Search in sources :

Example 1 with IdentityStoreHandler

use of javax.security.enterprise.identitystore.IdentityStoreHandler in project Payara by payara.

the class JWTAuthenticationMechanism method validateRequest.

@Override
public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext) throws AuthenticationException {
    if (httpMessageContext.isProtected()) {
        IdentityStoreHandler identityStoreHandler = CDI.current().select(IdentityStoreHandler.class).get();
        SignedJWTCredential credential = getCredential(request);
        if (credential != null) {
            CredentialValidationResult result = identityStoreHandler.validate(credential);
            if (result.getStatus() == VALID) {
                httpMessageContext.getClientSubject().getPrincipals().add(result.getCallerPrincipal());
            }
            return httpMessageContext.notifyContainerAboutLogin(result);
        }
    }
    return httpMessageContext.doNothing();
}
Also used : CredentialValidationResult(javax.security.enterprise.identitystore.CredentialValidationResult) IdentityStoreHandler(javax.security.enterprise.identitystore.IdentityStoreHandler)

Aggregations

CredentialValidationResult (javax.security.enterprise.identitystore.CredentialValidationResult)1 IdentityStoreHandler (javax.security.enterprise.identitystore.IdentityStoreHandler)1