Example 1 with Auditor
use of org.apache.catalina.Auditor in project Payara by payara.
the class AuthenticatorBase method invoke.
// --------------------------------------------------------- Public Methods
/**
* Enforce the security restrictions in the web application deployment descriptor of our associated Context.
*
* @param request Request to be processed
* @param response Response to be processed
*
* @exception IOException if an input/output error occurs
* @exception ServletException if thrown by a processing element
*/
@Override
public int invoke(Request request, Response response) throws IOException, ServletException {
// START GlassFish 247
if (!context.getAvailable()) {
try {
((HttpServletResponse) response.getResponse()).sendError(SC_SERVICE_UNAVAILABLE);
} catch (IllegalStateException | IOException e) {
;
}
return END_PIPELINE;
}
// END GlassFish 247
HttpRequest hrequest = (HttpRequest) request;
HttpResponse hresponse = (HttpResponse) response;
if (log.isLoggable(FINE)) {
log.fine("Security checking request " + ((HttpServletRequest) request.getRequest()).getMethod() + " " + ((HttpServletRequest) request.getRequest()).getRequestURI());
}
LoginConfig config = this.context.getLoginConfig();
// Have we got a cached authenticated Principal to record?
if (cache) {
Principal principal = ((HttpServletRequest) request.getRequest()).getUserPrincipal();
if (principal == null) {
Session session = getSession(hrequest);
if (session != null) {
principal = session.getPrincipal();
if (principal != null) {
if (log.isLoggable(FINE)) {
log.fine("We have cached auth type " + session.getAuthType() + " for principal " + session.getPrincipal());
}
hrequest.setAuthType(session.getAuthType());
hrequest.setUserPrincipal(principal);
}
}
}
}
Realm realm = this.context.getRealm();
// Is this request URI subject to a security constraint?
SecurityConstraint[] constraints = realm.findSecurityConstraints(hrequest, this.context);
if (constraints == null) {
log.fine(" Not subject to any constraint");
return processSecurityCheck(hrequest, hresponse, config);
}
log.fine(" Calling hasUserDataPermission()");
if (!realm.hasUserDataPermission(hrequest, hresponse, constraints)) {
log.fine(" Failed hasUserDataPermission() test");
// HTTP status code, so we do not have to do anything special
return END_PIPELINE;
}
int preAuthenticateCheckResult = realm.preAuthenticateCheck(hrequest, hresponse, constraints, disableProxyCaching, securePagesWithPragma, (sso != null));
if (preAuthenticateCheckResult == AUTHENTICATE_NOT_NEEDED) {
return processSecurityCheck(hrequest, hresponse, config);
}
if (preAuthenticateCheckResult == AUTHENTICATE_NEEDED) {
log.fine(" Calling authenticate()");
boolean authenticateResult = realm.invokeAuthenticateDelegate(hrequest, hresponse, context, this, false);
if (!authenticateResult) {
log.fine(" Failed authenticate() test");
return END_PIPELINE;
}
} else if (preAuthenticateCheckResult == AUTHENTICATED_NOT_AUTHORIZED) {
return END_PIPELINE;
}
log.log(FINE, " Calling accessControl()");
if (!realm.hasResourcePermission(hrequest, hresponse, constraints, this.context)) {
log.log(Level.FINE, " Failed accessControl() test");
Auditor[] auditors = context.getAuditors();
if (auditors != null) {
for (int j = 0; j < auditors.length; j++) {
auditors[j].webInvocation(hrequest, false);
}
}
/*
* ASSERT: AccessControl method has already set the appropriate HTTP status code, so we do not have to do anything
* special
*/
return END_PIPELINE;
}
Auditor[] auditors = this.context.getAuditors();
if (auditors != null) {
boolean success = true;
for (int j = 0; j < auditors.length; j++) {
try {
auditors[j].webInvocation(hrequest, true);
} catch (Exception e) {
success = false;
}
}
if (!success) {
// fail authorization if auditor blew up
return END_PIPELINE;
}
}
// Any and all specified constraints have been satisfied
log.fine("Successfully passed all security constraints");
return INVOKE_NEXT;
}
Also used :
HttpRequest(org.apache.catalina.HttpRequest)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
HttpResponse(org.apache.catalina.HttpResponse)
IOException(java.io.IOException)
SecurityConstraint(org.apache.catalina.deploy.SecurityConstraint)
SecurityConstraint(org.apache.catalina.deploy.SecurityConstraint)
ServletException(javax.servlet.ServletException)
LifecycleException(org.apache.catalina.LifecycleException)
IOException(java.io.IOException)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Auditor(org.apache.catalina.Auditor)
LoginConfig(org.apache.catalina.deploy.LoginConfig)
Realm(org.apache.catalina.Realm)
Principal(java.security.Principal)
Session(org.apache.catalina.Session)
Aggregations
IOException (java.io.IOException)1
Principal (java.security.Principal)1
ServletException (javax.servlet.ServletException)1
HttpServletRequest (javax.servlet.http.HttpServletRequest)1
HttpServletResponse (javax.servlet.http.HttpServletResponse)1
Auditor (org.apache.catalina.Auditor)1
HttpRequest (org.apache.catalina.HttpRequest)1
HttpResponse (org.apache.catalina.HttpResponse)1
LifecycleException (org.apache.catalina.LifecycleException)1
Realm (org.apache.catalina.Realm)1
Session (org.apache.catalina.Session)1
LoginConfig (org.apache.catalina.deploy.LoginConfig)1
SecurityConstraint (org.apache.catalina.deploy.SecurityConstraint)1
