Example 6 with RequestFacade
use of org.apache.catalina.connector.RequestFacade in project Payara by payara.
the class RealmAdapter method invokeAuthenticateDelegate.
/**
* Authenticates the user making this request, based on the specified login configuration. Return <code>true</code> if
* any specified requirements have been satisfied, or <code>false</code> if we have created a response challenge
* already.
*
* @param request Request we are processing
* @param response Response we are creating
* @param context The Context to which client of this class is attached.
* @param authenticator the current authenticator.
* @param calledFromAuthenticate
* @return
* @exception IOException if an input/output error occurs
*/
@Override
public boolean invokeAuthenticateDelegate(HttpRequest request, HttpResponse response, Context context, Authenticator authenticator, boolean calledFromAuthenticate) throws IOException {
boolean result = false;
LoginConfig loginConfig = context.getLoginConfig();
ServerAuthConfig serverAuthConfig = getServerAuthConfig();
if (serverAuthConfig != null) {
try {
context.fireContainerEvent(BEFORE_AUTHENTICATION, null);
// Get the WebPrincipal principal and add to the security context principals
RequestFacade requestFacade = (RequestFacade) request.getRequest();
setAdditionalPrincipalInContext(requestFacade);
if (requestTracing != null && requestTracing.isRequestTracingEnabled()) {
result = doTraced(serverAuthConfig, context, requestFacade, () -> validate(request, response, loginConfig, authenticator, calledFromAuthenticate));
} else {
result = validate(request, response, loginConfig, authenticator, calledFromAuthenticate);
}
} finally {
resetAdditionalPrincipalInContext();
context.fireContainerEvent(AFTER_AUTHENTICATION, null);
}
} else {
// JSR 196 is not enabled. Use the current authenticator.
result = ((AuthenticatorBase) authenticator).authenticate(request, response, loginConfig);
}
return result;
}
Also used :
LoginConfig(org.apache.catalina.deploy.LoginConfig)
RequestFacade(org.apache.catalina.connector.RequestFacade)
ServerAuthConfig(javax.security.auth.message.config.ServerAuthConfig)
Example 7 with RequestFacade
use of org.apache.catalina.connector.RequestFacade in project tomcat70 by apache.
the class TestPersistentManager method testBug62175.
@Test
public void testBug62175() throws Exception {
final PersistentManager manager = new PersistentManager();
final AtomicInteger sessionExpireCounter = new AtomicInteger();
Store mockStore = EasyMock.createNiceMock(Store.class);
EasyMock.expect(mockStore.load(EasyMock.anyString())).andAnswer(new IAnswer<Session>() {
@Override
public Session answer() throws Throwable {
return timedOutSession(manager, sessionExpireCounter);
}
}).anyTimes();
EasyMock.replay(mockStore);
manager.setStore(mockStore);
Host host = new TesterHost();
final RequestCachingSessionListener requestCachingSessionListener = new RequestCachingSessionListener();
final Context context = new TesterContext() {
@Override
public Object[] getApplicationLifecycleListeners() {
return new Object[] { requestCachingSessionListener };
}
@Override
public Manager getManager() {
return manager;
}
};
context.setParent(host);
Request req = new Request();
req.setContext(context);
req.setRequestedSessionId("invalidSession");
HttpServletRequest request = new RequestFacade(req);
requestCachingSessionListener.request = request;
manager.setContainer(context);
manager.start();
Assert.assertNull(request.getSession(false));
EasyMock.verify(mockStore);
Assert.assertEquals(1, sessionExpireCounter.get());
}
Also used :
Context(org.apache.catalina.Context)
TesterContext(org.apache.tomcat.unittest.TesterContext)
Request(org.apache.catalina.connector.Request)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Store(org.apache.catalina.Store)
TesterHost(org.apache.tomcat.unittest.TesterHost)
Host(org.apache.catalina.Host)
RequestFacade(org.apache.catalina.connector.RequestFacade)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
IAnswer(org.easymock.IAnswer)
TesterHost(org.apache.tomcat.unittest.TesterHost)
AtomicInteger(java.util.concurrent.atomic.AtomicInteger)
TesterContext(org.apache.tomcat.unittest.TesterContext)
Test(org.junit.Test)
Example 8 with RequestFacade
use of org.apache.catalina.connector.RequestFacade in project Payara by payara.
the class JaspicRealm method validateRequest.
public boolean validateRequest(HttpRequest request, HttpResponse response, Context context, Authenticator authenticator, boolean calledFromAuthenticate, Function<HttpServletRequest, Boolean> isMandatoryFn) throws IOException {
try {
context.fireContainerEvent(BEFORE_AUTHENTICATION, null);
// Get the WebPrincipal principal and add to the security context principals
RequestFacade requestFacade = (RequestFacade) request.getRequest();
setAdditionalPrincipalInContext(requestFacade);
return validateRequest(getServerAuthConfig(), context, requestFacade, request, response, context.getLoginConfig(), authenticator, calledFromAuthenticate, isMandatoryFn);
} finally {
resetAdditionalPrincipalInContext();
context.fireContainerEvent(AFTER_AUTHENTICATION, null);
}
}
Also used :
RequestFacade(org.apache.catalina.connector.RequestFacade)
Example 9 with RequestFacade
use of org.apache.catalina.connector.RequestFacade in project Payara by payara.
the class WebProgrammaticLoginImpl method getUnwrappedCoyoteRequest.
// ################### Private Methods
/**
* Return the unwrapped <code>CoyoteRequest</code> object.
*/
private static Request getUnwrappedCoyoteRequest(HttpServletRequest request) {
Request unwrappedCoyoteRequest = null;
ServletRequest servletRequest = request;
try {
ServletRequest prevServletRequest = null;
while (servletRequest != prevServletRequest && servletRequest instanceof ServletRequestWrapper) {
prevServletRequest = servletRequest;
servletRequest = ((ServletRequestWrapper) servletRequest).getRequest();
}
if (servletRequest instanceof RequestFacade) {
unwrappedCoyoteRequest = ((RequestFacade) servletRequest).getUnwrappedCoyoteRequest();
}
} catch (AccessControlException ex) {
logger.fine("Programmatic login faiied to get request");
}
return unwrappedCoyoteRequest;
}
Also used :
ServletRequest(javax.servlet.ServletRequest)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ServletRequestWrapper(javax.servlet.ServletRequestWrapper)
Request(org.apache.catalina.connector.Request)
ServletRequest(javax.servlet.ServletRequest)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
AccessControlException(java.security.AccessControlException)
RequestFacade(org.apache.catalina.connector.RequestFacade)
Example 10 with RequestFacade
use of org.apache.catalina.connector.RequestFacade in project Payara by payara.
the class J2EEInstanceListener method handleBeforeEvent.
private void handleBeforeEvent(InstanceEvent event, InstanceEvent.EventType eventType) {
Context context = (Context) event.getWrapper().getParent();
if (!(context instanceof WebModule)) {
return;
}
WebModule wm = (WebModule) context;
Object instance;
if (eventType == InstanceEvent.EventType.BEFORE_FILTER_EVENT) {
instance = event.getFilter();
} else {
instance = event.getServlet();
}
// set security context
// BEGIN IAfSRI 4688449
// try {
Realm ra = context.getRealm();
// START OF IASRI 4713234
if (ra != null) {
ServletRequest request = event.getRequest();
if (request != null && request instanceof HttpServletRequest) {
HttpServletRequest hreq = (HttpServletRequest) request;
HttpServletRequest base = hreq;
Principal prin = hreq.getUserPrincipal();
Principal basePrincipal = prin;
boolean wrapped = false;
while (prin != null) {
if (base instanceof ServletRequestWrapper) {
// unwarp any wrappers to find the base object
ServletRequest sr = ((ServletRequestWrapper) base).getRequest();
if (sr instanceof HttpServletRequest) {
base = (HttpServletRequest) sr;
wrapped = true;
continue;
}
}
if (wrapped) {
basePrincipal = base.getUserPrincipal();
} else if (base instanceof RequestFacade) {
// when we can identify see we have the texact class.
if (base.getClass() != RequestFacade.class) {
basePrincipal = ((RequestFacade) base).getUnwrappedCoyoteRequest().getUserPrincipal();
}
} else {
basePrincipal = base.getUserPrincipal();
}
break;
}
if (prin != null && prin == basePrincipal && prin.getClass().getName().equals(SecurityConstants.WEB_PRINCIPAL_CLASS)) {
securityContext.setSecurityContextWithPrincipal(prin);
} else if (prin != basePrincipal) {
// the wrapper has overridden getUserPrincipal
// reject the request if the wrapper does not have
// the necessary permission.
checkObjectForDoAsPermission(hreq);
securityContext.setSecurityContextWithPrincipal(prin);
}
}
}
// END OF IASRI 4713234
// END IASRI 4688449
ComponentInvocation inv;
if (eventType == InstanceEvent.EventType.BEFORE_INIT_EVENT) {
// The servletName is not avaiable from servlet instance before servlet init.
// We have to pass the servletName to ComponentInvocation so it can be retrieved
// in RealmAdapter.getServletName().
inv = new WebComponentInvocation(wm, instance, event.getWrapper().getName());
} else {
inv = new WebComponentInvocation(wm, instance);
}
try {
im.preInvoke(inv);
if (eventType == InstanceEvent.EventType.BEFORE_SERVICE_EVENT) {
// Emit monitoring probe event
wm.beforeServiceEvent(event.getWrapper().getName());
// enlist resources with TM for service method
if (tm != null) {
tm.enlistComponentResources();
}
}
} catch (Exception ex) {
// See CR 6920895
im.postInvoke(inv);
String msg = _rb.getString(LogFacade.EXCEPTION_DURING_HANDLE_EVENT);
msg = MessageFormat.format(msg, new Object[] { eventType, wm });
throw new RuntimeException(msg, ex);
}
}
Also used :
AppServSecurityContext(com.sun.enterprise.security.integration.AppServSecurityContext)
ServerContext(org.glassfish.internal.api.ServerContext)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ServletRequest(javax.servlet.ServletRequest)
ComponentInvocation(org.glassfish.api.invocation.ComponentInvocation)
WebComponentInvocation(com.sun.enterprise.web.WebComponentInvocation)
ServletRequestWrapper(javax.servlet.ServletRequestWrapper)
WebModule(com.sun.enterprise.web.WebModule)
String(java.lang.String)
RequestFacade(org.apache.catalina.connector.RequestFacade)
InjectionException(com.sun.enterprise.container.common.spi.util.InjectionException)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
WebComponentInvocation(com.sun.enterprise.web.WebComponentInvocation)
Aggregations
RequestFacade (org.apache.catalina.connector.RequestFacade)13
HttpServletRequest (javax.servlet.http.HttpServletRequest)7
Request (org.apache.catalina.connector.Request)6
ServletRequest (javax.servlet.ServletRequest)5
ServletRequestWrapper (javax.servlet.ServletRequestWrapper)5
Context (org.apache.catalina.Context)3
HttpServletRequest (jakarta.servlet.http.HttpServletRequest)2
AtomicInteger (java.util.concurrent.atomic.AtomicInteger)2
ServletException (javax.servlet.ServletException)2
Host (org.apache.catalina.Host)2
Store (org.apache.catalina.Store)2
TesterContext (org.apache.tomcat.unittest.TesterContext)2
TesterHost (org.apache.tomcat.unittest.TesterHost)2
IAnswer (org.easymock.IAnswer)2
Test (org.junit.Test)2
InjectionException (com.sun.enterprise.container.common.spi.util.InjectionException)1
AppServSecurityContext (com.sun.enterprise.security.integration.AppServSecurityContext)1
WebComponentInvocation (com.sun.enterprise.web.WebComponentInvocation)1
WebModule (com.sun.enterprise.web.WebModule)1
ServletRequest (jakarta.servlet.ServletRequest)1
