use of io.vertx.ext.auth.User in project hono by eclipse.
the class HonoAuthHandlerImpl method authorize.
@Override
public void authorize(User user, Handler<AsyncResult<Void>> handler) {
int requiredcount = authorities.size();
if (requiredcount > 0) {
if (user == null) {
handler.handle(Future.failedFuture(FORBIDDEN));
return;
}
AtomicInteger count = new AtomicInteger();
AtomicBoolean sentFailure = new AtomicBoolean();
Handler<AsyncResult<Boolean>> authHandler = res -> {
if (res.succeeded()) {
if (res.result()) {
if (count.incrementAndGet() == requiredcount) {
// Has all required authorities
handler.handle(Future.succeededFuture());
}
} else {
if (sentFailure.compareAndSet(false, true)) {
handler.handle(Future.failedFuture(FORBIDDEN));
}
}
} else {
handler.handle(Future.failedFuture(res.cause()));
}
};
for (String authority : authorities) {
if (!sentFailure.get()) {
user.isAuthorized(authority, authHandler);
}
}
} else {
// No auth required
handler.handle(Future.succeededFuture());
}
}
use of io.vertx.ext.auth.User in project hono by eclipse.
the class HonoAuthHandlerImpl method handle.
@Override
public void handle(RoutingContext ctx) {
if (handlePreflight(ctx)) {
return;
}
User user = ctx.user();
if (user != null) {
// proceed to AuthZ
authorizeUser(ctx, user);
return;
}
// parse the request in order to extract the credentials object
parseCredentials(ctx, res -> {
if (res.failed()) {
processException(ctx, res.cause());
return;
}
// check if the user has been set
User updatedUser = ctx.user();
if (updatedUser != null) {
Session session = ctx.session();
if (session != null) {
// the user has upgraded from unauthenticated to authenticated
// session should be upgraded as recommended by owasp
session.regenerateId();
}
// proceed to AuthZ
authorizeUser(ctx, updatedUser);
return;
}
// proceed to authN
getAuthProvider(ctx).authenticate(res.result(), authN -> {
if (authN.succeeded()) {
User authenticated = authN.result();
ctx.setUser(authenticated);
Session session = ctx.session();
if (session != null) {
// the user has upgraded from unauthenticated to authenticated
// session should be upgraded as recommended by owasp
session.regenerateId();
}
// proceed to AuthZ
authorizeUser(ctx, authenticated);
} else {
String header = authenticateHeader(ctx);
if (header != null) {
ctx.response().putHeader("WWW-Authenticate", header);
}
processException(ctx, authN.cause());
}
});
});
}
Aggregations