use of javax.security.enterprise.identitystore.IdentityStoreHandler in project Payara by payara.
the class JWTAuthenticationMechanism method validateRequest.
@Override
public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext) throws AuthenticationException {
if (httpMessageContext.isProtected()) {
IdentityStoreHandler identityStoreHandler = CDI.current().select(IdentityStoreHandler.class).get();
SignedJWTCredential credential = getCredential(request);
if (credential != null) {
CredentialValidationResult result = identityStoreHandler.validate(credential);
if (result.getStatus() == VALID) {
httpMessageContext.getClientSubject().getPrincipals().add(result.getCallerPrincipal());
}
return httpMessageContext.notifyContainerAboutLogin(result);
}
}
return httpMessageContext.doNothing();
}
Aggregations