@Override
public boolean authenticate(Request request, HttpServletResponse response, LoginConfig config)
throws IOException {
Principal principal = request.getUserPrincipal();
if (principal != null) {
log.info("User " + principal.getName() + " is already autenticated");
return true;
}
Realm realm = request.getContext().getRealm();
log.info("Authentication against " + realm.toString() + " realm: " + realm.getInfo());
principal = realm.authenticate("user1", "password1");
if (principal != null) {
request.setUserPrincipal(principal);
log.info("Authentication via custom valve authenticator");
response.addHeader("valve", testparam);
log.info(
"Valve "
+ TestAuthenticator.class.getName()
+ " was hit and adding header parameter 'authenticated' with value "
+ testparam);
return true;
}
log.warn("Login via global valve authenticator wasn't successfull");
return false;
}
public Object authorize(AbstractSecurityContext context) throws Exception {
startAuthorization(context);
HttpGraniteContext graniteContext = (HttpGraniteContext) GraniteManager.getCurrentInstance();
HttpServletRequest httpRequest = graniteContext.getRequest();
Request request = getRequest(httpRequest);
Session session = request.getSessionInternal();
request.setAuthType(session.getAuthType());
request.setUserPrincipal(session.getPrincipal());
if (context.getDestination().isSecured()) {
Principal principal = getPrincipal(httpRequest);
if (principal == null) {
if (httpRequest.getRequestedSessionId() != null) {
HttpSession httpSession = httpRequest.getSession(false);
if (httpSession == null
|| httpRequest.getRequestedSessionId().equals(httpSession.getId()))
throw SecurityServiceException.newSessionExpiredException("Session expired");
}
throw SecurityServiceException.newNotLoggedInException("User not logged in");
}
Realm realm = getRealm(httpRequest);
boolean accessDenied = true;
for (String role : context.getDestination().getRoles()) {
if (realm.hasRole(principal, role)) {
accessDenied = false;
break;
}
}
if (accessDenied)
throw SecurityServiceException.newAccessDeniedException("User not in required role");
}
try {
return endAuthorization(context);
} catch (InvocationTargetException e) {
for (Throwable t = e; t != null; t = t.getCause()) {
// Don't create a dependency to javax.ejb in SecurityService...
if (t instanceof SecurityException
|| "javax.ejb.EJBAccessException".equals(t.getClass().getName()))
throw SecurityServiceException.newAccessDeniedException(t.getMessage());
}
throw e;
}
}
public void login(Object credentials) throws SecurityServiceException {
String[] decoded = decodeBase64Credentials(credentials);
HttpGraniteContext context = (HttpGraniteContext) GraniteManager.getCurrentInstance();
HttpServletRequest httpRequest = context.getRequest();
Realm realm = getRealm(httpRequest);
Principal principal = realm.authenticate(decoded[0], decoded[1]);
if (principal == null)
throw SecurityServiceException.newInvalidCredentialsException("Wrong username or password");
Request request = getRequest(httpRequest);
request.setAuthType(AUTH_TYPE);
request.setUserPrincipal(principal);
Session session = request.getSessionInternal();
session.setAuthType(AUTH_TYPE);
session.setPrincipal(principal);
session.setNote(Constants.SESS_USERNAME_NOTE, decoded[0]);
session.setNote(Constants.SESS_PASSWORD_NOTE, decoded[1]);
}
