/**
   * Register an authenticated Principal and authentication type in our request, in the current
   * session (if there is one), and with our SingleSignOn valve, if there is one. Set the
   * appropriate cookie to be returned.
   *
   * @param request The servlet request we are processing
   * @param response The servlet response we are generating
   * @param principal The authenticated Principal to be registered
   * @param authType The authentication type to be registered
   * @param username Username used to authenticate (if any)
   * @param password Password used to authenticate (if any)
   */
  protected void register(
      HttpRequest request,
      HttpResponse response,
      Principal principal,
      String authType,
      String username,
      String password) {

    if (debug >= 1) log("Authenticated '" + principal.getName() + "' with type '" + authType + "'");

    // Cache the authentication information in our request
    request.setAuthType(authType);
    request.setUserPrincipal(principal);

    // Cache the authentication information in our session, if any
    if (cache) {
      Session session = getSession(request, false);
      if (session != null) {
        session.setAuthType(authType);
        session.setPrincipal(principal);
        if (username != null) session.setNote(Constants.SESS_USERNAME_NOTE, username);
        else session.removeNote(Constants.SESS_USERNAME_NOTE);
        if (password != null) session.setNote(Constants.SESS_PASSWORD_NOTE, password);
        else session.removeNote(Constants.SESS_PASSWORD_NOTE);
      }
    }

    // Construct a cookie to be returned to the client
    if (sso == null) return;
    HttpServletRequest hreq = (HttpServletRequest) request.getRequest();
    HttpServletResponse hres = (HttpServletResponse) response.getResponse();
    String value = generateSessionId();
    Cookie cookie = new Cookie(Constants.SINGLE_SIGN_ON_COOKIE, value);
    cookie.setMaxAge(-1);
    cookie.setPath("/");
    hres.addCookie(cookie);

    // Register this principal with our SSO valve
    sso.register(value, principal, authType, username, password);
    request.setNote(Constants.REQ_SSOID_NOTE, value);
  }
Exemplo n.º 2
0
  public void login(Object credentials) throws SecurityServiceException {
    String[] decoded = decodeBase64Credentials(credentials);

    HttpGraniteContext context = (HttpGraniteContext) GraniteManager.getCurrentInstance();
    HttpServletRequest httpRequest = context.getRequest();
    Realm realm = getRealm(httpRequest);

    Principal principal = realm.authenticate(decoded[0], decoded[1]);
    if (principal == null)
      throw SecurityServiceException.newInvalidCredentialsException("Wrong username or password");

    Request request = getRequest(httpRequest);
    request.setAuthType(AUTH_TYPE);
    request.setUserPrincipal(principal);

    Session session = request.getSessionInternal();
    session.setAuthType(AUTH_TYPE);
    session.setPrincipal(principal);
    session.setNote(Constants.SESS_USERNAME_NOTE, decoded[0]);
    session.setNote(Constants.SESS_PASSWORD_NOTE, decoded[1]);
  }