Examples with HttpRequestInteractiveAuthenticator - org.apache.qpid.server.management.plugin.HttpRequestInteractiveAuthenticator

Example 1 with HttpRequestInteractiveAuthenticator

use of org.apache.qpid.server.management.plugin.HttpRequestInteractiveAuthenticator in project qpid-broker-j by apache.

the class InteractiveAuthenticationFilter method doFilter.

@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
    HttpServletRequest httpRequest = (HttpServletRequest) request;
    HttpServletResponse httpResponse = (HttpServletResponse) response;
    Subject subject = HttpManagementUtil.getAuthorisedSubject(httpRequest);
    if (subject != null && !subject.getPrincipals(AuthenticatedPrincipal.class).isEmpty()) {
        chain.doFilter(request, response);
    } else {
        HttpRequestInteractiveAuthenticator.AuthenticationHandler handler = null;
        for (HttpRequestInteractiveAuthenticator authenticator : AUTHENTICATORS) {
            handler = authenticator.getAuthenticationHandler(httpRequest, _managementConfiguration);
            if (handler != null) {
                break;
            }
            ;
        }
        if (handler != null) {
            handler.handleAuthentication(httpResponse);
        } else {
            httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN);
        }
    }
}

Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) HttpRequestInteractiveAuthenticator(org.apache.qpid.server.management.plugin.HttpRequestInteractiveAuthenticator) HttpServletResponse(javax.servlet.http.HttpServletResponse) Subject(javax.security.auth.Subject) AuthenticatedPrincipal(org.apache.qpid.server.security.auth.AuthenticatedPrincipal)

Example 2 with HttpRequestInteractiveAuthenticator

use of org.apache.qpid.server.management.plugin.HttpRequestInteractiveAuthenticator in project qpid-broker-j by apache.

the class LogoutServlet method doGet.

@Override
protected void doGet(HttpServletRequest request, HttpServletResponse resp) throws ServletException, IOException {
    HttpSession session = request.getSession(false);
    if (session != null) {
        // Invalidating the session will cause LoginLogoutReporter to log the user logoff.
        session.invalidate();
    }
    LogoutHandler logoutHandler = null;
    for (HttpRequestInteractiveAuthenticator authenticator : AUTHENTICATORS) {
        logoutHandler = authenticator.getLogoutHandler(request, _managementConfiguration);
        if (logoutHandler != null) {
            break;
        }
    }
    if (logoutHandler != null) {
        logoutHandler.handleLogout(resp);
    } else {
        resp.sendRedirect(HttpManagement.DEFAULT_LOGOUT_URL);
    }
}

Also used : HttpSession(javax.servlet.http.HttpSession) HttpRequestInteractiveAuthenticator(org.apache.qpid.server.management.plugin.HttpRequestInteractiveAuthenticator) LogoutHandler(org.apache.qpid.server.management.plugin.HttpRequestInteractiveAuthenticator.LogoutHandler)

Aggregations

HttpRequestInteractiveAuthenticator (org.apache.qpid.server.management.plugin.HttpRequestInteractiveAuthenticator)2 Subject (javax.security.auth.Subject)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 HttpServletResponse (javax.servlet.http.HttpServletResponse)1 HttpSession (javax.servlet.http.HttpSession)1 LogoutHandler (org.apache.qpid.server.management.plugin.HttpRequestInteractiveAuthenticator.LogoutHandler)1 AuthenticatedPrincipal (org.apache.qpid.server.security.auth.AuthenticatedPrincipal)1