|
Glassfish example source code file (AdminConsoleAuthModule.java)
The Glassfish AdminConsoleAuthModule.java source code/* * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. * * Copyright (c) 1997-2011 Oracle and/or its affiliates. All rights reserved. * * The contents of this file are subject to the terms of either the GNU * General Public License Version 2 only ("GPL") or the Common Development * and Distribution License("CDDL") (collectively, the "License"). You * may not use this file except in compliance with the License. You can * obtain a copy of the License at * https://glassfish.dev.java.net/public/CDDL+GPL_1_1.html * or packager/legal/LICENSE.txt. See the License for the specific * language governing permissions and limitations under the License. * * When distributing the software, include this License Header Notice in each * file and include the License file at packager/legal/LICENSE.txt. * * GPL Classpath Exception: * Oracle designates this particular file as subject to the "Classpath" * exception as provided by Oracle in the GPL Version 2 section of the License * file that accompanied this code. * * Modifications: * If applicable, add the following below the License Header, with the fields * enclosed by brackets [] replaced by your own identifying information: * "Portions Copyright [year] [name of copyright owner]" * * Contributor(s): * If you wish your version of this file to be governed by only the CDDL or * only the GPL Version 2, indicate your decision by adding "[Contributor] * elects to include this software in this distribution under the [CDDL or GPL * Version 2] license." If you don't indicate a single choice of license, a * recipient has the option to distribute your version of this file under * either the CDDL, the GPL Version 2 or to extend the choice of license to * its licensees as provided above. However, if you add GPL Version 2 code * and therefore, elected the GPL Version 2 license, then the option applies * only if the new code is made subject to such option by the copyright * holder. */ package org.glassfish.admingui.common.security; import com.sun.jersey.api.client.Client; import com.sun.jersey.api.client.ClientResponse; import com.sun.jersey.api.client.WebResource; import com.sun.jersey.api.client.filter.HTTPBasicAuthFilter; import java.net.MalformedURLException; import java.net.URL; import java.util.Enumeration; import java.util.HashMap; import java.util.Map; import javax.security.auth.Subject; import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.message.AuthException; import javax.security.auth.message.AuthStatus; import javax.security.auth.message.MessageInfo; import javax.security.auth.message.MessagePolicy; import javax.security.auth.message.callback.CallerPrincipalCallback; import javax.security.auth.message.module.ServerAuthModule; import javax.servlet.RequestDispatcher; import javax.servlet.http.HttpSession; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.glassfish.admingui.common.util.RestResponse; import org.jvnet.hk2.component.Habitat; import com.sun.enterprise.config.serverbeans.Domain; import com.sun.enterprise.config.serverbeans.SecureAdmin; import com.sun.enterprise.security.SecurityServicesUtil; import org.glassfish.admingui.common.util.RestUtil; /** * <p> This class is responsible for providing the Authentication support * needed by the admin console to both access the admin console pages * as well as invoke REST requests.</p> */ public class AdminConsoleAuthModule implements ServerAuthModule { public static final String TOKEN_ADMIN_LISTENER_PORT = "${ADMIN_LISTENER_PORT}"; private CallbackHandler handler = null; private String restURL = null; private String loginPage = null; private String loginErrorPage = null; private static final Class [] SUPPORTED_MESSAGE_TYPES = new Class[] { HttpServletRequest.class, HttpServletResponse.class }; private static final String SAVED_SUBJECT = "Saved_Subject"; private static final String USER_NAME = "userName"; private static final String RESPONSE_TYPE = "application/json"; /** * The Session key for the REST Server Name. */ public static final String REST_SERVER_NAME = "serverName"; /** * The Session key for the REST Server Port. */ public static final String REST_SERVER_PORT = "serverPort"; /** * The Session key for the REST authentication token. */ public static final String REST_TOKEN = "__rTkn__"; /** * <p> This method configures this AuthModule and makes sure all the * information needed to continue is present.</p> */ public void initialize(MessagePolicy requestPolicy, MessagePolicy responsePolicy, CallbackHandler handler, Map options) throws AuthException { this.handler = handler; if (options != null) { // Save the REST URL we need to authenticate the user. this.restURL = (String) options.get("restAuthURL"); if (restURL == null) { throw new AuthException("'restAuthURL' " + "must be supplied as a property in the provider-config " + "in the domain.xml file!"); } this.loginPage = (String) options.get("loginPage"); if (loginPage == null) { throw new AuthException("'loginPage' " + "must be supplied as a property in the provider-config " + "in the domain.xml file!"); } this.loginErrorPage = (String) options.get("loginErrorPage"); if (loginErrorPage == null) { throw new AuthException("'loginErrorPage' " + "must be supplied as a property in the provider-config " + "in the domain.xml file!"); } Habitat habitat = SecurityServicesUtil.getInstance().getHabitat(); if (restURL.contains(TOKEN_ADMIN_LISTENER_PORT)) { Domain domain = habitat.getComponent(Domain.class); String port = domain.getServerNamed("server").getConfig().getNetworkConfig().getNetworkListener("admin-listener").getPort(); restURL = restURL.replace(TOKEN_ADMIN_LISTENER_PORT, port); } //If secure admin is enabled, we need to ensure using https SecureAdmin secureAdmin = habitat.getComponent(SecureAdmin.class); if (restURL.startsWith("http:") && (SecureAdmin.Util.isEnabled(secureAdmin))) { restURL = restURL.replace("http:", "https:"); } } } /** * */ public Class[] getSupportedMessageTypes() { return SUPPORTED_MESSAGE_TYPES; } /** * <p> This is where the validation happens... */ public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException { // Make sure we need to check... HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage(); HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage(); if (!isMandatory(messageInfo) && !request.getRequestURI().endsWith("/j_security_check")) { return AuthStatus.SUCCESS; } // See if we've already checked... HttpSession session = request.getSession(true); if (session != null) { Subject savedClientSubject = (Subject) session.getValue(SAVED_SUBJECT); if (savedClientSubject != null) { // Copy all principals... clientSubject.getPrincipals().addAll( savedClientSubject.getPrincipals()); clientSubject.getPublicCredentials().addAll(savedClientSubject.getPublicCredentials()); clientSubject.getPrivateCredentials().addAll(savedClientSubject.getPrivateCredentials()); return AuthStatus.SUCCESS; } } // See if we've already calculated the serverName / serverPort if (session.getValue(REST_SERVER_NAME) == null) { // Save this for use later... URL url = null; try { url = new URL(restURL); } catch (MalformedURLException ex) { throw new IllegalArgumentException( "Unable to parse REST URL: (" + restURL + ")", ex); } session.putValue(REST_SERVER_NAME, url.getHost()); session.putValue(REST_SERVER_PORT, url.getPort()); } // See if the username / password has been passed in... String username = request.getParameter("j_username"); String password = request.getParameter("j_password"); if ((username == null) || (password == null) || !request.getMethod().equalsIgnoreCase("post")) { // Not passed in, show the login page... RequestDispatcher rd = request.getRequestDispatcher(loginPage); try { RestUtil.initialize(null); rd.forward(request, response); } catch (Exception ex) { AuthException ae = new AuthException(); ae.initCause(ex); throw ae; } return AuthStatus.SEND_CONTINUE; } // Don't use the PasswordValidationCallback... use REST authorization instead. // char[] pwd = new char[password.length()]; // password.getChars(0, password.length(), pwd, 0); // PasswordValidationCallback pwdCallback = // new PasswordValidationCallback(clientSubject, username, pwd); // Make REST Request Client client2 = Client.create(); RestUtil.initialize(client2); WebResource webResource = client2.resource(restURL); webResource.addFilter(new HTTPBasicAuthFilter(username, password)); ClientResponse resp = webResource.accept(RESPONSE_TYPE).post(ClientResponse.class); RestResponse restResp = RestResponse.getRestResponse(resp); // Check to see if successful.. if (restResp.isSuccess()) { // Username and Password sent in... validate them! CallerPrincipalCallback cpCallback = new CallerPrincipalCallback(clientSubject, username); try { handler.handle(new Callback[] { /*pwdCallback,*/ cpCallback }); } catch (Exception ex) { AuthException ae = new AuthException(); ae.initCause(ex); throw ae; } // recreate the session Map<String, Object> map = new HashMap Other Glassfish examples (source code examples)Here is a short list of links related to this Glassfish AdminConsoleAuthModule.java source code file: |
... this post is sponsored by my books ... | |
#1 New Release! |
FP Best Seller |
Copyright 1998-2021 Alvin Alexander, alvinalexander.com
All Rights Reserved.
A percentage of advertising revenue from
pages under the /java/jwarehouse
URI on this website is
paid back to open source projects.