Package org.wildfly.security.http.spnego

Class SpnegoAuthenticationMechanism

java.lang.Object

org.wildfly.security.http.spnego.SpnegoAuthenticationMechanism

All Implemented Interfaces:

HttpServerAuthenticationMechanism

public final class SpnegoAuthenticationMechanism
extends Object
implements HttpServerAuthenticationMechanism

A HttpServerAuthenticationMechanism implementation to support SPNEGO.

Author:

Darran Lofthouse

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
private static class	SpnegoAuthenticationMechanism.SpnegoContext

Field Summary

Fields

Modifier and Type	Field	Description
private static String	CACHED_IDENTITY_KEY
private CallbackHandler	callbackHandler
private static String	CHALLENGE_PREFIX
private boolean	disableRestoreSecurityIdentity
private boolean	disableSessionIdChange
private GSSManager	gssManager
private static byte[]	NEG_STATE_REJECT
private static String	SPNEGO_CONTEXT_KEY
private Scope[]	storageScopes

Constructor Summary

Constructors

Constructor	Description
SpnegoAuthenticationMechanism(CallbackHandler callbackHandler, Map<String,?> properties)

Method Summary

Modifier and Type	Method	Description
private boolean	attemptReAuthentication(IdentityCache identityCache, HttpServerRequest request)
private boolean	authorizeSrcName(GSSContext gssContext, IdentityCache identityCache)
private static void	clearAttachments(HttpScope scope)
private IdentityCache	createIdentityCache(IdentityCache existingCache, HttpScope httpScope, boolean forUpdate)
void	evaluateRequest(HttpServerRequest request)	Evaluate the current request and attempt to authenticate if appropriate.
String	getMechanismName()	Get the name of this mechanism, where appropriate this should be the IANA registered name.
private HttpScope	getStorageScope(HttpServerRequest request)
private void	handleCallback(Callback callback)
private void	sendBareChallenge(HttpServerResponse response)
private void	sendChallenge(byte[] responseToken, HttpServerResponse response, int statusCode)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.wildfly.security.http.HttpServerAuthenticationMechanism

dispose, getNegotiatedProperty, getNegotiationProperty

Field Detail

CHALLENGE_PREFIX

private static final String CHALLENGE_PREFIX

See Also:

Constant Field Values

SPNEGO_CONTEXT_KEY

private static final String SPNEGO_CONTEXT_KEY

CACHED_IDENTITY_KEY

private static final String CACHED_IDENTITY_KEY

NEG_STATE_REJECT

private static final byte[] NEG_STATE_REJECT

callbackHandler

private final CallbackHandler callbackHandler

gssManager

private final GSSManager gssManager

storageScopes

private final Scope[] storageScopes

disableRestoreSecurityIdentity

private final boolean disableRestoreSecurityIdentity

disableSessionIdChange

private final boolean disableSessionIdChange

Constructor Detail

SpnegoAuthenticationMechanism

SpnegoAuthenticationMechanism(CallbackHandler callbackHandler,
                              Map<String,?> properties)

Method Detail

getMechanismName

public String getMechanismName()

Description copied from interface: HttpServerAuthenticationMechanism

Get the name of this mechanism, where appropriate this should be the IANA registered name.

Specified by:

getMechanismName in interface HttpServerAuthenticationMechanism

Returns:

the name of the mechanism.

evaluateRequest

public void evaluateRequest(HttpServerRequest request)
                     throws HttpAuthenticationException

Description copied from interface: HttpServerAuthenticationMechanism

Evaluate the current request and attempt to authenticate if appropriate. The mechanism should call the appropriate callback methods on the {link HttpServerResponse} to both indicate the outcome of the evaluation and to register any HttpServerMechanismsResponder as required.

Specified by:

evaluateRequest in interface HttpServerAuthenticationMechanism

Parameters:

request - representation of the HTTP request.

Throws:

HttpAuthenticationException - if there is an internal failure handling the authentication.

getStorageScope

private HttpScope getStorageScope(HttpServerRequest request)
                           throws HttpAuthenticationException

Throws:

HttpAuthenticationException

createIdentityCache

private IdentityCache createIdentityCache(IdentityCache existingCache,
                                          HttpScope httpScope,
                                          boolean forUpdate)

clearAttachments

private static void clearAttachments(HttpScope scope)

sendBareChallenge

private void sendBareChallenge(HttpServerResponse response)

sendChallenge

private void sendChallenge(byte[] responseToken,
                           HttpServerResponse response,
                           int statusCode)

attemptReAuthentication

private boolean attemptReAuthentication(IdentityCache identityCache,
                                        HttpServerRequest request)
                                 throws HttpAuthenticationException

Throws:

HttpAuthenticationException

authorizeSrcName

private boolean authorizeSrcName(GSSContext gssContext,
                                 IdentityCache identityCache)
                          throws HttpAuthenticationException

Throws:

HttpAuthenticationException

handleCallback

private void handleCallback(Callback callback)
                     throws HttpAuthenticationException

Throws:

HttpAuthenticationException