use of org.eclipse.jetty.server.Authentication in project jetty.project by eclipse.
the class FormAuthenticator method login.
/* ------------------------------------------------------------ */
@Override
public UserIdentity login(String username, Object password, ServletRequest request) {
UserIdentity user = super.login(username, password, request);
if (user != null) {
HttpSession session = ((HttpServletRequest) request).getSession(true);
Authentication cached = new SessionAuthentication(getAuthMethod(), user, password);
session.setAttribute(SessionAuthentication.__J_AUTHENTICATED, cached);
}
return user;
}
use of org.eclipse.jetty.server.Authentication in project jetty.project by eclipse.
the class SecurityHandler method handle.
/* ------------------------------------------------------------ */
/*
* @see org.eclipse.jetty.server.Handler#handle(java.lang.String,
* javax.servlet.http.HttpServletRequest,
* javax.servlet.http.HttpServletResponse, int)
*/
@Override
public void handle(String pathInContext, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
final Response base_response = baseRequest.getResponse();
final Handler handler = getHandler();
if (handler == null)
return;
final Authenticator authenticator = _authenticator;
if (checkSecurity(baseRequest)) {
//See Servlet Spec 3.1 sec 13.6.3
if (authenticator != null)
authenticator.prepareRequest(baseRequest);
RoleInfo roleInfo = prepareConstraintInfo(pathInContext, baseRequest);
// Check data constraints
if (!checkUserDataPermissions(pathInContext, baseRequest, base_response, roleInfo)) {
if (!baseRequest.isHandled()) {
response.sendError(HttpServletResponse.SC_FORBIDDEN);
baseRequest.setHandled(true);
}
return;
}
// is Auth mandatory?
boolean isAuthMandatory = isAuthMandatory(baseRequest, base_response, roleInfo);
if (isAuthMandatory && authenticator == null) {
LOG.warn("No authenticator for: " + roleInfo);
if (!baseRequest.isHandled()) {
response.sendError(HttpServletResponse.SC_FORBIDDEN);
baseRequest.setHandled(true);
}
return;
}
// check authentication
Object previousIdentity = null;
try {
Authentication authentication = baseRequest.getAuthentication();
if (authentication == null || authentication == Authentication.NOT_CHECKED)
authentication = authenticator == null ? Authentication.UNAUTHENTICATED : authenticator.validateRequest(request, response, isAuthMandatory);
if (authentication instanceof Authentication.Wrapped) {
request = ((Authentication.Wrapped) authentication).getHttpServletRequest();
response = ((Authentication.Wrapped) authentication).getHttpServletResponse();
}
if (authentication instanceof Authentication.ResponseSent) {
baseRequest.setHandled(true);
} else if (authentication instanceof Authentication.User) {
Authentication.User userAuth = (Authentication.User) authentication;
baseRequest.setAuthentication(authentication);
if (_identityService != null)
previousIdentity = _identityService.associate(userAuth.getUserIdentity());
if (isAuthMandatory) {
boolean authorized = checkWebResourcePermissions(pathInContext, baseRequest, base_response, roleInfo, userAuth.getUserIdentity());
if (!authorized) {
response.sendError(HttpServletResponse.SC_FORBIDDEN, "!role");
baseRequest.setHandled(true);
return;
}
}
handler.handle(pathInContext, baseRequest, request, response);
if (authenticator != null)
authenticator.secureResponse(request, response, isAuthMandatory, userAuth);
} else if (authentication instanceof Authentication.Deferred) {
DeferredAuthentication deferred = (DeferredAuthentication) authentication;
baseRequest.setAuthentication(authentication);
try {
handler.handle(pathInContext, baseRequest, request, response);
} finally {
previousIdentity = deferred.getPreviousAssociation();
}
if (authenticator != null) {
Authentication auth = baseRequest.getAuthentication();
if (auth instanceof Authentication.User) {
Authentication.User userAuth = (Authentication.User) auth;
authenticator.secureResponse(request, response, isAuthMandatory, userAuth);
} else
authenticator.secureResponse(request, response, isAuthMandatory, null);
}
} else {
baseRequest.setAuthentication(authentication);
if (_identityService != null)
previousIdentity = _identityService.associate(null);
handler.handle(pathInContext, baseRequest, request, response);
if (authenticator != null)
authenticator.secureResponse(request, response, isAuthMandatory, null);
}
} catch (ServerAuthException e) {
// jaspi 3.8.3 send HTTP 500 internal server error, with message
// from AuthException
response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
} finally {
if (_identityService != null)
_identityService.disassociate(previousIdentity);
}
} else
handler.handle(pathInContext, baseRequest, request, response);
}
use of org.eclipse.jetty.server.Authentication in project blade by biezhi.
the class SecurityHandler method handle.
/* ------------------------------------------------------------ */
/*
* @see org.eclipse.jetty.server.Handler#handle(java.lang.String,
* javax.servlet.http.HttpServletRequest,
* javax.servlet.http.HttpServletResponse, int)
*/
@Override
public void handle(String pathInContext, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
final Response base_response = baseRequest.getResponse();
final Handler handler = getHandler();
if (handler == null)
return;
final Authenticator authenticator = _authenticator;
if (checkSecurity(baseRequest)) {
//See Servlet Spec 3.1 sec 13.6.3
if (authenticator != null)
authenticator.prepareRequest(baseRequest);
RoleInfo roleInfo = prepareConstraintInfo(pathInContext, baseRequest);
// Check data constraints
if (!checkUserDataPermissions(pathInContext, baseRequest, base_response, roleInfo)) {
if (!baseRequest.isHandled()) {
response.sendError(HttpServletResponse.SC_FORBIDDEN);
baseRequest.setHandled(true);
}
return;
}
// is Auth mandatory?
boolean isAuthMandatory = isAuthMandatory(baseRequest, base_response, roleInfo);
if (isAuthMandatory && authenticator == null) {
LOG.warn("No authenticator for: " + roleInfo);
if (!baseRequest.isHandled()) {
response.sendError(HttpServletResponse.SC_FORBIDDEN);
baseRequest.setHandled(true);
}
return;
}
// check authentication
Object previousIdentity = null;
try {
Authentication authentication = baseRequest.getAuthentication();
if (authentication == null || authentication == Authentication.NOT_CHECKED)
authentication = authenticator == null ? Authentication.UNAUTHENTICATED : authenticator.validateRequest(request, response, isAuthMandatory);
if (authentication instanceof Authentication.Wrapped) {
request = ((Authentication.Wrapped) authentication).getHttpServletRequest();
response = ((Authentication.Wrapped) authentication).getHttpServletResponse();
}
if (authentication instanceof Authentication.ResponseSent) {
baseRequest.setHandled(true);
} else if (authentication instanceof Authentication.User) {
Authentication.User userAuth = (Authentication.User) authentication;
baseRequest.setAuthentication(authentication);
if (_identityService != null)
previousIdentity = _identityService.associate(userAuth.getUserIdentity());
if (isAuthMandatory) {
boolean authorized = checkWebResourcePermissions(pathInContext, baseRequest, base_response, roleInfo, userAuth.getUserIdentity());
if (!authorized) {
response.sendError(HttpServletResponse.SC_FORBIDDEN, "!role");
baseRequest.setHandled(true);
return;
}
}
handler.handle(pathInContext, baseRequest, request, response);
if (authenticator != null)
authenticator.secureResponse(request, response, isAuthMandatory, userAuth);
} else if (authentication instanceof Authentication.Deferred) {
DeferredAuthentication deferred = (DeferredAuthentication) authentication;
baseRequest.setAuthentication(authentication);
try {
handler.handle(pathInContext, baseRequest, request, response);
} finally {
previousIdentity = deferred.getPreviousAssociation();
}
if (authenticator != null) {
Authentication auth = baseRequest.getAuthentication();
if (auth instanceof Authentication.User) {
Authentication.User userAuth = (Authentication.User) auth;
authenticator.secureResponse(request, response, isAuthMandatory, userAuth);
} else
authenticator.secureResponse(request, response, isAuthMandatory, null);
}
} else {
baseRequest.setAuthentication(authentication);
if (_identityService != null)
previousIdentity = _identityService.associate(null);
handler.handle(pathInContext, baseRequest, request, response);
if (authenticator != null)
authenticator.secureResponse(request, response, isAuthMandatory, null);
}
} catch (ServerAuthException e) {
// jaspi 3.8.3 send HTTP 500 internal server error, with message
// from AuthException
response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
} finally {
if (_identityService != null)
_identityService.disassociate(previousIdentity);
}
} else
handler.handle(pathInContext, baseRequest, request, response);
}
use of org.eclipse.jetty.server.Authentication in project blade by biezhi.
the class DeferredAuthentication method authenticate.
/* ------------------------------------------------------------ */
/**
* @see Deferred#authenticate(ServletRequest, ServletResponse)
*/
@Override
public Authentication authenticate(ServletRequest request, ServletResponse response) {
try {
LoginService login_service = _authenticator.getLoginService();
IdentityService identity_service = login_service.getIdentityService();
Authentication authentication = _authenticator.validateRequest(request, response, true);
if (authentication instanceof User && identity_service != null)
_previousAssociation = identity_service.associate(((User) authentication).getUserIdentity());
return authentication;
} catch (ServerAuthException e) {
LOG.debug(e);
}
return this;
}
use of org.eclipse.jetty.server.Authentication in project blade by biezhi.
the class FormAuthenticator method login.
/* ------------------------------------------------------------ */
@Override
public UserIdentity login(String username, Object password, ServletRequest request) {
UserIdentity user = super.login(username, password, request);
if (user != null) {
HttpSession session = ((HttpServletRequest) request).getSession(true);
Authentication cached = new SessionAuthentication(getAuthMethod(), user, password);
session.setAttribute(SessionAuthentication.__J_AUTHENTICATED, cached);
}
return user;
}
Aggregations