package tip.sam;

   import java.io.IOException;
   import java.util.Map;
   import javax.security.auth.Subject;
   import javax.security.auth.callback.Callback;
   import javax.security.auth.callback.CallbackHandler;
   import javax.security.auth.callback.UnsupportedCallbackException;
   import javax.security.auth.message.AuthException;
   import javax.security.auth.message.AuthStatus;
   import javax.security.auth.message.MessageInfo;
   import javax.security.auth.message.MessagePolicy;
   import javax.security.auth.message.callback.CallerPrincipalCallback;
   import javax.security.auth.message.module.ServerAuthModule;
   import javax.servlet.http.HttpServletRequest;
   import javax.servlet.http.HttpServletResponse;

   /**
   *
   * @author monzillo
   */

   public class MySam implements ServerAuthModule {

       private static final String AUTH_TYPE_INFO_KEY =
               "javax.servlet.http.authType"

       protected static final Class[]
        supportedMessageTypes = new Class[]{
           HttpServletRequest.class,
           HttpServletResponse.class
       };

       private MessagePolicy requestPolicy;
       private MessagePolicy responsePolicy;
       private CallbackHandler handler;
       private Map options;

       public void initialize(MessagePolicy reqPolicy,
               MessagePolicy resPolicy,
               CallbackHandler cBH, Map opts)
               throws AuthException {
           requestPolicy = reqPolicy;
           responsePolicy = resPolicy;
           handler = cBH;
           options = opts;
       }

       public Class[] getSupportedMessageTypes() {
           return supportedMessageTypes;
       }

       public AuthStatus validateRequest(
               MessageInfo msgInfo, Subject client,
               Subject server) throws AuthException {
           try {
               if (requestPolicy.isMandatory()) {
                   HttpServletResponse response =
                           (HttpServletResponse)
                           msgInfo.getResponseMessage();
                   response.setStatus
                     (HttpServletResponse.SC_FORBIDDEN);
                   response.sendError(
                     HttpServletResponse.SC_FORBIDDEN,
                     "authentication required and
                     not yet implemented");
                   return AuthStatus.SEND_FAILURE;

               } else {
                   setAuthenticationResult(null,
                           client, msgInfo);
                   return AuthStatus.SUCCESS;
               }
           } catch (Exception e) {
               AuthException ae = new AuthException();
               ae.initCause(e);
               throw ae;
           }
       }

       public AuthStatus secureResponse(
               MessageInfo msgInfo, Subject service)
               throws AuthException {
           return AuthStatus.SEND_SUCCESS;
       }

       public void cleanSubject(MessageInfo msgInfo,
               Subject subject)
               throws AuthException {
           if (subject != null) {
               subject.getPrincipals().clear();
           }
       }

       private void setAuthenticationResult(
               String name, Subject s, MessageInfo m)
               throws IOException,
               UnsupportedCallbackException {
           handler.handle(new Callback[]{
                   new CallerPrincipalCallback(s, name)});
           if (name != null) {
              m.getMap().put(AUTH_TYPE_INFO_KEY, "MySAM");
           }
       }
   }