Examples with SessionInvalidatedException - org.apache.qpid.server.management.plugin.SessionInvalidatedException

Example 1 with SessionInvalidatedException

use of org.apache.qpid.server.management.plugin.SessionInvalidatedException in project qpid-broker-j by apache.

the class SaslServlet method doPost.

@Override
protected void doPost(final HttpServletRequest request, final HttpServletResponse response, final ConfiguredObject<?> managedObject) throws IOException {
    checkSaslAuthEnabled(request);
    final HttpSession session = request.getSession();
    try {
        String mechanism = request.getParameter("mechanism");
        String id = request.getParameter("id");
        String saslResponse = request.getParameter("response");
        SubjectCreator subjectCreator = getSubjectCreator(request);
        AuthenticationProvider<?> authenticationProvider = getAuthenticationProvider(request);
        SaslNegotiator saslNegotiator = null;
        if (mechanism != null) {
            if (id == null && authenticationProvider.getAvailableMechanisms(request.isSecure()).contains(mechanism)) {
                LOGGER.debug("Creating SaslServer for mechanism: {}", mechanism);
                saslNegotiator = subjectCreator.createSaslNegotiator(mechanism, new SaslSettings() {

                    @Override
                    public String getLocalFQDN() {
                        return request.getServerName();
                    }

                    @Override
                    public Principal getExternalPrincipal() {
                        return null;
                    }
                });
            }
        } else {
            if (id != null) {
                if (id.equals(HttpManagementUtil.getSessionAttribute(ATTR_ID, session, request)) && System.currentTimeMillis() < (Long) HttpManagementUtil.getSessionAttribute(ATTR_EXPIRY, session, request)) {
                    saslNegotiator = (SaslNegotiator) HttpManagementUtil.getSessionAttribute(ATTR_SASL_NEGOTIATOR, session, request);
                }
            }
        }
        if (saslNegotiator != null) {
            evaluateSaslResponse(request, response, session, saslResponse, saslNegotiator, subjectCreator);
        } else {
            cleanup(request, session);
            response.setStatus(HttpServletResponse.SC_EXPECTATION_FAILED);
        }
    } catch (SessionInvalidatedException e) {
        response.setStatus(HttpServletResponse.SC_PRECONDITION_FAILED);
    } finally {
        if (response.getStatus() != HttpServletResponse.SC_OK) {
            HttpManagementUtil.invalidateSession(session);
        }
    }
}

Also used : SaslSettings(org.apache.qpid.server.security.auth.sasl.SaslSettings) SessionInvalidatedException(org.apache.qpid.server.management.plugin.SessionInvalidatedException) HttpSession(javax.servlet.http.HttpSession) SaslNegotiator(org.apache.qpid.server.security.auth.sasl.SaslNegotiator) SubjectCreator(org.apache.qpid.server.security.SubjectCreator)

Aggregations

HttpSession (javax.servlet.http.HttpSession)1 SessionInvalidatedException (org.apache.qpid.server.management.plugin.SessionInvalidatedException)1 SubjectCreator (org.apache.qpid.server.security.SubjectCreator)1 SaslNegotiator (org.apache.qpid.server.security.auth.sasl.SaslNegotiator)1 SaslSettings (org.apache.qpid.server.security.auth.sasl.SaslSettings)1