Example 1 with DiscretePrincipal
use of io.milton.principal.DiscretePrincipal in project lobcder by skoulouzis.
the class CookieAuthenticationHandler method authenticate.
@Override
public Object authenticate(Resource resource, Request request) {
// If there is a delegating handler which supports the request then we MUST use it
// This would have been selected in the supports method
AuthenticationHandler delegateHandler = (AuthenticationHandler) request.getAttributes().get(HANDLER_ATT_NAME);
if (delegateHandler != null) {
if (log.isTraceEnabled()) {
log.trace("authenticate: use delegateHandler: " + delegateHandler);
}
// Attempt to authenticate against wrapped handler
// If successful generate a signed cookie and put into a request attribute
log.info("use handler: " + delegateHandler);
Object tag = delegateHandler.authenticate(resource, request);
if (tag != null) {
if (tag instanceof DiscretePrincipal) {
DiscretePrincipal p = (DiscretePrincipal) tag;
setLoginCookies(p, request);
log.trace("authentication passed by delegated handler, persisted userUrl to cookie");
} else {
log.warn("auth.tag is not a " + DiscretePrincipal.class + ", is: " + tag);
}
return tag;
} else {
log.info("Login failed by delegated handler: " + delegateHandler.getClass());
return null;
}
} else {
log.info("no delegating handler");
// via a cookie, or this is an anonymous request
if (isLogout(request)) {
log.trace("authenticate: is logout");
return null;
} else {
String userUrl = getUserUrl(request);
log.info("userurl: " + userUrl);
if (userUrl == null) {
log.trace("authenticate: no userUrl in request or cookie, nothing to di");
// no token in request, so is anonymous
return null;
} else {
if (log.isTraceEnabled()) {
log.trace("authenticate: userUrl=" + userUrl);
}
// we found a userUrl
String host = request.getHostHeader();
Resource r;
try {
r = principalResourceFactory.getResource(host, userUrl);
log.info("found current user: " + r);
} catch (NotAuthorizedException ex) {
log.error("Couldnt check userUrl in cookie", ex);
r = null;
} catch (BadRequestException ex) {
log.error("Couldnt check userUrl in cookie", ex);
r = null;
}
if (r == null) {
log.warn("User not found host: " + host + " userUrl: " + userUrl + " with resourcefactory: " + principalResourceFactory);
clearCookieValue(HttpManager.response());
} else {
// which case we need to set cookies
if (request.getParams() != null && request.getParams().containsKey(cookieUserUrlValue)) {
if (r instanceof DiscretePrincipal) {
DiscretePrincipal dp = (DiscretePrincipal) r;
setLoginCookies(dp, request);
} else {
log.warn("Found user from request, but user object is not expected type. Should be " + DiscretePrincipal.class + " but is " + r.getClass());
}
} else {
log.trace("Do not set cookies, because token did not come from request variable");
}
}
return r;
}
}
}
}
Also used :
DiscretePrincipal(io.milton.principal.DiscretePrincipal)
Resource(io.milton.resource.Resource)
BadRequestException(io.milton.http.exceptions.BadRequestException)
NotAuthorizedException(io.milton.http.exceptions.NotAuthorizedException)
Aggregations
BadRequestException (io.milton.http.exceptions.BadRequestException)1
NotAuthorizedException (io.milton.http.exceptions.NotAuthorizedException)1
DiscretePrincipal (io.milton.principal.DiscretePrincipal)1
Resource (io.milton.resource.Resource)1
