org.wildfly.security.http.HttpConstants Maven / Gradle / Ivy

Go to download
Show more of this group Show more artifacts with this name
Show all versions of wildfly-elytron-http
WildFly Security HTTP Framework
There is a newer version: 2.6.0.Final
/*
 * JBoss, Home of Professional Open Source.
 * Copyright 2015 Red Hat, Inc., and individual contributors
 * as indicated by the @author tags.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.wildfly.security.http;

import java.util.regex.Pattern;

import org.ietf.jgss.GSSManager;

/**
 * Constants used within HTTP based authentication.
 *
 * @author Darran Lofthouse
 */
public class HttpConstants {


    private HttpConstants() {
    }

    /*
     * Negotiated Properties
     */

    /**
     * The property which holds the negotiated security identity after a successful HTTP server-side authentication.
     */
    public static final String SECURITY_IDENTITY = "wildfly.http.security-identity";

    /*
     * Mechanism Configuration Properties
     */

    private static final String CONFIG_BASE = HttpConstants.class.getPackage().getName();
    public static final String CONFIG_CONTEXT_PATH = CONFIG_BASE + ".context-path";
    public static final String CONFIG_REALM = CONFIG_BASE + ".realm";

    public static final String CONFIG_VALIDATE_DIGEST_URI = CONFIG_BASE + ".validate-digest-uri";
    public static final String CONFIG_SKIP_CERTIFICATE_VERIFICATION = CONFIG_BASE + ".skip-certificate-verification";

    /**
     * The context relative path of the login page.
     */
    public static final String CONFIG_LOGIN_PAGE = CONFIG_BASE + ".login-page";

    /**
     * The context relative path of the error page.
     */
    public static final String CONFIG_ERROR_PAGE = CONFIG_BASE + ".error-page";

    /**
     * This defines the location used by mechanisms dependent on the response to the challenge being sent in using 'POST'.
     */
    public static final String CONFIG_POST_LOCATION = CONFIG_BASE + ".post-location";

    /**
     * This allows a {@link GSSManager} instance to be passed into the authentication mechanisms.
     */
    public static final String CONFIG_GSS_MANAGER = CONFIG_BASE + ".gss-manager";

    /**
     * This enables workaround for native GSS, where createName() needs to be called for correct GSSContext initialization.
     * Set to "true" to call createName() as part of GSSContext initialization.
     * This is workaround of JDK-8194073.
     */
    public static final String CONFIG_CREATE_NAME_GSS_INIT = CONFIG_BASE + ".create-name-gss-init";

    /**
     * In clustered environment Security Identity is restored during failover, load balancer change node (not sticky behavior) and session passivation/activation.
     * Set to "true" to disable this behavior.
     */
    public static final String CONFIG_DISABLE_RESTORE_SECURITY_IDENTITY = CONFIG_BASE + ".disable-restore-security-identity";

    /**
     * A comma separated list of scopes in preferred order the mechanism should attempt to use to persist state including the
     * caching of any previously authenticated identity.
     *
     * Accepted values are: -
     * 

     * CONNECTION
     * 
SESSION
     * 
SSL_SESSION
     * 
NONE
     * 

     *
     * Presently only supported by the SPNEGO mechanism.
     */
    public static final String CONFIG_STATE_SCOPES = CONFIG_BASE + ".state-scopes";

    /**
     * If set to {@code true} the SPNEGO and FORM authentication mechanisms will not change the session ID
     * after a successful authentication.
     *
     * Where set the web application should be configured to use cookies exclusively for session management.
     */
    public static final String DISABLE_SESSION_ID_CHANGE = CONFIG_BASE + ".unsafe.disable-session-change-id";

    /*
     * Header Fields
     */
    public static final String ALGORITHM = "algorithm";
    public static final String AUTH = "auth";
    public static final String AUTH_PARAM = "auth-param";
    public static final String CHARSET = "charset";
    public static final String CNONCE = "cnonce";
    public static final String DOMAIN = "domain";
    public static final String NC = "nc";
    public static final String NEGOTIATE = "Negotiate";
    public static final String NEXT_NONCE = "nextnonce";
    public static final String NONCE = "nonce";
    public static final String PARTIAL = "partial/";
    public static final String OPAQUE = "opaque";
    public static final String QOP = "qop";
    public static final String REALM = "realm";
    public static final String RSPAUTH = "rspauth";
    public static final String RESPONSE = "response";
    public static final String STALE = "stale";
    public static final String URI = "uri";
    public static final String USERNAME = "username";
    public static final String USERNAME_STAR = "username*";
    public static final String XML_HTTP_REQUEST = "XMLHttpRequest";

    /*
     * Header Names
     */

    public static final String ACCEPT = "Accept";
    public static final String AUTHENTICATION_INFO = "Authentication-Info";
    public static final String AUTHORIZATION = "Authorization";
    public static final String FACES_REQUEST = "Faces-Request";
    public static final String HOST = "Host";
    public static final String LOCATION = "Location";
    public static final String SOAP_ACTION = "SOAPAction";
    public static final String WWW_AUTHENTICATE = "WWW-Authenticate";
    public static final String X_REQUESTED_WITH = "X-Requested-With";

    /**
     * Errors
     */
    public static final String ERROR = "error";
    public static final String ERROR_DESCRIPTION = "error_description";
    public static final String INVALID_TOKEN = "invalid_token";
    public static final String STALE_TOKEN = "Stale token";
    public static final String NO_TOKEN = "no_token";

    /*
     * Mechanism Names
     */

    public static final String BASIC_NAME = "BASIC";
    public static final String CLIENT_CERT_NAME = "CLIENT_CERT";
    public static final String DIGEST_NAME = "DIGEST";
    public static final String DIGEST_SHA256_NAME = "DIGEST-SHA-256";
    public static final String DIGEST_SHA512_256_NAME = "DIGEST-SHA-512-256";
    public static final String EXTERNAL_NAME = "EXTERNAL";
    public static final String FORM_NAME = "FORM";
    public static final String SPNEGO_NAME = "SPNEGO";
    public static final String BEARER_TOKEN = "BEARER_TOKEN";

    /*
     * Response Codes
     */

    public static final int OK = 200;
    public static final int FOUND = 302;
    public static final int SEE_OTHER = 303;
    public static final int TEMPORARY_REDIRECT = 307;
    public static final int BAD_REQUEST = 400;
    public static final int UNAUTHORIZED = 401;
    public static final int FORBIDDEN = 403;

    /*
     * Methods
     */

    public static final String POST = "POST";
    public static final String OPTIONS = "OPTIONS";

    /*
     * Algorithms
     */

    public static final String MD5 = "MD5";
    public static final String SHA256 = "SHA-256";
    public static final String SHA512_256 = "SHA-512-256";

    /*
     * Schemes
     */

    public static final String HTTP = "http";
    public static final String HTTPS = "https";

    /**
     * Bearer token pattern.
     * The Bearer token authorization header is of the form "Bearer", followed by optional whitespace, followed by
     * the token itself, followed by optional whitespace. The token itself must be one or more characters and must
     * not contain any whitespace.
     */
    public static final Pattern BEARER_TOKEN_PATTERN = Pattern.compile("^Bearer *([^ ]+) *$", Pattern.CASE_INSENSITIVE);

}