@Override
public Action inspect(AtmosphereResource r) {
final SecurityContextRepository securityContextRepository =
getSecurityContextRepository(r.getAtmosphereConfig().getServletContext());
if (securityContextRepository.containsContext(r.getRequest())) {
LOGGER.trace("Loading the security context from the session");
final HttpRequestResponseHolder requestResponse =
new HttpRequestResponseHolder(r.getRequest(), r.getResponse());
final SecurityContext securityContext =
securityContextRepository.loadContext(requestResponse);
SecurityContextHolder.setContext(securityContext);
}
return Action.CONTINUE;
}
private boolean initSession(
UserProfile user,
String password,
boolean requirePassword,
HttpServletRequest request,
HttpServletResponse response) {
Authentication auth;
try {
if (requirePassword) {
UsernamePasswordAuthenticationToken token =
new UsernamePasswordAuthenticationToken(user.getUsername(), password);
auth = authenticationManager.authenticate(token);
} else {
auth = new UsernamePasswordAuthenticationToken(user, null, user.getAuthorities());
}
context.getLogManager().loggedIn(user);
SecurityContextHolder.getContext().setAuthentication(auth);
securityContextRepository.saveContext(SecurityContextHolder.getContext(), request, response);
rememberMeServices.loginSuccess(request, response, auth);
request
.getSession()
.setAttribute("nquire-it-token", new BigInteger(260, random).toString(32));
} catch (Exception ex) {
auth = null;
}
return auth != null
&& auth.getPrincipal() != null
&& auth.getPrincipal() instanceof UserProfile;
}
@Override
public SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder) {
SecurityContext result = getContext(requestResponseHolder.getRequest());
// always load from the delegate to ensure the request/response in the holder are updated
// remember the SecurityContextRepository is used in many different locations
SecurityContext delegateResult = delegate.loadContext(requestResponseHolder);
return result == null ? delegateResult : result;
}
/**
* Saves the {@link SecurityContext} using the {@link SecurityContextRepository}
*
* @param securityContext the {@link SecurityContext} to save
* @param request the {@link HttpServletRequest} to use
*/
final void save(SecurityContext securityContext, HttpServletRequest request) {
SecurityContextRepository securityContextRepository =
WebTestUtils.getSecurityContextRepository(request);
boolean isTestRepository = securityContextRepository instanceof TestSecurityContextRepository;
if (!isTestRepository) {
securityContextRepository = new TestSecurityContextRepository(securityContextRepository);
WebTestUtils.setSecurityContextRepository(request, securityContextRepository);
}
HttpServletResponse response = new MockHttpServletResponse();
HttpRequestResponseHolder requestResponseHolder =
new HttpRequestResponseHolder(request, response);
securityContextRepository.loadContext(requestResponseHolder);
request = requestResponseHolder.getRequest();
response = requestResponseHolder.getResponse();
securityContextRepository.saveContext(securityContext, request, response);
}
@Override
public boolean containsContext(HttpServletRequest request) {
return getContext(request) != null || delegate.containsContext(request);
}
@Override
public void saveContext(
SecurityContext context, HttpServletRequest request, HttpServletResponse response) {
request.setAttribute(ATTR_NAME, context);
delegate.saveContext(context, request, response);
}
