use of org.graylog2.shared.security.HttpHeadersToken in project graylog2-server by Graylog2.
the class HTTPHeaderAuthenticationRealm method doGetAuthenticationInfo.
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
final HttpHeadersToken headersToken = (HttpHeadersToken) token;
final HTTPHeaderAuthConfig config = loadConfig();
if (!config.enabled()) {
LOG.debug("Skipping disabled HTTP header authentication");
return null;
}
final MultivaluedMap<String, String> headers = headersToken.getHeaders();
final Optional<String> optionalUsername = headerValue(headers, config.usernameHeader());
if (optionalUsername.isPresent()) {
final String username = optionalUsername.get().trim();
if (isBlank(username)) {
LOG.warn("Skipping request with trusted HTTP header <{}> and blank value", config.usernameHeader());
return null;
}
final String remoteAddr = headersToken.getRemoteAddr();
if (inTrustedSubnets(remoteAddr)) {
return doAuthenticate(username, config, remoteAddr);
}
LOG.warn("Request with trusted HTTP header <{}={}> received from <{}> which is not in the trusted proxies: <{}>", config.usernameHeader(), username, remoteAddr, JOINER.join(trustedProxies));
return null;
}
return null;
}
Aggregations