org.forgerock.caf.authn.test.modules

Class SessionAuthModule

java.lang.Object

org.forgerock.caf.authn.test.modules.SessionAuthModule

All Implemented Interfaces:

AsyncServerAuthModule

public class SessionAuthModule
extends Object
implements AsyncServerAuthModule

A test "Session" auth module in which the validateRequest(MessageInfoContext, Subject, Subject) and secureResponse(MessageInfoContext, Subject) methods return values can be decided based on the value of two request headers.

Since:

1.5.0

Field Summary

Fields

Modifier and Type	Field and Description
static String	FAILURE_AUTH_STATUS The request header value for returning AuthStatus.FAILURE.
static String	NULL_AUTH_STATUS The request header value for returning null.
static String	SEND_CONTINUE_AUTH_STATUS The request header value for returning AuthStatus.SEND_CONTINUE.
static String	SEND_FAILURE_AUTH_STATUS The request header value for returning AuthStatus.SEND_FAILURE.
static String	SEND_SUCCESS_AUTH_STATUS The request header value for returning AuthStatus.SEND_SUCCESS.
static String	SESSION_MODULE_CONTEXT_ENTRY Context entry set by this auth module.
static String	SESSION_MODULE_PRINCIPAL Principal name set by this auth module.
static String	SESSION_SECURE_RESPONSE_HEADER_NAME The request header for deciding the return value from secureResponse(MessageInfoContext, Subject).
static String	SESSION_VALIDATE_REQUEST_HEADER_NAME The request header for deciding the return value from validateRequest(MessageInfoContext, Subject, Subject).
static String	SUCCESS_AUTH_STATUS The request header value for returning AuthStatus.SUCCESS.

Constructor Summary

Constructors

Constructor and Description
SessionAuthModule()

Method Summary

Modifier and Type	Method and Description
Promise<Void,AuthenticationException>	cleanSubject(MessageInfoContext messageInfo, Subject clientSubject) Does nothing.
String	getModuleId() Returns the class's short name.
Collection<Class<?>>	getSupportedMessageTypes() Returns the Request and Response classes.
Promise<Void,AuthenticationException>	initialize(javax.security.auth.message.MessagePolicy requestPolicy, javax.security.auth.message.MessagePolicy responsePolicy, CallbackHandler callbackHandler, Map config) Does nothing.
Promise<javax.security.auth.message.AuthStatus,AuthenticationException>	secureResponse(MessageInfoContext messageInfo, Subject serviceSubject) Return value is based on the presents and value of the X-JASPI-SESSION-SECURE-RESPONSE request header.
Promise<javax.security.auth.message.AuthStatus,AuthenticationException>	validateRequest(MessageInfoContext messageInfo, Subject clientSubject, Subject serviceSubject) Return value is based on the presents and value of the X-JASPI-SESSION-VALIDATE_REQUEST request header.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.forgerock.caf.authentication.api.AsyncServerAuthModule

toString

Field Detail

SESSION_VALIDATE_REQUEST_HEADER_NAME

public static final String SESSION_VALIDATE_REQUEST_HEADER_NAME

The request header for deciding the return value from validateRequest(MessageInfoContext, Subject, Subject).

See Also:

Constant Field Values

SESSION_SECURE_RESPONSE_HEADER_NAME

public static final String SESSION_SECURE_RESPONSE_HEADER_NAME

The request header for deciding the return value from secureResponse(MessageInfoContext, Subject).

See Also:

Constant Field Values

SUCCESS_AUTH_STATUS

public static final String SUCCESS_AUTH_STATUS

The request header value for returning AuthStatus.SUCCESS.

See Also:

Constant Field Values

SEND_SUCCESS_AUTH_STATUS

public static final String SEND_SUCCESS_AUTH_STATUS

The request header value for returning AuthStatus.SEND_SUCCESS.

See Also:

Constant Field Values

SEND_FAILURE_AUTH_STATUS

public static final String SEND_FAILURE_AUTH_STATUS

The request header value for returning AuthStatus.SEND_FAILURE.

See Also:

Constant Field Values

SEND_CONTINUE_AUTH_STATUS

public static final String SEND_CONTINUE_AUTH_STATUS

The request header value for returning AuthStatus.SEND_CONTINUE.

See Also:

Constant Field Values

FAILURE_AUTH_STATUS

public static final String FAILURE_AUTH_STATUS

The request header value for returning AuthStatus.FAILURE.

See Also:

Constant Field Values

NULL_AUTH_STATUS

public static final String NULL_AUTH_STATUS

The request header value for returning null.

See Also:

Constant Field Values

SESSION_MODULE_PRINCIPAL

public static final String SESSION_MODULE_PRINCIPAL

Principal name set by this auth module.

See Also:

Constant Field Values

SESSION_MODULE_CONTEXT_ENTRY

public static final String SESSION_MODULE_CONTEXT_ENTRY

Context entry set by this auth module.

See Also:

Constant Field Values

Constructor Detail

SessionAuthModule

public SessionAuthModule()

Method Detail

getModuleId

public String getModuleId()

Returns the class's short name.

Specified by:

getModuleId in interface AsyncServerAuthModule

Returns:

The ID of the module.

initialize

public Promise<Void,AuthenticationException> initialize(javax.security.auth.message.MessagePolicy requestPolicy,
                                                        javax.security.auth.message.MessagePolicy responsePolicy,
                                                        CallbackHandler callbackHandler,
                                                        Map config)

Does nothing.

Specified by:

initialize in interface AsyncServerAuthModule

Parameters:

requestPolicy - The request policy this module must enforce, or null.

responsePolicy - The response policy this module must enforce, or null.

callbackHandler - CallbackHandler used to request information.

config - A Map of module-specific configuration properties.

Returns:

A Promise that will be completed, as some point in the future, with either a successful value or a failure value. A successfully completed Promise will contain no value and a failed completed Promise will contain an AuthenticationException if module initialization fails, including for the case where the options argument contains elements that are not supported by the module.

getSupportedMessageTypes

public Collection<Class<?>> getSupportedMessageTypes()

Returns the Request and Response classes.

Specified by:

getSupportedMessageTypes in interface AsyncServerAuthModule

Returns:

A Collection of Class objects, with at least on element defining the message type(s) supported by the module.

validateRequest

public Promise<javax.security.auth.message.AuthStatus,AuthenticationException> validateRequest(MessageInfoContext messageInfo,
                                                                                               Subject clientSubject,
                                                                                               Subject serviceSubject)

Return value is based on the presents and value of the X-JASPI-SESSION-VALIDATE_REQUEST request header.

Specified by:

validateRequest in interface AsyncServerAuthModule

Parameters:

messageInfo - The message context info for this request.

clientSubject - A Subject that represents the subject of this request.

serviceSubject - A Subject that represents the subject for the server or null. It may be used to secure the message response.

Returns:

A Promise that will be completed, as some point in the future, with either a successful value or a failure value.

A successfully completed Promise will contain an AuthStatus representing the completion status of the message processing. See ServerAuth.validateRequest( javax.security.auth.message.MessageInfo, Subject, Subject) for the allowed AuthStatus values.

A failed completed Promise will contain an AuthenticationException when the message processing failed without establishing a failure response message in the MessageContextInfo.

See Also:

AuthStatus, ServerAuth.validateRequest( javax.security.auth.message.MessageInfo, Subject, Subject)

secureResponse

public Promise<javax.security.auth.message.AuthStatus,AuthenticationException> secureResponse(MessageInfoContext messageInfo,
                                                                                              Subject serviceSubject)

Return value is based on the presents and value of the X-JASPI-SESSION-SECURE-RESPONSE request header.

Specified by:

secureResponse in interface AsyncServerAuthModule

Parameters:

messageInfo - The message context info for this request.

serviceSubject - A Subject that represents the subject for the server or null. It may be used to secure the message response.

Returns:

A Promise that will be completed, as some point in the future, with either a successful value or a failure value.

A successfully completed Promise will contain an AuthStatus representing the completion status of the processing. See ServerAuth.secureResponse( javax.security.auth.message.MessageInfo, Subject) for the allowed AuthStatus values. Note AuthStatus.SEND_CONTINUE is not supported by this interface

A failed completed Promise will contain an AuthenticationException when the message processing failed without establishing a failure response message in the MessageContextInfo.

See Also:

AuthStatus, ServerAuth.secureResponse( javax.security.auth.message.MessageInfo, Subject)

cleanSubject

public Promise<Void,AuthenticationException> cleanSubject(MessageInfoContext messageInfo,
                                                          Subject clientSubject)

Does nothing.

Specified by:

cleanSubject in interface AsyncServerAuthModule

Parameters:

messageInfo - The message context info for this request.

clientSubject - A Subject that represents the subject of this request.

Returns:

A Promise that will be completed, as some point in the future, with either a successful value or a failure value. A successfully completed Promise will contain no value and a failed completed Promise will contain an AuthenticationException if an error occurs during the Subject processing.

See Also:

ServerAuth.cleanSubject( javax.security.auth.message.MessageInfo, Subject)