示例#1
0
  @Override
  public boolean authenticate(Request request, HttpServletResponse response, LoginConfig config)
      throws IOException {

    Principal principal = request.getUserPrincipal();
    if (principal != null) {
      log.info("User " + principal.getName() + " is already autenticated");
      return true;
    }

    Realm realm = request.getContext().getRealm();
    log.info("Authentication against " + realm.toString() + " realm: " + realm.getInfo());
    principal = realm.authenticate("user1", "password1");
    if (principal != null) {
      request.setUserPrincipal(principal);
      log.info("Authentication via custom valve authenticator");
      response.addHeader("valve", testparam);
      log.info(
          "Valve "
              + TestAuthenticator.class.getName()
              + " was hit and adding header parameter 'authenticated' with value "
              + testparam);
      return true;
    }
    log.warn("Login via global valve authenticator wasn't successfull");
    return false;
  }
  public Object authorize(AbstractSecurityContext context) throws Exception {

    startAuthorization(context);

    HttpGraniteContext graniteContext = (HttpGraniteContext) GraniteManager.getCurrentInstance();
    HttpServletRequest httpRequest = graniteContext.getRequest();
    Request request = getRequest(httpRequest);
    Session session = request.getSessionInternal();
    request.setAuthType(session.getAuthType());
    request.setUserPrincipal(session.getPrincipal());

    if (context.getDestination().isSecured()) {
      Principal principal = getPrincipal(httpRequest);
      if (principal == null) {
        if (httpRequest.getRequestedSessionId() != null) {
          HttpSession httpSession = httpRequest.getSession(false);
          if (httpSession == null
              || httpRequest.getRequestedSessionId().equals(httpSession.getId()))
            throw SecurityServiceException.newSessionExpiredException("Session expired");
        }
        throw SecurityServiceException.newNotLoggedInException("User not logged in");
      }

      Realm realm = getRealm(httpRequest);
      boolean accessDenied = true;
      for (String role : context.getDestination().getRoles()) {
        if (realm.hasRole(principal, role)) {
          accessDenied = false;
          break;
        }
      }
      if (accessDenied)
        throw SecurityServiceException.newAccessDeniedException("User not in required role");
    }

    try {
      return endAuthorization(context);
    } catch (InvocationTargetException e) {
      for (Throwable t = e; t != null; t = t.getCause()) {
        // Don't create a dependency to javax.ejb in SecurityService...
        if (t instanceof SecurityException
            || "javax.ejb.EJBAccessException".equals(t.getClass().getName()))
          throw SecurityServiceException.newAccessDeniedException(t.getMessage());
      }
      throw e;
    }
  }
  public void login(Object credentials) throws SecurityServiceException {
    String[] decoded = decodeBase64Credentials(credentials);

    HttpGraniteContext context = (HttpGraniteContext) GraniteManager.getCurrentInstance();
    HttpServletRequest httpRequest = context.getRequest();
    Realm realm = getRealm(httpRequest);

    Principal principal = realm.authenticate(decoded[0], decoded[1]);
    if (principal == null)
      throw SecurityServiceException.newInvalidCredentialsException("Wrong username or password");

    Request request = getRequest(httpRequest);
    request.setAuthType(AUTH_TYPE);
    request.setUserPrincipal(principal);

    Session session = request.getSessionInternal();
    session.setAuthType(AUTH_TYPE);
    session.setPrincipal(principal);
    session.setNote(Constants.SESS_USERNAME_NOTE, decoded[0]);
    session.setNote(Constants.SESS_PASSWORD_NOTE, decoded[1]);
  }