// ~--- set methods ----------------------------------------------------
public void setAuthenticated(final String sessionId, final Principal user) {
this.sessionId = sessionId;
try {
this.securityContext = SecurityContext.getInstance(user, AccessMode.Backend);
} catch (FrameworkException ex) {
logger.log(Level.WARNING, "Could not get security context instance", ex);
}
}
/**
* Examine request and try to find a user.
*
* <p>First, check session id, then try external (OAuth) authentication, finally, check standard
* login by credentials.
*
* @param request
* @param response
* @return security context
* @throws FrameworkException
*/
@Override
public SecurityContext initializeAndExamineRequest(
final HttpServletRequest request, final HttpServletResponse response)
throws FrameworkException {
SecurityContext securityContext;
Principal user = checkSessionAuthentication(request);
if (user == null) {
user = checkExternalAuthentication(request, response);
}
if (user == null) {
user = getUser(request, true);
}
if (user == null) {
// If no user could be determined, assume frontend access
securityContext = SecurityContext.getInstance(user, request, AccessMode.Frontend);
} else {
if (user instanceof SuperUser) {
securityContext = SecurityContext.getSuperUserInstance(request);
} else {
securityContext = SecurityContext.getInstance(user, request, AccessMode.Backend);
}
}
securityContext.setAuthenticator(this);
// Check CORS settings (Cross-origin resource sharing, see
// http://en.wikipedia.org/wiki/Cross-origin_resource_sharing)
final String origin = request.getHeader("Origin");
if (!StringUtils.isBlank(origin)) {
final Services services = Services.getInstance();
response.setHeader("Access-Control-Allow-Origin", origin);
// allow cross site resource sharing (read only)
final String maxAge = services.getConfigurationValue(Services.ACCESS_CONTROL_MAX_AGE);
if (StringUtils.isNotBlank(maxAge)) {
response.setHeader("Access-Control-MaxAge", maxAge);
}
final String allowMethods =
services.getConfigurationValue(Services.ACCESS_CONTROL_ALLOW_METHODS);
if (StringUtils.isNotBlank(allowMethods)) {
response.setHeader("Access-Control-Allow-Methods", allowMethods);
}
final String allowHeaders =
services.getConfigurationValue(Services.ACCESS_CONTROL_ALLOW_HEADERS);
if (StringUtils.isNotBlank(allowHeaders)) {
response.setHeader("Access-Control-Allow-Headers", allowHeaders);
}
final String allowCredentials =
services.getConfigurationValue(Services.ACCESS_CONTROL_ALLOW_CREDENTIALS);
if (StringUtils.isNotBlank(allowCredentials)) {
response.setHeader("Access-Control-Allow-Credentials", allowCredentials);
}
final String exposeHeaders =
services.getConfigurationValue(Services.ACCESS_CONTROL_EXPOSE_HEADERS);
if (StringUtils.isNotBlank(exposeHeaders)) {
response.setHeader("Access-Control-Expose-Headers", exposeHeaders);
}
}
examined = true;
return securityContext;
}