Search in sources :

Example 1 with Session

use of io.vertx.ext.web.Session in project hono by eclipse.

the class HonoAuthHandlerImpl method handle.

@Override
public void handle(RoutingContext ctx) {
    if (handlePreflight(ctx)) {
        return;
    }
    User user = ctx.user();
    if (user != null) {
        // proceed to AuthZ
        authorizeUser(ctx, user);
        return;
    }
    // parse the request in order to extract the credentials object
    parseCredentials(ctx, res -> {
        if (res.failed()) {
            processException(ctx, res.cause());
            return;
        }
        // check if the user has been set
        User updatedUser = ctx.user();
        if (updatedUser != null) {
            Session session = ctx.session();
            if (session != null) {
                // the user has upgraded from unauthenticated to authenticated
                // session should be upgraded as recommended by owasp
                session.regenerateId();
            }
            // proceed to AuthZ
            authorizeUser(ctx, updatedUser);
            return;
        }
        // proceed to authN
        getAuthProvider(ctx).authenticate(res.result(), authN -> {
            if (authN.succeeded()) {
                User authenticated = authN.result();
                ctx.setUser(authenticated);
                Session session = ctx.session();
                if (session != null) {
                    // the user has upgraded from unauthenticated to authenticated
                    // session should be upgraded as recommended by owasp
                    session.regenerateId();
                }
                // proceed to AuthZ
                authorizeUser(ctx, authenticated);
            } else {
                String header = authenticateHeader(ctx);
                if (header != null) {
                    ctx.response().putHeader("WWW-Authenticate", header);
                }
                processException(ctx, authN.cause());
            }
        });
    });
}
Also used : User(io.vertx.ext.auth.User) Session(io.vertx.ext.web.Session)

Aggregations

User (io.vertx.ext.auth.User)1 Session (io.vertx.ext.web.Session)1