org.wildfly.security.http.HttpConstants Maven / Gradle / Ivy
Go to download
This artifact provides a single jar that contains all classes required to use remote EJB and JMS, including
all dependencies. It is intended for use by those not using maven, maven users should just import the EJB and
JMS BOM's instead (shaded JAR's cause lots of problems with maven, as it is very easy to inadvertently end up
with different versions on classes on the class path).
The newest version!
/*
* JBoss, Home of Professional Open Source.
* Copyright 2015 Red Hat, Inc., and individual contributors
* as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.wildfly.security.http;
import java.util.regex.Pattern;
import org.ietf.jgss.GSSManager;
/**
* Constants used within HTTP based authentication.
*
* @author Darran Lofthouse
*/
public class HttpConstants {
private HttpConstants() {
}
/*
* Negotiated Properties
*/
/**
* The property which holds the negotiated security identity after a successful HTTP server-side authentication.
*/
public static final String SECURITY_IDENTITY = "wildfly.http.security-identity";
/*
* Mechanism Configuration Properties
*/
private static final String CONFIG_BASE = HttpConstants.class.getPackage().getName();
public static final String CONFIG_CONTEXT_PATH = CONFIG_BASE + ".context-path";
public static final String CONFIG_REALM = CONFIG_BASE + ".realm";
public static final String CONFIG_VALIDATE_DIGEST_URI = CONFIG_BASE + ".validate-digest-uri";
public static final String CONFIG_SKIP_CERTIFICATE_VERIFICATION = CONFIG_BASE + ".skip-certificate-verification";
/**
* The context relative path of the login page.
*/
public static final String CONFIG_LOGIN_PAGE = CONFIG_BASE + ".login-page";
/**
* The context relative path of the error page.
*/
public static final String CONFIG_ERROR_PAGE = CONFIG_BASE + ".error-page";
/**
* This defines the location used by mechanisms dependent on the response to the challenge being sent in using 'POST'.
*/
public static final String CONFIG_POST_LOCATION = CONFIG_BASE + ".post-location";
/**
* This allows a {@link GSSManager} instance to be passed into the authentication mechanisms.
*/
public static final String CONFIG_GSS_MANAGER = CONFIG_BASE + ".gss-manager";
/**
* This enables workaround for native GSS, where createName() needs to be called for correct GSSContext initialization.
* Set to "true" to call createName() as part of GSSContext initialization.
* This is workaround of JDK-8194073.
*/
public static final String CONFIG_CREATE_NAME_GSS_INIT = CONFIG_BASE + ".create-name-gss-init";
/**
* In clustered environment Security Identity is restored during failover, load balancer change node (not sticky behavior) and session passivation/activation.
* Set to "true" to disable this behavior.
*/
public static final String CONFIG_DISABLE_RESTORE_SECURITY_IDENTITY = CONFIG_BASE + ".disable-restore-security-identity";
/**
* A comma separated list of scopes in preferred order the mechanism should attempt to use to persist state including the
* caching of any previously authenticated identity.
*
* Accepted values are: -
*
* - CONNECTION
*
- SESSION
*
- SSL_SESSION
*
- NONE
*
*
* Presently only supported by the SPNEGO mechanism.
*/
public static final String CONFIG_STATE_SCOPES = CONFIG_BASE + ".state-scopes";
/**
* If set to {@code true} the SPNEGO and FORM authentication mechanisms will not change the session ID
* after a successful authentication.
*
* Where set the web application should be configured to use cookies exclusively for session management.
*/
public static final String DISABLE_SESSION_ID_CHANGE = CONFIG_BASE + ".unsafe.disable-session-change-id";
/*
* Header Fields
*/
public static final String ALGORITHM = "algorithm";
public static final String AUTH = "auth";
public static final String AUTH_PARAM = "auth-param";
public static final String CHARSET = "charset";
public static final String CNONCE = "cnonce";
public static final String DOMAIN = "domain";
public static final String NC = "nc";
public static final String NEGOTIATE = "Negotiate";
public static final String NEXT_NONCE = "nextnonce";
public static final String NONCE = "nonce";
public static final String PARTIAL = "partial/";
public static final String OPAQUE = "opaque";
public static final String QOP = "qop";
public static final String REALM = "realm";
public static final String RSPAUTH = "rspauth";
public static final String RESPONSE = "response";
public static final String STALE = "stale";
public static final String URI = "uri";
public static final String USERNAME = "username";
public static final String USERNAME_STAR = "username*";
public static final String XML_HTTP_REQUEST = "XMLHttpRequest";
/*
* Header Names
*/
public static final String ACCEPT = "Accept";
public static final String AUTHENTICATION_INFO = "Authentication-Info";
public static final String AUTHORIZATION = "Authorization";
public static final String FACES_REQUEST = "Faces-Request";
public static final String HOST = "Host";
public static final String LOCATION = "Location";
public static final String SOAP_ACTION = "SOAPAction";
public static final String WWW_AUTHENTICATE = "WWW-Authenticate";
public static final String X_REQUESTED_WITH = "X-Requested-With";
/**
* Errors
*/
public static final String ERROR = "error";
public static final String ERROR_DESCRIPTION = "error_description";
public static final String INVALID_TOKEN = "invalid_token";
public static final String STALE_TOKEN = "Stale token";
public static final String NO_TOKEN = "no_token";
/*
* Mechanism Names
*/
public static final String BASIC_NAME = "BASIC";
public static final String CLIENT_CERT_NAME = "CLIENT_CERT";
public static final String DIGEST_NAME = "DIGEST";
public static final String DIGEST_SHA256_NAME = "DIGEST-SHA-256";
public static final String DIGEST_SHA512_256_NAME = "DIGEST-SHA-512-256";
public static final String EXTERNAL_NAME = "EXTERNAL";
public static final String FORM_NAME = "FORM";
public static final String SPNEGO_NAME = "SPNEGO";
public static final String BEARER_TOKEN = "BEARER_TOKEN";
/*
* Response Codes
*/
public static final int OK = 200;
public static final int FOUND = 302;
public static final int SEE_OTHER = 303;
public static final int TEMPORARY_REDIRECT = 307;
public static final int BAD_REQUEST = 400;
public static final int UNAUTHORIZED = 401;
public static final int FORBIDDEN = 403;
/*
* Methods
*/
public static final String POST = "POST";
public static final String OPTIONS = "OPTIONS";
/*
* Algorithms
*/
public static final String MD5 = "MD5";
public static final String SHA256 = "SHA-256";
public static final String SHA512_256 = "SHA-512-256";
/*
* Schemes
*/
public static final String HTTP = "http";
public static final String HTTPS = "https";
/**
* Bearer token pattern.
* The Bearer token authorization header is of the form "Bearer", followed by optional whitespace, followed by
* the token itself, followed by optional whitespace. The token itself must be one or more characters and must
* not contain any whitespace.
*/
public static final Pattern BEARER_TOKEN_PATTERN = Pattern.compile("^Bearer *([^ ]+) *$", Pattern.CASE_INSENSITIVE);
}