use of com.zimbra.cs.service.authenticator.ClientCertAuthenticator in project zm-mailbox by Zimbra.
the class CertAuthServlet method doGet.
@Override
public void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
ZimbraLog.clearContext();
addRemoteIpToLoggingContext(req);
addUAToLoggingContext(req);
String url = req.getRequestURI();
Matcher matcher = allowedUrl.matcher(url);
boolean isAdminRequest = false;
if (!matcher.matches()) {
String msg = "resource not allowed on the certauth servlet: " + url;
ZimbraLog.account.error(msg);
sendback403Message(req, resp, msg);
return;
} else {
if (matcher.groupCount() > 3 && "admin".equals(matcher.group(3))) {
isAdminRequest = true;
}
}
try {
SSOAuthenticator authenticator = new ClientCertAuthenticator(req, resp);
ZimbraPrincipal principal = null;
principal = authenticator.authenticate();
AuthToken authToken = authorize(req, AuthContext.Protocol.client_certificate, principal, isAdminRequest);
setAuthTokenCookieAndRedirect(req, resp, principal.getAccount(), authToken);
return;
} catch (ServiceException e) {
String reason = "";
if (e instanceof AuthFailedServiceException) {
reason = ((AuthFailedServiceException) e).getReason(", %s");
}
ZimbraLog.account.debug("client certificate auth failed: " + e.getMessage() + reason, e);
dispatchOnError(req, resp, isAdminRequest, e.getMessage());
}
}
Aggregations