use of javax.security.enterprise.CallerPrincipal in project tomee by apache.
the class RememberMeInterceptor method validateRequest.
private AuthenticationStatus validateRequest(final InvocationContext invocationContext) throws Exception {
final HttpMessageContext httpMessageContext = (HttpMessageContext) invocationContext.getParameters()[2];
final RememberMe rememberMe = TomEEELInvocationHandler.of(RememberMe.class, getRememberMe(), getElProcessor(invocationContext, httpMessageContext));
final Optional<Cookie> cookie = getCookie(httpMessageContext.getRequest(), rememberMe.cookieName());
if (cookie.isPresent() && !isEmpty(cookie.get().getValue())) {
final RememberMeCredential rememberMeCredential = new RememberMeCredential(cookie.get().getValue());
final CredentialValidationResult validate = rememberMeIdentityStore.get().validate(rememberMeCredential);
if (VALID.equals(validate.getStatus())) {
return httpMessageContext.notifyContainerAboutLogin(validate);
} else {
cookie.get().setMaxAge(0);
httpMessageContext.getResponse().addCookie(cookie.get());
}
}
final AuthenticationStatus status = (AuthenticationStatus) invocationContext.proceed();
if (SUCCESS.equals(status) && httpMessageContext.getCallerPrincipal() != null) {
if (rememberMe.isRememberMe()) {
final CallerPrincipal principal = new CallerPrincipal(httpMessageContext.getCallerPrincipal().getName());
final Set<String> groups = httpMessageContext.getGroups();
final String loginToken = rememberMeIdentityStore.get().generateLoginToken(principal, groups);
final Cookie rememberMeCookie = new Cookie(rememberMe.cookieName(), loginToken);
rememberMeCookie.setPath(isEmpty(httpMessageContext.getRequest().getContextPath()) ? "/" : httpMessageContext.getRequest().getContextPath());
rememberMeCookie.setMaxAge(rememberMe.cookieMaxAgeSeconds());
rememberMeCookie.setHttpOnly(rememberMe.cookieHttpOnly());
rememberMeCookie.setSecure(rememberMe.cookieSecureOnly());
httpMessageContext.getResponse().addCookie(rememberMeCookie);
}
}
return status;
}
use of javax.security.enterprise.CallerPrincipal in project tomee by apache.
the class TomEEHttpMessageContext method doNothing.
@Override
public AuthenticationStatus doNothing() {
this.principal = null;
this.groups = null;
try {
handler.handle(new Callback[] { new CallerPrincipalCallback(clientSubject, (String) null), new GroupPrincipalCallback(clientSubject, null) });
} catch (final IOException | UnsupportedCallbackException e) {
e.printStackTrace();
}
TomEESecurityContext.registerContainerAboutLogin(new CallerPrincipal(null), null);
return NOT_DONE;
}
use of javax.security.enterprise.CallerPrincipal in project Payara by payara.
the class RealmIdentityStore method validate.
protected CredentialValidationResult validate(UsernamePasswordCredential credential, String realmName) {
try {
Subject subject = login(credential, realmName);
Set<String> groups = subject.getPrincipals(Group.class).stream().map(g -> g.getName()).collect(toSet());
if (!groups.isEmpty()) {
return new CredentialValidationResult(new CallerPrincipal(credential.getCaller()), groups);
}
} catch (LoginException ex) {
return INVALID_RESULT;
}
return INVALID_RESULT;
}
use of javax.security.enterprise.CallerPrincipal in project Payara by payara.
the class JaccWebAuthorizationManager method checkPermissionForModifiedPrincipalSet.
/* If the principal set contains CallerPrincipal, replace it with PrincipalImpl.
This is because CallerPrincipal isn't equal to PrincipalImpl and doesn't imply it.
CallerPrincipal doesn't even implement equals method, so 2 CallerPrincipals with the same name are not equal.
Because CallerPrincipal is from Jakarta EE, we can't change it.
*/
private boolean checkPermissionForModifiedPrincipalSet(Set<Principal> principalSetFromSecurityContext, boolean isGranted, WebRoleRefPermission requestedPermission) {
boolean principalSetContainsCallerPrincipal = false;
Set<Principal> modifiedPrincipalSet = new HashSet<Principal>(principalSetFromSecurityContext.size());
for (Principal p : principalSetFromSecurityContext) {
if (p instanceof CallerPrincipal) {
principalSetContainsCallerPrincipal = true;
modifiedPrincipalSet.add(new PrincipalImpl(p.getName()));
} else {
modifiedPrincipalSet.add(p);
}
}
if (principalSetContainsCallerPrincipal) {
isGranted = checkPermission(requestedPermission, modifiedPrincipalSet);
}
return isGranted;
}
Aggregations