Example 6 with HttpMessageContext
use of javax.security.enterprise.authentication.mechanism.http.HttpMessageContext in project tomee by apache.
the class RememberMeInterceptor method cleanSubject.
private void cleanSubject(final InvocationContext invocationContext) throws Exception {
final HttpMessageContext httpMessageContext = (HttpMessageContext) invocationContext.getParameters()[2];
final RememberMe rememberMe = TomEEELInvocationHandler.of(RememberMe.class, getRememberMe(), getElProcessor(invocationContext, httpMessageContext));
final Optional<Cookie> cookie = getCookie(httpMessageContext.getRequest(), rememberMe.cookieName());
if (cookie.isPresent() && !isEmpty(cookie.get().getValue())) {
// remove the cookie
cookie.get().setValue(null);
cookie.get().setMaxAge(0);
cookie.get().setPath(isEmpty(httpMessageContext.getRequest().getContextPath()) ? "/" : httpMessageContext.getRequest().getContextPath());
httpMessageContext.getResponse().addCookie(cookie.get());
// remove the token from the store
rememberMeIdentityStore.get().removeLoginToken(cookie.get().getValue());
}
invocationContext.proceed();
}
Also used :
Cookie(javax.servlet.http.Cookie)
RememberMe(javax.security.enterprise.authentication.mechanism.http.RememberMe)
HttpMessageContext(javax.security.enterprise.authentication.mechanism.http.HttpMessageContext)
Example 7 with HttpMessageContext
use of javax.security.enterprise.authentication.mechanism.http.HttpMessageContext in project tomee by apache.
the class TomEESecurityServerAuthModule method secureResponse.
@Override
public AuthStatus secureResponse(final MessageInfo messageInfo, final Subject subject) throws AuthException {
final HttpMessageContext httpMessageContext = httpMessageContext(handler, messageInfo, subject, null);
final HttpAuthenticationMechanism authenticationMechanism = CDI.current().select(TomEESecurityServletAuthenticationMechanismMapper.class).get().getCurrentAuthenticationMechanism(httpMessageContext);
final AuthenticationStatus authenticationStatus;
try {
authenticationStatus = authenticationMechanism.secureResponse(httpMessageContext.getRequest(), httpMessageContext.getResponse(), httpMessageContext);
} catch (final AuthenticationException e) {
final AuthException authException = new AuthException(e.getMessage());
authException.initCause(e);
throw authException;
}
return mapToAuthStatus(authenticationStatus);
}
Also used :
AuthenticationStatus(javax.security.enterprise.AuthenticationStatus)
AuthenticationException(javax.security.enterprise.AuthenticationException)
HttpAuthenticationMechanism(javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism)
AuthException(javax.security.auth.message.AuthException)
HttpMessageContext(javax.security.enterprise.authentication.mechanism.http.HttpMessageContext)
Aggregations
HttpMessageContext (javax.security.enterprise.authentication.mechanism.http.HttpMessageContext)7
AuthenticationStatus (javax.security.enterprise.AuthenticationStatus)4
AuthException (javax.security.auth.message.AuthException)2
AuthenticationException (javax.security.enterprise.AuthenticationException)2
HttpAuthenticationMechanism (javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism)2
RememberMe (javax.security.enterprise.authentication.mechanism.http.RememberMe)2
Cookie (javax.servlet.http.Cookie)2
Principal (java.security.Principal)1
CallerPrincipalCallback (javax.security.auth.message.callback.CallerPrincipalCallback)1
CallerPrincipal (javax.security.enterprise.CallerPrincipal)1
RememberMeCredential (javax.security.enterprise.credential.RememberMeCredential)1
CredentialValidationResult (javax.security.enterprise.identitystore.CredentialValidationResult)1
TomEESecurityServletAuthenticationMechanismMapper (org.apache.tomee.security.cdi.TomEESecurityServletAuthenticationMechanismMapper)1
