コード例 #1
0
  /* ------------------------------------------------------------ */
  public void logout(Authentication.User user) {
    LOG.debug("logout {}", user);
    LoginService login_service = getLoginService();
    if (login_service != null) {
      login_service.logout(user.getUserIdentity());
    }

    IdentityService identity_service = getIdentityService();
    if (identity_service != null) {
      // TODO recover previous from threadlocal (or similar)
      Object previous = null;
      identity_service.disassociate(previous);
    }
  }
コード例 #2
0
  /*
   * @see org.eclipse.jetty.server.Handler#handle(java.lang.String,
   *      javax.servlet.http.HttpServletRequest,
   *      javax.servlet.http.HttpServletResponse, int)
   */
  @Override
  public void handle(
      String pathInContext,
      Request baseRequest,
      HttpServletRequest request,
      HttpServletResponse response)
      throws IOException, ServletException {
    final Response base_response = baseRequest.getResponse();
    final Handler handler = getHandler();

    if (handler == null) return;

    final Authenticator authenticator = _authenticator;

    if (checkSecurity(baseRequest)) {
      // See Servlet Spec 3.1 sec 13.6.3
      if (authenticator != null) authenticator.prepareRequest(baseRequest);

      RoleInfo roleInfo = prepareConstraintInfo(pathInContext, baseRequest);

      // Check data constraints
      if (!checkUserDataPermissions(pathInContext, baseRequest, base_response, roleInfo)) {
        if (!baseRequest.isHandled()) {
          response.sendError(HttpServletResponse.SC_FORBIDDEN);
          baseRequest.setHandled(true);
        }
        return;
      }

      // is Auth mandatory?
      boolean isAuthMandatory = isAuthMandatory(baseRequest, base_response, roleInfo);

      if (isAuthMandatory && authenticator == null) {
        LOG.warn("No authenticator for: " + roleInfo);
        if (!baseRequest.isHandled()) {
          response.sendError(HttpServletResponse.SC_FORBIDDEN);
          baseRequest.setHandled(true);
        }
        return;
      }

      // check authentication
      Object previousIdentity = null;
      try {
        Authentication authentication = baseRequest.getAuthentication();
        if (authentication == null || authentication == Authentication.NOT_CHECKED)
          authentication =
              authenticator == null
                  ? Authentication.UNAUTHENTICATED
                  : authenticator.validateRequest(request, response, isAuthMandatory);

        if (authentication instanceof Authentication.Wrapped) {
          request = ((Authentication.Wrapped) authentication).getHttpServletRequest();
          response = ((Authentication.Wrapped) authentication).getHttpServletResponse();
        }

        if (authentication instanceof Authentication.ResponseSent) {
          baseRequest.setHandled(true);
        } else if (authentication instanceof Authentication.User) {
          Authentication.User userAuth = (Authentication.User) authentication;
          baseRequest.setAuthentication(authentication);
          if (_identityService != null)
            previousIdentity = _identityService.associate(userAuth.getUserIdentity());

          if (isAuthMandatory) {
            boolean authorized =
                checkWebResourcePermissions(
                    pathInContext,
                    baseRequest,
                    base_response,
                    roleInfo,
                    userAuth.getUserIdentity());
            if (!authorized) {
              response.sendError(HttpServletResponse.SC_FORBIDDEN, "!role");
              baseRequest.setHandled(true);
              return;
            }
          }

          handler.handle(pathInContext, baseRequest, request, response);
          if (authenticator != null)
            authenticator.secureResponse(request, response, isAuthMandatory, userAuth);
        } else if (authentication instanceof Authentication.Deferred) {
          DeferredAuthentication deferred = (DeferredAuthentication) authentication;
          baseRequest.setAuthentication(authentication);

          try {
            handler.handle(pathInContext, baseRequest, request, response);
          } finally {
            previousIdentity = deferred.getPreviousAssociation();
          }

          if (authenticator != null) {
            Authentication auth = baseRequest.getAuthentication();
            if (auth instanceof Authentication.User) {
              Authentication.User userAuth = (Authentication.User) auth;
              authenticator.secureResponse(request, response, isAuthMandatory, userAuth);
            } else authenticator.secureResponse(request, response, isAuthMandatory, null);
          }
        } else {
          baseRequest.setAuthentication(authentication);
          if (_identityService != null) previousIdentity = _identityService.associate(null);
          handler.handle(pathInContext, baseRequest, request, response);
          if (authenticator != null)
            authenticator.secureResponse(request, response, isAuthMandatory, null);
        }
      } catch (ServerAuthException e) {
        // jaspi 3.8.3 send HTTP 500 internal server error, with message
        // from AuthException
        response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
      } finally {
        if (_identityService != null) _identityService.disassociate(previousIdentity);
      }
    } else handler.handle(pathInContext, baseRequest, request, response);
  }