use of io.undertow.servlet.handlers.ServletRequestContext in project wildfly by wildfly.
the class LogoutSessionListener method sessionDestroyed.
@Override
public void sessionDestroyed(HttpSessionEvent se) {
//we need to get the current account
//there are two options here, we can look for the account in the current request
//or we can look for the account that has been saved in the session
//for maximum compatibility we do both
ServletRequestContext src = ServletRequestContext.current();
Account requestAccount = null;
if (src != null) {
requestAccount = src.getExchange().getSecurityContext().getAuthenticatedAccount();
if (requestAccount != null) {
clearAccount(requestAccount);
}
}
if (se.getSession() instanceof HttpSessionImpl) {
final HttpSessionImpl impl = (HttpSessionImpl) se.getSession();
Session session;
if (WildFlySecurityManager.isChecking()) {
session = WildFlySecurityManager.doChecked(new PrivilegedAction<Session>() {
@Override
public Session run() {
return impl.getSession();
}
});
} else {
session = impl.getSession();
}
if (session != null) {
AuthenticatedSessionManager.AuthenticatedSession authenticatedSession = (AuthenticatedSessionManager.AuthenticatedSession) session.getAttribute(CachedAuthenticatedSessionHandler.class.getName() + ".AuthenticatedSession");
if (authenticatedSession != null) {
Account sessionAccount = authenticatedSession.getAccount();
if (sessionAccount != null && !sessionAccount.equals(requestAccount)) {
clearAccount(sessionAccount);
}
}
}
}
}
use of io.undertow.servlet.handlers.ServletRequestContext in project wildfly by wildfly.
the class JASPICSecureResponseHandler method handleRequest.
@Override
public void handleRequest(HttpServerExchange exchange) throws Exception {
try {
next.handleRequest(exchange);
} finally {
try {
JASPICContext context = exchange.getAttachment(JASPICContext.ATTACHMENT_KEY);
ServletRequestContext requestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
String applicationIdentifier = JASPICAuthenticationMechanism.buildApplicationIdentifier(requestContext);
if (!JASPICAuthenticationMechanism.wasAuthExceptionThrown(exchange) && context != null) {
UndertowLogger.ROOT_LOGGER.debugf("secureResponse for layer [%s] and applicationContextIdentifier [%s].", JASPICAuthenticationMechanism.JASPI_HTTP_SERVLET_LAYER, applicationIdentifier);
context.getSam().secureResponse(context.getMessageInfo(), new Subject(), JASPICAuthenticationMechanism.JASPI_HTTP_SERVLET_LAYER, applicationIdentifier, context.getCbh());
// A SAM can unwrap the HTTP request/response objects - update the servlet request context with the values found in the message info.
ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
servletRequestContext.setServletRequest((HttpServletRequest) context.getMessageInfo().getRequestMessage());
servletRequestContext.setServletResponse((HttpServletResponse) context.getMessageInfo().getResponseMessage());
}
} catch (Exception e) {
UndertowLogger.ROOT_LOGGER.errorInvokingSecureResponse(e);
}
}
}
use of io.undertow.servlet.handlers.ServletRequestContext in project wildfly by wildfly.
the class JASPICSecurityContext method buildAppContext.
/**
* <p>
* Builds the JASPIC application context.
* </p>
*
* @return a {@code String} representing the application context.
*/
private String buildAppContext() {
final ServletRequestContext requestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
ServletRequest servletRequest = requestContext.getServletRequest();
return servletRequest.getServletContext().getVirtualServerName() + " " + servletRequest.getServletContext().getContextPath();
}
use of io.undertow.servlet.handlers.ServletRequestContext in project wildfly by wildfly.
the class HTTPSchemeServerAuthModule method validateRequest.
@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
HttpServerExchange exchange = (HttpServerExchange) messageInfo.getMap().get(JASPICAuthenticationMechanism.HTTP_SERVER_EXCHANGE_ATTACHMENT_KEY);
SecurityContext securityContext = (SecurityContext) messageInfo.getMap().get(JASPICAuthenticationMechanism.SECURITY_CONTEXT_ATTACHMENT_KEY);
ServletRequestContext src = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
List<AuthenticationMechanism> mechanisms = src.getDeployment().getAuthenticationMechanisms();
try {
boolean success = false;
for (AuthenticationMechanism mechanism : mechanisms) {
AuthenticationMechanism.AuthenticationMechanismOutcome result = mechanism.authenticate(exchange, securityContext);
if (result == AUTHENTICATED) {
success = true;
break;
} else if (result == NOT_AUTHENTICATED) {
break;
}
}
if (!success) {
String mandatory = (String) messageInfo.getMap().get("javax.security.auth.message.MessagePolicy.isMandatory");
if (mandatory != null && mandatory.toLowerCase().equals("false")) {
return SUCCESS;
} else {
for (AuthenticationMechanism mechanism : mechanisms) {
AuthenticationMechanism.ChallengeResult challengeResult = mechanism.sendChallenge(exchange, securityContext);
if (challengeResult.getDesiredResponseCode() != null) {
exchange.setResponseCode(challengeResult.getDesiredResponseCode());
}
if (exchange.isResponseComplete()) {
break;
}
}
return SEND_CONTINUE;
}
}
} catch (Exception e) {
UndertowLogger.ROOT_LOGGER.debug(e);
throw new AuthException("Could not validateRequest using mechanisms [" + mechanisms + ".");
}
return SUCCESS;
}
use of io.undertow.servlet.handlers.ServletRequestContext in project wildfly by wildfly.
the class AuditNotificationReceiver method handleNotification.
@Override
public void handleNotification(SecurityNotification notification) {
EventType event = notification.getEventType();
if (event == EventType.AUTHENTICATED || event == EventType.FAILED_AUTHENTICATION) {
AuditEvent auditEvent = new AuditEvent(event == EventType.AUTHENTICATED ? AuditLevel.SUCCESS : AuditLevel.FAILURE);
Map<String, Object> ctxMap = new HashMap<String, Object>();
Account account = notification.getAccount();
if (account != null) {
ctxMap.put("principal", account.getPrincipal().getName());
}
ctxMap.put("message", notification.getMessage());
ServletRequestContext src = notification.getExchange().getAttachment(ServletRequestContext.ATTACHMENT_KEY);
if (src != null) {
ServletRequest hsr = src.getServletRequest();
if (hsr instanceof HttpServletRequest) {
ctxMap.put("request", WebUtil.deriveUsefulInfo((HttpServletRequest) hsr));
}
}
ctxMap.put("Source", getClass().getCanonicalName());
auditEvent.setContextMap(ctxMap);
auditManager.audit(auditEvent);
}
}
Aggregations