Example 6 with SecurityContext
use of io.undertow.security.api.SecurityContext in project undertow by undertow-io.
the class HttpServletRequestImpl method logout.
@Override
public void logout() throws ServletException {
SecurityContext sc = exchange.getSecurityContext();
sc.logout();
if (servletContext.getDeployment().getDeploymentInfo().isInvalidateSessionOnLogout()) {
HttpSession session = getSession(false);
if (session != null) {
session.invalidate();
}
}
}
Also used :
HttpSession(javax.servlet.http.HttpSession)
SecurityContext(io.undertow.security.api.SecurityContext)
Example 7 with SecurityContext
use of io.undertow.security.api.SecurityContext in project undertow by undertow-io.
the class HttpServletRequestImpl method isUserInRole.
@Override
public boolean isUserInRole(final String role) {
if (role == null) {
return false;
}
//according to the servlet spec this aways returns false
if (role.equals("*")) {
return false;
}
SecurityContext sc = exchange.getSecurityContext();
Account account = sc.getAuthenticatedAccount();
if (account == null) {
return false;
}
ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
if (role.equals("**")) {
Set<String> roles = servletRequestContext.getDeployment().getDeploymentInfo().getSecurityRoles();
if (!roles.contains("**")) {
return true;
}
}
final ServletChain servlet = servletRequestContext.getCurrentServlet();
final Deployment deployment = servletContext.getDeployment();
final AuthorizationManager authorizationManager = deployment.getDeploymentInfo().getAuthorizationManager();
return authorizationManager.isUserInRole(role, account, servlet.getManagedServlet().getServletInfo(), this, deployment);
}
Also used :
Account(io.undertow.security.idm.Account)
ServletChain(io.undertow.servlet.handlers.ServletChain)
SecurityContext(io.undertow.security.api.SecurityContext)
ServletRequestContext(io.undertow.servlet.handlers.ServletRequestContext)
Deployment(io.undertow.servlet.api.Deployment)
HttpString(io.undertow.util.HttpString)
AuthorizationManager(io.undertow.servlet.api.AuthorizationManager)
Example 8 with SecurityContext
use of io.undertow.security.api.SecurityContext in project undertow by undertow-io.
the class HttpServletRequestImpl method login.
@Override
public void login(final String username, final String password) throws ServletException {
if (username == null || password == null) {
throw UndertowServletMessages.MESSAGES.loginFailed();
}
SecurityContext sc = exchange.getSecurityContext();
if (sc.isAuthenticated()) {
throw UndertowServletMessages.MESSAGES.userAlreadyLoggedIn();
}
boolean login = false;
try {
login = sc.login(username, password);
} catch (SecurityException se) {
if (se.getCause() instanceof ServletException)
throw (ServletException) se.getCause();
throw new ServletException(se);
}
if (!login) {
throw UndertowServletMessages.MESSAGES.loginFailed();
}
}
Also used :
ServletException(javax.servlet.ServletException)
SecurityContext(io.undertow.security.api.SecurityContext)
Example 9 with SecurityContext
use of io.undertow.security.api.SecurityContext in project undertow by undertow-io.
the class CachedAuthenticatedSessionHandler method handleRequest.
@Override
public void handleRequest(HttpServerExchange exchange) throws Exception {
SecurityContext securityContext = exchange.getSecurityContext();
securityContext.registerNotificationReceiver(NOTIFICATION_RECEIVER);
HttpSession session = servletContext.getSession(exchange, false);
// the AuthenticatedSessionManager.
if (session != null) {
exchange.putAttachment(AuthenticatedSessionManager.ATTACHMENT_KEY, SESSION_MANAGER);
//not sure if this is where it belongs
SavedRequest.tryRestoreRequest(exchange, session);
}
next.handleRequest(exchange);
}
Also used :
HttpSession(javax.servlet.http.HttpSession)
SecurityContext(io.undertow.security.api.SecurityContext)
Example 10 with SecurityContext
use of io.undertow.security.api.SecurityContext in project undertow by undertow-io.
the class HttpServletRequestImpl method getUserPrincipal.
@Override
public Principal getUserPrincipal() {
SecurityContext securityContext = exchange.getSecurityContext();
Principal result = null;
Account account = null;
if (securityContext != null && (account = securityContext.getAuthenticatedAccount()) != null) {
result = account.getPrincipal();
}
return result;
}
Also used :
Account(io.undertow.security.idm.Account)
SecurityContext(io.undertow.security.api.SecurityContext)
Principal(java.security.Principal)
Aggregations
SecurityContext (io.undertow.security.api.SecurityContext)18
Account (io.undertow.security.idm.Account)4
ServletRequestContext (io.undertow.servlet.handlers.ServletRequestContext)4
HttpServerExchange (io.undertow.server.HttpServerExchange)3
HttpSession (javax.servlet.http.HttpSession)2
Undertow (io.undertow.Undertow)1
AuthenticatedSessionManager (io.undertow.security.api.AuthenticatedSessionManager)1
AuthenticatedSession (io.undertow.security.api.AuthenticatedSessionManager.AuthenticatedSession)1
AuthenticationMechanism (io.undertow.security.api.AuthenticationMechanism)1
AuthenticationMechanismContext (io.undertow.security.api.AuthenticationMechanismContext)1
IdentityManager (io.undertow.security.idm.IdentityManager)1
ExchangeCompletionListener (io.undertow.server.ExchangeCompletionListener)1
HttpHandler (io.undertow.server.HttpHandler)1
Session (io.undertow.server.session.Session)1
SessionConfig (io.undertow.server.session.SessionConfig)1
SessionManager (io.undertow.server.session.SessionManager)1
AuthorizationManager (io.undertow.servlet.api.AuthorizationManager)1
Deployment (io.undertow.servlet.api.Deployment)1
SingleConstraintMatch (io.undertow.servlet.api.SingleConstraintMatch)1
ServletChain (io.undertow.servlet.handlers.ServletChain)1
