Examples with AuthenticatedPrincipal - io.prestosql.server.security.Authenticator.AuthenticatedPrincipal

Example 1 with AuthenticatedPrincipal

use of io.prestosql.server.security.Authenticator.AuthenticatedPrincipal in project hetu-core by openlookeng.

the class AuthenticationFilter method doFilter.

@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain nextFilter) throws IOException, ServletException {
    HttpServletRequest request = (HttpServletRequest) servletRequest;
    HttpServletResponse response = (HttpServletResponse) servletResponse;
    if (internalAuthenticationManager.isInternalRequest(request)) {
        Principal principal = internalAuthenticationManager.authenticateInternalRequest(request);
        if (principal == null) {
            response.sendError(SC_UNAUTHORIZED);
            return;
        }
        nextFilter.doFilter(withPrincipal(request, principal), response);
        return;
    }
    if (isWebUi(request)) {
        // asset files, vendor files and disable page are always visible
        if (isSkipAuth(request)) {
            nextFilter.doFilter(request, response);
            return;
        }
        Optional<String> authenticatedUser = uiAuthenticator.getAuthenticatedUsername(request);
        if (authenticatedUser.isPresent()) {
            // if the authenticated user is requesting the login page, send them directly to the ui
            if (request.getPathInfo().equals(UiAuthenticator.LOGIN_FORM)) {
                response.sendRedirect(UiAuthenticator.UI_LOCATION);
                return;
            }
            // authentication succeeded
            request.setAttribute(PRESTO_USER, authenticatedUser.get());
            nextFilter.doFilter(withPrincipal(request, new BasicPrincipal(authenticatedUser.get())), response);
            return;
        }
        AccessType accessType = getAccessType(request, authenticators, config);
        if (accessType.equals(AccessType.DISABLE)) {
            // redirect to disable page
            response.sendRedirect(UiAuthenticator.DISABLED_LOCATION);
            return;
        }
        // skip authentication for login/logout page
        if (isLoginLogout(request)) {
            nextFilter.doFilter(request, response);
            return;
        }
        if (accessType.equals(AccessType.REDIRECT)) {
            // redirect to login page
            URI redirectUri = UiAuthenticator.buildLoginFormURI(URI.create(request.getRequestURI()));
            response.sendRedirect(redirectUri.toString());
            return;
        }
    }
    // skip authentication if non-secure or not configured
    if (!request.isSecure() || authenticators.isEmpty()) {
        nextFilter.doFilter(request, response);
        return;
    }
    // try to authenticate, collecting errors and authentication headers
    Set<String> messages = new LinkedHashSet<>();
    Set<String> authenticateHeaders = new LinkedHashSet<>();
    for (Authenticator authenticator : authenticators) {
        AuthenticatedPrincipal authenticatedPrincipal;
        try {
            authenticatedPrincipal = authenticator.authenticate(request);
        } catch (AuthenticationException e) {
            if (e.getMessage() != null) {
                messages.add(e.getMessage());
            }
            e.getAuthenticateHeader().ifPresent(authenticateHeaders::add);
            continue;
        }
        // authentication succeeded
        request.setAttribute(PRESTO_USER, authenticatedPrincipal.getUser());
        nextFilter.doFilter(withPrincipal(request, authenticatedPrincipal.getPrincipal()), response);
        return;
    }
    // authentication failed
    skipRequestBody(request);
    for (String value : authenticateHeaders) {
        response.addHeader(WWW_AUTHENTICATE, value);
    }
    if (messages.isEmpty()) {
        messages.add("Unauthorized");
    }
    response.sendError(SC_UNAUTHORIZED, Joiner.on(" | ").join(messages));
}

Also used : LinkedHashSet(java.util.LinkedHashSet) BasicPrincipal(io.prestosql.spi.security.BasicPrincipal) HttpServletResponse(javax.servlet.http.HttpServletResponse) URI(java.net.URI) AuthenticatedPrincipal(io.prestosql.server.security.Authenticator.AuthenticatedPrincipal) HttpServletRequest(javax.servlet.http.HttpServletRequest) BasicPrincipal(io.prestosql.spi.security.BasicPrincipal) Principal(java.security.Principal) AuthenticatedPrincipal(io.prestosql.server.security.Authenticator.AuthenticatedPrincipal) UiAuthenticator(io.prestosql.queryeditorui.security.UiAuthenticator)

Aggregations

UiAuthenticator (io.prestosql.queryeditorui.security.UiAuthenticator)1 AuthenticatedPrincipal (io.prestosql.server.security.Authenticator.AuthenticatedPrincipal)1 BasicPrincipal (io.prestosql.spi.security.BasicPrincipal)1 URI (java.net.URI)1 Principal (java.security.Principal)1 LinkedHashSet (java.util.LinkedHashSet)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 HttpServletResponse (javax.servlet.http.HttpServletResponse)1