private boolean authenticate(Credential credential, SecurityContextMapper securityContextMapper)
throws AuthException {
if (!credential.isComplete()) {
logger.debug("Failed authentication, missing or empty headers");
return false;
}
// set the authenticationId of the user that is trying to authenticate
securityContextMapper.setAuthenticationId(credential.username);
try {
return authenticator.authenticate(
credential.username,
credential.password,
authnFilterHelper.getRouter().createServerContext());
} catch (ResourceException e) {
logger.debug(
"Failed delegated authentication of {} on {}.", credential.username, queryOnResource, e);
if (e.isServerError()) { // HTTP server-side error
throw new JaspiAuthException(
"Failed delegated authentication of " + credential.username + " on " + queryOnResource,
e);
}
// authentication failed
return false;
}
}
/**
* Validates the request by checking for the presence of a pre-configured attribute in the
* ServletRequest.
*
* @param messageInfo {@inheritDoc}
* @param clientSubject {@inheritDoc}
* @param serviceSubject {@inheritDoc}
* @return {@inheritDoc}
*/
@Override
public Promise<AuthStatus, AuthenticationException> validateRequest(
MessageInfoContext messageInfo, Subject clientSubject, Subject serviceSubject) {
SecurityContextMapper securityContextMapper =
SecurityContextMapper.fromMessageInfo(messageInfo);
final JsonValue attributes =
json(messageInfo.asContext(AttributesContext.class).getAttributes());
if (attributes.isDefined(authenticationIdAttribute)
&& attributes.get(authenticationIdAttribute).isString()) {
final String authenticationId = attributes.get(authenticationIdAttribute).asString();
securityContextMapper.setAuthenticationId(authenticationId);
clientSubject
.getPrincipals()
.add(
new Principal() {
public String getName() {
return authenticationId;
}
});
return newResultPromise(SUCCESS);
} else {
return newResultPromise(SEND_FAILURE);
}
}
