/
HttpConstants.java
217 lines (183 loc) · 7.94 KB
/
HttpConstants.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
/*
* JBoss, Home of Professional Open Source.
* Copyright 2015 Red Hat, Inc., and individual contributors
* as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.wildfly.security.http;
import java.util.regex.Pattern;
import org.ietf.jgss.GSSManager;
/**
* Constants used within HTTP based authentication.
*
* @author <a href="mailto:darran.lofthouse@jboss.com">Darran Lofthouse</a>
*/
public class HttpConstants {
private HttpConstants() {
}
/*
* Negotiated Properties
*/
/**
* The property which holds the negotiated security identity after a successful HTTP server-side authentication.
*/
public static final String SECURITY_IDENTITY = "wildfly.http.security-identity";
/*
* Mechanism Configuration Properties
*/
private static final String CONFIG_BASE = HttpConstants.class.getPackage().getName();
public static final String CONFIG_CONTEXT_PATH = CONFIG_BASE + ".context-path";
public static final String CONFIG_REALM = CONFIG_BASE + ".realm";
public static final String CONFIG_VALIDATE_DIGEST_URI = CONFIG_BASE + ".validate-digest-uri";
public static final String CONFIG_SKIP_CERTIFICATE_VERIFICATION = CONFIG_BASE + ".skip-certificate-verification";
public static final String CONFIG_SESSION_BASED_DIGEST_NONCE_MANAGER = CONFIG_BASE + ".use-session-based-digest-nonce-manager";
/**
* The context relative path of the login page.
*/
public static final String CONFIG_LOGIN_PAGE = CONFIG_BASE + ".login-page";
/**
* The context relative path of the error page.
*/
public static final String CONFIG_ERROR_PAGE = CONFIG_BASE + ".error-page";
/**
* This defines the location used by mechanisms dependent on the response to the challenge being sent in using 'POST'.
*/
public static final String CONFIG_POST_LOCATION = CONFIG_BASE + ".post-location";
/**
* This allows a {@link GSSManager} instance to be passed into the authentication mechanisms.
*/
public static final String CONFIG_GSS_MANAGER = CONFIG_BASE + ".gss-manager";
/**
* This enables workaround for native GSS, where createName() needs to be called for correct GSSContext initialization.
* Set to "true" to call createName() as part of GSSContext initialization.
* This is workaround of JDK-8194073.
*/
public static final String CONFIG_CREATE_NAME_GSS_INIT = CONFIG_BASE + ".create-name-gss-init";
/**
* In clustered environment Security Identity is restored during failover, load balancer change node (not sticky behavior) and session passivation/activation.
* Set to "true" to disable this behavior.
*/
public static final String CONFIG_DISABLE_RESTORE_SECURITY_IDENTITY = CONFIG_BASE + ".disable-restore-security-identity";
/**
* A comma separated list of scopes in preferred order the mechanism should attempt to use to persist state including the
* caching of any previously authenticated identity.
*
* Accepted values are: -
* <p><ul>
* <li>CONNECTION
* <li>SESSION
* <li>SSL_SESSION
* <li>NONE
* </ul></p>
*
* Presently only supported by the SPNEGO mechanism.
*/
public static final String CONFIG_STATE_SCOPES = CONFIG_BASE + ".state-scopes";
/**
* If set to {@code true} the SPNEGO and FORM authentication mechanisms will not change the session ID
* after a successful authentication.
*
* Where set the web application should be configured to use cookies exclusively for session management.
*/
public static final String DISABLE_SESSION_ID_CHANGE = CONFIG_BASE + ".unsafe.disable-session-change-id";
/*
* Header Fields
*/
public static final String ALGORITHM = "algorithm";
public static final String AUTH = "auth";
public static final String AUTH_PARAM = "auth-param";
public static final String CHARSET = "charset";
public static final String CNONCE = "cnonce";
public static final String DOMAIN = "domain";
public static final String NC = "nc";
public static final String NEGOTIATE = "Negotiate";
public static final String NEXT_NONCE = "nextnonce";
public static final String NONCE = "nonce";
public static final String PARTIAL = "partial/";
public static final String OPAQUE = "opaque";
public static final String QOP = "qop";
public static final String REALM = "realm";
public static final String RSPAUTH = "rspauth";
public static final String RESPONSE = "response";
public static final String STALE = "stale";
public static final String URI = "uri";
public static final String USERNAME = "username";
public static final String USERNAME_STAR = "username*";
public static final String XML_HTTP_REQUEST = "XMLHttpRequest";
/*
* Header Names
*/
public static final String ACCEPT = "Accept";
public static final String AUTHENTICATION_INFO = "Authentication-Info";
public static final String AUTHORIZATION = "Authorization";
public static final String FACES_REQUEST = "Faces-Request";
public static final String HOST = "Host";
public static final String LOCATION = "Location";
public static final String SOAP_ACTION = "SOAPAction";
public static final String WWW_AUTHENTICATE = "WWW-Authenticate";
public static final String X_REQUESTED_WITH = "X-Requested-With";
/**
* Errors
*/
public static final String ERROR = "error";
public static final String ERROR_DESCRIPTION = "error_description";
public static final String INVALID_TOKEN = "invalid_token";
public static final String STALE_TOKEN = "Stale token";
public static final String NO_TOKEN = "no_token";
/*
* Mechanism Names
*/
public static final String BASIC_NAME = "BASIC";
public static final String CLIENT_CERT_NAME = "CLIENT_CERT";
public static final String DIGEST_NAME = "DIGEST";
public static final String DIGEST_SHA256_NAME = "DIGEST-SHA-256";
public static final String DIGEST_SHA512_256_NAME = "DIGEST-SHA-512-256";
public static final String EXTERNAL_NAME = "EXTERNAL";
public static final String FORM_NAME = "FORM";
public static final String SPNEGO_NAME = "SPNEGO";
public static final String BEARER_TOKEN = "BEARER_TOKEN";
/*
* Response Codes
*/
public static final int OK = 200;
public static final int FOUND = 302;
public static final int SEE_OTHER = 303;
public static final int TEMPORARY_REDIRECT = 307;
public static final int BAD_REQUEST = 400;
public static final int UNAUTHORIZED = 401;
public static final int FORBIDDEN = 403;
/*
* Methods
*/
public static final String POST = "POST";
public static final String OPTIONS = "OPTIONS";
/*
* Algorithms
*/
public static final String MD5 = "MD5";
public static final String SHA256 = "SHA-256";
public static final String SHA512_256 = "SHA-512-256";
/*
* Schemes
*/
public static final String HTTP = "http";
public static final String HTTPS = "https";
/**
* Bearer token pattern.
* The Bearer token authorization header is of the form "Bearer", followed by optional whitespace, followed by
* the token itself, followed by optional whitespace. The token itself must be one or more characters and must
* not contain any whitespace.
*/
public static final Pattern BEARER_TOKEN_PATTERN = Pattern.compile("^Bearer *([^ ]+) *$", Pattern.CASE_INSENSITIVE);
}