Search in sources :

Example 1 with RememberMe

use of javax.security.enterprise.authentication.mechanism.http.RememberMe in project tomee by apache.

the class RememberMeInterceptor method validateRequest.

private AuthenticationStatus validateRequest(final InvocationContext invocationContext) throws Exception {
    final HttpMessageContext httpMessageContext = (HttpMessageContext) invocationContext.getParameters()[2];
    final RememberMe rememberMe = TomEEELInvocationHandler.of(RememberMe.class, getRememberMe(), getElProcessor(invocationContext, httpMessageContext));
    final Optional<Cookie> cookie = getCookie(httpMessageContext.getRequest(), rememberMe.cookieName());
    if (cookie.isPresent() && !isEmpty(cookie.get().getValue())) {
        final RememberMeCredential rememberMeCredential = new RememberMeCredential(cookie.get().getValue());
        final CredentialValidationResult validate = rememberMeIdentityStore.get().validate(rememberMeCredential);
        if (VALID.equals(validate.getStatus())) {
            return httpMessageContext.notifyContainerAboutLogin(validate);
        } else {
            cookie.get().setMaxAge(0);
            httpMessageContext.getResponse().addCookie(cookie.get());
        }
    }
    final AuthenticationStatus status = (AuthenticationStatus) invocationContext.proceed();
    if (SUCCESS.equals(status) && httpMessageContext.getCallerPrincipal() != null) {
        if (rememberMe.isRememberMe()) {
            final CallerPrincipal principal = new CallerPrincipal(httpMessageContext.getCallerPrincipal().getName());
            final Set<String> groups = httpMessageContext.getGroups();
            final String loginToken = rememberMeIdentityStore.get().generateLoginToken(principal, groups);
            final Cookie rememberMeCookie = new Cookie(rememberMe.cookieName(), loginToken);
            rememberMeCookie.setPath(isEmpty(httpMessageContext.getRequest().getContextPath()) ? "/" : httpMessageContext.getRequest().getContextPath());
            rememberMeCookie.setMaxAge(rememberMe.cookieMaxAgeSeconds());
            rememberMeCookie.setHttpOnly(rememberMe.cookieHttpOnly());
            rememberMeCookie.setSecure(rememberMe.cookieSecureOnly());
            httpMessageContext.getResponse().addCookie(rememberMeCookie);
        }
    }
    return status;
}
Also used : Cookie(javax.servlet.http.Cookie) AuthenticationStatus(javax.security.enterprise.AuthenticationStatus) CredentialValidationResult(javax.security.enterprise.identitystore.CredentialValidationResult) RememberMe(javax.security.enterprise.authentication.mechanism.http.RememberMe) HttpMessageContext(javax.security.enterprise.authentication.mechanism.http.HttpMessageContext) CallerPrincipal(javax.security.enterprise.CallerPrincipal) RememberMeCredential(javax.security.enterprise.credential.RememberMeCredential)

Example 2 with RememberMe

use of javax.security.enterprise.authentication.mechanism.http.RememberMe in project tomee by apache.

the class RememberMeInterceptor method cleanSubject.

private void cleanSubject(final InvocationContext invocationContext) throws Exception {
    final HttpMessageContext httpMessageContext = (HttpMessageContext) invocationContext.getParameters()[2];
    final RememberMe rememberMe = TomEEELInvocationHandler.of(RememberMe.class, getRememberMe(), getElProcessor(invocationContext, httpMessageContext));
    final Optional<Cookie> cookie = getCookie(httpMessageContext.getRequest(), rememberMe.cookieName());
    if (cookie.isPresent() && !isEmpty(cookie.get().getValue())) {
        // remove the cookie
        cookie.get().setValue(null);
        cookie.get().setMaxAge(0);
        cookie.get().setPath(isEmpty(httpMessageContext.getRequest().getContextPath()) ? "/" : httpMessageContext.getRequest().getContextPath());
        httpMessageContext.getResponse().addCookie(cookie.get());
        // remove the token from the store
        rememberMeIdentityStore.get().removeLoginToken(cookie.get().getValue());
    }
    invocationContext.proceed();
}
Also used : Cookie(javax.servlet.http.Cookie) RememberMe(javax.security.enterprise.authentication.mechanism.http.RememberMe) HttpMessageContext(javax.security.enterprise.authentication.mechanism.http.HttpMessageContext)

Aggregations

HttpMessageContext (javax.security.enterprise.authentication.mechanism.http.HttpMessageContext)2 RememberMe (javax.security.enterprise.authentication.mechanism.http.RememberMe)2 Cookie (javax.servlet.http.Cookie)2 AuthenticationStatus (javax.security.enterprise.AuthenticationStatus)1 CallerPrincipal (javax.security.enterprise.CallerPrincipal)1 RememberMeCredential (javax.security.enterprise.credential.RememberMeCredential)1 CredentialValidationResult (javax.security.enterprise.identitystore.CredentialValidationResult)1