use of org.apache.tomee.security.http.SavedAuthentication in project tomee by apache.
the class LoginToContinueInterceptor method processContainerInitiatedAuthentication.
private AuthenticationStatus processContainerInitiatedAuthentication(final InvocationContext invocationContext, final HttpMessageContext httpMessageContext) throws Exception {
if (isOnInitialProtectedURL(httpMessageContext)) {
saveRequest(httpMessageContext.getRequest());
final LoginToContinue loginToContinue = getLoginToContinue(invocationContext);
if (loginToContinue.useForwardToLogin()) {
return httpMessageContext.forward(loginToContinue.loginPage());
} else {
return httpMessageContext.redirect(toAbsoluteUrl(httpMessageContext.getRequest(), loginToContinue.loginPage()));
}
}
if (isOnLoginPostback(httpMessageContext)) {
final AuthenticationStatus authenticationStatus = (AuthenticationStatus) invocationContext.proceed();
if (authenticationStatus.equals(SUCCESS)) {
if (httpMessageContext.getCallerPrincipal() == null) {
return SUCCESS;
}
if (matchRequest(httpMessageContext.getRequest())) {
return SUCCESS;
}
saveAuthentication(httpMessageContext.getRequest(), httpMessageContext.getCallerPrincipal(), httpMessageContext.getGroups());
final SavedRequest savedRequest = getRequest(httpMessageContext.getRequest());
return httpMessageContext.redirect(savedRequest.getRequestURLWithQueryString());
} else if (authenticationStatus.equals(SEND_FAILURE)) {
final LoginToContinue loginToContinue = getLoginToContinue(invocationContext);
if (!loginToContinue.errorPage().isEmpty()) {
return httpMessageContext.redirect(toAbsoluteUrl(httpMessageContext.getRequest(), loginToContinue.errorPage()));
}
return authenticationStatus;
} else {
// SEND_CONTINUE
return authenticationStatus;
}
}
if (isOnOriginalURLAfterAuthenticate(httpMessageContext)) {
final SavedRequest savedRequest = getRequest(httpMessageContext.getRequest());
final SavedAuthentication savedAuthentication = getAuthentication(httpMessageContext.getRequest());
clearRequestAndAuthentication(httpMessageContext.getRequest());
final SavedHttpServletRequest savedHttpServletRequest = new SavedHttpServletRequest(httpMessageContext.getRequest(), savedRequest);
return httpMessageContext.withRequest(savedHttpServletRequest).notifyContainerAboutLogin(savedAuthentication.getPrincipal(), savedAuthentication.getGroups());
}
return (AuthenticationStatus) invocationContext.proceed();
}
Aggregations