All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.wildfly.security.http.HttpConstants Maven / Gradle / Ivy

/*
 * JBoss, Home of Professional Open Source.
 * Copyright 2015 Red Hat, Inc., and individual contributors
 * as indicated by the @author tags.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.wildfly.security.http;

import java.util.regex.Pattern;

import org.ietf.jgss.GSSManager;

/**
 * Constants used within HTTP based authentication.
 *
 * @author Darran Lofthouse
 */
public class HttpConstants {


    private HttpConstants() {
    }

    /*
     * Negotiated Properties
     */

    /**
     * The property which holds the negotiated security identity after a successful HTTP server-side authentication.
     */
    public static final String SECURITY_IDENTITY = "wildfly.http.security-identity";

    /*
     * Mechanism Configuration Properties
     */

    private static final String CONFIG_BASE = HttpConstants.class.getPackage().getName();
    public static final String CONFIG_CONTEXT_PATH = CONFIG_BASE + ".context-path";
    public static final String CONFIG_REALM = CONFIG_BASE + ".realm";

    public static final String CONFIG_VALIDATE_DIGEST_URI = CONFIG_BASE + ".validate-digest-uri";
    public static final String CONFIG_SKIP_CERTIFICATE_VERIFICATION = CONFIG_BASE + ".skip-certificate-verification";

    /**
     * The context relative path of the login page.
     */
    public static final String CONFIG_LOGIN_PAGE = CONFIG_BASE + ".login-page";

    /**
     * The context relative path of the error page.
     */
    public static final String CONFIG_ERROR_PAGE = CONFIG_BASE + ".error-page";

    /**
     * This defines the location used by mechanisms dependent on the response to the challenge being sent in using 'POST'.
     */
    public static final String CONFIG_POST_LOCATION = CONFIG_BASE + ".post-location";

    /**
     * This allows a {@link GSSManager} instance to be passed into the authentication mechanisms.
     */
    public static final String CONFIG_GSS_MANAGER = CONFIG_BASE + ".gss-manager";

    /**
     * This enables workaround for native GSS, where createName() needs to be called for correct GSSContext initialization.
     * Set to "true" to call createName() as part of GSSContext initialization.
     * This is workaround of JDK-8194073.
     */
    public static final String CONFIG_CREATE_NAME_GSS_INIT = CONFIG_BASE + ".create-name-gss-init";

    /**
     * In clustered environment Security Identity is restored during failover, load balancer change node (not sticky behavior) and session passivation/activation.
     * Set to "true" to disable this behavior.
     */
    public static final String CONFIG_DISABLE_RESTORE_SECURITY_IDENTITY = CONFIG_BASE + ".disable-restore-security-identity";

    /**
     * A comma separated list of scopes in preferred order the mechanism should attempt to use to persist state including the
     * caching of any previously authenticated identity.
     *
     * Accepted values are: -
     * 

    *
  • CONNECTION *
  • SESSION *
  • SSL_SESSION *
  • NONE *

* * Presently only supported by the SPNEGO mechanism. */ public static final String CONFIG_STATE_SCOPES = CONFIG_BASE + ".state-scopes"; /** * If set to {@code true} the SPNEGO and FORM authentication mechanisms will not change the session ID * after a successful authentication. * * Where set the web application should be configured to use cookies exclusively for session management. */ public static final String DISABLE_SESSION_ID_CHANGE = CONFIG_BASE + ".unsafe.disable-session-change-id"; /* * Header Fields */ public static final String ALGORITHM = "algorithm"; public static final String AUTH = "auth"; public static final String AUTH_PARAM = "auth-param"; public static final String CHARSET = "charset"; public static final String CNONCE = "cnonce"; public static final String DOMAIN = "domain"; public static final String NC = "nc"; public static final String NEGOTIATE = "Negotiate"; public static final String NEXT_NONCE = "nextnonce"; public static final String NONCE = "nonce"; public static final String PARTIAL = "partial/"; public static final String OPAQUE = "opaque"; public static final String QOP = "qop"; public static final String REALM = "realm"; public static final String RSPAUTH = "rspauth"; public static final String RESPONSE = "response"; public static final String STALE = "stale"; public static final String URI = "uri"; public static final String USERNAME = "username"; public static final String USERNAME_STAR = "username*"; public static final String XML_HTTP_REQUEST = "XMLHttpRequest"; /* * Header Names */ public static final String ACCEPT = "Accept"; public static final String AUTHENTICATION_INFO = "Authentication-Info"; public static final String AUTHORIZATION = "Authorization"; public static final String FACES_REQUEST = "Faces-Request"; public static final String HOST = "Host"; public static final String LOCATION = "Location"; public static final String SOAP_ACTION = "SOAPAction"; public static final String WWW_AUTHENTICATE = "WWW-Authenticate"; public static final String X_REQUESTED_WITH = "X-Requested-With"; /** * Errors */ public static final String ERROR = "error"; public static final String ERROR_DESCRIPTION = "error_description"; public static final String INVALID_TOKEN = "invalid_token"; public static final String STALE_TOKEN = "Stale token"; public static final String NO_TOKEN = "no_token"; /* * Mechanism Names */ public static final String BASIC_NAME = "BASIC"; public static final String CLIENT_CERT_NAME = "CLIENT_CERT"; public static final String DIGEST_NAME = "DIGEST"; public static final String DIGEST_SHA256_NAME = "DIGEST-SHA-256"; public static final String DIGEST_SHA512_256_NAME = "DIGEST-SHA-512-256"; public static final String EXTERNAL_NAME = "EXTERNAL"; public static final String FORM_NAME = "FORM"; public static final String SPNEGO_NAME = "SPNEGO"; public static final String BEARER_TOKEN = "BEARER_TOKEN"; /* * Response Codes */ public static final int OK = 200; public static final int FOUND = 302; public static final int SEE_OTHER = 303; public static final int TEMPORARY_REDIRECT = 307; public static final int BAD_REQUEST = 400; public static final int UNAUTHORIZED = 401; public static final int FORBIDDEN = 403; /* * Methods */ public static final String POST = "POST"; public static final String OPTIONS = "OPTIONS"; /* * Algorithms */ public static final String MD5 = "MD5"; public static final String SHA256 = "SHA-256"; public static final String SHA512_256 = "SHA-512-256"; /* * Schemes */ public static final String HTTP = "http"; public static final String HTTPS = "https"; /** * Bearer token pattern. * The Bearer token authorization header is of the form "Bearer", followed by optional whitespace, followed by * the token itself, followed by optional whitespace. The token itself must be one or more characters and must * not contain any whitespace. */ public static final Pattern BEARER_TOKEN_PATTERN = Pattern.compile("^Bearer *([^ ]+) *$", Pattern.CASE_INSENSITIVE); }




© 2015 - 2025 Weber Informatics LLC | Privacy Policy