge
tJaspicSta
te(jaspicP
rovider, r
equest, re
sponse, tr
ue);
|
|
610 |
|
JaspicSt
ate jaspic
State = ge
tJaspicSta
te(jaspicP
rovider, r
equest, re
sponse, tr
ue);
|
|
|
|
|
614 |
|
if (jasp
icState ==
null) {
|
|
611 |
|
if (jasp
icState ==
null) {
|
|
|
|
|
615 |
|
retu
rn false;
|
|
612 |
|
retu
rn false;
|
|
|
|
|
616 |
|
}
|
|
613 |
|
}
|
|
|
|
|
617 |
|
|
|
614 |
|
|
|
|
|
|
618 |
|
boolean
result = a
uthenticat
eJaspic(re
quest, res
ponse, jas
picState,
true);
|
|
615 |
|
boolean
result = a
uthenticat
eJaspic(re
quest, res
ponse, jas
picState,
true);
|
|
|
|
|
619 |
|
|
|
616 |
|
|
|
|
|
|
620 |
|
secureRe
sponseJspi
c(request,
response,
jaspicSta
te);
|
|
617 |
|
secureRe
sponseJspi
c(request,
response,
jaspicSta
te);
|
|
|
|
|
621 |
|
|
|
618 |
|
|
|
|
|
|
622 |
|
return r
esult;
|
|
619 |
|
return r
esult;
|
|
|
|
|
623 |
|
}
|
|
620 |
|
}
|
|
|
|
|
624 |
|
}
|
|
621 |
|
}
|
|
|
|
|
625 |
|
|
|
622 |
|
|
|
|
|
|
626 |
|
|
|
623 |
|
|
|
|
|
|
627 |
|
privat
e void sec
ureRespons
eJspic(Req
uest reque
st, Respon
se respons
e, JaspicS
tate state
) {
|
|
624 |
|
privat
e void sec
ureRespons
eJspic(Req
uest reque
st, Respon
se respons
e, JaspicS
tate state
) {
|
|
|
|
|
628 |
|
tr
y {
|
|
625 |
|
tr
y {
|
|
|
|
|
629 |
|
state.se
rverAuthCo
ntext.secu
reResponse
(state.mes
sageInfo,
null);
|
|
626 |
|
state.se
rverAuthCo
ntext.secu
reResponse
(state.mes
sageInfo,
null);
|
|
|
|
|
630 |
|
request.
setRequest
((HttpServ
letRequest
) state.me
ssageInfo.
getRequest
Message())
;
|
|
627 |
|
request.
setRequest
((HttpServ
letRequest
) state.me
ssageInfo.
getRequest
Message())
;
|
|
|
|
|
631 |
|
response
.setRespon
se((HttpSe
rvletRespo
nse) state
.messageIn
fo.getResp
onseMessag
e());
|
|
628 |
|
response
.setRespon
se((HttpSe
rvletRespo
nse) state
.messageIn
fo.getResp
onseMessag
e());
|
|
|
|
|
632 |
|
}
catch (Aut
hException
e) {
|
|
629 |
|
}
catch (Aut
hException
e) {
|
|
|
|
|
633 |
|
log.warn
(sm.getStr
ing("authe
nticator.j
aspicSecur
eResponseF
ail"), e);
|
|
630 |
|
log.warn
(sm.getStr
ing("authe
nticator.j
aspicSecur
eResponseF
ail"), e);
|
|
|
|
|
634 |
|
}
|
|
631 |
|
}
|
|
|
|
|
635 |
|
}
|
|
632 |
|
}
|
|
|
|
|
636 |
|
|
|
633 |
|
|
|
|
|
|
637 |
|
|
|
634 |
|
|
|
|
|
|
638 |
|
privat
e JaspicSt
ate getJas
picState(A
uthConfigP
rovider ja
spicProvid
er, Reques
t request,
|
|
635 |
|
privat
e JaspicSt
ate getJas
picState(A
uthConfigP
rovider ja
spicProvid
er, Reques
t request,
|
|
|
|
|
639 |
|
Response
response,
boolean a
uthMandato
ry) throws
IOExcepti
on {
|
|
636 |
|
Response
response,
boolean a
uthMandato
ry) throws
IOExcepti
on {
|
|
|
|
|
640 |
|
Ja
spicState
jaspicStat
e = new Ja
spicState(
);
|
|
637 |
|
Ja
spicState
jaspicStat
e = new Ja
spicState(
);
|
|
|
|
|
641 |
|
|
|
638 |
|
|
|
|
|
|
642 |
|
ja
spicState.
messageInf
o =
|
|
639 |
|
ja
spicState.
messageInf
o =
|
|
|
|
|
643 |
|
new
MessageInf
oImpl(requ
est.getReq
uest(), re
sponse.get
Response()
, authMand
atory);
|
|
640 |
|
new
MessageInf
oImpl(requ
est.getReq
uest(), re
sponse.get
Response()
, authMand
atory);
|
|
|
|
|
644 |
|
|
|
641 |
|
|
|
|
|
|
645 |
|
tr
y {
|
|
642 |
|
tr
y {
|
|
|
|
|
646 |
|
ServerAu
thConfig s
erverAuthC
onfig = ja
spicProvid
er.getServ
erAuthConf
ig(
|
|
643 |
|
ServerAu
thConfig s
erverAuthC
onfig = ja
spicProvid
er.getServ
erAuthConf
ig(
|
|
|
|
|
647 |
|
"HttpServl
et", jaspi
cAppContex
tID, Callb
ackHandler
Impl.getIn
stance());
|
|
644 |
|
"HttpServl
et", jaspi
cAppContex
tID, Callb
ackHandler
Impl.getIn
stance());
|
|
|
|
|
648 |
|
String a
uthContext
ID = serve
rAuthConfi
g.getAuthC
ontextID(j
aspicState
.messageIn
fo);
|
|
645 |
|
String a
uthContext
ID = serve
rAuthConfi
g.getAuthC
ontextID(j
aspicState
.messageIn
fo);
|
|
|
|
|
649 |
|
jaspicSt
ate.server
AuthContex
t = server
AuthConfig
.getAuthCo
ntext(auth
ContextID,
null, nul
l);
|
|
646 |
|
jaspicSt
ate.server
AuthContex
t = server
AuthConfig
.getAuthCo
ntext(auth
ContextID,
null, nul
l);
|
|
|
|
|
650 |
|
}
catch (Aut
hException
e) {
|
|
647 |
|
}
catch (Aut
hException
e) {
|
|
|
|
|
651 |
|
log.warn
(sm.getStr
ing("authe
nticator.j
aspicServe
rAuthConte
xtFail"),
e);
|
|
648 |
|
log.warn
(sm.getStr
ing("authe
nticator.j
aspicServe
rAuthConte
xtFail"),
e);
|
|
|
|
|
652 |
|
response
.sendError
(HttpServl
etResponse
.SC_INTERN
AL_SERVER_
ERROR);
|
|
649 |
|
response
.sendError
(HttpServl
etResponse
.SC_INTERN
AL_SERVER_
ERROR);
|
|
|
|
|
653 |
|
return n
ull;
|
|
650 |
|
return n
ull;
|
|
|
|
|
654 |
|
}
|
|
651 |
|
}
|
|
|
|
|
655 |
|
|
|
652 |
|
|
|
|
|
|
656 |
|
re
turn jaspi
cState;
|
|
653 |
|
re
turn jaspi
cState;
|
618 |
|
}
|
|
657 |
|
}
|
|
654 |
|
}
|
619 |
|
|
|
658 |
|
|
|
655 |
|
|
620 |
|
|
|
659 |
|
|
|
656 |
|
|
621 |
|
// ---
----------
----------
----------
----------
----------
- Protecte
d Methods
|
|
660 |
|
// ---
----------
----------
----------
----------
----------
- Protecte
d Methods
|
|
657 |
|
// ---
----------
----------
----------
----------
----------
- Protecte
d Methods
|
622 |
|
|
|
661 |
|
|
|
658 |
|
|
623 |
|
/**
|
|
662 |
|
/**
|
|
659 |
|
/**
|
|
|
|
|
663 |
|
* Pro
vided for
sub-classe
s to imple
ment their
specific
authentica
tion
|
|
660 |
|
* Pro
vided for
sub-classe
s to imple
ment their
specific
authentica
tion
|
|
|
|
|
664 |
|
* mec
hanism.
|
|
661 |
|
* mec
hanism.
|
|
|
|
|
665 |
|
*
|
|
662 |
|
*
|
|
|
|
|
666 |
|
* @pa
ram reques
t The requ
est that t
riggered t
he authent
ication
|
|
663 |
|
* @pa
ram reques
t The requ
est that t
riggered t
he authent
ication
|
|
|
|
|
667 |
|
* @pa
ram respon
se The res
ponse asso
ciated wit
h the requ
est
|
|
664 |
|
* @pa
ram respon
se The res
ponse asso
ciated wit
h the requ
est
|
|
|
|
|
668 |
|
*
|
|
665 |
|
*
|
|
|
|
|
669 |
|
* @re
turn {@cod
e true} if
the the u
ser was au
thenticate
d, otherwi
se {@code
|
|
666 |
|
* @re
turn {@cod
e true} if
the the u
ser was au
thenticate
d, otherwi
se {@code
|
|
|
|
|
670 |
|
*
false
}, in whic
h case an
authentica
tion chall
enge will
have been
|
|
667 |
|
*
false
}, in whic
h case an
authentica
tion chall
enge will
have been
|
|
|
|
|
671 |
|
*
writt
en to the
response
|
|
668 |
|
*
writt
en to the
response
|
|
|
|
|
672 |
|
*
|
|
669 |
|
*
|
|
|
|
|
673 |
|
* @th
rows IOExc
eption If
an I/O pro
blem occur
red during
the authe
ntication
|
|
670 |
|
* @th
rows IOExc
eption If
an I/O pro
blem occur
red during
the authe
ntication
|
|
|
|
|
674 |
|
*
pro
cess
|
|
671 |
|
*
pro
cess
|
|
|
|
|
675 |
|
*/
|
|
672 |
|
*/
|
|
|
|
|
676 |
|
protec
ted abstra
ct boolean
doAuthent
icate(Requ
est reques
t, HttpSer
vletRespon
se respons
e)
|
|
673 |
|
protec
ted abstra
ct boolean
doAuthent
icate(Requ
est reques
t, HttpSer
vletRespon
se respons
e)
|
|
|
|
|
677 |
|
throws I
OException
;
|
|
674 |
|
throws I
OException
;
|
|
|
|
|
678 |
|
|
|
675 |
|
|
|
|
|
|
679 |
|
|
|
676 |
|
|
|
|
|
|
680 |
|
/**
|
|
677 |
|
/**
|
|
|
|
|
681 |
|
* Doe
s this aut
henticator
require t
hat {@link
#authenti
cate(Reque
st,
|
|
678 |
|
* Doe
s this aut
henticator
require t
hat {@link
#authenti
cate(Reque
st,
|
|
|
|
|
682 |
|
* Htt
pServletRe
sponse)} i
s called t
o continue
an authen
tication p
rocess
|
|
679 |
|
* Htt
pServletRe
sponse)} i
s called t
o continue
an authen
tication p
rocess
|
|
|
|
|
683 |
|
* tha
t started
in a previ
ous reques
t?
|
|
680 |
|
* tha
t started
in a previ
ous reques
t?
|
|
|
|
|
684 |
|
*
|
|
681 |
|
*
|
|
|
|
|
685 |
|
* @pa
ram reques
t The requ
est curren
tly being
processed
|
|
682 |
|
* @pa
ram reques
t The requ
est curren
tly being
processed
|
|
|
|
|
686 |
|
*
|
|
683 |
|
*
|
|
|
|
|
687 |
|
* @re
turn {@cod
e true} if
authentic
ate() must
be called
, otherwis
e
|
|
684 |
|
* @re
turn {@cod
e true} if
authentic
ate() must
be called
, otherwis
e
|
|
|
|
|
688 |
|
*
{@cod
e false}
|
|
685 |
|
*
{@cod
e false}
|
|
|
|
|
689 |
|
*/
|
|
686 |
|
*/
|
|
|
|
|
690 |
|
protec
ted boolea
n isContin
uationRequ
ired(Reque
st request
) {
|
|
687 |
|
protec
ted boolea
n isContin
uationRequ
ired(Reque
st request
) {
|
|
|
|
|
691 |
|
re
turn false
;
|
|
688 |
|
re
turn false
;
|
|
|
|
|
692 |
|
}
|
|
689 |
|
}
|
|
|
|
|
693 |
|
|
|
690 |
|
|
|
|
|
|
694 |
|
|
|
691 |
|
|
|
|
|
|
695 |
|
/**
|
|
692 |
|
/**
|
624 |
|
* Loo
k for the
X509 certi
ficate cha
in in the
Request un
der the ke
y
|
|
696 |
|
* Loo
k for the
X509 certi
ficate cha
in in the
Request un
der the ke
y
|
|
693 |
|
* Loo
k for the
X509 certi
ficate cha
in in the
Request un
der the ke
y
|
625 |
|
* <co
de>javax.s
ervlet.req
uest.X509C
ertificate
</code>. I
f not foun
d, trigger
|
|
697 |
|
* <co
de>javax.s
ervlet.req
uest.X509C
ertificate
</code>. I
f not foun
d, trigger
|
|
694 |
|
* <co
de>javax.s
ervlet.req
uest.X509C
ertificate
</code>. I
f not foun
d, trigger
|
626 |
|
* ext
racting th
e certific
ate chain
from the C
oyote requ
est.
|
|
698 |
|
* ext
racting th
e certific
ate chain
from the C
oyote requ
est.
|
|
695 |
|
* ext
racting th
e certific
ate chain
from the C
oyote requ
est.
|
627 |
|
*
|
|
699 |
|
*
|
|
696 |
|
*
|
628 |
|
* @param r
equest
Request to
be proces
sed
|
|
700 |
|
* @param r
equest
|
|
697 |
|
* @pa
ram reques
t
|
|
|
|
|
701 |
|
*
Re
quest to b
e processe
d
|
|
698 |
|
*
Re
quest to b
e processe
d
|
629 |
|
*
|
|
702 |
|
*
|
|
699 |
|
*
|
630 |
|
* @return
The X509 c
ertificate
chain if
found, <co
de>null</c
ode>
|
|
703 |
|
* @return
The X509 c
ertificate
chain if
found, <co
de>null</c
ode>
otherwise
.
|
|
700 |
|
* @re
turn The X
509 certif
icate chai
n if found
, <code>nu
ll</code>
otherwise.
|
631 |
|
*
otherw
ise.
|
|
|
|
|
|
|
|
|
632 |
|
*/
|
|
704 |
|
*/
|
|
701 |
|
*/
|
633 |
|
protec
ted X509Ce
rtificate[
] getReque
stCertific
ates(final
Request r
equest)
|
|
705 |
|
protec
ted X509Ce
rtificate[
] getReque
stCertific
ates(final
Request r
equest)
|
|
702 |
|
protec
ted X509Ce
rtificate[
] getReque
stCertific
ates(final
Request r
equest)
|
634 |
|
throws I
llegalStat
eException
{
|
|
706 |
|
throws I
llegalStat
eException
{
|
|
703 |
|
throws I
llegalStat
eException
{
|
635 |
|
|
|
707 |
|
|
|
704 |
|
|
636 |
|
X5
09Certific
ate certs[
] =
|
|
708 |
|
X5
09Certific
ate certs[
] =
|
|
705 |
|
X5
09Certific
ate certs[
] =
|
637 |
|
(X50
9Certifica
te[]) requ
est.getAtt
ribute(Glo
bals.CERTI
FICATES_AT
TR);
|
|
709 |
|
(X50
9Certifica
te[]) requ
est.getAtt
ribute(Glo
bals.CERTI
FICATES_AT
TR);
|
|
706 |
|
(X50
9Certifica
te[]) requ
est.getAtt
ribute(Glo
bals.CERTI
FICATES_AT
TR);
|
638 |
|
|
|
710 |
|
|
|
707 |
|
|
639 |
|
if
((certs =
= null) ||
(certs.le
ngth < 1))
{
|
|
711 |
|
if
((certs =
= null) ||
(certs.le
ngth < 1))
{
|
|
708 |
|
if
((certs =
= null) ||
(certs.le
ngth < 1))
{
|
640 |
|
try {
|
|
712 |
|
try {
|
|
709 |
|
try {
|
641 |
|
requ
est.getCoy
oteRequest
().action(
ActionCode
.REQ_SSL_C
ERTIFICATE
, null);
|
|
713 |
|
requ
est.getCoy
oteRequest
().action(
ActionCode
.REQ_SSL_C
ERTIFICATE
, null);
|
|
710 |
|
requ
est.getCoy
oteRequest
().action(
ActionCode
.REQ_SSL_C
ERTIFICATE
, null);
|
642 |
|
cert
s = (X509C
ertificate
[]) reques
t.getAttri
bute(Globa
ls.CERTIFI
CATES_ATTR
);
|
|
714 |
|
cert
s = (X509C
ertificate
[]) reques
t.getAttri
bute(Globa
ls.CERTIFI
CATES_ATTR
);
|
|
711 |
|
cert
s = (X509C
ertificate
[]) reques
t.getAttri
bute(Globa
ls.CERTIFI
CATES_ATTR
);
|
643 |
|
} catch
(IllegalSt
ateExcepti
on ise) {
|
|
715 |
|
} catch
(IllegalSt
ateExcepti
on ise) {
|
|
712 |
|
} catch
(IllegalSt
ateExcepti
on ise) {
|
644 |
|
// R
equest bod
y was too
large for
save buffe
r
|
|
716 |
|
// R
equest bod
y was too
large for
save buffe
r
|
|
713 |
|
// R
equest bod
y was too
large for
save buffe
r
|
645 |
|
// R
eturn null
which wil
l trigger
an auth fa
ilure
|
|
717 |
|
// R
eturn null
which wil
l trigger
an auth fa
ilure
|
|
714 |
|
// R
eturn null
which wil
l trigger
an auth fa
ilure
|
646 |
|
}
|
|
718 |
|
}
|
|
715 |
|
}
|
647 |
|
}
|
|
719 |
|
}
|
|
716 |
|
}
|
648 |
|
|
|
720 |
|
|
|
717 |
|
|
649 |
|
re
turn certs
;
|
|
721 |
|
re
turn certs
;
|
|
718 |
|
re
turn certs
;
|
650 |
|
}
|
|
722 |
|
}
|
|
719 |
|
}
|
651 |
|
|
|
723 |
|
|
|
720 |
|
|
652 |
|
|
|
|
|
|
|
|
|
|
653 |
|
/**
|
|
724 |
|
/**
|
|
721 |
|
/**
|
654 |
|
* Associat
e the spec
ified sing
le sign on
identifie
r with the
|
|
725 |
|
* Associat
e the spec
ified sing
le sign on
identifie
r with the
specified
|
|
722 |
|
* Ass
ociate the
specified
single si
gn on iden
tifier wit
h the spec
ified
|
655 |
|
*
specified
Session.
|
|
726 |
|
*
Session.
|
|
723 |
|
* Ses
sion.
|
656 |
|
*
|
|
727 |
|
*
|
|
724 |
|
*
|
657 |
|
* @param s
soId
Single si
gn on iden
tifier
|
|
728 |
|
* @param s
soId
|
|
725 |
|
* @pa
ram ssoId
|
658 |
|
*
@param ses
sion
Session to
be associ
ated
|
|
729 |
|
*
Si
ngle sign
on identif
ier
|
|
726 |
|
*
Si
ngle sign
on identif
ier
|
|
|
|
|
730 |
|
* @pa
ram sessio
n
|
|
727 |
|
* @pa
ram sessio
n
|
|
|
|
|
731 |
|
*
Session to
be associ
ated
|
|
728 |
|
*
Se
ssion to b
e associat
ed
|
659 |
|
*/
|
|
732 |
|
*/
|
|
729 |
|
*/
|
660 |
|
protec
ted void a
ssociate(S
tring ssoI
d, Session
session)
{
|
|
733 |
|
protec
ted void a
ssociate(S
tring ssoI
d, Session
session)
{
|
|
730 |
|
protec
ted void a
ssociate(S
tring ssoI
d, Session
session)
{
|
661 |
|
|
|
734 |
|
|
|
731 |
|
|
662 |
|
if
(sso == n
ull) {
|
|
735 |
|
if
(sso == n
ull) {
|
|
732 |
|
if
(sso == n
ull) {
|
663 |
|
return;
|
|
736 |
|
return;
|
|
733 |
|
return;
|
664 |
|
}
|
|
737 |
|
}
|
|
734 |
|
}
|
665 |
|
ss
o.associat
e(ssoId, s
ession);
|
|
738 |
|
ss
o.associat
e(ssoId, s
ession);
|
|
735 |
|
ss
o.associat
e(ssoId, s
ession);
|
666 |
|
|
|
739 |
|
|
|
736 |
|
|
667 |
|
}
|
|
740 |
|
}
|
|
737 |
|
}
|
668 |
|
|
|
741 |
|
|
|
738 |
|
|
669 |
|
|
|
742 |
|
|
|
739 |
|
|
670 |
|
/**
|
|
743 |
|
privat
e boolean
authentica
teJaspic(R
equest req
uest, Resp
onse respo
nse, Jaspi
cState sta
te,
|
|
740 |
|
privat
e boolean
authentica
teJaspic(R
equest req
uest, Resp
onse respo
nse, Jaspi
cState sta
te,
|
671 |
|
* Aut
henticate
the user m
aking this
request,
based on t
he login
|
|
744 |
|
boolean
requirePri
ncipal) {
|
|
741 |
|
boolean
requirePri
ncipal) {
|
672 |
|
* con
figuration
of the {@
link Conte
xt} with w
hich this
Authentica
tor is
|
|
745 |
|
|
|
742 |
|
|
673 |
|
* ass
ociated.
Return <co
de>true</c
ode> if an
y specifie
d constrai
nt has
|
|
746 |
|
bo
olean cach
edAuth = c
heckForCac
hedAuthent
ication(re
quest, res
ponse, fal
se);
|
|
743 |
|
bo
olean cach
edAuth = c
heckForCac
hedAuthent
ication(re
quest, res
ponse, fal
se);
|
674 |
|
* bee
n satisfie
d, or <cod
e>false</c
ode> if we
have crea
ted a resp
onse
|
|
747 |
|
Su
bject clie
nt = new S
ubject();
|
|
744 |
|
Su
bject clie
nt = new S
ubject();
|
675 |
|
* cha
llenge alr
eady.
|
|
748 |
|
Au
thStatus a
uthStatus;
|
|
745 |
|
Au
thStatus a
uthStatus;
|
676 |
|
*
|
|
749 |
|
tr
y {
|
|
746 |
|
tr
y {
|
677 |
|
* @pa
ram reques
t Request
we are pro
cessing
|
|
750 |
|
authStat
us = state
.serverAut
hContext.v
alidateReq
uest(state
.messageIn
fo, client
, null);
|
|
747 |
|
authStat
us = state
.serverAut
hContext.v
alidateReq
uest(state
.messageIn
fo, client
, null);
|
678 |
|
* @pa
ram respon
se Respons
e we are p
opulating
|
|
751 |
|
}
catch (Aut
hException
e) {
|
|
748 |
|
}
catch (Aut
hException
e) {
|
679 |
|
*
|
|
752 |
|
log.debu
g(sm.getSt
ring("auth
enticator.
loginFail"
), e);
|
|
749 |
|
log.debu
g(sm.getSt
ring("auth
enticator.
loginFail"
), e);
|
680 |
|
* @ex
ception IO
Exception
if an inpu
t/output e
rror occur
s
|
|
753 |
|
return f
alse;
|
|
750 |
|
return f
alse;
|
681 |
|
*/
|
|
754 |
|
}
|
|
751 |
|
}
|
682 |
|
@Overr
ide
|
|
755 |
|
|
|
752 |
|
|
683 |
|
public
abstract
boolean au
thenticate
(Request r
equest,
|
|
756 |
|
re
quest.setR
equest((Ht
tpServletR
equest) st
ate.messag
eInfo.getR
equestMess
age());
|
|
753 |
|
re
quest.setR
equest((Ht
tpServletR
equest) st
ate.messag
eInfo.getR
equestMess
age());
|
684 |
|
HttpServ
letRespons
e response
) throws I
OException
;
|
|
757 |
|
re
sponse.set
Response((
HttpServle
tResponse)
state.mes
sageInfo.g
etResponse
Message())
;
|
|
754 |
|
re
sponse.set
Response((
HttpServle
tResponse)
state.mes
sageInfo.g
etResponse
Message())
;
|
|
|
|
|
758 |
|
|
|
755 |
|
|
|
|
|
|
759 |
|
if
(authStat
us == Auth
Status.SUC
CESS) {
|
|
756 |
|
if
(authStat
us == Auth
Status.SUC
CESS) {
|
|
|
|
|
760 |
|
GenericP
rincipal p
rincipal =
getPrinci
pal(client
);
|
|
757 |
|
GenericP
rincipal p
rincipal =
getPrinci
pal(client
);
|
|
|
|
|
761 |
|
if (log.
isDebugEna
bled()) {
|
|
758 |
|
if (log.
isDebugEna
bled()) {
|
|
|
|
|
762 |
|
log.
debug("Aut
henticated
user: " +
principal
);
|
|
759 |
|
log.
debug("Aut
henticated
user: " +
principal
);
|
|
|
|
|
763 |
|
}
|
|
760 |
|
}
|
|
|
|
|
764 |
|
if (prin
cipal == n
ull) {
|
|
761 |
|
if (prin
cipal == n
ull) {
|
|
|
|
|
765 |
|
requ
est.setUse
rPrincipal
(null);
|
|
762 |
|
requ
est.setUse
rPrincipal
(null);
|
|
|
|
|
766 |
|
requ
est.setAut
hType(null
);
|
|
763 |
|
requ
est.setAut
hType(null
);
|
|
|
|
|
767 |
|
if (
requirePri
ncipal) {
|
|
764 |
|
if (
requirePri
ncipal) {
|
|
|
|
|
768 |
|
return fal
se;
|
|
765 |
|
return fal
se;
|
|
|
|
|
769 |
|
}
|
|
766 |
|
}
|
|
|
|
|
770 |
|
} else i
f (cachedA
uth == fal
se ||
|
|
767 |
|
} else i
f (cachedA
uth == fal
se ||
|
|
|
|
|
771 |
|
!principal
.getUserPr
incipal().
equals(req
uest.getUs
erPrincipa
l())) {
|
|
768 |
|
!principal
.getUserPr
incipal().
equals(req
uest.getUs
erPrincipa
l())) {
|
|
|
|
|
772 |
|
// S
kip regist
ration if
authentica
tion crede
ntials wer
e
|
|
769 |
|
// S
kip regist
ration if
authentica
tion crede
ntials wer
e
|
|
|
|
|
773 |
|
// c
ached and
the Princi
pal did no
t change.
|
|
770 |
|
// c
ached and
the Princi
pal did no
t change.
|
|
|
|
|
774 |
|
requ
est.setNot
e(Constant
s.REQ_JASP
IC_SUBJECT
_NOTE, cli
ent);
|
|
771 |
|
requ
est.setNot
e(Constant
s.REQ_JASP
IC_SUBJECT
_NOTE, cli
ent);
|
|
|
|
|
775 |
|
@Sup
pressWarni
ngs("rawty
pes")// JA
SPIC API u
ses raw ty
pes
|
|
772 |
|
@Sup
pressWarni
ngs("rawty
pes")// JA
SPIC API u
ses raw ty
pes
|
|
|
|
|
776 |
|
Map
map = stat
e.messageI
nfo.getMap
();
|
|
773 |
|
Map
map = stat
e.messageI
nfo.getMap
();
|
|
|
|
|
777 |
|
if (
map != nul
l && map.c
ontainsKey
("javax.se
rvlet.http
.registerS
ession"))
{
|
|
774 |
|
if (
map != nul
l && map.c
ontainsKey
("javax.se
rvlet.http
.registerS
ession"))
{
|
|
|
|
|
778 |
|
register(r
equest, re
sponse, pr
incipal, "
JASPIC", n
ull, null,
true, tru
e);
|
|
775 |
|
register(r
equest, re
sponse, pr
incipal, "
JASPIC", n
ull, null,
true, tru
e);
|
|
|
|
|
779 |
|
} el
se {
|
|
776 |
|
} el
se {
|
|
|
|
|
780 |
|
register(r
equest, re
sponse, pr
incipal, "
JASPIC", n
ull, null)
;
|
|
777 |
|
register(r
equest, re
sponse, pr
incipal, "
JASPIC", n
ull, null)
;
|
|
|
|
|
781 |
|
}
|
|
778 |
|
}
|
|
|
|
|
782 |
|
}
|
|
779 |
|
}
|
|
|
|
|
783 |
|
return t
rue;
|
|
780 |
|
return t
rue;
|
|
|
|
|
784 |
|
}
|
|
781 |
|
}
|
|
|
|
|
785 |
|
re
turn false
;
|
|
782 |
|
re
turn false
;
|
|
|
|
|
786 |
|
}
|
|
783 |
|
}
|
|
|
|
|
787 |
|
|
|
784 |
|
|
|
|
|
|
788 |
|
|
|
785 |
|
|
|
|
|
|
789 |
|
privat
e GenericP
rincipal g
etPrincipa
l(Subject
subject) {
|
|
786 |
|
privat
e GenericP
rincipal g
etPrincipa
l(Subject
subject) {
|
|
|
|
|
790 |
|
if
(subject
== null) {
|
|
787 |
|
if
(subject
== null) {
|
|
|
|
|
791 |
|
return n
ull;
|
|
788 |
|
return n
ull;
|
|
|
|
|
792 |
|
}
|
|
789 |
|
}
|
|
|
|
|
793 |
|
|
|
790 |
|
|
|
|
|
|
794 |
|
Se
t<GenericP
rincipal>
principals
= subject
.getPrivat
eCredentia
ls(Generic
Principal.
class);
|
|
791 |
|
Se
t<GenericP
rincipal>
principals
= subject
.getPrivat
eCredentia
ls(Generic
Principal.
class);
|
|
|
|
|
795 |
|
if
(principa
ls.isEmpty
()) {
|
|
792 |
|
if
(principa
ls.isEmpty
()) {
|
|
|
|
|
796 |
|
return n
ull;
|
|
793 |
|
return n
ull;
|
|
|
|
|
797 |
|
}
|
|
794 |
|
}
|
|
|
|
|
798 |
|
|
|
795 |
|
|
|
|
|
|
799 |
|
re
turn princ
ipals.iter
ator().nex
t();
|
|
796 |
|
re
turn princ
ipals.iter
ator().nex
t();
|
|
|
|
|
800 |
|
}
|
|
797 |
|
}
|
685 |
|
|
|
801 |
|
|
|
798 |
|
|
686 |
|
|
|
802 |
|
|
|
799 |
|
|
687 |
|
/**
|
|
803 |
|
/**
|
|
800 |
|
/**
|
688 |
|
* Che
ck to see
if the use
r has alre
ady been a
uthenticat
ed earlier
in the
|
|
804 |
|
* Che
ck to see
if the use
r has alre
ady been a
uthenticat
ed earlier
in the
|
|
801 |
|
* Che
ck to see
if the use
r has alre
ady been a
uthenticat
ed earlier
in the
|
689 |
|
* pro
cessing ch
ain or if
there is e
nough info
rmation av
ailable to
|
|
805 |
|
* pro
cessing ch
ain or if
there is e
nough info
rmation av
ailable to
|
|
802 |
|
* pro
cessing ch
ain or if
there is e
nough info
rmation av
ailable to
|
690 |
|
* aut
henticate
the user w
ithout req
uiring fur
ther user
interactio
n.
|
|
806 |
|
* aut
henticate
the user w
ithout req
uiring fur
ther user
interactio
n.
|
|
803 |
|
* aut
henticate
the user w
ithout req
uiring fur
ther user
interactio
n.
|
691 |
|
*
|
|
807 |
|
*
|
|
804 |
|
*
|
692 |
|
* @param r
equest
The curre
nt request
|
|
808 |
|
* @param r
equest
|
|
805 |
|
* @pa
ram reques
t
|
693 |
|
*
@param res
ponse
The curren
t re
spons
e
|
|
809 |
|
*
The curren
t re
qu
e
st
|
|
806 |
|
*
Th
e current
request
|
694 |
|
*
@param use
SSO
Should inf
ormation a
vailable f
rom SSO be
used to a
ttempt
|
|
810 |
|
* @pa
ram respon
se
|
|
807 |
|
* @pa
ram respon
se
|
695 |
|
*
to
authentica
te the cur
rent user?
|
|
811 |
|
*
Th
e current
response
|
|
808 |
|
*
Th
e current
response
|
|
|
|
|
812 |
|
* @pa
ram useSSO
|
|
809 |
|
* @pa
ram useSSO
|
|
|
|
|
813 |
|
*
Should inf
ormation a
vailable f
rom SSO be
used to a
ttempt
to
|
|
810 |
|
*
Sh
ould infor
mation ava
ilable fro
m SSO be u
sed to att
empt to
|
|
|
|
|
814 |
|
*
authentica
te the cur
rent user?
|
|
811 |
|
*
au
thenticate
the curre
nt user?
|
696 |
|
*
|
|
815 |
|
*
|
|
812 |
|
*
|
697 |
|
* @re
turn <code
>true</cod
e> if the
user was a
uthenticat
ed via the
cache,
|
|
816 |
|
* @re
turn <code
>true</cod
e> if the
user was a
uthenticat
ed via the
cache,
|
|
813 |
|
* @re
turn <code
>true</cod
e> if the
user was a
uthenticat
ed via the
cache,
|
698 |
|
*
other
wise <code
>false</co
de>
|
|
817 |
|
*
other
wise <code
>false</co
de>
|
|
814 |
|
*
other
wise <code
>false</co
de>
|
699 |
|
*/
|
|
818 |
|
*/
|
|
815 |
|
*/
|
700 |
|
protected
boolean ch
eckForCach
edAuthenti
cation(Req
uest reque
st,
|
|
819 |
|
protected
boolean ch
eckForCach
edAuthenti
cation(Req
uest reque
st,
HttpServl
etResponse
response,
boolean u
seSSO) {
|
|
816 |
|
protec
ted boolea
n checkFor
CachedAuth
entication
(Request r
equest, Ht
tpServletR
esponse re
sponse, bo
olean useS
SO) {
|
701 |
|
HttpServ
letRespons
e response
, boolean
useSSO) {
|
|
|
|
|
|
|
|
|
702 |
|
|
|
820 |
|
|
|
817 |
|
|
703 |
|
//
Has the u
ser alread
y been aut
henticated
?
|
|
821 |
|
//
Has the u
ser alread
y been aut
henticated
?
|
|
818 |
|
//
Has the u
ser alread
y been aut
henticated
?
|
704 |
|
Pr
incipal pr
incipal =
request.ge
tUserPrinc
ipal();
|
|
822 |
|
Pr
incipal pr
incipal =
request.ge
tUserPrinc
ipal();
|
|
819 |
|
Pr
incipal pr
incipal =
request.ge
tUserPrinc
ipal();
|
705 |
|
St
ring ssoId
= (String
) request.
getNote(Co
nstants.RE
Q_SSOID_NO
TE);
|
|
823 |
|
St
ring ssoId
= (String
) request.
getNote(Co
nstants.RE
Q_SSOID_NO
TE);
|
|
820 |
|
St
ring ssoId
= (String
) request.
getNote(Co
nstants.RE
Q_SSOID_NO
TE);
|
706 |
|
if
(principa
l != null)
{
|
|
824 |
|
if
(principa
l != null)
{
|
|
821 |
|
if
(principa
l != null)
{
|
707 |
|
if (log.
isDebugEna
bled()) {
|
|
825 |
|
if (log.
isDebugEna
bled()) {
|
|
822 |
|
if (log.
isDebugEna
bled()) {
|
708 |
|
log.
debug(sm.g
etString("
authentica
tor.check.
found", pr
incipal.ge
tName()));
|
|
826 |
|
log.
debug(sm.g
etString("
authentica
tor.check.
found", pr
incipal.ge
tName()));
|
|
823 |
|
log.
debug(sm.g
etString("
authentica
tor.check.
found", pr
incipal.ge
tName()));
|
709 |
|
}
|
|
827 |
|
}
|
|
824 |
|
}
|
710 |
|
// Assoc
iate the s
ession wit
h any exis
ting SSO s
ession. Ev
en if
|
|
828 |
|
// Assoc
iate the s
ession wit
h any exis
ting SSO s
ession. Ev
en if
|
|
825 |
|
// Assoc
iate the s
ession wit
h any exis
ting SSO s
ession. Ev
en if
|
711 |
|
// useSS
O is false
, this wil
l ensure c
oordinated
session
|
|
829 |
|
// useSS
O is false
, this wil
l ensure c
oordinated
session
|
|
826 |
|
// useSS
O is false
, this wil
l ensure c
oordinated
session
|
712 |
|
// inval
idation at
log out.
|
|
830 |
|
// inval
idation at
log out.
|
|
827 |
|
// inval
idation at
log out.
|
713 |
|
if (ssoI
d != null)
{
|
|
831 |
|
if (ssoI
d != null)
{
|
|
828 |
|
if (ssoI
d != null)
{
|
714 |
|
asso
ciate(ssoI
d, request
.getSessio
nInternal(
true));
|
|
832 |
|
asso
ciate(ssoI
d, request
.getSessio
nInternal(
true));
|
|
829 |
|
asso
ciate(ssoI
d, request
.getSessio
nInternal(
true));
|
715 |
|
}
|
|
833 |
|
}
|
|
830 |
|
}
|
716 |
|
return t
rue;
|
|
834 |
|
return t
rue;
|
|
831 |
|
return t
rue;
|
717 |
|
}
|
|
835 |
|
}
|
|
832 |
|
}
|
718 |
|
|
|
836 |
|
|
|
833 |
|
|
719 |
|
//
Is there
an SSO ses
sion again
st which w
e can try
to reauthe
nticate?
|
|
837 |
|
//
Is there
an SSO ses
sion again
st which w
e can try
to reauthe
nticate?
|
|
834 |
|
//
Is there
an SSO ses
sion again
st which w
e can try
to reauthe
nticate?
|
720 |
|
if
(useSSO &
& ssoId !=
null) {
|
|
838 |
|
if
(useSSO &
& ssoId !=
null) {
|
|
835 |
|
if
(useSSO &
& ssoId !=
null) {
|
721 |
|
if (log.
isDebugEna
bled()) {
|
|
839 |
|
if (log.
isDebugEna
bled()) {
|
|
836 |
|
if (log.
isDebugEna
bled()) {
|
722 |
|
log.
debug(sm.g
etString("
authentica
tor.check.
sso", ssoI
d));
|
|
840 |
|
log.
debug(sm.g
etString("
authentica
tor.check.
sso", ssoI
d));
|
|
837 |
|
log.
debug(sm.g
etString("
authentica
tor.check.
sso", ssoI
d));
|
723 |
|
}
|
|
841 |
|
}
|
|
838 |
|
}
|
724 |
|
/
* Try to r
eauthentic
ate using
data cache
d by SSO.
If this fa
ils,
|
|
842 |
|
/*
|
|
839 |
|
/*
|
725 |
|
either the
original
SSO logon
was of DIG
EST or SSL
(which
|
|
843 |
|
* Try to r
eauthentic
ate using
data cache
d by SSO.
If this fa
ils,
|
|
840 |
|
* Try t
o reauthen
ticate usi
ng data ca
ched by SS
O. If this
fails,
|
726 |
|
we
can't rea
uthenticat
e ourselve
s because
there is n
o
|
|
844 |
|
*
either the
original
SSO logon
was of DIG
EST or SSL
(which
we
|
|
841 |
|
* eithe
r the orig
inal SSO l
ogon was o
f DIGEST o
r SSL (whi
ch we
|
727 |
|
cached
username
and passwo
rd), or th
e realm de
nied
|
|
845 |
|
*
can't rea
uthenticat
e ourselve
s because
there is n
o
cached
|
|
842 |
|
* can't
reauthent
icate ours
elves beca
use there
is no cach
ed
|
728 |
|
the user's
reauthent
ication fo
r some rea
son.
|
|
846 |
|
*
username
and passwo
rd), or th
e realm de
nied
the user'
s
|
|
843 |
|
* usern
ame and pa
ssword), o
r the real
m denied t
he user's
|
729 |
|
In either
case we ha
ve to
prompt th
e user for
a logon
*/
|
|
847 |
|
*
reauthent
ication fo
r some rea
son.
In either
case we h
ave to
|
|
844 |
|
* reaut
henticatio
n for some
reason. I
n either c
ase we hav
e to
|
|
|
|
|
848 |
|
*
prompt th
e user for
a logon
|
|
845 |
|
* promp
t the user
for a log
on
|
|
|
|
|
849 |
|
*/
|
|
846 |
|
*/
|
730 |
|
if (reau
thenticate
FromSSO(ss
oId, reque
st)) {
|
|
850 |
|
if (reau
thenticate
FromSSO(ss
oId, reque
st)) {
|
|
847 |
|
if (reau
thenticate
FromSSO(ss
oId, reque
st)) {
|
731 |
|
retu
rn true;
|
|
851 |
|
retu
rn true;
|
|
848 |
|
retu
rn true;
|
732 |
|
}
|
|
852 |
|
}
|
|
849 |
|
}
|
733 |
|
}
|
|
853 |
|
}
|
|
850 |
|
}
|
734 |
|
|
|
854 |
|
|
|
851 |
|
|
735 |
|
//
Has the C
onnector p
rovided a
pre-authen
ticated Pr
incipal th
at now
|
|
855 |
|
//
Has the C
onnector p
rovided a
pre-authen
ticated Pr
incipal th
at now
|
|
852 |
|
//
Has the C
onnector p
rovided a
pre-authen
ticated Pr
incipal th
at now
|
736 |
|
//
needs to
be authori
zed?
|
|
856 |
|
//
needs to
be authori
zed?
|
|
853 |
|
//
needs to
be authori
zed?
|
737 |
|
if
(request.
getCoyoteR
equest().g
etRemoteUs
erNeedsAut
horization
()) {
|
|
857 |
|
if
(request.
getCoyoteR
equest().g
etRemoteUs
erNeedsAut
horization
()) {
|
|
854 |
|
if
(request.
getCoyoteR
equest().g
etRemoteUs
erNeedsAut
horization
()) {
|
738 |
|
String u
sername =
request.ge
tCoyoteReq
uest().get
RemoteUser
().toStrin
g();
|
|
858 |
|
String u
sername =
request.ge
tCoyoteReq
uest().get
RemoteUser
().toStrin
g();
|
|
855 |
|
String u
sername =
request.ge
tCoyoteReq
uest().get
RemoteUser
().toStrin
g();
|
739 |
|
if (user
name != nu
ll) {
|
|
859 |
|
if (user
name != nu
ll) {
|
|
856 |
|
if (user
name != nu
ll) {
|
740 |
|
if (
log.isDebu
gEnabled()
) {
|
|
860 |
|
if (
log.isDebu
gEnabled()
) {
|
|
857 |
|
if (
log.isDebu
gEnabled()
) {
|
741 |
|
log.debug(
sm.getStri
ng("authen
ticator.ch
eck.author
ize", user
name));
|
|
861 |
|
log.debug(
sm.getStri
ng("authen
ticator.ch
eck.author
ize", user
name));
|
|
858 |
|
log.debug(
sm.getStri
ng("authen
ticator.ch
eck.author
ize", user
name));
|
742 |
|
}
|
|
862 |
|
}
|
|
859 |
|
}
|
743 |
|
Prin
cipal auth
orized = c
ontext.get
Realm().au
thenticate
(username)
;
|
|
863 |
|
Prin
cipal auth
orized = c
ontext.get
Realm().au
thenticate
(username)
;
|
|
860 |
|
Prin
cipal auth
orized = c
ontext.get
Realm().au
thenticate
(username)
;
|
744 |
|
if (
authorized
== null)
{
|
|
864 |
|
if (
authorized
== null)
{
|
|
861 |
|
if (
authorized
== null)
{
|
745 |
|
// Realm d
oesn't rec
ognise use
r. Create
a user wit
h no roles
|
|
865 |
|
// Realm d
oesn't rec
ognise use
r. Create
a user wit
h no roles
|
|
862 |
|
// Realm d
oesn't rec
ognise use
r. Create
a user wit
h no roles
|
746 |
|
// from th
e authenti
cated user
name
|
|
866 |
|
// from th
e authenti
cated user
name
|
|
863 |
|
// from th
e authenti
cated user
name
|
747 |
|
if (log.is
DebugEnabl
ed()) {
|
|
867 |
|
if (log.is
DebugEnabl
ed()) {
|
|
864 |
|
if (log.is
DebugEnabl
ed()) {
|
748 |
|
log.de
bug(sm.get
String("au
thenticato
r.check.au
thorizeFai
l", userna
me));
|
|
868 |
|
log.de
bug(sm.get
String("au
thenticato
r.check.au
thorizeFai
l", userna
me));
|
|
865 |
|
log.de
bug(sm.get
String("au
thenticato
r.check.au
thorizeFai
l", userna
me));
|
749 |
|
}
|
|
869 |
|
}
|
|
866 |
|
}
|
750 |
|
authorized
= new Gen
ericPrinci
pal(userna
me, null,
null);
|
|
870 |
|
authorized
= new Gen
ericPrinci
pal(userna
me, null,
null);
|
|
867 |
|
authorized
= new Gen
ericPrinci
pal(userna
me, null,
null);
|
751 |
|
}
|
|
871 |
|
}
|
|
868 |
|
}
|
752 |
|
Stri
ng authTyp
e = reques
t.getAuthT
ype();
|
|
872 |
|
Stri
ng authTyp
e = reques
t.getAuthT
ype();
|
|
869 |
|
Stri
ng authTyp
e = reques
t.getAuthT
ype();
|
753 |
|
if (
authType =
= null ||
authType.l
ength() ==
0) {
|
|
873 |
|
if (
authType =
= null ||
authType.l
ength() ==
0) {
|
|
870 |
|
if (
authType =
= null ||
authType.l
ength() ==
0) {
|
754 |
|
authType =
getAuthMe
thod();
|
|
874 |
|
authType =
getAuthMe
thod();
|
|
871 |
|
authType =
getAuthMe
thod();
|
755 |
|
}
|
|
875 |
|
}
|
|
872 |
|
}
|
756 |
|
regi
ster(reque
st, respon
se, author
ized, auth
Type, user
name, null
);
|
|
876 |
|
regi
ster(reque
st, respon
se, author
ized, auth
Type, user
name, null
);
|
|
873 |
|
regi
ster(reque
st, respon
se, author
ized, auth
Type, user
name, null
);
|
757 |
|
retu
rn true;
|
|
877 |
|
retu
rn true;
|
|
874 |
|
retu
rn true;
|
758 |
|
}
|
|
878 |
|
}
|
|
875 |
|
}
|
759 |
|
}
|
|
879 |
|
}
|
|
876 |
|
}
|
760 |
|
re
turn false
;
|
|
880 |
|
re
turn false
;
|
|
877 |
|
re
turn false
;
|
761 |
|
}
|
|
881 |
|
}
|
|
878 |
|
}
|
762 |
|
|
|
882 |
|
|
|
879 |
|
|
763 |
|
|
|
|
|
|
|
|
|
|
764 |
|
/**
|
|
883 |
|
/**
|
|
880 |
|
/**
|
765 |
|
* Attempts
reauthent
ication to
the <code
>Realm</co
de> using
|
|
884 |
|
* Attempts
reauthent
ication to
the <code
>Realm</co
de> using
the crede
ntials
|
|
881 |
|
* Att
empts reau
thenticati
on to the
<code>Real
m</code> u
sing the c
redentials
|
766 |
|
*
the creden
tials
included i
n argument
<code>ent
ry</code>.
|
|
885 |
|
*
included i
n argument
<code>ent
ry</code>.
|
|
882 |
|
* inc
luded in a
rgument <c
ode>entry<
/code>.
|
767 |
|
*
|
|
886 |
|
*
|
|
883 |
|
*
|
768 |
|
*
@param sso
Id
identifier
of Single
SignOn ses
sion with
which the
|
|
887 |
|
* @pa
ram ssoId
|
|
884 |
|
* @pa
ram ssoId
|
769 |
|
*
caller is
associated
|
|
888 |
|
*
identifier
of Single
SignOn ses
sion with
which the
caller is
|
|
885 |
|
*
id
entifier o
f SingleSi
gnOn sessi
on with wh
ich the ca
ller is
|
770 |
|
*
@param req
uest
the reques
t that nee
ds to be a
uthenticat
ed
|
|
889 |
|
*
associated
|
|
886 |
|
*
as
sociated
|
|
|
|
|
890 |
|
* @pa
ram reques
t
|
|
887 |
|
* @pa
ram reques
t
|
|
|
|
|
891 |
|
*
the reques
t that nee
ds to be a
uthenticat
ed
|
|
888 |
|
*
th
e request
that needs
to be aut
henticated
|
|
|
|
|
892 |
|
* @re
turn <code
>true</cod
e> if the
reauthenti
cation fro
m SSL occu
rred
|
|
889 |
|
* @re
turn <code
>true</cod
e> if the
reauthenti
cation fro
m SSL occu
rred
|
771 |
|
*/
|
|
893 |
|
*/
|
|
890 |
|
*/
|
772 |
|
protec
ted boolea
n reauthen
ticateFrom
SSO(String
ssoId, Re
quest requ
est) {
|
|
894 |
|
protec
ted boolea
n reauthen
ticateFrom
SSO(String
ssoId, Re
quest requ
est) {
|
|
891 |
|
protec
ted boolea
n reauthen
ticateFrom
SSO(String
ssoId, Re
quest requ
est) {
|
773 |
|
|
|
895 |
|
|
|
892 |
|
|
774 |
|
if
(sso == n
ull || sso
Id == null
) {
|
|
896 |
|
if
(sso == n
ull || sso
Id == null
) {
|
|
893 |
|
if
(sso == n
ull || sso
Id == null
) {
|
775 |
|
return f
alse;
|
|
897 |
|
return f
alse;
|
|
894 |
|
return f
alse;
|
776 |
|
}
|
|
898 |
|
}
|
|
895 |
|
}
|
777 |
|
|
|
899 |
|
|
|
896 |
|
|
778 |
|
bo
olean reau
thenticate
d = false;
|
|
900 |
|
bo
olean reau
thenticate
d = false;
|
|
897 |
|
bo
olean reau
thenticate
d = false;
|
779 |
|
|
|
901 |
|
|
|
898 |
|
|
780 |
|
Co
ntainer pa
rent = get
Container(
);
|
|
902 |
|
Co
ntainer pa
rent = get
Container(
);
|
|
899 |
|
Co
ntainer pa
rent = get
Container(
);
|
781 |
|
if
(parent !
= null) {
|
|
903 |
|
if
(parent !
= null) {
|
|
900 |
|
if
(parent !
= null) {
|
782 |
|
Realm re
alm = pare
nt.getReal
m();
|
|
904 |
|
Realm re
alm = pare
nt.getReal
m();
|
|
901 |
|
Realm re
alm = pare
nt.getReal
m();
|
783 |
|
if (real
m != null)
{
|
|
905 |
|
if (real
m != null)
{
|
|
902 |
|
if (real
m != null)
{
|
784 |
|
reau
thenticate
d = sso.re
authentica
te(ssoId,
realm, req
uest);
|
|
906 |
|
reau
thenticate
d = sso.re
authentica
te(ssoId,
realm, req
uest);
|
|
903 |
|
reau
thenticate
d = sso.re
authentica
te(ssoId,
realm, req
uest);
|
785 |
|
}
|
|
907 |
|
}
|
|
904 |
|
}
|
786 |
|
}
|
|
908 |
|
}
|
|
905 |
|
}
|
787 |
|
|
|
909 |
|
|
|
906 |
|
|
788 |
|
if
(reauthen
ticated) {
|
|
910 |
|
if
(reauthen
ticated) {
|
|
907 |
|
if
(reauthen
ticated) {
|
789 |
|
associat
e(ssoId, r
equest.get
SessionInt
ernal(true
));
|
|
911 |
|
associat
e(ssoId, r
equest.get
SessionInt
ernal(true
));
|
|
908 |
|
associat
e(ssoId, r
equest.get
SessionInt
ernal(true
));
|
790 |
|
|
|
912 |
|
|
|
909 |
|
|
791 |
|
if (log.
isDebugEna
bled()) {
|
|
913 |
|
if (log.
isDebugEna
bled()) {
|
|
910 |
|
if (log.
isDebugEna
bled()) {
|
792 |
|
log.
debug(" Re
authentica
ted cached
principal
'" +
|
|
914 |
|
log.
debug(" Re
authentica
ted cached
principal
'" +
|
|
911 |
|
log.
debug(" Re
authentica
ted cached
principal
'" +
|
793 |
|
requ
est.getUse
rPrincipal
().getName
() +
|
|
915 |
|
reques
t.getUserP
rincipal()
.getName()
+
|
|
912 |
|
reques
t.getUserP
rincipal()
.getName()
+
|
794 |
|
"' w
ith auth t
ype '" +
request.ge
tAuthType(
) + "'");
|
|
916 |
|
"' wit
h auth typ
e '" + req
uest.getAu
thType() +
"'");
|
|
913 |
|
"' wit
h auth typ
e '" + req
uest.getAu
thType() +
"'");
|
795 |
|
}
|
|
917 |
|
}
|
|
914 |
|
}
|
796 |
|
}
|
|
918 |
|
}
|
|
915 |
|
}
|
797 |
|
|
|
919 |
|
|
|
916 |
|
|
798 |
|
re
turn reaut
henticated
;
|
|
920 |
|
re
turn reaut
henticated
;
|
|
917 |
|
re
turn reaut
henticated
;
|
799 |
|
}
|
|
921 |
|
}
|
|
918 |
|
}
|
800 |
|
|
|
922 |
|
|
|
919 |
|
|
801 |
|
|
|
|
|
|
|
|
|
|
802 |
|
/**
|
|
923 |
|
/**
|
|
920 |
|
/**
|
803 |
|
* Reg
ister an a
uthenticat
ed Princip
al and aut
henticatio
n type in
our
|
|
924 |
|
* Reg
ister an a
uthenticat
ed Princip
al and aut
henticatio
n type in
our
|
|
921 |
|
* Reg
ister an a
uthenticat
ed Princip
al and aut
henticatio
n type in
our
|
804 |
|
* req
uest, in t
he current
session (
if there i
s one), an
d with our
|
|
925 |
|
* req
uest, in t
he current
session (
if there i
s one), an
d with our
|
|
922 |
|
* req
uest, in t
he current
session (
if there i
s one), an
d with our
|
805 |
|
* SingleSi
gnOn valve
, if there
is one.
Set the ap
propriate
cookie
|
|
926 |
|
* SingleSi
gnOn valve
, if there
is one. S
et the app
ropriate c
ookie
to be
|
|
923 |
|
* Sin
gleSignOn
valve, if
there is o
ne. Set th
e appropri
ate cookie
to be
|
806 |
|
*
to be
returned.
|
|
927 |
|
*
returned.
|
|
924 |
|
* ret
urned.
|
807 |
|
*
|
|
928 |
|
*
|
|
925 |
|
*
|
808 |
|
*
@param req
uest
The servle
t request
we are pro
cessing
|
|
929 |
|
* @pa
ram reques
t
|
|
926 |
|
* @pa
ram reques
t
|
809 |
|
*
@param res
ponse
The servle
t response
we are ge
nerating
|
|
930 |
|
*
The servle
t request
we are pro
cessing
|
|
927 |
|
*
Th
e servlet
request we
are proce
ssing
|
810 |
|
*
@param pri
ncipal
The authen
ticated Pr
incipal to
be regist
ered
|
|
931 |
|
* @pa
ram respon
se
|
|
928 |
|
* @pa
ram respon
se
|
811 |
|
*
@param aut
hType
The authen
tication t
ype to be
registered
|
|
932 |
|
*
The servle
t response
we are ge
nerating
|
|
929 |
|
*
Th
e servlet
response w
e are gene
rating
|
812 |
|
*
@param use
rname
Username u
sed to aut
henticate
(if any)
|
|
933 |
|
* @pa
ram princi
pal
|
|
930 |
|
* @pa
ram princi
pal
|
813 |
|
*
@param pas
sword
Password u
sed to aut
henticate
(if any)
|
|
934 |
|
*
The authen
ticated Pr
incipal to
be regist
ered
|
|
931 |
|
*
Th
e authenti
cated Prin
cipal to b
e register
ed
|
|
|
|
|
935 |
|
* @pa
ram authTy
pe
|
|
932 |
|
* @pa
ram authTy
pe
|
|
|
|
|
936 |
|
*
The authen
tication t
ype to be
registered
|
|
933 |
|
*
Th
e authenti
cation typ
e to be re
gistered
|
|
|
|
|
937 |
|
* @pa
ram userna
me
|
|
934 |
|
* @pa
ram userna
me
|
|
|
|
|
938 |
|
*
Username u
sed to aut
henticate
(if any)
|
|
935 |
|
*
Us
ername use
d to authe
nticate (i
f any)
|
|
|
|
|
939 |
|
* @pa
ram passwo
rd
|
|
936 |
|
* @pa
ram passwo
rd
|
|
|
|
|
940 |
|
*
Password u
sed to aut
henticate
(if any)
|
|
937 |
|
*
Pa
ssword use
d to authe
nticate (i
f any)
|
814 |
|
*/
|
|
941 |
|
*/
|
|
938 |
|
*/
|
815 |
|
public voi
d register
(Request r
equest, Ht
tpServletR
esponse re
sponse,
|
|
942 |
|
public voi
d register
(Request r
equest, Ht
tpServletR
esponse re
sponse,
Principal
principal
,
|
|
939 |
|
public
void regi
ster(Reque
st request
, HttpServ
letRespons
e response
, Principa
l principa
l,
|
816 |
|
Pr
incipal pr
incipal, S
tring auth
Type,
|
|
943 |
|
String a
uthType, S
tring user
name, Stri
ng passwor
d) {
|
|
940 |
|
String a
uthType, S
tring user
name, Stri
ng passwor
d) {
|
817 |
|
String
username,
String pas
sword
)
{
|
|
944 |
|
re
gister(req
uest, resp
onse, prin
cipal, aut
hType, use
rname, pas
sword, alw
aysUseSess
ion, cache
);
|
|
941 |
|
re
gister(req
uest, resp
onse, prin
cipal, aut
hType, use
rname, pas
sword, alw
aysUseSess
ion, cache
);
|
|
|
|
|
945 |
|
}
|
|
942 |
|
}
|
|
|
|
|
946 |
|
|
|
943 |
|
|
|
|
|
|
947 |
|
|
|
944 |
|
|
|
|
|
|
948 |
|
privat
e void reg
ister(Requ
est reques
t, HttpSer
vletRespon
se respons
e, Princip
al princip
al,
|
|
945 |
|
privat
e void reg
ister(Requ
est reques
t, HttpSer
vletRespon
se respons
e, Princip
al princip
al,
|
|
|
|
|
949 |
|
String
authType,
String
username,
String pas
sword
,
boolean al
waysUseSes
sion,
|
|
946 |
|
String a
uthType, S
tring user
name, Stri
ng passwor
d, boolean
alwaysUse
Session,
|
|
|
|
|
950 |
|
boolean
cache) {
|
|
947 |
|
boolean
cache) {
|
818 |
|
|
|
951 |
|
|
|
948 |
|
|
819 |
|
if
(log.isDe
bugEnabled
()) {
|
|
952 |
|
if
(log.isDe
bugEnabled
()) {
|
|
949 |
|
if
(log.isDe
bugEnabled
()) {
|
820 |
|
String n
ame = (pri
ncipal ==
null) ? "n
one" : pri
ncipal.get
Name();
|
|
953 |
|
String n
ame = (pri
ncipal ==
null) ? "n
one" : pri
ncipal.get
Name();
|
|
950 |
|
String n
ame = (pri
ncipal ==
null) ? "n
one" : pri
ncipal.get
Name();
|
821 |
|
log.debug(
"Authentic
ated '" +
name + "'
with type
'" + authT
ype +
|
|
954 |
|
log.debug(
"Authentic
ated '" +
name + "'
with type
'" + authT
ype +
"'");
|
|
951 |
|
log.debu
g("Authent
icated '"
+ name + "
' with typ
e '" + aut
hType + "'
");
|
822 |
|
"'");
|
|
|
|
|
|
|
|
|
823 |
|
}
|
|
955 |
|
}
|
|
952 |
|
}
|
824 |
|
|
|
956 |
|
|
|
953 |
|
|
825 |
|
//
Cache the
authentic
ation info
rmation in
our reque
st
|
|
957 |
|
//
Cache the
authentic
ation info
rmation in
our reque
st
|
|
954 |
|
//
Cache the
authentic
ation info
rmation in
our reque
st
|
826 |
|
re
quest.setA
uthType(au
thType);
|
|
958 |
|
re
quest.setA
uthType(au
thType);
|
|
955 |
|
re
quest.setA
uthType(au
thType);
|
827 |
|
re
quest.setU
serPrincip
al(princip
al);
|
|
959 |
|
re
quest.setU
serPrincip
al(princip
al);
|
|
956 |
|
re
quest.setU
serPrincip
al(princip
al);
|
828 |
|
|
|
960 |
|
|
|
957 |
|
|
829 |
|
Se
ssion sess
ion = requ
est.getSes
sionIntern
al(false);
|
|
961 |
|
Se
ssion sess
ion = requ
est.getSes
sionIntern
al(false);
|
|
958 |
|
Se
ssion sess
ion = requ
est.getSes
sionIntern
al(false);
|
830 |
|
|
|
962 |
|
|
|
959 |
|
|
831 |
|
if
(session
!= null) {
|
|
963 |
|
if
(session
!= null) {
|
|
960 |
|
if
(session
!= null) {
|
832 |
|
// If th
e principa
l is null
then this
is a logou
t. No need
to change
|
|
964 |
|
// If th
e principa
l is null
then this
is a logou
t. No need
to change
|
|
961 |
|
// If th
e principa
l is null
then this
is a logou
t. No need
to change
|
833 |
|
// the s
ession ID.
See BZ 59
043.
|
|
965 |
|
// the s
ession ID.
See BZ 59
043.
|
|
962 |
|
// the s
ession ID.
See BZ 59
043.
|
834 |
|
if (chan
geSessionI
dOnAuthent
ication &&
principal
!= null)
{
|
|
966 |
|
if (chan
geSessionI
dOnAuthent
ication &&
principal
!= null)
{
|
|
963 |
|
if (chan
geSessionI
dOnAuthent
ication &&
principal
!= null)
{
|
835 |
|
Stri
ng oldId =
null;
|
|
967 |
|
Stri
ng oldId =
null;
|
|
964 |
|
Stri
ng oldId =
null;
|
836 |
|
if (
log.isDebu
gEnabled()
) {
|
|
968 |
|
if (
log.isDebu
gEnabled()
) {
|
|
965 |
|
if (
log.isDebu
gEnabled()
) {
|
837 |
|
oldId = se
ssion.getI
d();
|
|
969 |
|
oldId = se
ssion.getI
d();
|
|
966 |
|
oldId = se
ssion.getI
d();
|
838 |
|
}
|
|
970 |
|
}
|
|
967 |
|
}
|
839 |
|
Mana
ger manage
r = reques
t.getConte
xt().getMa
nager();
|
|
971 |
|
Mana
ger manage
r = reques
t.getConte
xt().getMa
nager();
|
|
968 |
|
Mana
ger manage
r = reques
t.getConte
xt().getMa
nager();
|
840 |
|
mana
ger.change
SessionId(
session);
|
|
972 |
|
mana
ger.change
SessionId(
session);
|
|
969 |
|
mana
ger.change
SessionId(
session);
|
841 |
|
requ
est.change
SessionId(
session.ge
tId());
|
|
973 |
|
requ
est.change
SessionId(
session.ge
tId());
|
|
970 |
|
requ
est.change
SessionId(
session.ge
tId());
|
842 |
|
if (
log.isDebu
gEnabled()
) {
|
|
974 |
|
if (
log.isDebu
gEnabled()
) {
|
|
971 |
|
if (
log.isDebu
gEnabled()
) {
|
843 |
|
log.debug(
sm.getStri
ng("authen
ticator.ch
angeSessio
nId",
|
|
975 |
|
log.debug(
sm.getStri
ng("authen
ticator.ch
angeSessio
nId",
|
|
972 |
|
log.debug(
sm.getStri
ng("authen
ticator.ch
angeSessio
nId",
|
844 |
|
ol
dId, sessi
on.getId()
));
|
|
976 |
|
ol
dId, sessi
on.getId()
));
|
|
973 |
|
ol
dId, sessi
on.getId()
));
|
845 |
|
}
|
|
977 |
|
}
|
|
974 |
|
}
|
846 |
|
}
|
|
978 |
|
}
|
|
975 |
|
}
|
847 |
|
}
else if (a
lwaysUseSe
ssion) {
|
|
979 |
|
}
else if (a
lwaysUseSe
ssion) {
|
|
976 |
|
}
else if (a
lwaysUseSe
ssion) {
|
848 |
|
session
= request.
getSession
Internal(t
rue);
|
|
980 |
|
session
= request.
getSession
Internal(t
rue);
|
|
977 |
|
session
= request.
getSession
Internal(t
rue);
|
849 |
|
}
|
|
981 |
|
}
|
|
978 |
|
}
|
850 |
|
|
|
982 |
|
|
|
979 |
|
|
851 |
|
//
Cache the
authentic
ation info
rmation in
our sessi
on, if any
|
|
983 |
|
//
Cache the
authentic
ation info
rmation in
our sessi
on, if any
|
|
980 |
|
//
Cache the
authentic
ation info
rmation in
our sessi
on, if any
|
852 |
|
if
(cache) {
|
|
984 |
|
if
(cache) {
|
|
981 |
|
if
(cache) {
|
853 |
|
if (sess
ion != nul
l) {
|
|
985 |
|
if (sess
ion != nul
l) {
|
|
982 |
|
if (sess
ion != nul
l) {
|
854 |
|
sess
ion.setAut
hType(auth
Type);
|
|
986 |
|
sess
ion.setAut
hType(auth
Type);
|
|
983 |
|
sess
ion.setAut
hType(auth
Type);
|
855 |
|
sess
ion.setPri
ncipal(pri
ncipal);
|
|
987 |
|
sess
ion.setPri
ncipal(pri
ncipal);
|
|
984 |
|
sess
ion.setPri
ncipal(pri
ncipal);
|
856 |
|
if (
username !
= null) {
|
|
988 |
|
if (
username !
= null) {
|
|
985 |
|
if (
username !
= null) {
|
857 |
|
session.se
tNote(Cons
tants.SESS
_USERNAME_
NOTE, user
name);
|
|
989 |
|
session.se
tNote(Cons
tants.SESS
_USERNAME_
NOTE, user
name);
|
|
986 |
|
session.se
tNote(Cons
tants.SESS
_USERNAME_
NOTE, user
name);
|
858 |
|
} el
se {
|
|
990 |
|
} el
se {
|
|
987 |
|
} el
se {
|
859 |
|
session.re
moveNote(C
onstants.S
ESS_USERNA
ME_NOTE);
|
|
991 |
|
session.re
moveNote(C
onstants.S
ESS_USERNA
ME_NOTE);
|
|
988 |
|
session.re
moveNote(C
onstants.S
ESS_USERNA
ME_NOTE);
|
860 |
|
}
|
|
992 |
|
}
|
|
989 |
|
}
|
861 |
|
if (
password !
= null) {
|
|
993 |
|
if (
password !
= null) {
|
|
990 |
|
if (
password !
= null) {
|
862 |
|
session.se
tNote(Cons
tants.SESS
_PASSWORD_
NOTE, pass
word);
|
|
994 |
|
session.se
tNote(Cons
tants.SESS
_PASSWORD_
NOTE, pass
word);
|
|
991 |
|
session.se
tNote(Cons
tants.SESS
_PASSWORD_
NOTE, pass
word);
|
863 |
|
} el
se {
|
|
995 |
|
} el
se {
|
|
992 |
|
} el
se {
|
864 |
|
session.re
moveNote(C
onstants.S
ESS_PASSWO
RD_NOTE);
|
|
996 |
|
session.re
moveNote(C
onstants.S
ESS_PASSWO
RD_NOTE);
|
|
993 |
|
session.re
moveNote(C
onstants.S
ESS_PASSWO
RD_NOTE);
|
865 |
|
}
|
|
997 |
|
}
|
|
994 |
|
}
|
866 |
|
}
|
|
998 |
|
}
|
|
995 |
|
}
|
867 |
|
}
|
|
999 |
|
}
|
|
996 |
|
}
|
868 |
|
|
|
1000 |
|
|
|
997 |
|
|
869 |
|
//
Construct
a cookie
to be retu
rned to th
e client
|
|
1001 |
|
//
Construct
a cookie
to be retu
rned to th
e client
|
|
998 |
|
//
Construct
a cookie
to be retu
rned to th
e client
|
870 |
|
if
(sso == n
ull) {
|
|
1002 |
|
if
(sso == n
ull) {
|
|
999 |
|
if
(sso == n
ull) {
|
871 |
|
return;
|
|
1003 |
|
return;
|
|
1000 |
|
return;
|
872 |
|
}
|
|
1004 |
|
}
|
|
1001 |
|
}
|
873 |
|
|
|
1005 |
|
|
|
1002 |
|
|
874 |
|
//
Only crea
te a new S
SO entry i
f the SSO
did not al
ready set
a note
|
|
1006 |
|
//
Only crea
te a new S
SO entry i
f the SSO
did not al
ready set
a note
|
|
1003 |
|
//
Only crea
te a new S
SO entry i
f the SSO
did not al
ready set
a note
|
875 |
|
//
for an ex
isting ent
ry (as it
would do w
ith subseq
uent reque
sts
|
|
1007 |
|
//
for an ex
isting ent
ry (as it
would do w
ith subseq
uent reque
sts
|
|
1004 |
|
//
for an ex
isting ent
ry (as it
would do w
ith subseq
uent reque
sts
|
876 |
|
//
for DIGES
T and SSL
authentica
ted contex
ts)
|
|
1008 |
|
//
for DIGES
T and SSL
authentica
ted contex
ts)
|
|
1005 |
|
//
for DIGES
T and SSL
authentica
ted contex
ts)
|
877 |
|
St
ring ssoId
= (String
) request.
getNote(Co
nstants.RE
Q_SSOID_NO
TE);
|
|
1009 |
|
St
ring ssoId
= (String
) request.
getNote(Co
nstants.RE
Q_SSOID_NO
TE);
|
|
1006 |
|
St
ring ssoId
= (String
) request.
getNote(Co
nstants.RE
Q_SSOID_NO
TE);
|
878 |
|
if
(ssoId ==
null) {
|
|
1010 |
|
if
(ssoId ==
null) {
|
|
1007 |
|
if
(ssoId ==
null) {
|
879 |
|
// Const
ruct a coo
kie to be
returned t
o the clie
nt
|
|
1011 |
|
// Const
ruct a coo
kie to be
returned t
o the clie
nt
|
|
1008 |
|
// Const
ruct a coo
kie to be
returned t
o the clie
nt
|
880 |
|
ssoId =
sessionIdG
enerator.g
enerateSes
sionId();
|
|
1012 |
|
ssoId =
sessionIdG
enerator.g
enerateSes
sionId();
|
|
1009 |
|
ssoId =
sessionIdG
enerator.g
enerateSes
sionId();
|
881 |
|
Cookie c
ookie = ne
w Cookie(C
onstants.S
INGLE_SIGN
_ON_COOKIE
, ssoId);
|
|
1013 |
|
Cookie c
ookie = ne
w Cookie(C
onstants.S
INGLE_SIGN
_ON_COOKIE
, ssoId);
|
|
1010 |
|
Cookie c
ookie = ne
w Cookie(C
onstants.S
INGLE_SIGN
_ON_COOKIE
, ssoId);
|
882 |
|
cookie.s
etMaxAge(-
1);
|
|
1014 |
|
cookie.s
etMaxAge(-
1);
|
|
1011 |
|
cookie.s
etMaxAge(-
1);
|
883 |
|
cookie.s
etPath("/"
);
|
|
1015 |
|
cookie.s
etPath("/"
);
|
|
1012 |
|
cookie.s
etPath("/"
);
|
884 |
|
|
|
1016 |
|
|
|
1013 |
|
|
885 |
|
// Bugzi
lla 41217
|
|
1017 |
|
// Bugzi
lla 41217
|
|
1014 |
|
// Bugzi
lla 41217
|
886 |
|
cookie.s
etSecure(r
equest.isS
ecure());
|
|
1018 |
|
cookie.s
etSecure(r
equest.isS
ecure());
|
|
1015 |
|
cookie.s
etSecure(r
equest.isS
ecure());
|
887 |
|
|
|
1019 |
|
|
|
1016 |
|
|
888 |
|
// Bugzi
lla 34724
|
|
1020 |
|
// Bugzi
lla 34724
|
|
1017 |
|
// Bugzi
lla 34724
|
889 |
|
String s
soDomain =
sso.getCo
okieDomain
();
|
|
1021 |
|
String s
soDomain =
sso.getCo
okieDomain
();
|
|
1018 |
|
String s
soDomain =
sso.getCo
okieDomain
();
|
890 |
|
if
(ssoDomain
!= null)
{
|
|
1022 |
|
if
(ssoDomain
!= null)
{
|
|
1019 |
|
if (ssoD
omain != n
ull) {
|
891 |
|
cook
ie.setDoma
in(ssoDoma
in);
|
|
1023 |
|
cook
ie.setDoma
in(ssoDoma
in);
|
|
1020 |
|
cook
ie.setDoma
in(ssoDoma
in);
|
892 |
|
}
|
|
1024 |
|
}
|
|
1021 |
|
}
|
893 |
|
|
|
1025 |
|
|
|
1022 |
|
|
894 |
|
// Configu
re httpOnl
y on SSO c
ookie usin
g same rul
es as sess
ion
cookies
|
|
1026 |
|
// Configu
re httpOnl
y on SSO c
ookie usin
g same rul
es as sess
ion
|
|
1023 |
|
// Confi
gure httpO
nly on SSO
cookie us
ing same r
ules as se
ssion
|
895 |
|
if (reques
t.getServl
etContext(
).getSessi
onCookieCo
nfig().isH
ttpOnly()
||
|
|
1027 |
|
// cooki
es
|
|
1024 |
|
// cooki
es
|
896 |
|
request.ge
tContext()
.getUseHtt
pOnly()) {
|
|
1028 |
|
if (reques
t.getServl
etContext(
).getSessi
onCookieCo
nfig().isH
ttpOnly()
|
|
1025 |
|
if (requ
est.getSer
vletContex
t().getSes
sionCookie
Config().i
sHttpOnly(
)
|
|
|
|
|
1029 |
|
||
request.ge
tContext()
.getUseHtt
pOnly()) {
|
|
1026 |
|
|| request
.getContex
t().getUse
HttpOnly()
) {
|
897 |
|
cook
ie.setHttp
Only(true)
;
|
|
1030 |
|
cook
ie.setHttp
Only(true)
;
|
|
1027 |
|
cook
ie.setHttp
Only(true)
;
|
898 |
|
}
|
|
1031 |
|
}
|
|
1028 |
|
}
|
899 |
|
|
|
1032 |
|
|
|
1029 |
|
|
900 |
|
response
.addCookie
(cookie);
|
|
1033 |
|
response
.addCookie
(cookie);
|
|
1030 |
|
response
.addCookie
(cookie);
|
901 |
|
|
|
1034 |
|
|
|
1031 |
|
|
902 |
|
// Regis
ter this p
rincipal w
ith our SS
O valve
|
|
1035 |
|
// Regis
ter this p
rincipal w
ith our SS
O valve
|
|
1032 |
|
// Regis
ter this p
rincipal w
ith our SS
O valve
|
903 |
|
sso.regi
ster(ssoId
, principa
l, authTyp
e, usernam
e, passwor
d);
|
|
1036 |
|
sso.regi
ster(ssoId
, principa
l, authTyp
e, usernam
e, passwor
d);
|
|
1033 |
|
sso.regi
ster(ssoId
, principa
l, authTyp
e, usernam
e, passwor
d);
|
904 |
|
request.
setNote(Co
nstants.RE
Q_SSOID_NO
TE, ssoId)
;
|
|
1037 |
|
request.
setNote(Co
nstants.RE
Q_SSOID_NO
TE, ssoId)
;
|
|
1034 |
|
request.
setNote(Co
nstants.RE
Q_SSOID_NO
TE, ssoId)
;
|
905 |
|
|
|
1038 |
|
|
|
1035 |
|
|
906 |
|
}
else {
|
|
1039 |
|
}
else {
|
|
1036 |
|
}
else {
|
907 |
|
if (prin
cipal == n
ull) {
|
|
1040 |
|
if (prin
cipal == n
ull) {
|
|
1037 |
|
if (prin
cipal == n
ull) {
|
908 |
|
// R
egistering
a program
matic logo
ut
|
|
1041 |
|
// R
egistering
a program
matic logo
ut
|
|
1038 |
|
// R
egistering
a program
matic logo
ut
|
909 |
|
sso.
deregister
(ssoId);
|
|
1042 |
|
sso.
deregister
(ssoId);
|
|
1039 |
|
sso.
deregister
(ssoId);
|
910 |
|
requ
est.remove
Note(Const
ants.REQ_S
SOID_NOTE)
;
|
|
1043 |
|
requ
est.remove
Note(Const
ants.REQ_S
SOID_NOTE)
;
|
|
1040 |
|
requ
est.remove
Note(Const
ants.REQ_S
SOID_NOTE)
;
|
911 |
|
retu
rn;
|
|
1044 |
|
retu
rn;
|
|
1041 |
|
retu
rn;
|
912 |
|
} else {
|
|
1045 |
|
} else {
|
|
1042 |
|
} else {
|
913 |
|
// U
pdate the
SSO sessio
n with the
latest au
thenticati
on data
|
|
1046 |
|
// U
pdate the
SSO sessio
n with the
latest au
thenticati
on data
|
|
1043 |
|
// U
pdate the
SSO sessio
n with the
latest au
thenticati
on data
|
914 |
|
sso.
update(sso
Id, princi
pal, authT
ype, usern
ame, passw
ord);
|
|
1047 |
|
sso.
update(sso
Id, princi
pal, authT
ype, usern
ame, passw
ord);
|
|
1044 |
|
sso.
update(sso
Id, princi
pal, authT
ype, usern
ame, passw
ord);
|
915 |
|
}
|
|
1048 |
|
}
|
|
1045 |
|
}
|
916 |
|
}
|
|
1049 |
|
}
|
|
1046 |
|
}
|
917 |
|
|
|
1050 |
|
|
|
1047 |
|
|
918 |
|
//
Fix for B
ug 10040
|
|
1051 |
|
//
Fix for B
ug 10040
|
|
1048 |
|
//
Fix for B
ug 10040
|
919 |
|
//
Always as
sociate a
session wi
th a new S
SO reqistr
ation.
|
|
1052 |
|
//
Always as
sociate a
session wi
th a new S
SO reqistr
ation.
|
|
1049 |
|
//
Always as
sociate a
session wi
th a new S
SO reqistr
ation.
|
920 |
|
//
SSO entri
es are onl
y removed
from the S
SO registr
y map when
|
|
1053 |
|
//
SSO entri
es are onl
y removed
from the S
SO registr
y map when
|
|
1050 |
|
//
SSO entri
es are onl
y removed
from the S
SO registr
y map when
|
921 |
|
//
associate
d sessions
are destr
oyed; if a
new SSO e
ntry is cr
eated
|
|
1054 |
|
//
associate
d sessions
are destr
oyed; if a
new SSO e
ntry is cr
eated
|
|
1051 |
|
//
associate
d sessions
are destr
oyed; if a
new SSO e
ntry is cr
eated
|
922 |
|
//
above for
this requ
est and th
e user nev
er revisit
s the cont
ext, the
|
|
1055 |
|
//
above for
this requ
est and th
e user nev
er revisit
s the cont
ext, the
|
|
1052 |
|
//
above for
this requ
est and th
e user nev
er revisit
s the cont
ext, the
|
923 |
|
//
SSO entry
will neve
r be clear
ed if we d
on't assoc
iate the s
ession
|
|
1056 |
|
//
SSO entry
will neve
r be clear
ed if we d
on't assoc
iate the s
ession
|
|
1053 |
|
//
SSO entry
will neve
r be clear
ed if we d
on't assoc
iate the s
ession
|
924 |
|
if
(session
== null) {
|
|
1057 |
|
if
(session
== null) {
|
|
1054 |
|
if
(session
== null) {
|
925 |
|
session
= request.
getSession
Internal(t
rue);
|
|
1058 |
|
session
= request.
getSession
Internal(t
rue);
|
|
1055 |
|
session
= request.
getSession
Internal(t
rue);
|
926 |
|
}
|
|
1059 |
|
}
|
|
1056 |
|
}
|
927 |
|
ss
o.associat
e(ssoId, s
ession);
|
|
1060 |
|
ss
o.associat
e(ssoId, s
ession);
|
|
1057 |
|
ss
o.associat
e(ssoId, s
ession);
|
928 |
|
|
|
1061 |
|
|
|
1058 |
|
|
929 |
|
}
|
|
1062 |
|
}
|
|
1059 |
|
}
|
930 |
|
|
|
1063 |
|
|
|
1060 |
|
|
931 |
|
@Overr
ide
|
|
1064 |
|
@Overr
ide
|
|
1061 |
|
@Overr
ide
|
932 |
|
public voi
d login(St
ring usern
ame, Strin
g password
, Request
request)
|
|
1065 |
|
public voi
d login(St
ring usern
ame, Strin
g password
, Request
request)
throws Se
rvletExcep
tion {
|
|
1062 |
|
public
void logi
n(String u
sername, S
tring pass
word, Requ
est reques
t) throws
ServletExc
eption {
|
933 |
|
throws S
ervletExce
ption {
|
|
|
|
|
|
|
|
|
934 |
|
Pr
incipal pr
incipal =
doLogin(re
quest, use
rname, pas
sword);
|
|
1066 |
|
Pr
incipal pr
incipal =
doLogin(re
quest, use
rname, pas
sword);
|
|
1063 |
|
Pr
incipal pr
incipal =
doLogin(re
quest, use
rname, pas
sword);
|
935 |
|
register(r
equest, re
quest.getR
esponse(),
principal
,
|
|
1067 |
|
register(r
equest, re
quest.getR
esponse(),
principal
,
getAuthMe
thod(), us
ername, pa
ssword);
|
|
1064 |
|
re
gister(req
uest, requ
est.getRes
ponse(), p
rincipal,
getAuthMet
hod(), use
rname, pas
sword);
|
936 |
|
getAuthMet
hod(), use
rname, pas
sword);
|
|
|
|
|
|
|
|
|
937 |
|
}
|
|
1068 |
|
}
|
|
1065 |
|
}
|
938 |
|
|
|
1069 |
|
|
|
1066 |
|
|
939 |
|
protec
ted abstra
ct String
getAuthMet
hod();
|
|
1070 |
|
protec
ted abstra
ct String
getAuthMet
hod();
|
|
1067 |
|
protec
ted abstra
ct String
getAuthMet
hod();
|
940 |
|
|
|
1071 |
|
|
|
1068 |
|
|
941 |
|
/**
|
|
1072 |
|
/**
|
|
1069 |
|
/**
|
942 |
|
* Pro
cess the l
ogin reque
st.
|
|
1073 |
|
* Pro
cess the l
ogin reque
st.
|
|
1070 |
|
* Pro
cess the l
ogin reque
st.
|
943 |
|
*
|
|
1074 |
|
*
|
|
1071 |
|
*
|
944 |
|
* @param r
equest
Associated
request
|
|
1075 |
|
* @param r
equest
|
|
1072 |
|
* @pa
ram reques
t
|
945 |
|
* @param
usern
a
me
The u
s
e
r
|
|
1076 |
|
*
As
sociated r
equest
|
|
1073 |
|
*
As
sociated r
equest
|
946 |
|
*
@param pas
sword
The passwo
rd
|
|
1077 |
|
* @pa
ram userna
me
|
|
1074 |
|
* @pa
ram userna
me
|
|
|
|
|
1078 |
|
*
Th
e user
|
|
1075 |
|
*
Th
e user
|
|
|
|
|
1079 |
|
* @param
p
a
s
swo
r
d
|
|
1076 |
|
* @pa
ram passwo
rd
|
|
|
|
|
1080 |
|
*
The passwo
rd
|
|
1077 |
|
*
Th
e password
|
947 |
|
* @re
turn
The au
thenticate
d Principa
l
|
|
1081 |
|
* @re
turn The a
uthenticat
ed Princip
al
|
|
1078 |
|
* @re
turn The a
uthenticat
ed Princip
al
|
948 |
|
* @th
rows Servl
etExceptio
n
|
|
1082 |
|
* @th
rows Servl
etExceptio
n
|
|
1079 |
|
* @th
rows Servl
etExceptio
n
|
|
|
|
|
1083 |
|
*
N
o principa
l was auth
enticated
with the s
pecified c
redentials
|
|
1080 |
|
*
N
o principa
l was auth
enticated
with the s
pecified c
redentials
|
949 |
|
*/
|
|
1084 |
|
*/
|
|
1081 |
|
*/
|
950 |
|
protected
Principal
doLogin(Re
quest requ
est, Strin
g username
,
|
|
1085 |
|
protected
Principal
doLogin(Re
quest requ
est, Strin
g username
,
String pa
ssword)
|
|
1082 |
|
protec
ted Princi
pal doLogi
n(Request
request, S
tring user
name, Stri
ng passwor
d)
|
951 |
|
String pas
sword)
throws Ser
vletExcept
ion {
|
|
1086 |
|
throws Ser
vletExcept
ion {
|
|
1083 |
|
throws S
ervletExce
ption {
|
952 |
|
Pr
incipal p
= context.
getRealm()
.authentic
ate(userna
me, passwo
rd);
|
|
1087 |
|
Pr
incipal p
= context.
getRealm()
.authentic
ate(userna
me, passwo
rd);
|
|
1084 |
|
Pr
incipal p
= context.
getRealm()
.authentic
ate(userna
me, passwo
rd);
|
953 |
|
if
(p == nul
l) {
|
|
1088 |
|
if
(p == nul
l) {
|
|
1085 |
|
if
(p == nul
l) {
|
954 |
|
throw ne
w ServletE
xception(s
m.getStrin
g("authent
icator.log
inFail"));
|
|
1089 |
|
throw ne
w ServletE
xception(s
m.getStrin
g("authent
icator.log
inFail"));
|
|
1086 |
|
throw ne
w ServletE
xception(s
m.getStrin
g("authent
icator.log
inFail"));
|
955 |
|
}
|
|
1090 |
|
}
|
|
1087 |
|
}
|
956 |
|
re
turn p;
|
|
1091 |
|
re
turn p;
|
|
1088 |
|
re
turn p;
|
957 |
|
}
|
|
1092 |
|
}
|
|
1089 |
|
}
|
958 |
|
|
|
1093 |
|
|
|
1090 |
|
|
959 |
|
@Overr
ide
|
|
1094 |
|
@Overr
ide
|
|
1091 |
|
@Overr
ide
|
960 |
|
public
void logo
ut(Request
request)
{
|
|
1095 |
|
public
void logo
ut(Request
request)
{
|
|
1092 |
|
public
void logo
ut(Request
request)
{
|
|
|
|
|
1096 |
|
Au
thConfigPr
ovider pro
vider = ge
tJaspicPro
vider();
|
|
1093 |
|
Au
thConfigPr
ovider pro
vider = ge
tJaspicPro
vider();
|
|
|
|
|
1097 |
|
if
(provider
!= null)
{
|
|
1094 |
|
if
(provider
!= null)
{
|
|
|
|
|
1098 |
|
MessageI
nfo messag
eInfo = ne
w MessageI
nfoImpl(re
quest, req
uest.getRe
sponse(),
true);
|
|
1095 |
|
MessageI
nfo messag
eInfo = ne
w MessageI
nfoImpl(re
quest, req
uest.getRe
sponse(),
true);
|
|
|
|
|
1099 |
|
Subject
client = (
Subject) r
equest.get
Note(Const
ants.REQ_J
ASPIC_SUBJ
ECT_NOTE);
|
|
1096 |
|
Subject
client = (
Subject) r
equest.get
Note(Const
ants.REQ_J
ASPIC_SUBJ
ECT_NOTE);
|
|
|
|
|
1100 |
|
if (clie
nt == null
) {
|
|
1097 |
|
if (clie
nt == null
) {
|
|
|
|
|
1101 |
|
retu
rn;
|
|
1098 |
|
retu
rn;
|
|
|
|
|
1102 |
|
}
|
|
1099 |
|
}
|
|
|
|
|
1103 |
|
|
|
1100 |
|
|
|
|
|
|
1104 |
|
ServerAu
thContext
serverAuth
Context;
|
|
1101 |
|
ServerAu
thContext
serverAuth
Context;
|
|
|
|
|
1105 |
|
try {
|
|
1102 |
|
try {
|
|
|
|
|
1106 |
|
Serv
erAuthConf
ig serverA
uthConfig
= provider
.getServer
AuthConfig
("HttpServ
let",
|
|
1103 |
|
Serv
erAuthConf
ig serverA
uthConfig
= provider
.getServer
AuthConfig
("HttpServ
let",
|
|
|
|
|
1107 |
|
jaspic
AppContext
ID, Callba
ckHandlerI
mpl.getIns
tance());
|
|
1104 |
|
jaspic
AppContext
ID, Callba
ckHandlerI
mpl.getIns
tance());
|
|
|
|
|
1108 |
|
Stri
ng authCon
textID = s
erverAuthC
onfig.getA
uthContext
ID(message
Info);
|
|
1105 |
|
Stri
ng authCon
textID = s
erverAuthC
onfig.getA
uthContext
ID(message
Info);
|
|
|
|
|
1109 |
|
serv
erAuthCont
ext = serv
erAuthConf
ig.getAuth
Context(au
thContextI
D, null, n
ull);
|
|
1106 |
|
serv
erAuthCont
ext = serv
erAuthConf
ig.getAuth
Context(au
thContextI
D, null, n
ull);
|
|
|
|
|
1110 |
|
serv
erAuthCont
ext.cleanS
ubject(mes
sageInfo,
client);
|
|
1107 |
|
serv
erAuthCont
ext.cleanS
ubject(mes
sageInfo,
client);
|
|
|
|
|
1111 |
|
} catch
(AuthExcep
tion e) {
|
|
1108 |
|
} catch
(AuthExcep
tion e) {
|
|
|
|
|
1112 |
|
log.
debug(sm.g
etString("
authentica
tor.jaspic
CleanSubje
ctFail"),
e);
|
|
1109 |
|
log.
debug(sm.g
etString("
authentica
tor.jaspic
CleanSubje
ctFail"),
e);
|
|
|
|
|
1113 |
|
}
|
|
1110 |
|
}
|
|
|
|
|
1114 |
|
}
|
|
1111 |
|
}
|
|
|
|
|
1115 |
|
|
|
1112 |
|
|
961 |
|
Pr
incipal p
= request.
getPrincip
al();
|
|
1116 |
|
Pr
incipal p
= request.
getPrincip
al();
|
|
1113 |
|
Pr
incipal p
= request.
getPrincip
al();
|
962 |
|
if
(p instan
ceof Tomca
tPrincipal
) {
|
|
1117 |
|
if
(p instan
ceof Tomca
tPrincipal
) {
|
|
1114 |
|
if
(p instan
ceof Tomca
tPrincipal
) {
|
963 |
|
try {
|
|
1118 |
|
try {
|
|
1115 |
|
try {
|
964 |
|
((To
mcatPrinci
pal) p).lo
gout();
|
|
1119 |
|
((To
mcatPrinci
pal) p).lo
gout();
|
|
1116 |
|
((To
mcatPrinci
pal) p).lo
gout();
|
965 |
|
} catch
(Throwable
t) {
|
|
1120 |
|
} catch
(Throwable
t) {
|
|
1117 |
|
} catch
(Throwable
t) {
|
966 |
|
Exce
ptionUtils
.handleThr
owable(t);
|
|
1121 |
|
Exce
ptionUtils
.handleThr
owable(t);
|
|
1118 |
|
Exce
ptionUtils
.handleThr
owable(t);
|
967 |
|
log.
debug(sm.g
etString("
authentica
tor.tomcat
PrincipalL
ogoutFail"
), t);
|
|
1122 |
|
log.
debug(sm.g
etString("
authentica
tor.tomcat
PrincipalL
ogoutFail"
), t);
|
|
1119 |
|
log.
debug(sm.g
etString("
authentica
tor.tomcat
PrincipalL
ogoutFail"
), t);
|
968 |
|
}
|
|
1123 |
|
}
|
|
1120 |
|
}
|
969 |
|
}
|
|
1124 |
|
}
|
|
1121 |
|
}
|
970 |
|
|
|
1125 |
|
|
|
1122 |
|
|
971 |
|
re
gister(req
uest, requ
est.getRes
ponse(), n
ull, null,
null, nul
l);
|
|
1126 |
|
re
gister(req
uest, requ
est.getRes
ponse(), n
ull, null,
null, nul
l);
|
|
1123 |
|
re
gister(req
uest, requ
est.getRes
ponse(), n
ull, null,
null, nul
l);
|
972 |
|
}
|
|
1127 |
|
}
|
|
1124 |
|
}
|
973 |
|
|
|
1128 |
|
|
|
1125 |
|
|
|
|
|
|
1129 |
|
|
|
1126 |
|
|
974 |
|
/**
|
|
1130 |
|
/**
|
|
1127 |
|
/**
|
975 |
|
* Start th
is compone
nt and imp
lement the
requireme
nts
|
|
1131 |
|
* Start th
is compone
nt and imp
lement the
requireme
nts
of
|
|
1128 |
|
* Sta
rt this co
mponent an
d implemen
t the requ
irements o
f
|
976 |
|
*
of
{@link org
.apache.ca
talina.uti
l.Lifecycl
eBase#star
tInternal(
)}.
|
|
1132 |
|
*
{@link org
.apache.ca
talina.uti
l.Lifecycl
eBase#star
tInternal(
)}.
|
|
1129 |
|
* {@l
ink org.ap
ache.catal
ina.util.L
ifecycleBa
se#startIn
ternal()}.
|
977 |
|
*
|
|
1133 |
|
*
|
|
1130 |
|
*
|
978 |
|
* @excepti
on Lifecyc
leExceptio
n
if this c
omponent d
etects a f
atal error
|
|
1134 |
|
* @excepti
on Lifecyc
leExceptio
n
|
|
1131 |
|
* @ex
ception Li
fecycleExc
eption
|
979 |
|
*
that preve
nts this
component
from being
used
|
|
1135 |
|
*
if this
component
detects a
fatal erro
r that pre
vents this
|
|
1132 |
|
*
if this
component
detects a
fatal erro
r that pre
vents this
|
|
|
|
|
1136 |
|
*
component
from being
used
|
|
1133 |
|
*
componen
t from bei
ng used
|
980 |
|
*/
|
|
1137 |
|
*/
|
|
1134 |
|
*/
|
981 |
|
@Overr
ide
|
|
1138 |
|
@Overr
ide
|
|
1135 |
|
@Overr
ide
|
982 |
|
protec
ted synchr
onized voi
d startInt
ernal() th
rows Lifec
ycleExcept
ion {
|
|
1139 |
|
protec
ted synchr
onized voi
d startInt
ernal() th
rows Lifec
ycleExcept
ion {
|
|
1136 |
|
protec
ted synchr
onized voi
d startInt
ernal() th
rows Lifec
ycleExcept
ion {
|
|
|
|
|
1140 |
|
Se
rvletConte
xt servlet
Context =
context.ge
tServletCo
ntext();
|
|
1137 |
|
Se
rvletConte
xt servlet
Context =
context.ge
tServletCo
ntext();
|
|
|
|
|
1141 |
|
ja
spicAppCon
textID = s
ervletCont
ext.getVir
tualServer
Name() + "
" +
|
|
1138 |
|
ja
spicAppCon
textID = s
ervletCont
ext.getVir
tualServer
Name() + "
" +
|
|
|
|
|
1142 |
|
serv
letContext
.getContex
tPath();
|
|
1139 |
|
serv
letContext
.getContex
tPath();
|
983 |
|
|
|
1143 |
|
|
|
1140 |
|
|
984 |
|
//
Look up t
he SingleS
ignOn impl
ementation
in our re
quest proc
essing
|
|
1144 |
|
//
Look up t
he SingleS
ignOn impl
ementation
in our re
quest proc
essing
|
|
1141 |
|
//
Look up t
he SingleS
ignOn impl
ementation
in our re
quest proc
essing
|
985 |
|
//
path, if
there is o
ne
|
|
1145 |
|
//
path, if
there is o
ne
|
|
1142 |
|
//
path, if
there is o
ne
|
986 |
|
Co
ntainer pa
rent = con
text.getPa
rent();
|
|
1146 |
|
Co
ntainer pa
rent = con
text.getPa
rent();
|
|
1143 |
|
Co
ntainer pa
rent = con
text.getPa
rent();
|
987 |
|
wh
ile ((sso
== null) &
& (parent
!= null))
{
|
|
1147 |
|
wh
ile ((sso
== null) &
& (parent
!= null))
{
|
|
1144 |
|
wh
ile ((sso
== null) &
& (parent
!= null))
{
|
988 |
|
Valve va
lves[] = p
arent.getP
ipeline().
getValves(
);
|
|
1148 |
|
Valve va
lves[] = p
arent.getP
ipeline().
getValves(
);
|
|
1145 |
|
Valve va
lves[] = p
arent.getP
ipeline().
getValves(
);
|
989 |
|
for (int
i = 0; i
< valves.l
ength; i++
) {
|
|
1149 |
|
for (int
i = 0; i
< valves.l
ength; i++
) {
|
|
1146 |
|
for (int
i = 0; i
< valves.l
ength; i++
) {
|
990 |
|
if (
valves[i]
instanceof
SingleSig
nOn) {
|
|
1150 |
|
if (
valves[i]
instanceof
SingleSig
nOn) {
|
|
1147 |
|
if (
valves[i]
instanceof
SingleSig
nOn) {
|
991 |
|
sso = (Sin
gleSignOn)
valves[i]
;
|
|
1151 |
|
sso = (Sin
gleSignOn)
valves[i]
;
|
|
1148 |
|
sso = (Sin
gleSignOn)
valves[i]
;
|
992 |
|
break;
|
|
1152 |
|
break;
|
|
1149 |
|
break;
|
993 |
|
}
|
|
1153 |
|
}
|
|
1150 |
|
}
|
994 |
|
}
|
|
1154 |
|
}
|
|
1151 |
|
}
|
995 |
|
if (sso
== null) {
|
|
1155 |
|
if (sso
== null) {
|
|
1152 |
|
if (sso
== null) {
|
996 |
|
pare
nt = paren
t.getParen
t();
|
|
1156 |
|
pare
nt = paren
t.getParen
t();
|
|
1153 |
|
pare
nt = paren
t.getParen
t();
|
997 |
|
}
|
|
1157 |
|
}
|
|
1154 |
|
}
|
998 |
|
}
|
|
1158 |
|
}
|
|
1155 |
|
}
|
999 |
|
if
(log.isDe
bugEnabled
()) {
|
|
1159 |
|
if
(log.isDe
bugEnabled
()) {
|
|
1156 |
|
if
(log.isDe
bugEnabled
()) {
|
1000 |
|
if (sso
!= null) {
|
|
1160 |
|
if (sso
!= null) {
|
|
1157 |
|
if (sso
!= null) {
|
1001 |
|
log.
debug("Fou
nd SingleS
ignOn Valv
e at " + s
so);
|
|
1161 |
|
log.
debug("Fou
nd SingleS
ignOn Valv
e at " + s
so);
|
|
1158 |
|
log.
debug("Fou
nd SingleS
ignOn Valv
e at " + s
so);
|
1002 |
|
} else {
|
|
1162 |
|
} else {
|
|
1159 |
|
} else {
|
1003 |
|
log.
debug("No
SingleSign
On Valve i
s present"
);
|
|
1163 |
|
log.
debug("No
SingleSign
On Valve i
s present"
);
|
|
1160 |
|
log.
debug("No
SingleSign
On Valve i
s present"
);
|
1004 |
|
}
|
|
1164 |
|
}
|
|
1161 |
|
}
|
1005 |
|
}
|
|
1165 |
|
}
|
|
1162 |
|
}
|
1006 |
|
|
|
1166 |
|
|
|
1163 |
|
|
1007 |
|
se
ssionIdGen
erator = n
ew Standar
dSessionId
Generator(
);
|
|
1167 |
|
se
ssionIdGen
erator = n
ew Standar
dSessionId
Generator(
);
|
|
1164 |
|
se
ssionIdGen
erator = n
ew Standar
dSessionId
Generator(
);
|
1008 |
|
se
ssionIdGen
erator.set
SecureRand
omAlgorith
m(getSecur
eRandomAlg
orithm());
|
|
1168 |
|
se
ssionIdGen
erator.set
SecureRand
omAlgorith
m(getSecur
eRandomAlg
orithm());
|
|
1165 |
|
se
ssionIdGen
erator.set
SecureRand
omAlgorith
m(getSecur
eRandomAlg
orithm());
|
1009 |
|
se
ssionIdGen
erator.set
SecureRand
omClass(ge
tSecureRan
domClass()
);
|
|
1169 |
|
se
ssionIdGen
erator.set
SecureRand
omClass(ge
tSecureRan
domClass()
);
|
|
1166 |
|
se
ssionIdGen
erator.set
SecureRand
omClass(ge
tSecureRan
domClass()
);
|
1010 |
|
se
ssionIdGen
erator.set
SecureRand
omProvider
(getSecure
RandomProv
ider());
|
|
1170 |
|
se
ssionIdGen
erator.set
SecureRand
omProvider
(getSecure
RandomProv
ider());
|
|
1167 |
|
se
ssionIdGen
erator.set
SecureRand
omProvider
(getSecure
RandomProv
ider());
|
1011 |
|
|
|
1171 |
|
|
|
1168 |
|
|
1012 |
|
su
per.startI
nternal();
|
|
1172 |
|
su
per.startI
nternal();
|
|
1169 |
|
su
per.startI
nternal();
|
1013 |
|
}
|
|
1173 |
|
}
|
|
1170 |
|
}
|
1014 |
|
|
|
1174 |
|
|
|
1171 |
|
|
1015 |
|
|
|
|
|
|
|
|
|
|
1016 |
|
/**
|
|
1175 |
|
/**
|
|
1172 |
|
/**
|
1017 |
|
* Stop thi
s componen
t and impl
ement the
requiremen
ts
|
|
1176 |
|
* Stop thi
s componen
t and impl
ement the
requiremen
ts
of
|
|
1173 |
|
* Sto
p this com
ponent and
implement
the requi
rements of
|
1018 |
|
*
of
{@link org
.apache.ca
talina.uti
l.Lifecycl
eBase#stop
Internal()
}.
|
|
1177 |
|
*
{@link org
.apache.ca
talina.uti
l.Lifecycl
eBase#stop
Internal()
}.
|
|
1174 |
|
* {@l
ink org.ap
ache.catal
ina.util.L
ifecycleBa
se#stopInt
ernal()}.
|
1019 |
|
*
|
|
1178 |
|
*
|
|
1175 |
|
*
|
1020 |
|
* @excepti
on Lifecyc
leExceptio
n
if this c
omponent d
etects a f
atal error
|
|
1179 |
|
* @excepti
on Lifecyc
leExceptio
n
|
|
1176 |
|
* @ex
ception Li
fecycleExc
eption
|
1021 |
|
*
that preve
nts this
component
from being
used
|
|
1180 |
|
*
if this
component
detects a
fatal erro
r that pre
vents this
|
|
1177 |
|
*
if this
component
detects a
fatal erro
r that pre
vents this
|
|
|
|
|
1181 |
|
*
component
from being
used
|
|
1178 |
|
*
componen
t from bei
ng used
|
1022 |
|
*/
|
|
1182 |
|
*/
|
|
1179 |
|
*/
|
1023 |
|
@Overr
ide
|
|
1183 |
|
@Overr
ide
|
|
1180 |
|
@Overr
ide
|
1024 |
|
protec
ted synchr
onized voi
d stopInte
rnal() thr
ows Lifecy
cleExcepti
on {
|
|
1184 |
|
protec
ted synchr
onized voi
d stopInte
rnal() thr
ows Lifecy
cleExcepti
on {
|
|
1181 |
|
protec
ted synchr
onized voi
d stopInte
rnal() thr
ows Lifecy
cleExcepti
on {
|
1025 |
|
|
|
1185 |
|
|
|
1182 |
|
|
1026 |
|
su
per.stopIn
ternal();
|
|
1186 |
|
su
per.stopIn
ternal();
|
|
1183 |
|
su
per.stopIn
ternal();
|
1027 |
|
|
|
1187 |
|
|
|
1184 |
|
|
1028 |
|
ss
o = null;
|
|
1188 |
|
ss
o = null;
|
|
1185 |
|
ss
o = null;
|
1029 |
|
}
|
|
1189 |
|
}
|
|
1186 |
|
}
|
|
|
|
|
1190 |
|
|
|
1187 |
|
|
|
|
|
|
1191 |
|
|
|
1188 |
|
|
|
|
|
|
1192 |
|
privat
e AuthConf
igProvider
getJaspic
Provider()
{
|
|
1189 |
|
privat
e AuthConf
igProvider
getJaspic
Provider()
{
|
|
|
|
|
1193 |
|
AuthConfig
Provider
provider
= jaspicPr
ovider;
|
|
1190 |
|
Optional<
AuthConfig
Provider
>
provider
= jaspicPr
ovider;
|
|
|
|
|
1194 |
|
if
(provider
== null)
{
|
|
1191 |
|
if
(provider
== null)
{
|
|
|
|
|
1195 |
|
provider
= findJas
picProvide
r();
|
|
1192 |
|
provider
= findJas
picProvide
r();
|
|
|
|
|
1196 |
|
}
|
|
1193 |
|
}
|
|
|
|
|
1197 |
|
if
(provider
== NO_PRO
VIDER_AVAI
LABLE) {
|
|
1194 |
|
return pro
vider
.orElse(nu
ll)
;
|
|
|
|
|
1198 |
|
return n
ull;
|
|
|
|
|
|
|
|
|
1199 |
|
}
|
|
|
|
|
|
|
|
|
1200 |
|
return pro
vider
;
|
|
|
|
|
|
|
|
|
1201 |
|
}
|
|
1195 |
|
}
|
|
|
|
|
1202 |
|
|
|
1196 |
|
|
|
|
|
|
1203 |
|
|
|
1197 |
|
|
|
|
|
|
1204 |
|
private
AuthConfig
Provider
findJaspi
cProvider(
) {
|
|
1198 |
|
private
Optional<
AuthConfig
Provider
>
findJaspi
cProvider(
) {
|
|
|
|
|
1205 |
|
Au
thConfigFa
ctory fact
ory = Auth
ConfigFact
ory.getFac
tory();
|
|
1199 |
|
Au
thConfigFa
ctory fact
ory = Auth
ConfigFact
ory.getFac
tory();
|
|
|
|
|
1206 |
|
AuthConfig
Provider
provider
= null
;
|
|
1200 |
|
Optional<
AuthConfig
Provider
>
provider
;
|
|
|
|
|
1207 |
|
if (factor
y
!
= null) {
|
|
1201 |
|
if (factor
y
=
= null) {
|
|
|
|
|
1208 |
|
provider =
factory.ge
tConfigPro
vider("Htt
pServlet",
jaspicApp
ContextID,
this)
;
|
|
1202 |
|
provider
= Optiona
l.empty();
|
|
|
|
|
1209 |
|
}
|
|
1203 |
|
}
else {
|
|
|
|
|
1210 |
|
if
(provider
== null)
{
|
|
1204 |
|
provider
= Optiona
l.ofNullab
le(
|
|
|
|
|
1211 |
|
provider
= NO_PROV
IDER_AVAIL
ABLE;
|
|
1205 |
|
factory.ge
tConfigPro
vider("Htt
pServlet",
jaspicApp
ContextID,
this)
)
;
|
|
|
|
|
1212 |
|
}
|
|
1206 |
|
}
|
|
|
|
|
1213 |
|
ja
spicProvid
er = provi
der;
|
|
1207 |
|
ja
spicProvid
er = provi
der;
|
|
|
|
|
1214 |
|
re
turn provi
der;
|
|
1208 |
|
re
turn provi
der;
|
|
|
|
|
1215 |
|
}
|
|
1209 |
|
}
|
|
|
|
|
1216 |
|
|
|
1210 |
|
|
|
|
|
|
1217 |
|
|
|
1211 |
|
|
|
|
|
|
1218 |
|
@Overr
ide
|
|
1212 |
|
@Overr
ide
|
|
|
|
|
1219 |
|
public
void noti
fy(String
layer, Str
ing appCon
text) {
|
|
1213 |
|
public
void noti
fy(String
layer, Str
ing appCon
text) {
|
|
|
|
|
1220 |
|
fi
ndJaspicPr
ovider();
|
|
1214 |
|
fi
ndJaspicPr
ovider();
|
|
|
|
|
1221 |
|
}
|
|
1215 |
|
}
|
|
|
|
|
1222 |
|
|
|
1216 |
|
|
|
|
|
|
1223 |
|
|
|
1217 |
|
|
|
|
|
|
1224 |
|
privat
e static c
lass Jaspi
cState {
|
|
1218 |
|
privat
e static c
lass Jaspi
cState {
|
|
|
|
|
1225 |
|
pu
blic Messa
geInfo mes
sageInfo =
null;
|
|
1219 |
|
pu
blic Messa
geInfo mes
sageInfo =
null;
|
|
|
|
|
1226 |
|
pu
blic Serve
rAuthConte
xt serverA
uthContext
= null;
|
|
1220 |
|
pu
blic Serve
rAuthConte
xt serverA
uthContext
= null;
|
|
|
|
|
1227 |
|
}
|
|
1221 |
|
}
|
|
|
|
|
1228 |
|
|
|
|
|
|
|
|
|
|
1229 |
|
|
|
|
|
|
|
|
|
|
1230 |
|
privat
e static c
lass NoOpA
uthConfigP
rovider im
plements A
uthConfigP
rovider {
|
|
|
|
|
|
|
|
|
1231 |
|
|
|
|
|
|
|
|
|
|
1232 |
|
@O
verride
|
|
|
|
|
|
|
|
|
1233 |
|
pu
blic Clien
tAuthConfi
g getClien
tAuthConfi
g(String l
ayer, Stri
ng appCont
ext, Callb
ackHandler
handler)
|
|
|
|
|
|
|
|
|
1234 |
|
thro
ws AuthExc
eption {
|
|
|
|
|
|
|
|
|
1235 |
|
return n
ull;
|
|
|
|
|
|
|
|
|
1236 |
|
}
|
|
|
|
|
|
|
|
|
1237 |
|
|
|
|
|
|
|
|
|
|
1238 |
|
@O
verride
|
|
|
|
|
|
|
|
|
1239 |
|
pu
blic Serve
rAuthConfi
g getServe
rAuthConfi
g(String l
ayer, Stri
ng appCont
ext, Callb
ackHandler
handler)
|
|
|
|
|
|
|
|
|
1240 |
|
thro
ws AuthExc
eption {
|
|
|
|
|
|
|
|
|
1241 |
|
return n
ull;
|
|
|
|
|
|
|
|
|
1242 |
|
}
|
|
|
|
|
|
|
|
|
1243 |
|
|
|
|
|
|
|
|
|
|
1244 |
|
@O
verride
|
|
|
|
|
|
|
|
|
1245 |
|
pu
blic void
refresh()
{
|
|
|
|
|
|
|
|
|
1246 |
|
}
|
|
|
|
|
|
|
|
|
1247 |
|
}
|
|
|
|
|
1030 |
|
}
|
|
1248 |
|
}
|
|
1222 |
|
}
|