Search in sources :

Example 1 with XmldbPrincipal

use of org.exist.security.XmldbPrincipal in project exist by eXist-db.

the class AbstractExistHttpServlet method authenticate.

protected Subject authenticate(HttpServletRequest request, HttpServletResponse response) throws IOException {
    if (isInternalOnly() && request.getAttribute(XQueryURLRewrite.RQ_ATTR) == null) {
        response.sendError(HttpServletResponse.SC_FORBIDDEN);
        return null;
    }
    Principal principal = HttpAccount.getUserFromServletRequest(request);
    if (principal != null) {
        return (Subject) principal;
    }
    // Try to validate the principal if passed from the Servlet engine
    principal = request.getUserPrincipal();
    if (principal != null) {
        if (XmldbPrincipal.class.isAssignableFrom(principal.getClass())) {
            final String username = ((XmldbPrincipal) principal).getName();
            final String password = ((XmldbPrincipal) principal).getPassword();
            getLog().info("Validating Principle: {}", username);
            try {
                return getPool().getSecurityManager().authenticate(username, password);
            } catch (final AuthenticationException e) {
                getLog().info(e.getMessage());
            }
        }
        if (principal instanceof Subject) {
            return (Subject) principal;
        }
    }
    // Secondly try basic authentication
    final String auth = request.getHeader("Authorization");
    if (auth == null && getDefaultUser() != null) {
        return getDefaultUser();
    }
    return getAuthenticator().authenticate(request, response, true);
}
Also used : XmldbPrincipal(org.exist.security.XmldbPrincipal) AuthenticationException(org.exist.security.AuthenticationException) Principal(java.security.Principal) XmldbPrincipal(org.exist.security.XmldbPrincipal) Subject(org.exist.security.Subject)

Aggregations

Principal (java.security.Principal)1 AuthenticationException (org.exist.security.AuthenticationException)1 Subject (org.exist.security.Subject)1 XmldbPrincipal (org.exist.security.XmldbPrincipal)1