Example 1 with XmldbPrincipal
use of org.exist.security.XmldbPrincipal in project exist by eXist-db.
the class AbstractExistHttpServlet method authenticate.
protected Subject authenticate(HttpServletRequest request, HttpServletResponse response) throws IOException {
if (isInternalOnly() && request.getAttribute(XQueryURLRewrite.RQ_ATTR) == null) {
response.sendError(HttpServletResponse.SC_FORBIDDEN);
return null;
}
Principal principal = HttpAccount.getUserFromServletRequest(request);
if (principal != null) {
return (Subject) principal;
}
// Try to validate the principal if passed from the Servlet engine
principal = request.getUserPrincipal();
if (principal != null) {
if (XmldbPrincipal.class.isAssignableFrom(principal.getClass())) {
final String username = ((XmldbPrincipal) principal).getName();
final String password = ((XmldbPrincipal) principal).getPassword();
getLog().info("Validating Principle: {}", username);
try {
return getPool().getSecurityManager().authenticate(username, password);
} catch (final AuthenticationException e) {
getLog().info(e.getMessage());
}
}
if (principal instanceof Subject) {
return (Subject) principal;
}
}
// Secondly try basic authentication
final String auth = request.getHeader("Authorization");
if (auth == null && getDefaultUser() != null) {
return getDefaultUser();
}
return getAuthenticator().authenticate(request, response, true);
}
Also used :
XmldbPrincipal(org.exist.security.XmldbPrincipal)
AuthenticationException(org.exist.security.AuthenticationException)
Principal(java.security.Principal)
XmldbPrincipal(org.exist.security.XmldbPrincipal)
Subject(org.exist.security.Subject)
Aggregations
Principal (java.security.Principal)1
AuthenticationException (org.exist.security.AuthenticationException)1
Subject (org.exist.security.Subject)1
XmldbPrincipal (org.exist.security.XmldbPrincipal)1
