use of io.vertx.ext.web.Session in project hono by eclipse.
the class HonoAuthHandlerImpl method handle.
@Override
public void handle(RoutingContext ctx) {
if (handlePreflight(ctx)) {
return;
}
User user = ctx.user();
if (user != null) {
// proceed to AuthZ
authorizeUser(ctx, user);
return;
}
// parse the request in order to extract the credentials object
parseCredentials(ctx, res -> {
if (res.failed()) {
processException(ctx, res.cause());
return;
}
// check if the user has been set
User updatedUser = ctx.user();
if (updatedUser != null) {
Session session = ctx.session();
if (session != null) {
// the user has upgraded from unauthenticated to authenticated
// session should be upgraded as recommended by owasp
session.regenerateId();
}
// proceed to AuthZ
authorizeUser(ctx, updatedUser);
return;
}
// proceed to authN
getAuthProvider(ctx).authenticate(res.result(), authN -> {
if (authN.succeeded()) {
User authenticated = authN.result();
ctx.setUser(authenticated);
Session session = ctx.session();
if (session != null) {
// the user has upgraded from unauthenticated to authenticated
// session should be upgraded as recommended by owasp
session.regenerateId();
}
// proceed to AuthZ
authorizeUser(ctx, authenticated);
} else {
String header = authenticateHeader(ctx);
if (header != null) {
ctx.response().putHeader("WWW-Authenticate", header);
}
processException(ctx, authN.cause());
}
});
});
}