Example 46 with Session
use of org.apache.catalina.Session in project Payara by payara.
the class FormAuthenticator method authenticate.
// ------------------------------------------------------- Public Methods
/**
* Authenticate the user making this request, based on the specified
* login configuration. Return <code>true</code> if any specified
* constraint has been satisfied, or <code>false</code> if we have
* created a response challenge already.
*
* @param request Request we are processing
* @param response Response we are creating
* @param config Login configuration describing how authentication
* should be performed
*
* @exception IOException if an input/output error occurs
*/
@Override
public boolean authenticate(HttpRequest request, HttpResponse response, LoginConfig config) throws IOException {
// References to objects we will need later
HttpServletRequest hreq = (HttpServletRequest) request.getRequest();
HttpServletResponse hres = (HttpServletResponse) response.getResponse();
Session session = null;
String contextPath = hreq.getContextPath();
String requestURI = request.getDecodedRequestURI();
// Is this the action request from the login page?
boolean loginAction = requestURI.startsWith(contextPath) && requestURI.endsWith(Constants.FORM_ACTION);
// Have we already authenticated someone?
Principal principal = hreq.getUserPrincipal();
// processing section of this method.
if (principal != null && !loginAction) {
if (log.isLoggable(Level.FINE))
log.log(Level.FINE, "Already authenticated '" + principal.getName() + "'");
String ssoId = (String) request.getNote(Constants.REQ_SSOID_NOTE);
if (ssoId != null) {
getSession(request, true);
}
return (true);
}
// processing section of this method.
if (!cache && !loginAction) {
session = getSession(request, true);
if (log.isLoggable(Level.FINE))
log.log(Level.FINE, "Checking for reauthenticate in session " + session);
String username = (String) session.getNote(Constants.SESS_USERNAME_NOTE);
char[] password = (char[]) session.getNote(Constants.SESS_PASSWORD_NOTE);
if ((username != null) && (password != null)) {
if (log.isLoggable(Level.FINE))
log.log(Level.FINE, "Reauthenticating username '" + username + "'");
principal = context.getRealm().authenticate(username, password);
if (principal != null) {
session.setNote(Constants.FORM_PRINCIPAL_NOTE, principal);
if (!matchRequest(request)) {
register(request, response, principal, Constants.FORM_METHOD, username, password);
return (true);
}
}
if (log.isLoggable(Level.FINE))
log.log(Level.FINE, "Reauthentication failed, proceed normally");
}
}
// authentication? If so, forward the *original* request instead.
if (matchRequest(request)) {
session = getSession(request, true);
if (log.isLoggable(Level.FINE)) {
String msg = "Restore request from session '" + session.getIdInternal() + "'";
log.log(Level.FINE, msg);
}
principal = (Principal) session.getNote(Constants.FORM_PRINCIPAL_NOTE);
register(request, response, principal, Constants.FORM_METHOD, (String) session.getNote(Constants.SESS_USERNAME_NOTE), (char[]) session.getNote(Constants.SESS_PASSWORD_NOTE));
String ssoId = (String) request.getNote(Constants.REQ_SSOID_NOTE);
if (ssoId != null) {
associate(ssoId, getSsoVersion(request), session);
}
if (restoreRequest(request, session)) {
if (log.isLoggable(Level.FINE))
log.log(Level.FINE, "Proceed to restored request");
return (true);
} else {
if (log.isLoggable(Level.FINE))
log.log(Level.FINE, "Restore of original request failed");
hres.sendError(HttpServletResponse.SC_BAD_REQUEST);
return (false);
}
}
// Acquire references to objects we will need to evaluate
MessageBytes uriMB = MessageBytes.newInstance();
CharChunk uriCC = uriMB.getCharChunk();
uriCC.setLimit(-1);
response.setContext(request.getContext());
// No -- Save this request and redirect to the form login page
if (!loginAction) {
session = getSession(request, true);
if (log.isLoggable(Level.FINE)) {
String msg = "Save request in session '" + session.getIdInternal() + "'";
log.log(Level.FINE, msg);
}
saveRequest(request, session);
// START Apache bug 36136: Refactor the login and error page forward
/*
RequestDispatcher disp =
context.getServletContext().getRequestDispatcher
(config.getLoginPage());
try {
disp.forward(hreq, hres);
response.finishResponse();
} catch (Throwable t) {
log.warn("Unexpected error forwarding to login page", t);
}
*/
forwardToLoginPage(request, response, config);
return (false);
}
// Yes -- Validate the specified credentials and redirect
// to the error page if they are not correct
Realm realm = context.getRealm();
String username = hreq.getParameter(Constants.FORM_USERNAME);
String pwd = hreq.getParameter(Constants.FORM_PASSWORD);
char[] password = ((pwd != null) ? pwd.toCharArray() : null);
if (log.isLoggable(Level.FINE))
log.log(Level.FINE, "Authenticating username '" + username + "'");
principal = realm.authenticate(username, password);
if (principal == null) {
// START Apache bug 36136: Refactor the login and error page forward
/*
RequestDispatcher disp =
context.getServletContext().getRequestDispatcher
(config.getErrorPage());
try {
disp.forward(hreq, hres);
} catch (Throwable t) {
log.warn("Unexpected error forwarding to error page", t);
}
*/
forwardToErrorPage(request, response, config);
return (false);
}
// Save the authenticated Principal in our session
if (log.isLoggable(Level.FINE))
log.log(Level.FINE, "Authentication of '" + username + "' was successful");
if (session == null)
session = getSession(request, true);
session.setNote(Constants.FORM_PRINCIPAL_NOTE, principal);
// If we are not caching, save the username and password as well
if (!cache) {
session.setNote(Constants.SESS_USERNAME_NOTE, username);
session.setNote(Constants.SESS_PASSWORD_NOTE, password);
}
// Redirect the user to the original request URI (which will cause
// the original request to be restored)
requestURI = savedRequestURL(session);
if (requestURI == null) {
// requestURI will be null if the login form is submitted
// directly, i.e., if there has not been any original request
// that was stored away before the redirect to the login form was
// issued. In this case, assume that the original request has been
// for the context root, and have the welcome page mechanism take
// care of it
requestURI = hreq.getContextPath() + "/";
register(request, response, principal, Constants.FORM_METHOD, (String) session.getNote(Constants.SESS_USERNAME_NOTE), (char[]) session.getNote(Constants.SESS_PASSWORD_NOTE));
String ssoId = (String) request.getNote(Constants.REQ_SSOID_NOTE);
if (ssoId != null) {
associate(ssoId, getSsoVersion(request), session);
}
}
if (log.isLoggable(Level.FINE)) {
log.log(Level.FINE, "Redirecting to original '" + requestURI + "'");
}
hres.sendRedirect(hres.encodeRedirectURL(requestURI));
return (false);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
MessageBytes(org.glassfish.grizzly.http.util.MessageBytes)
Realm(org.apache.catalina.Realm)
Principal(java.security.Principal)
CharChunk(org.glassfish.grizzly.http.util.CharChunk)
Session(org.apache.catalina.Session)
Example 47 with Session
use of org.apache.catalina.Session in project Payara by payara.
the class SingleSignOnEntry method removeSession.
public synchronized void removeSession(Session session) {
final Session removed = sessions.remove(session.getId());
log.warning("session " + session.getId() + "found (and removed): " + removed);
}
Also used :
Session(org.apache.catalina.Session)
Example 48 with Session
use of org.apache.catalina.Session in project Payara by payara.
the class OutputBuffer method addSessionCookies.
private void addSessionCookies() throws IOException {
Request req = (Request) response.getRequest();
if (req.isRequestedSessionIdFromURL()) {
return;
}
StandardContext ctx = (StandardContext) response.getContext();
if (ctx == null || !ctx.getCookies()) {
// cookies disabled
return;
}
Session sess = req.getSessionInternal(false);
if (sess != null) {
addSessionVersionCookie(req, ctx);
addSessionCookieWithJvmRoute(req, ctx, sess);
addSessionCookieWithJReplica(req, ctx, sess);
addPersistedSessionCookie(req, ctx, sess);
addJrouteCookie(req, ctx, sess);
addSsoVersionCookie(req, ctx);
}
}
Also used :
StandardContext(org.apache.catalina.core.StandardContext)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Session(org.apache.catalina.Session)
Example 49 with Session
use of org.apache.catalina.Session in project Payara by payara.
the class Request method changeSessionId.
/**
* Change the session id of the current session associated with this
* request and return the new session id.
*
* @return the new session id
*
* @throws IllegalStateException if there is no session associated
* with the request
*
* @since Servlet 3.1
*/
@Override
public String changeSessionId() {
Manager manager = context.getManager();
if (manager == null) {
throw new IllegalStateException(rb.getString(LogFacade.CHANGE_SESSION_ID_BEEN_CALLED_EXCEPTION));
}
Session session = getSessionInternal(false);
if (session == null) {
throw new IllegalStateException(rb.getString(LogFacade.CHANGE_SESSION_ID_BEEN_CALLED_EXCEPTION));
}
manager.changeSessionId(session);
String newSessionId = session.getId();
// double check to be sure
if (requestedSessionId != null && requestedSessionId.length() > 0) {
requestedSessionId = newSessionId;
}
addSessionCookie();
return newSessionId;
}
Also used :
Manager(org.apache.catalina.Manager)
HttpSession(javax.servlet.http.HttpSession)
Session(org.apache.catalina.Session)
StandardSession(org.apache.catalina.session.StandardSession)
Example 50 with Session
use of org.apache.catalina.Session in project Payara by payara.
the class Request method parseJReplica.
/**
* Parses and removes jreplica (if present) from the request URI.
*/
protected void parseJReplica(CharChunk uriCC) {
String jreplica = parseParameterFromRequestURI(uriCC, Globals.JREPLICA_PARAMETER);
if (jreplica != null) {
Session session = getSessionInternal(false);
if (session != null) {
session.setNote(Globals.JREPLICA_SESSION_NOTE, jreplica);
}
removeParameterFromRequestURI(Globals.JREPLICA_PARAMETER);
}
}
Also used :
HttpSession(javax.servlet.http.HttpSession)
Session(org.apache.catalina.Session)
StandardSession(org.apache.catalina.session.StandardSession)
Aggregations
Session (org.apache.catalina.Session)58
HttpSession (javax.servlet.http.HttpSession)17
Manager (org.apache.catalina.Manager)16
IOException (java.io.IOException)13
StandardSession (org.apache.catalina.session.StandardSession)8
HttpServletRequest (javax.servlet.http.HttpServletRequest)7
Context (org.apache.catalina.Context)7
StringManager (org.apache.tomcat.util.res.StringManager)7
StandardContext (org.apache.catalina.core.StandardContext)5
Principal (java.security.Principal)3
Container (org.apache.catalina.Container)3
LifecycleException (org.apache.catalina.LifecycleException)3
Realm (org.apache.catalina.Realm)3
File (java.io.File)2
ArrayList (java.util.ArrayList)2
ServletContext (javax.servlet.ServletContext)2
ServletRequest (javax.servlet.ServletRequest)2
Cookie (javax.servlet.http.Cookie)2
HttpServletResponse (javax.servlet.http.HttpServletResponse)2
Loader (org.apache.catalina.Loader)2
