public Authentication register(Request request, SamlSession samlSession) { Authentication authentication = request.getAuthentication(); if (!(authentication instanceof KeycloakAuthentication)) { UserIdentity userIdentity = createIdentity(samlSession); authentication = createAuthentication(userIdentity, request); request.setAuthentication(authentication); } return authentication; }
/* * @see org.eclipse.jetty.server.Handler#handle(java.lang.String, * javax.servlet.http.HttpServletRequest, * javax.servlet.http.HttpServletResponse, int) */ @Override public void handle( String pathInContext, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { final Response base_response = baseRequest.getResponse(); final Handler handler = getHandler(); if (handler == null) return; final Authenticator authenticator = _authenticator; if (checkSecurity(baseRequest)) { // See Servlet Spec 3.1 sec 13.6.3 if (authenticator != null) authenticator.prepareRequest(baseRequest); RoleInfo roleInfo = prepareConstraintInfo(pathInContext, baseRequest); // Check data constraints if (!checkUserDataPermissions(pathInContext, baseRequest, base_response, roleInfo)) { if (!baseRequest.isHandled()) { response.sendError(HttpServletResponse.SC_FORBIDDEN); baseRequest.setHandled(true); } return; } // is Auth mandatory? boolean isAuthMandatory = isAuthMandatory(baseRequest, base_response, roleInfo); if (isAuthMandatory && authenticator == null) { LOG.warn("No authenticator for: " + roleInfo); if (!baseRequest.isHandled()) { response.sendError(HttpServletResponse.SC_FORBIDDEN); baseRequest.setHandled(true); } return; } // check authentication Object previousIdentity = null; try { Authentication authentication = baseRequest.getAuthentication(); if (authentication == null || authentication == Authentication.NOT_CHECKED) authentication = authenticator == null ? Authentication.UNAUTHENTICATED : authenticator.validateRequest(request, response, isAuthMandatory); if (authentication instanceof Authentication.Wrapped) { request = ((Authentication.Wrapped) authentication).getHttpServletRequest(); response = ((Authentication.Wrapped) authentication).getHttpServletResponse(); } if (authentication instanceof Authentication.ResponseSent) { baseRequest.setHandled(true); } else if (authentication instanceof Authentication.User) { Authentication.User userAuth = (Authentication.User) authentication; baseRequest.setAuthentication(authentication); if (_identityService != null) previousIdentity = _identityService.associate(userAuth.getUserIdentity()); if (isAuthMandatory) { boolean authorized = checkWebResourcePermissions( pathInContext, baseRequest, base_response, roleInfo, userAuth.getUserIdentity()); if (!authorized) { response.sendError(HttpServletResponse.SC_FORBIDDEN, "!role"); baseRequest.setHandled(true); return; } } handler.handle(pathInContext, baseRequest, request, response); if (authenticator != null) authenticator.secureResponse(request, response, isAuthMandatory, userAuth); } else if (authentication instanceof Authentication.Deferred) { DeferredAuthentication deferred = (DeferredAuthentication) authentication; baseRequest.setAuthentication(authentication); try { handler.handle(pathInContext, baseRequest, request, response); } finally { previousIdentity = deferred.getPreviousAssociation(); } if (authenticator != null) { Authentication auth = baseRequest.getAuthentication(); if (auth instanceof Authentication.User) { Authentication.User userAuth = (Authentication.User) auth; authenticator.secureResponse(request, response, isAuthMandatory, userAuth); } else authenticator.secureResponse(request, response, isAuthMandatory, null); } } else { baseRequest.setAuthentication(authentication); if (_identityService != null) previousIdentity = _identityService.associate(null); handler.handle(pathInContext, baseRequest, request, response); if (authenticator != null) authenticator.secureResponse(request, response, isAuthMandatory, null); } } catch (ServerAuthException e) { // jaspi 3.8.3 send HTTP 500 internal server error, with message // from AuthException response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage()); } finally { if (_identityService != null) _identityService.disassociate(previousIdentity); } } else handler.handle(pathInContext, baseRequest, request, response); }