You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by ra...@apache.org on 2019/01/09 17:26:19 UTC
[tomee] 31/48: TOMEE-2365 - First step of FormAuthentication.
Forward to login page.
This is an automated email from the ASF dual-hosted git repository.
radcortez pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomee.git
commit 73f975ba6fdbe9c3c93a4f93dd6de7d746013ecd
Author: Roberto Cortez <ra...@yahoo.com>
AuthorDate: Thu Dec 27 19:09:47 2018 +0000
TOMEE-2365 - First step of FormAuthentication. Forward to login page.
---
.../security/cdi/LoginToContinueInterceptor.java | 34 +++++++++++++++++-----
.../security/http/TomEEHttpMessageContext.java | 20 +++++++++++--
2 files changed, 44 insertions(+), 10 deletions(-)
diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/LoginToContinueInterceptor.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/LoginToContinueInterceptor.java
index 98c8417..d35be0a 100644
--- a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/LoginToContinueInterceptor.java
+++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/LoginToContinueInterceptor.java
@@ -16,6 +16,8 @@
*/
package org.apache.tomee.security.cdi;
+import org.apache.tomee.security.http.LoginToContinueMechanism;
+
import javax.annotation.Priority;
import javax.interceptor.AroundInvoke;
import javax.interceptor.Interceptor;
@@ -42,21 +44,22 @@ public class LoginToContinueInterceptor {
HttpServletResponse.class,
HttpMessageContext.class
})) {
- return validateRequest((HttpMessageContext) invocationContext.getParameters()[2]);
+ return validateRequest(invocationContext);
}
return invocationContext.proceed();
}
- private AuthenticationStatus validateRequest(final HttpMessageContext httpMessageContext)
+ private AuthenticationStatus validateRequest(final InvocationContext invocationContext)
throws AuthenticationException {
+ final HttpMessageContext httpMessageContext = (HttpMessageContext) invocationContext.getParameters()[2];
clearStaleState(httpMessageContext);
if (httpMessageContext.getAuthParameters().isNewAuthentication()) {
return processCallerInitiatedAuthentication(httpMessageContext);
} else {
- return processContainerInitiatedAuthentication(httpMessageContext);
+ return processContainerInitiatedAuthentication(invocationContext, httpMessageContext);
}
}
@@ -64,14 +67,23 @@ public class LoginToContinueInterceptor {
}
- private AuthenticationStatus processCallerInitiatedAuthentication(final HttpMessageContext httpMessageContext) {
+ private AuthenticationStatus processCallerInitiatedAuthentication(
+ final HttpMessageContext httpMessageContext) {
return null;
}
- private AuthenticationStatus processContainerInitiatedAuthentication(final HttpMessageContext httpMessageContext) {
+ private AuthenticationStatus processContainerInitiatedAuthentication(
+ final InvocationContext invocationContext,
+ final HttpMessageContext httpMessageContext) {
if (isOnInitialProtectedURL(httpMessageContext)) {
- return null;
+ final LoginToContinue loginToContinue = getLoginToContinue(invocationContext);
+
+ if (loginToContinue.useForwardToLogin()) {
+ return httpMessageContext.forward(loginToContinue.loginPage());
+ } else {
+ return httpMessageContext.redirect(loginToContinue.loginPage());
+ }
}
if (isOnOnLoginPostback(httpMessageContext)) {
@@ -86,7 +98,7 @@ public class LoginToContinueInterceptor {
}
private boolean isOnInitialProtectedURL(final HttpMessageContext httpMessageContext) {
- return false;
+ return httpMessageContext.isProtected();
}
private boolean isOnOnLoginPostback(final HttpMessageContext httpMessageContext) {
@@ -96,4 +108,12 @@ public class LoginToContinueInterceptor {
private boolean isOnOriginalURLAfterAuthenticate(final HttpMessageContext httpMessageContext) {
return false;
}
+
+ private LoginToContinue getLoginToContinue(final InvocationContext invocationContext) {
+ if (invocationContext.getTarget() instanceof LoginToContinueMechanism) {
+ return ((LoginToContinueMechanism) invocationContext.getTarget()).getLoginToContinue();
+ }
+
+ throw new IllegalArgumentException();
+ }
}
diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/http/TomEEHttpMessageContext.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/http/TomEEHttpMessageContext.java
index 48a3272..4c087da 100644
--- a/tomee/tomee-security/src/main/java/org/apache/tomee/security/http/TomEEHttpMessageContext.java
+++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/http/TomEEHttpMessageContext.java
@@ -30,6 +30,7 @@ import javax.security.enterprise.CallerPrincipal;
import javax.security.enterprise.authentication.mechanism.http.AuthenticationParameters;
import javax.security.enterprise.authentication.mechanism.http.HttpMessageContext;
import javax.security.enterprise.identitystore.CredentialValidationResult;
+import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@@ -37,6 +38,7 @@ import java.security.Principal;
import java.util.Set;
import static javax.security.enterprise.AuthenticationStatus.NOT_DONE;
+import static javax.security.enterprise.AuthenticationStatus.SEND_CONTINUE;
import static javax.security.enterprise.AuthenticationStatus.SEND_FAILURE;
import static javax.security.enterprise.AuthenticationStatus.SUCCESS;
import static javax.security.enterprise.identitystore.CredentialValidationResult.Status.VALID;
@@ -94,7 +96,7 @@ public class TomEEHttpMessageContext implements HttpMessageContext {
@Override
public AuthenticationParameters getAuthParameters() {
- return null;
+ return new AuthenticationParameters();
}
@Override
@@ -140,12 +142,24 @@ public class TomEEHttpMessageContext implements HttpMessageContext {
@Override
public AuthenticationStatus redirect(final String location) {
- return null;
+ try {
+ getResponse().sendRedirect(location);
+ } catch (final IOException e) {
+ e.printStackTrace();
+ }
+
+ return SEND_CONTINUE;
}
@Override
public AuthenticationStatus forward(final String path) {
- return null;
+ try {
+ getRequest().getRequestDispatcher(path).forward(getRequest(), getResponse());
+ } catch (final ServletException | IOException e) {
+ e.printStackTrace();
+ }
+
+ return SEND_CONTINUE;
}
@Override