use of io.trino.server.ui.FormWebUiAuthenticationFilter.DISABLED_LOCATION in project trino by trinodb.
the class OAuth2WebUiAuthenticationFilter method filter.
@Override
public void filter(ContainerRequestContext request) {
String path = request.getUriInfo().getRequestUri().getPath();
if (path.equals(DISABLED_LOCATION)) {
return;
}
// doesn't seem very useful if you have OAuth, and would be very complex.
if (!request.getSecurityContext().isSecure()) {
// send 401 to REST api calls and redirect to others
if (path.startsWith("/ui/api/")) {
sendWwwAuthenticate(request, "Unauthorized", ImmutableSet.of(TRINO_FORM_LOGIN));
return;
}
request.abortWith(Response.seeOther(DISABLED_LOCATION_URI).build());
return;
}
Optional<Map<String, Object>> claims;
try {
claims = getAccessToken(request);
if (claims.isEmpty()) {
needAuthentication(request);
return;
}
} catch (ChallengeFailedException e) {
LOG.debug(e, "Invalid token: %s", e.getMessage());
sendErrorMessage(request, UNAUTHORIZED, "Unauthorized");
return;
}
try {
Object principal = claims.get().get(principalField);
if (!isValidPrincipal(principal)) {
LOG.debug("Invalid principal field: %s. Expected principal to be non-empty", principalField);
sendErrorMessage(request, UNAUTHORIZED, "Unauthorized");
return;
}
String principalName = (String) principal;
Identity.Builder builder = Identity.forUser(userMapping.mapUser(principalName));
builder.withPrincipal(new BasicPrincipal(principalName));
groupsField.flatMap(field -> Optional.ofNullable((List<String>) claims.get().get(field))).ifPresent(groups -> builder.withGroups(ImmutableSet.copyOf(groups)));
setAuthenticatedIdentity(request, builder.build());
} catch (UserMappingException e) {
sendErrorMessage(request, UNAUTHORIZED, firstNonNull(e.getMessage(), "Unauthorized"));
}
}
Aggregations