diff --git a/jaspic/async-authentication/src/main/java/org/javaee7/jaspic/asyncauthentication/sam/SamAutoRegistrationListener.java b/jaspic/async-authentication/src/main/java/org/javaee7/jaspic/asyncauthentication/sam/SamAutoRegistrationListener.java index 77118e5ac..9247e8b86 100644 --- a/jaspic/async-authentication/src/main/java/org/javaee7/jaspic/asyncauthentication/sam/SamAutoRegistrationListener.java +++ b/jaspic/async-authentication/src/main/java/org/javaee7/jaspic/asyncauthentication/sam/SamAutoRegistrationListener.java @@ -16,7 +16,7 @@ public class SamAutoRegistrationListener extends BaseServletContextListener { @Override public void contextInitialized(ServletContextEvent sce) { - JaspicUtils.registerSAM(sce.getServletContext(), new TestServerAuthModule()); + JaspicUtils.registerSAM(sce.getServletContext(), TestServerAuthModule.class); } } \ No newline at end of file diff --git a/jaspic/basic-authentication/src/main/java/org/javaee7/jaspic/basicauthentication/sam/SamAutoRegistrationListener.java b/jaspic/basic-authentication/src/main/java/org/javaee7/jaspic/basicauthentication/sam/SamAutoRegistrationListener.java index 5f3743192..fa99cbcab 100644 --- a/jaspic/basic-authentication/src/main/java/org/javaee7/jaspic/basicauthentication/sam/SamAutoRegistrationListener.java +++ b/jaspic/basic-authentication/src/main/java/org/javaee7/jaspic/basicauthentication/sam/SamAutoRegistrationListener.java @@ -16,7 +16,7 @@ public class SamAutoRegistrationListener extends BaseServletContextListener { @Override public void contextInitialized(ServletContextEvent sce) { - JaspicUtils.registerSAM(sce.getServletContext(), new TestServerAuthModule()); + JaspicUtils.registerSAM(sce.getServletContext(), TestServerAuthModule.class); } } \ No newline at end of file diff --git a/jaspic/basic-authentication/src/main/java/org/javaee7/jaspic/basicauthentication/sam/TestServerAuthModule.java b/jaspic/basic-authentication/src/main/java/org/javaee7/jaspic/basicauthentication/sam/TestServerAuthModule.java index ca1616221..33ab40126 100644 --- a/jaspic/basic-authentication/src/main/java/org/javaee7/jaspic/basicauthentication/sam/TestServerAuthModule.java +++ b/jaspic/basic-authentication/src/main/java/org/javaee7/jaspic/basicauthentication/sam/TestServerAuthModule.java @@ -2,6 +2,8 @@ import static javax.security.auth.message.AuthStatus.SEND_SUCCESS; import static javax.security.auth.message.AuthStatus.SUCCESS; +import static javax.security.auth.message.AuthStatus.SEND_CONTINUE; +import static javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED; import java.io.IOException; import java.security.Principal; @@ -44,6 +46,7 @@ public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject throws AuthException { HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage(); + HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage(); Callback[] callbacks; @@ -58,8 +61,12 @@ public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject // the roles of the authenticated user new GroupPrincipalCallback(clientSubject, new String[] { "architect" }) }; + } else if(messageInfo.getMap().get("javax.security.auth.message.MessagePolicy.isMandatory").equals("true")) { + + // Must set error code is authentication is mandatory, but unsuccessful + response.setStatus(SC_UNAUTHORIZED); + return SEND_CONTINUE; } else { - // The JASPIC protocol for "do nothing" callbacks = new Callback[] { new CallerPrincipalCallback(clientSubject, (Principal) null) }; } diff --git a/jaspic/common/src/main/java/org/javaee7/jaspic/common/JaspicUtils.java b/jaspic/common/src/main/java/org/javaee7/jaspic/common/JaspicUtils.java index d89eaf22f..1e86b704a 100644 --- a/jaspic/common/src/main/java/org/javaee7/jaspic/common/JaspicUtils.java +++ b/jaspic/common/src/main/java/org/javaee7/jaspic/common/JaspicUtils.java @@ -20,8 +20,8 @@ private JaspicUtils() { * * @param serverAuthModule */ - public static void registerSAM(ServletContext context, ServerAuthModule serverAuthModule) { - AuthConfigFactory.getFactory().registerConfigProvider(new TestAuthConfigProvider(serverAuthModule), "HttpServlet", + public static void registerSAM(ServletContext context, Class serverAuthModuleClass) { + AuthConfigFactory.getFactory().registerConfigProvider(new TestAuthConfigProvider(serverAuthModuleClass), "HttpServlet", getAppContextID(context), "Test authentication config provider"); } diff --git a/jaspic/common/src/main/java/org/javaee7/jaspic/common/TestAuthConfigProvider.java b/jaspic/common/src/main/java/org/javaee7/jaspic/common/TestAuthConfigProvider.java index 053ee1ee9..d3956fd01 100644 --- a/jaspic/common/src/main/java/org/javaee7/jaspic/common/TestAuthConfigProvider.java +++ b/jaspic/common/src/main/java/org/javaee7/jaspic/common/TestAuthConfigProvider.java @@ -22,10 +22,10 @@ public class TestAuthConfigProvider implements AuthConfigProvider { private static final String CALLBACK_HANDLER_PROPERTY_NAME = "authconfigprovider.client.callbackhandler"; private Map providerProperties; - private ServerAuthModule serverAuthModule; + private Class serverAuthModuleClass; - public TestAuthConfigProvider(ServerAuthModule serverAuthModule) { - this.serverAuthModule = serverAuthModule; + public TestAuthConfigProvider(Class serverAuthModuleClass) { + this.serverAuthModuleClass = serverAuthModuleClass; } /** @@ -53,7 +53,7 @@ public TestAuthConfigProvider(Map properties, AuthConfigFactory public ServerAuthConfig getServerAuthConfig(String layer, String appContext, CallbackHandler handler) throws AuthException, SecurityException { return new TestServerAuthConfig(layer, appContext, handler == null ? createDefaultCallbackHandler() : handler, - providerProperties, serverAuthModule); + providerProperties, serverAuthModuleClass); } @Override diff --git a/jaspic/common/src/main/java/org/javaee7/jaspic/common/TestServerAuthConfig.java b/jaspic/common/src/main/java/org/javaee7/jaspic/common/TestServerAuthConfig.java index 510a29f2f..158122b03 100644 --- a/jaspic/common/src/main/java/org/javaee7/jaspic/common/TestServerAuthConfig.java +++ b/jaspic/common/src/main/java/org/javaee7/jaspic/common/TestServerAuthConfig.java @@ -22,21 +22,21 @@ public class TestServerAuthConfig implements ServerAuthConfig { private String appContext; private CallbackHandler handler; private Map providerProperties; - private ServerAuthModule serverAuthModule; + private Class serverAuthModuleClass; public TestServerAuthConfig(String layer, String appContext, CallbackHandler handler, - Map providerProperties, ServerAuthModule serverAuthModule) { + Map providerProperties, Class serverAuthModuleClass) { this.layer = layer; this.appContext = appContext; this.handler = handler; this.providerProperties = providerProperties; - this.serverAuthModule = serverAuthModule; + this.serverAuthModuleClass = serverAuthModuleClass; } @Override public ServerAuthContext getAuthContext(String authContextID, Subject serviceSubject, @SuppressWarnings("rawtypes") Map properties) throws AuthException { - return new TestServerAuthContext(handler, serverAuthModule); + return new TestServerAuthContext(handler, serverAuthModuleClass); } // ### The methods below mostly just return what has been passed into the diff --git a/jaspic/common/src/main/java/org/javaee7/jaspic/common/TestServerAuthContext.java b/jaspic/common/src/main/java/org/javaee7/jaspic/common/TestServerAuthContext.java index 9c2d09558..2571dce1c 100644 --- a/jaspic/common/src/main/java/org/javaee7/jaspic/common/TestServerAuthContext.java +++ b/jaspic/common/src/main/java/org/javaee7/jaspic/common/TestServerAuthContext.java @@ -1,5 +1,6 @@ package org.javaee7.jaspic.common; +import java.lang.reflect.InvocationTargetException; import java.util.Collections; import javax.security.auth.Subject; @@ -7,6 +8,9 @@ import javax.security.auth.message.AuthException; import javax.security.auth.message.AuthStatus; import javax.security.auth.message.MessageInfo; +import javax.security.auth.message.MessagePolicy; +import javax.security.auth.message.MessagePolicy.TargetPolicy; +import javax.security.auth.message.MessagePolicy.ProtectionPolicy; import javax.security.auth.message.ServerAuth; import javax.security.auth.message.config.ServerAuthContext; import javax.security.auth.message.module.ServerAuthModule; @@ -22,28 +26,60 @@ * @author Arjan Tijms */ public class TestServerAuthContext implements ServerAuthContext { + + private static TargetPolicy[] targetPolicyArr = { new TargetPolicy(null, new ProtectionPolicy() { + public String getID() { + return ProtectionPolicy.AUTHENTICATE_SENDER; + } + }) }; + + private static MessagePolicy mandatoryRequestPolicy = new MessagePolicy(targetPolicyArr, true); + private static MessagePolicy optionalRequestPolicy = new MessagePolicy(targetPolicyArr, false); - private final ServerAuthModule serverAuthModule; + private ServerAuthModule mandatoryServerAuthModule; + private ServerAuthModule optionalServerAuthModule; + + private ServerAuthModule chooseModule(MessageInfo messageInfo){ + if("true".equals(messageInfo.getMap().get("javax.security.auth.message.MessagePolicy.isMandatory"))) { + return mandatoryServerAuthModule; + } else { + return optionalServerAuthModule; + } + } + + public TestServerAuthContext(CallbackHandler handler, Class serverAuthModuleClass) throws AuthException { + + //The spec requires that the mandatory authentication parameter can be accessed from the requestPolicy, + //even though it is not really useful, as the same information is available from the messageInfo map. + //To satisfy this requirement two SAM objects are constructed, and they are initialized with the appropriate requestPolicies. + + try { + mandatoryServerAuthModule = serverAuthModuleClass.getConstructor().newInstance(); + mandatoryServerAuthModule.initialize(mandatoryRequestPolicy, null, handler, Collections. emptyMap()); + + optionalServerAuthModule = serverAuthModuleClass.getConstructor().newInstance(); + optionalServerAuthModule.initialize(optionalRequestPolicy, null, handler, Collections. emptyMap()); + } catch (InstantiationException | IllegalAccessException | IllegalArgumentException + | InvocationTargetException | NoSuchMethodException | SecurityException e) { + throw new AuthException(); + } - public TestServerAuthContext(CallbackHandler handler, ServerAuthModule serverAuthModule) throws AuthException { - this.serverAuthModule = serverAuthModule; - serverAuthModule.initialize(null, null, handler, Collections. emptyMap()); } @Override public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException { - return serverAuthModule.validateRequest(messageInfo, clientSubject, serviceSubject); + return chooseModule(messageInfo).validateRequest(messageInfo, clientSubject, serviceSubject); } @Override public AuthStatus secureResponse(MessageInfo messageInfo, Subject serviceSubject) throws AuthException { - return serverAuthModule.secureResponse(messageInfo, serviceSubject); + return chooseModule(messageInfo).secureResponse(messageInfo, serviceSubject); } @Override public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException { - serverAuthModule.cleanSubject(messageInfo, subject); + chooseModule(messageInfo).cleanSubject(messageInfo, subject); } } diff --git a/jaspic/custom-principal/src/main/java/org/javaee7/jaspic/customprincipal/sam/SamAutoRegistrationListener.java b/jaspic/custom-principal/src/main/java/org/javaee7/jaspic/customprincipal/sam/SamAutoRegistrationListener.java index 6562a46ef..c9a398979 100644 --- a/jaspic/custom-principal/src/main/java/org/javaee7/jaspic/customprincipal/sam/SamAutoRegistrationListener.java +++ b/jaspic/custom-principal/src/main/java/org/javaee7/jaspic/customprincipal/sam/SamAutoRegistrationListener.java @@ -16,7 +16,7 @@ public class SamAutoRegistrationListener extends BaseServletContextListener { @Override public void contextInitialized(ServletContextEvent sce) { - JaspicUtils.registerSAM(sce.getServletContext(), new TestServerAuthModule()); + JaspicUtils.registerSAM(sce.getServletContext(), TestServerAuthModule.class); } } \ No newline at end of file diff --git a/jaspic/custom-principal/src/main/java/org/javaee7/jaspic/customprincipal/sam/TestServerAuthModule.java b/jaspic/custom-principal/src/main/java/org/javaee7/jaspic/customprincipal/sam/TestServerAuthModule.java index 8ff11b4d4..3fd068167 100644 --- a/jaspic/custom-principal/src/main/java/org/javaee7/jaspic/customprincipal/sam/TestServerAuthModule.java +++ b/jaspic/custom-principal/src/main/java/org/javaee7/jaspic/customprincipal/sam/TestServerAuthModule.java @@ -2,6 +2,8 @@ import static javax.security.auth.message.AuthStatus.SEND_SUCCESS; import static javax.security.auth.message.AuthStatus.SUCCESS; +import static javax.security.auth.message.AuthStatus.SEND_CONTINUE; +import static javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED; import java.io.IOException; import java.security.Principal; @@ -44,6 +46,7 @@ public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject throws AuthException { HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage(); + HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage(); Callback[] callbacks; @@ -59,8 +62,12 @@ public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject // the roles of the authenticated user new GroupPrincipalCallback(clientSubject, new String[] { "architect" }) }; + } else if(messageInfo.getMap().get("javax.security.auth.message.MessagePolicy.isMandatory").equals("true")) { + + // Must set error code if authentication is mandatory, but unsuccessful + response.setStatus(SC_UNAUTHORIZED); + return SEND_CONTINUE; } else { - // The JASPIC protocol for "do nothing" callbacks = new Callback[] { new CallerPrincipalCallback(clientSubject, (Principal) null) }; } diff --git a/jaspic/dispatching-jsf-cdi/src/main/java/org/javaee7/jaspic/dispatching/sam/SamAutoRegistrationListener.java b/jaspic/dispatching-jsf-cdi/src/main/java/org/javaee7/jaspic/dispatching/sam/SamAutoRegistrationListener.java index b0e15c5d3..ac955b6da 100644 --- a/jaspic/dispatching-jsf-cdi/src/main/java/org/javaee7/jaspic/dispatching/sam/SamAutoRegistrationListener.java +++ b/jaspic/dispatching-jsf-cdi/src/main/java/org/javaee7/jaspic/dispatching/sam/SamAutoRegistrationListener.java @@ -16,7 +16,7 @@ public class SamAutoRegistrationListener extends BaseServletContextListener { @Override public void contextInitialized(ServletContextEvent sce) { - JaspicUtils.registerSAM(sce.getServletContext(), new TestServerAuthModule()); + JaspicUtils.registerSAM(sce.getServletContext(), TestServerAuthModule.class); } } \ No newline at end of file diff --git a/jaspic/dispatching-jsf-cdi/src/main/java/org/javaee7/jaspic/dispatching/sam/TestServerAuthModule.java b/jaspic/dispatching-jsf-cdi/src/main/java/org/javaee7/jaspic/dispatching/sam/TestServerAuthModule.java index 02154b5d7..9b642c139 100644 --- a/jaspic/dispatching-jsf-cdi/src/main/java/org/javaee7/jaspic/dispatching/sam/TestServerAuthModule.java +++ b/jaspic/dispatching-jsf-cdi/src/main/java/org/javaee7/jaspic/dispatching/sam/TestServerAuthModule.java @@ -3,6 +3,7 @@ import static javax.security.auth.message.AuthStatus.SEND_CONTINUE; import static javax.security.auth.message.AuthStatus.SEND_SUCCESS; import static javax.security.auth.message.AuthStatus.SUCCESS; +import static javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED; import java.io.IOException; import java.security.Principal; @@ -44,26 +45,34 @@ public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject try { HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage(); HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage(); - + if ("include".equals(request.getParameter("dispatch"))) { - String target = "/includedServlet"; - if ("jsf".equals(request.getParameter("tech"))) { - target = "/include.jsf"; - } else if ("jsfcdi".equals(request.getParameter("tech"))) { - target = "/include-cdi.jsf"; + if(messageInfo.getMap().get("javax.security.auth.message.MessagePolicy.isMandatory").equals("true")) { + //Since we do not set a principal, authentication is unsuccessful + + response.setStatus(SC_UNAUTHORIZED); + return SEND_CONTINUE; + } else { + + String target = "/includedServlet"; + if ("jsf".equals(request.getParameter("tech"))) { + target = "/include.jsf"; + } else if ("jsfcdi".equals(request.getParameter("tech"))) { + target = "/include-cdi.jsf"; + } + + request.getRequestDispatcher(target) + .include(request, response); + + // "Do nothing", required protocol when returning SUCCESS + handler.handle(new Callback[] { new CallerPrincipalCallback(clientSubject, (Principal) null) }); + + // When using includes, the response stays open and the main + // resource can also + // write to the response + return SUCCESS; } - - request.getRequestDispatcher(target) - .include(request, response); - - // "Do nothing", required protocol when returning SUCCESS - handler.handle(new Callback[] { new CallerPrincipalCallback(clientSubject, (Principal) null) }); - - // When using includes, the response stays open and the main - // resource can also - // write to the response - return SUCCESS; } else { diff --git a/jaspic/dispatching/src/main/java/org/javaee7/jaspic/dispatching/sam/SamAutoRegistrationListener.java b/jaspic/dispatching/src/main/java/org/javaee7/jaspic/dispatching/sam/SamAutoRegistrationListener.java index b0e15c5d3..ac955b6da 100644 --- a/jaspic/dispatching/src/main/java/org/javaee7/jaspic/dispatching/sam/SamAutoRegistrationListener.java +++ b/jaspic/dispatching/src/main/java/org/javaee7/jaspic/dispatching/sam/SamAutoRegistrationListener.java @@ -16,7 +16,7 @@ public class SamAutoRegistrationListener extends BaseServletContextListener { @Override public void contextInitialized(ServletContextEvent sce) { - JaspicUtils.registerSAM(sce.getServletContext(), new TestServerAuthModule()); + JaspicUtils.registerSAM(sce.getServletContext(), TestServerAuthModule.class); } } \ No newline at end of file diff --git a/jaspic/dispatching/src/main/java/org/javaee7/jaspic/dispatching/sam/TestServerAuthModule.java b/jaspic/dispatching/src/main/java/org/javaee7/jaspic/dispatching/sam/TestServerAuthModule.java index d52159a5b..a9b75f0c1 100644 --- a/jaspic/dispatching/src/main/java/org/javaee7/jaspic/dispatching/sam/TestServerAuthModule.java +++ b/jaspic/dispatching/src/main/java/org/javaee7/jaspic/dispatching/sam/TestServerAuthModule.java @@ -3,6 +3,7 @@ import static javax.security.auth.message.AuthStatus.SEND_CONTINUE; import static javax.security.auth.message.AuthStatus.SEND_SUCCESS; import static javax.security.auth.message.AuthStatus.SUCCESS; +import static javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED; import java.io.IOException; import java.security.Principal; @@ -42,19 +43,27 @@ public void initialize(MessagePolicy requestPolicy, MessagePolicy responsePolicy public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException { try { HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage(); - HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage(); - + HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage(); + if ("include".equals(request.getParameter("dispatch"))) { - request.getRequestDispatcher("/includedServlet") - .include(request, response); - - // "Do nothing", required protocol when returning SUCCESS - handler.handle(new Callback[] { new CallerPrincipalCallback(clientSubject, (Principal) null) }); - - // When using includes, the response stays open and the main - // resource can also write to the response - return SUCCESS; - + + if(messageInfo.getMap().get("javax.security.auth.message.MessagePolicy.isMandatory").equals("true")) { + //Since we do not set a principal, authentication is unsuccessful + + response.setStatus(SC_UNAUTHORIZED); + return SEND_CONTINUE; + } else { + + request.getRequestDispatcher("/includedServlet") + .include(request, response); + + // "Do nothing", required protocol when returning SUCCESS + handler.handle(new Callback[] { new CallerPrincipalCallback(clientSubject, (Principal) null) }); + + // When using includes, the response stays open and the main + // resource can also write to the response + return SUCCESS; + } } else { request.getRequestDispatcher("/forwardedServlet") .forward(request, response); diff --git a/jaspic/ejb-propagation/src/main/java/org/javaee7/jaspic/ejbpropagation/sam/SamAutoRegistrationListener.java b/jaspic/ejb-propagation/src/main/java/org/javaee7/jaspic/ejbpropagation/sam/SamAutoRegistrationListener.java index e91dd3576..cfd0a55cc 100644 --- a/jaspic/ejb-propagation/src/main/java/org/javaee7/jaspic/ejbpropagation/sam/SamAutoRegistrationListener.java +++ b/jaspic/ejb-propagation/src/main/java/org/javaee7/jaspic/ejbpropagation/sam/SamAutoRegistrationListener.java @@ -16,7 +16,7 @@ public class SamAutoRegistrationListener extends BaseServletContextListener { @Override public void contextInitialized(ServletContextEvent sce) { - JaspicUtils.registerSAM(sce.getServletContext(), new TestServerAuthModule()); + JaspicUtils.registerSAM(sce.getServletContext(), TestServerAuthModule.class); } } \ No newline at end of file diff --git a/jaspic/ejb-propagation/src/main/java/org/javaee7/jaspic/ejbpropagation/sam/TestServerAuthModule.java b/jaspic/ejb-propagation/src/main/java/org/javaee7/jaspic/ejbpropagation/sam/TestServerAuthModule.java index a11992455..d4beb3bf9 100644 --- a/jaspic/ejb-propagation/src/main/java/org/javaee7/jaspic/ejbpropagation/sam/TestServerAuthModule.java +++ b/jaspic/ejb-propagation/src/main/java/org/javaee7/jaspic/ejbpropagation/sam/TestServerAuthModule.java @@ -1,6 +1,8 @@ package org.javaee7.jaspic.ejbpropagation.sam; import static javax.security.auth.message.AuthStatus.SUCCESS; +import static javax.security.auth.message.AuthStatus.SEND_CONTINUE; +import static javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED; import java.io.IOException; import java.security.Principal; @@ -43,6 +45,7 @@ public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject throws AuthException { HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage(); + HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage(); Callback[] callbacks; @@ -50,6 +53,11 @@ public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject callbacks = new Callback[] { new CallerPrincipalCallback(clientSubject, "test"), new GroupPrincipalCallback(clientSubject, new String[] { "architect" }) }; + } else if(messageInfo.getMap().get("javax.security.auth.message.MessagePolicy.isMandatory").equals("true")) { + + // Must set error code if authentication is mandatory, but unsuccessful + response.setStatus(SC_UNAUTHORIZED); + return SEND_CONTINUE; } else { // The JASPIC protocol for "do nothing" diff --git a/jaspic/ejb-register-session/src/main/java/org/javaee7/jaspic/registersession/sam/SamAutoRegistrationListener.java b/jaspic/ejb-register-session/src/main/java/org/javaee7/jaspic/registersession/sam/SamAutoRegistrationListener.java index 2241d934c..c7db293e0 100644 --- a/jaspic/ejb-register-session/src/main/java/org/javaee7/jaspic/registersession/sam/SamAutoRegistrationListener.java +++ b/jaspic/ejb-register-session/src/main/java/org/javaee7/jaspic/registersession/sam/SamAutoRegistrationListener.java @@ -16,7 +16,7 @@ public class SamAutoRegistrationListener extends BaseServletContextListener { @Override public void contextInitialized(ServletContextEvent sce) { - JaspicUtils.registerSAM(sce.getServletContext(), new TestServerAuthModule()); + JaspicUtils.registerSAM(sce.getServletContext(), TestServerAuthModule.class); } } \ No newline at end of file diff --git a/jaspic/ejb-register-session/src/main/java/org/javaee7/jaspic/registersession/sam/TestServerAuthModule.java b/jaspic/ejb-register-session/src/main/java/org/javaee7/jaspic/registersession/sam/TestServerAuthModule.java index 89ea01287..3217e1069 100644 --- a/jaspic/ejb-register-session/src/main/java/org/javaee7/jaspic/registersession/sam/TestServerAuthModule.java +++ b/jaspic/ejb-register-session/src/main/java/org/javaee7/jaspic/registersession/sam/TestServerAuthModule.java @@ -1,7 +1,9 @@ package org.javaee7.jaspic.registersession.sam; import static java.lang.Boolean.TRUE; +import static javax.security.auth.message.AuthStatus.SEND_CONTINUE; import static javax.security.auth.message.AuthStatus.SUCCESS; +import static javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED; import java.io.IOException; import java.security.Principal; @@ -44,6 +46,8 @@ public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject throws AuthException { HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage(); + HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage(); + Callback[] callbacks; Principal userPrincipal = request.getUserPrincipal(); @@ -77,6 +81,11 @@ public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject // Tell container to register an authentication session. messageInfo.getMap().put("javax.servlet.http.registerSession", TRUE.toString()); + } else if(messageInfo.getMap().get("javax.security.auth.message.MessagePolicy.isMandatory").equals("true")) { + + // Must set error code if authentication is mandatory, but unsuccessful + response.setStatus(SC_UNAUTHORIZED); + return SEND_CONTINUE; } else { // ### If no registered session and no login request "do nothing" diff --git a/jaspic/invoke-ejb-cdi/src/main/java/org/javaee7/jaspic/invoke/sam/SamAutoRegistrationListener.java b/jaspic/invoke-ejb-cdi/src/main/java/org/javaee7/jaspic/invoke/sam/SamAutoRegistrationListener.java index dc6b780ca..f0f60b821 100644 --- a/jaspic/invoke-ejb-cdi/src/main/java/org/javaee7/jaspic/invoke/sam/SamAutoRegistrationListener.java +++ b/jaspic/invoke-ejb-cdi/src/main/java/org/javaee7/jaspic/invoke/sam/SamAutoRegistrationListener.java @@ -16,7 +16,7 @@ public class SamAutoRegistrationListener extends BaseServletContextListener { @Override public void contextInitialized(ServletContextEvent sce) { - JaspicUtils.registerSAM(sce.getServletContext(), new TestServerAuthModule()); + JaspicUtils.registerSAM(sce.getServletContext(), TestServerAuthModule.class); } } \ No newline at end of file diff --git a/jaspic/jacc-propagation/src/main/java/org/javaee7/jaspic/jaccpropagation/sam/SamAutoRegistrationListener.java b/jaspic/jacc-propagation/src/main/java/org/javaee7/jaspic/jaccpropagation/sam/SamAutoRegistrationListener.java index 09e8e240a..504fe2949 100644 --- a/jaspic/jacc-propagation/src/main/java/org/javaee7/jaspic/jaccpropagation/sam/SamAutoRegistrationListener.java +++ b/jaspic/jacc-propagation/src/main/java/org/javaee7/jaspic/jaccpropagation/sam/SamAutoRegistrationListener.java @@ -16,7 +16,7 @@ public class SamAutoRegistrationListener extends BaseServletContextListener { @Override public void contextInitialized(ServletContextEvent sce) { - JaspicUtils.registerSAM(sce.getServletContext(), new TestServerAuthModule()); + JaspicUtils.registerSAM(sce.getServletContext(), TestServerAuthModule.class); } } \ No newline at end of file diff --git a/jaspic/jacc-propagation/src/main/java/org/javaee7/jaspic/jaccpropagation/sam/TestServerAuthModule.java b/jaspic/jacc-propagation/src/main/java/org/javaee7/jaspic/jaccpropagation/sam/TestServerAuthModule.java index e75b2a4a0..ea8efae4d 100644 --- a/jaspic/jacc-propagation/src/main/java/org/javaee7/jaspic/jaccpropagation/sam/TestServerAuthModule.java +++ b/jaspic/jacc-propagation/src/main/java/org/javaee7/jaspic/jaccpropagation/sam/TestServerAuthModule.java @@ -1,6 +1,8 @@ package org.javaee7.jaspic.jaccpropagation.sam; import static javax.security.auth.message.AuthStatus.SUCCESS; +import static javax.security.auth.message.AuthStatus.SEND_CONTINUE; +import static javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED; import java.io.IOException; import java.security.Principal; @@ -43,6 +45,7 @@ public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject throws AuthException { HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage(); + HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage(); Callback[] callbacks; @@ -50,6 +53,11 @@ public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject callbacks = new Callback[] { new CallerPrincipalCallback(clientSubject, "test"), new GroupPrincipalCallback(clientSubject, new String[] { "architect" }) }; + } else if(messageInfo.getMap().get("javax.security.auth.message.MessagePolicy.isMandatory").equals("true")) { + + // Must set error code if authentication is mandatory, but unsuccessful + response.setStatus(SC_UNAUTHORIZED); + return SEND_CONTINUE; } else { // The JASPIC protocol for "do nothing" diff --git a/jaspic/lifecycle/src/main/java/org/javaee7/jaspic/lifecycle/sam/SamAutoRegistrationListener.java b/jaspic/lifecycle/src/main/java/org/javaee7/jaspic/lifecycle/sam/SamAutoRegistrationListener.java index bab879840..200fd0b33 100644 --- a/jaspic/lifecycle/src/main/java/org/javaee7/jaspic/lifecycle/sam/SamAutoRegistrationListener.java +++ b/jaspic/lifecycle/src/main/java/org/javaee7/jaspic/lifecycle/sam/SamAutoRegistrationListener.java @@ -16,7 +16,7 @@ public class SamAutoRegistrationListener extends BaseServletContextListener { @Override public void contextInitialized(ServletContextEvent sce) { - JaspicUtils.registerSAM(sce.getServletContext(), new TestLifecycleAuthModule()); + JaspicUtils.registerSAM(sce.getServletContext(), TestLifecycleAuthModule.class); } } \ No newline at end of file diff --git a/jaspic/programmatic-authentication/src/main/java/org/javaee7/jaspic/programmaticauthentication/sam/SamAutoRegistrationListener.java b/jaspic/programmatic-authentication/src/main/java/org/javaee7/jaspic/programmaticauthentication/sam/SamAutoRegistrationListener.java index 202575e5f..6ff2af6ab 100644 --- a/jaspic/programmatic-authentication/src/main/java/org/javaee7/jaspic/programmaticauthentication/sam/SamAutoRegistrationListener.java +++ b/jaspic/programmatic-authentication/src/main/java/org/javaee7/jaspic/programmaticauthentication/sam/SamAutoRegistrationListener.java @@ -16,7 +16,7 @@ public class SamAutoRegistrationListener extends BaseServletContextListener { @Override public void contextInitialized(ServletContextEvent sce) { - JaspicUtils.registerSAM(sce.getServletContext(), new TestServerAuthModule()); + JaspicUtils.registerSAM(sce.getServletContext(), TestServerAuthModule.class); } } \ No newline at end of file diff --git a/jaspic/programmatic-authentication/src/main/java/org/javaee7/jaspic/programmaticauthentication/sam/TestServerAuthModule.java b/jaspic/programmatic-authentication/src/main/java/org/javaee7/jaspic/programmaticauthentication/sam/TestServerAuthModule.java index b4a057502..7ebf350c0 100644 --- a/jaspic/programmatic-authentication/src/main/java/org/javaee7/jaspic/programmaticauthentication/sam/TestServerAuthModule.java +++ b/jaspic/programmatic-authentication/src/main/java/org/javaee7/jaspic/programmaticauthentication/sam/TestServerAuthModule.java @@ -2,6 +2,8 @@ import static javax.security.auth.message.AuthStatus.SEND_SUCCESS; import static javax.security.auth.message.AuthStatus.SUCCESS; +import static javax.security.auth.message.AuthStatus.SEND_CONTINUE; +import static javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED; import java.io.IOException; import java.security.Principal; @@ -44,6 +46,7 @@ public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject throws AuthException { HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage(); + HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage(); Callback[] callbacks; @@ -58,6 +61,11 @@ public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject // the roles of the authenticated user new GroupPrincipalCallback(clientSubject, new String[] { "architect" }) }; + } else if(messageInfo.getMap().get("javax.security.auth.message.MessagePolicy.isMandatory").equals("true")) { + + // Must set error code if authentication is mandatory, but unsuccessful + response.setStatus(SC_UNAUTHORIZED); + return SEND_CONTINUE; } else { // The JASPIC protocol for "do nothing" diff --git a/jaspic/register-session/src/main/java/org/javaee7/jaspic/registersession/sam/SamAutoRegistrationListener.java b/jaspic/register-session/src/main/java/org/javaee7/jaspic/registersession/sam/SamAutoRegistrationListener.java index 2241d934c..c7db293e0 100644 --- a/jaspic/register-session/src/main/java/org/javaee7/jaspic/registersession/sam/SamAutoRegistrationListener.java +++ b/jaspic/register-session/src/main/java/org/javaee7/jaspic/registersession/sam/SamAutoRegistrationListener.java @@ -16,7 +16,7 @@ public class SamAutoRegistrationListener extends BaseServletContextListener { @Override public void contextInitialized(ServletContextEvent sce) { - JaspicUtils.registerSAM(sce.getServletContext(), new TestServerAuthModule()); + JaspicUtils.registerSAM(sce.getServletContext(), TestServerAuthModule.class); } } \ No newline at end of file diff --git a/jaspic/register-session/src/main/java/org/javaee7/jaspic/registersession/sam/TestServerAuthModule.java b/jaspic/register-session/src/main/java/org/javaee7/jaspic/registersession/sam/TestServerAuthModule.java index 89ea01287..438f60efc 100644 --- a/jaspic/register-session/src/main/java/org/javaee7/jaspic/registersession/sam/TestServerAuthModule.java +++ b/jaspic/register-session/src/main/java/org/javaee7/jaspic/registersession/sam/TestServerAuthModule.java @@ -2,6 +2,8 @@ import static java.lang.Boolean.TRUE; import static javax.security.auth.message.AuthStatus.SUCCESS; +import static javax.security.auth.message.AuthStatus.SEND_CONTINUE; +import static javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED; import java.io.IOException; import java.security.Principal; @@ -44,6 +46,7 @@ public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject throws AuthException { HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage(); + HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage(); Callback[] callbacks; Principal userPrincipal = request.getUserPrincipal(); @@ -77,6 +80,11 @@ public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject // Tell container to register an authentication session. messageInfo.getMap().put("javax.servlet.http.registerSession", TRUE.toString()); + } else if(messageInfo.getMap().get("javax.security.auth.message.MessagePolicy.isMandatory").equals("true")) { + + // Must set error code if authentication is mandatory, but unsuccessful + response.setStatus(SC_UNAUTHORIZED); + return SEND_CONTINUE; } else { // ### If no registered session and no login request "do nothing" diff --git a/jaspic/status-codes/src/main/java/org/javaee7/jaspic/statuscodes/sam/SamAutoRegistrationListener.java b/jaspic/status-codes/src/main/java/org/javaee7/jaspic/statuscodes/sam/SamAutoRegistrationListener.java index 85f3dcdcb..1d45f1bae 100644 --- a/jaspic/status-codes/src/main/java/org/javaee7/jaspic/statuscodes/sam/SamAutoRegistrationListener.java +++ b/jaspic/status-codes/src/main/java/org/javaee7/jaspic/statuscodes/sam/SamAutoRegistrationListener.java @@ -16,7 +16,7 @@ public class SamAutoRegistrationListener extends BaseServletContextListener { @Override public void contextInitialized(ServletContextEvent sce) { - JaspicUtils.registerSAM(sce.getServletContext(), new TestServerAuthModule()); + JaspicUtils.registerSAM(sce.getServletContext(), TestServerAuthModule.class); } } \ No newline at end of file diff --git a/jaspic/wrapping/src/main/java/org/javaee7/jaspic/wrapping/sam/SamAutoRegistrationListener.java b/jaspic/wrapping/src/main/java/org/javaee7/jaspic/wrapping/sam/SamAutoRegistrationListener.java index 271947358..be69510bc 100644 --- a/jaspic/wrapping/src/main/java/org/javaee7/jaspic/wrapping/sam/SamAutoRegistrationListener.java +++ b/jaspic/wrapping/src/main/java/org/javaee7/jaspic/wrapping/sam/SamAutoRegistrationListener.java @@ -20,7 +20,7 @@ public class SamAutoRegistrationListener extends BaseServletContextListener { @Override public void contextInitialized(ServletContextEvent sce) { - JaspicUtils.registerSAM(sce.getServletContext(), new TestWrappingServerAuthModule()); + JaspicUtils.registerSAM(sce.getServletContext(), TestWrappingServerAuthModule.class); sce.getServletContext() .addFilter("Programmatic filter", ProgrammaticFilter.class)