Search in sources :

Example 1 with SavedHttpServletRequest

use of org.apache.tomee.security.http.SavedHttpServletRequest in project tomee by apache.

the class LoginToContinueInterceptor method processContainerInitiatedAuthentication.

private AuthenticationStatus processContainerInitiatedAuthentication(final InvocationContext invocationContext, final HttpMessageContext httpMessageContext) throws Exception {
    if (isOnInitialProtectedURL(httpMessageContext)) {
        saveRequest(httpMessageContext.getRequest());
        final LoginToContinue loginToContinue = getLoginToContinue(invocationContext);
        if (loginToContinue.useForwardToLogin()) {
            return httpMessageContext.forward(loginToContinue.loginPage());
        } else {
            return httpMessageContext.redirect(toAbsoluteUrl(httpMessageContext.getRequest(), loginToContinue.loginPage()));
        }
    }
    if (isOnLoginPostback(httpMessageContext)) {
        final AuthenticationStatus authenticationStatus = (AuthenticationStatus) invocationContext.proceed();
        if (authenticationStatus.equals(SUCCESS)) {
            if (httpMessageContext.getCallerPrincipal() == null) {
                return SUCCESS;
            }
            if (matchRequest(httpMessageContext.getRequest())) {
                return SUCCESS;
            }
            saveAuthentication(httpMessageContext.getRequest(), httpMessageContext.getCallerPrincipal(), httpMessageContext.getGroups());
            final SavedRequest savedRequest = getRequest(httpMessageContext.getRequest());
            return httpMessageContext.redirect(savedRequest.getRequestURLWithQueryString());
        } else if (authenticationStatus.equals(SEND_FAILURE)) {
            final LoginToContinue loginToContinue = getLoginToContinue(invocationContext);
            if (!loginToContinue.errorPage().isEmpty()) {
                return httpMessageContext.redirect(toAbsoluteUrl(httpMessageContext.getRequest(), loginToContinue.errorPage()));
            }
            return authenticationStatus;
        } else {
            // SEND_CONTINUE
            return authenticationStatus;
        }
    }
    if (isOnOriginalURLAfterAuthenticate(httpMessageContext)) {
        final SavedRequest savedRequest = getRequest(httpMessageContext.getRequest());
        final SavedAuthentication savedAuthentication = getAuthentication(httpMessageContext.getRequest());
        clearRequestAndAuthentication(httpMessageContext.getRequest());
        final SavedHttpServletRequest savedHttpServletRequest = new SavedHttpServletRequest(httpMessageContext.getRequest(), savedRequest);
        return httpMessageContext.withRequest(savedHttpServletRequest).notifyContainerAboutLogin(savedAuthentication.getPrincipal(), savedAuthentication.getGroups());
    }
    return (AuthenticationStatus) invocationContext.proceed();
}
Also used : AuthenticationStatus(javax.security.enterprise.AuthenticationStatus) SavedHttpServletRequest(org.apache.tomee.security.http.SavedHttpServletRequest) LoginToContinue(javax.security.enterprise.authentication.mechanism.http.LoginToContinue) SavedAuthentication(org.apache.tomee.security.http.SavedAuthentication) SavedRequest(org.apache.tomee.security.http.SavedRequest)

Aggregations

AuthenticationStatus (javax.security.enterprise.AuthenticationStatus)1 LoginToContinue (javax.security.enterprise.authentication.mechanism.http.LoginToContinue)1 SavedAuthentication (org.apache.tomee.security.http.SavedAuthentication)1 SavedHttpServletRequest (org.apache.tomee.security.http.SavedHttpServletRequest)1 SavedRequest (org.apache.tomee.security.http.SavedRequest)1