public boolean logout(HttpServletRequest servletRequest) { if (servletRequestMatches(servletRequest)) { Session session = getSession(request, false); if (session != null) { session.setPrincipal(null); session.setAuthType(null); session.removeNote(Constants.SESS_USERNAME_NOTE); session.removeNote(Constants.SESS_PASSWORD_NOTE); } return true; } return false; }
public boolean logout(HttpServletRequest request) { if (this.request != null && this.request.getRequest() == request) { Session session = getSession(this.request, false); if (session != null) { session.setPrincipal(null); session.setAuthType(null); session.removeNote(Constants.SESS_USERNAME_NOTE); session.removeNote(Constants.SESS_PASSWORD_NOTE); } return true; } return false; }
/** * Does this request match the saved one (so that it must be the redirect * we signalled after successful authentication? * * @param request The request to be verified */ protected boolean matchRequest(Request request) { // Has a session been created? Session session = request.getSessionInternal(false); if (session == null) return (false); // Is there a saved request? SavedRequest sreq = (SavedRequest) session.getNote(Constants.FORM_REQUEST_NOTE); if (sreq == null) return (false); // Is there a saved principal? if (session.getNote(Constants.FORM_PRINCIPAL_NOTE) == null) return (false); // Does the request URI match? String requestURI = request.getRequestURI(); if (requestURI == null) return (false); return (requestURI.equals(sreq.getRequestURI())); }
/** * Process form login authenticator action. * * @param request The request. * @param response The HTTP response. * @param config Web-application login configuration. * * @throws IOException If an I/O error happens sending data in the response. */ protected void processFormLogin(final Request request, final HttpServletResponse response, final LoginConfig config) throws IOException { final boolean debug = this.log.isDebugEnabled(); // get user credentials from the form final String loginName = request.getParameter(Constants.FORM_USERNAME); final String password = request.getParameter(Constants.FORM_PASSWORD); // validate the user in the realm if (debug) this.log.debug("form authenticating login name " + loginName); final Principal principal = this.context.getRealm().authenticate(loginName, password); // process authenticated user this.processAuthenticatedUser(request, response, config, principal, loginName, password, false); }
/** * Process form login authenticator action. * * @param request The request. * @param response The HTTP response. * @param config Web-application login configuration. * * @throws IOException If an I/O error happens sending data in the response. */ protected void processFormLogin(Request request, HttpServletResponse response, LoginConfig config) throws IOException { final boolean debug = this.log.isDebugEnabled(); // get user credentials from the form final String loginName = request.getParameter(Constants.FORM_USERNAME); final String password = request.getParameter(Constants.FORM_PASSWORD); // validate the user in the realm if (debug) this.log.debug("form authenticating login name " + loginName); Principal principal = this.context.getRealm().authenticate(loginName, password); // process authenticated user this.processAuthenticatedUser(request, response, config, principal, loginName, password, false); }
@Test public void test09() { // Simple SSO case String id = "0123456789"; String cookie = Constants.SINGLE_SIGN_ON_COOKIE + "=" + id; // Assert.assertEquals(cookie, CookieFilter.filter(cookie, id)); }
/** * Updates the SingleSignOnEntry to reflect the latest security * information associated with the caller. * * @param principal the <code>Principal</code> returned by the latest * call to <code>Realm.authenticate</code>. * @param authType the type of authenticator used (BASIC, CLIENT_CERT, * DIGEST or FORM) * @param username the username (if any) used for the authentication * @param password the password (if any) used for the authentication */ public void updateCredentials(Principal principal, String authType, String username, String password) { this.principal = principal; this.authType = authType; this.username = username; this.password = password; this.canReauthenticate = (Constants.BASIC_METHOD.equals(authType) || Constants.FORM_METHOD.equals(authType)); }
/** * Return the <code>Principal</code> associated with the given user name. */ protected Principal getPrincipal(String username) { return authenticate(username, new JAASCallbackHandler(this, username, null, null, null, null, null, null, null, Constants.CERT_METHOD)); }
@Test public void test09() { // Simple SSO case String id = "0123456789"; String cookie = Constants.SINGLE_SIGN_ON_COOKIE + "=" + id; Assert.assertEquals(cookie, CookieFilter.filter(cookie, id)); }
/** * Respond with a redirect to the OpenID Connect provider authorization * endpoint. * * @param request The request. * @param response The response. * * @throws IOException If an I/O error happens sending the response. */ protected void redirectToAuthorizationServer(final Request request, final HttpServletResponse response) throws IOException { final StringBuilder urlBuf = new StringBuilder(256); urlBuf.append(this.opConfig.getAuthorizationEndpoint()) .append("?scope=") .append(URLEncoder.encode("openid email", UTF8.name())) .append("&response_type=code") .append("&client_id=") .append(URLEncoder.encode(this.clientId, UTF8.name())) .append("&redirect_uri=") .append(URLEncoder.encode( this.getBaseURL(request) + Constants.FORM_ACTION, UTF8.name())) .append("&state=") .append(URLEncoder.encode( request.getSessionInternal().getIdInternal(), UTF8.name())); if (this.hostedDomain != null) urlBuf.append("&hd=").append( URLEncoder.encode(this.hostedDomain, UTF8.name())); final String url = urlBuf.toString(); if (this.log.isDebugEnabled()) this.log.debug("redirecting to " + url); response.sendRedirect(url); }
public Principal login(String username, String password, HttpServletRequest servletRequest) { Realm realm = container.getRealm(); if (realm == null) return null; Principal principal = realm.authenticate(username, password); if (principal == null) return null; if (servletRequestMatches(servletRequest)) { request.setAuthType(AUTH_TYPE); request.setUserPrincipal(principal); Session session = getSession(request, true); // Cache the authentication information in our session. if (session != null) { session.setAuthType(AUTH_TYPE); session.setPrincipal(principal); if (username != null) session.setNote(Constants.SESS_USERNAME_NOTE, username); else session.removeNote(Constants.SESS_USERNAME_NOTE); if (password != null) session.setNote(Constants.SESS_PASSWORD_NOTE, password); else session.removeNote(Constants.SESS_PASSWORD_NOTE); } } return principal; }
public Principal login(String username, String password, HttpServletRequest servletRequest) { Realm realm = container.getRealm(); if (realm == null) return null; Principal principal = realm.authenticate(username, password); if (principal != null) { if (this.request != null && this.request.getRequest() == servletRequest) { request.setAuthType("flexmessaging"); //was "flashgateway" request.setUserPrincipal(principal); Session session = getSession(request, true); // Cache the authentication information in our session, if any if (session != null) { session.setAuthType("flexmessaging"); //was "flashgateway" session.setPrincipal(principal); if (username != null) session.setNote(Constants.SESS_USERNAME_NOTE, username); else session.removeNote(Constants.SESS_USERNAME_NOTE); if (password != null) session.setNote(Constants.SESS_PASSWORD_NOTE, password); else session.removeNote(Constants.SESS_PASSWORD_NOTE); } } } return principal; }
public Principal login(String username, String password, HttpServletRequest servletRequest) { Realm realm = valve.getContainer().getRealm(); if (realm == null) return null; Principal principal = realm.authenticate(username, password); if (principal == null) return null; if (servletRequestMatches(servletRequest)) { request.setAuthType(AUTH_TYPE); request.setUserPrincipal(principal); Session session = getSession(request, true); // Cache the authentication information in our session. if (session != null) { session.setAuthType(AUTH_TYPE); session.setPrincipal(principal); if (username != null) session.setNote(Constants.SESS_USERNAME_NOTE, username); else session.removeNote(Constants.SESS_USERNAME_NOTE); if (password != null) session.setNote(Constants.SESS_PASSWORD_NOTE, password); else session.removeNote(Constants.SESS_PASSWORD_NOTE); } } return principal; }
/** * Return the <code>Principal</code> associated with the given user name. */ @Override protected Principal getPrincipal(String username) { return authenticate(username, new JAASCallbackHandler(this, username, null, null, null, null, null, null, null, Constants.CERT_METHOD)); }
/** * Return the request URI (with the corresponding query string, if any) * from the saved request so that we can redirect to it. * * @param session Our current session */ protected String savedRequestURL(Session session) { SavedRequest saved = (SavedRequest) session.getNote(Constants.FORM_REQUEST_NOTE); if (saved == null) return (null); StringBuffer sb = new StringBuffer(saved.getRequestURI()); if (saved.getQueryString() != null) { sb.append('?'); sb.append(saved.getQueryString()); } return (sb.toString()); }
public boolean authenticate(Request request, HttpServletResponse response, LoginConfig config) throws IOException { // set remote host value HostThreadLocal.set(request.getRemoteAddr()); log.trace("Authenticating user"); Principal principal = request.getUserPrincipal(); if (principal != null) { log.trace("Already authenticated '" + principal.getName() + "'"); return true; } Realm realm = context.getRealm(); Session session = request.getSessionInternal(true); String username = getUserId(request); String password = getSessionCookie(request); // Check if there is sso id as well as sessionkey if (username == null || password == null) { log.trace("Username is null or password(sessionkey) is null:fallback to form auth"); return super.authenticate(request, response, config); } principal = realm.authenticate(username, password); if (principal == null) { forwardToErrorPage(request, response, config); return false; } session.setNote(Constants.SESS_USERNAME_NOTE, username); session.setNote(Constants.SESS_PASSWORD_NOTE, password); request.setUserPrincipal(principal); register(request, response, principal, HttpServletRequest.FORM_AUTH, username, password); return true; }
@Override public void logout(final Request request) { Session session = request.getSessionInternal(false); if (session != null) { session.removeNote(Constants.FORM_PRINCIPAL_NOTE); session.removeNote(Constants.SESS_USERNAME_NOTE); session.removeNote(Constants.SESS_PASSWORD_NOTE); session.removeNote(OPENID_AUTH_NOTE); } super.logout(request); }
/** * Process re-submission of the original request after successful * authentication. * * @param request The request. * @param response The HTTP response. * * @throws IOException If an I/O error happens sending data in the response. */ protected void processOriginalRequestResubmission(final Request request, final HttpServletResponse response) throws IOException { // get the session final Session session = request.getSessionInternal(true); // get authenticated principal from the session and register it final Principal principal = (Principal) session.getNote(Constants.FORM_PRINCIPAL_NOTE); this.register(request, response, principal, this.getAuthMethod(), (String) session.getNote(Constants.SESS_USERNAME_NOTE), (String) session.getNote(Constants.SESS_PASSWORD_NOTE)); // remove unused attributes from the session session.removeNote(Constants.FORM_PRINCIPAL_NOTE); if (this.cache) { session.removeNote(Constants.SESS_USERNAME_NOTE); session.removeNote(Constants.SESS_PASSWORD_NOTE); session.removeNote(OPENID_AUTH_NOTE); } // restore the original request context if (this.log.isDebugEnabled()) this.log.debug("restoring original request context"); this.restoreRequest(request, session); }
@Override public void logout(Request request) throws ServletException { Session session = request.getSessionInternal(false); if (session != null) { session.removeNote(Constants.FORM_PRINCIPAL_NOTE); session.removeNote(Constants.SESS_USERNAME_NOTE); session.removeNote(Constants.SESS_PASSWORD_NOTE); session.removeNote(OPENID_AUTH_NOTE); } super.logout(request); }
/** * Process re-submission of the original request after successful * authentication. * * @param request The request. * @param response The HTTP response. * * @throws IOException If an I/O error happens sending data in the response. */ protected void processOriginalRequestResubmission(Request request, HttpServletResponse response) throws IOException { // get the session Session session = request.getSessionInternal(true); // get authenticated principal from the session and register it Principal principal = (Principal) session.getNote(Constants.FORM_PRINCIPAL_NOTE); this.register(request, response, principal, this.getAuthMethod(), (String) session.getNote(Constants.SESS_USERNAME_NOTE), (String) session.getNote(Constants.SESS_PASSWORD_NOTE)); // remove unused attributes from the session session.removeNote(Constants.FORM_PRINCIPAL_NOTE); if (this.cache) { session.removeNote(Constants.SESS_USERNAME_NOTE); session.removeNote(Constants.SESS_PASSWORD_NOTE); session.removeNote(OPENID_AUTH_NOTE); } // restore the original request context if (this.log.isDebugEnabled()) this.log.debug("restoring original request context"); this.restoreRequest(request, session); }
@Test public void test07() { // Simple SSO case Assert.assertEquals(Constants.SINGLE_SIGN_ON_COOKIE + "=[obfuscated]", CookieFilter.filter(Constants.SINGLE_SIGN_ON_COOKIE + "=0123456789", null)); }
/** * Save the original request information into our session. * * @param request The request to be saved * @param session The session to contain the saved information * @throws IOException */ protected void saveRequest(Request request, Session session) throws IOException { // Create and populate a SavedRequest object for this request SavedRequest saved = new SavedRequest(); Cookie cookies[] = request.getCookies(); if (cookies != null) { for (int i = 0; i < cookies.length; i++) saved.addCookie(cookies[i]); } Enumeration names = request.getHeaderNames(); while (names.hasMoreElements()) { String name = (String) names.nextElement(); Enumeration values = request.getHeaders(name); while (values.hasMoreElements()) { String value = (String) values.nextElement(); saved.addHeader(name, value); } } Enumeration locales = request.getLocales(); while (locales.hasMoreElements()) { Locale locale = (Locale) locales.nextElement(); saved.addLocale(locale); } if ("POST".equalsIgnoreCase(request.getMethod())) { ByteChunk body = new ByteChunk(); body.setLimit(request.getConnector().getMaxSavePostSize()); byte[] buffer = new byte[4096]; int bytesRead; InputStream is = request.getInputStream(); while ( (bytesRead = is.read(buffer) ) >= 0) { body.append(buffer, 0, bytesRead); } saved.setBody(body); //saved.setContentType(request.getContentType()); } saved.setMethod(request.getMethod()); saved.setQueryString(request.getQueryString()); saved.setRequestURI(request.getRequestURI()); // Stash the SavedRequest in our session for later use session.setNote(Constants.FORM_REQUEST_NOTE, saved); }
/** * Process authenticated user and redirect to the original request. * * @param request The request. * @param response The HTTP response. * @param config Web-application login configuration. * @param principal Authenticated principal, or {@code null} if * authentication was unsuccessful, in which case the method forwards to the * configured error page. * @param loginName User login name. * @param password User password. * @param openID {@code true} if OpenID authentication. * * @throws IOException If an I/O error happens sending data in the response. */ protected void processAuthenticatedUser(final Request request, final HttpServletResponse response, final LoginConfig config, final Principal principal, final String loginName, final String password, final boolean openID) throws IOException { final boolean debug = this.log.isDebugEnabled(); // check if user authenticated if (principal == null) { if (debug) this.log.debug("failed to authenticate the user in the" + " realm, forwarding to the error page"); this.forwardToErrorPage(request, response, config); return; } if (debug) this.log.debug("successfully authenticated user " + principal.getName()); // save the principal data for the original request restoration final Session session = request.getSessionInternal(true); session.setNote(Constants.FORM_PRINCIPAL_NOTE, principal); session.setNote(Constants.SESS_USERNAME_NOTE, loginName); session.setNote(Constants.SESS_PASSWORD_NOTE, password); if (openID) session.setNote(OPENID_AUTH_NOTE, Boolean.TRUE); // get saved request URL from the session String savedRequestURL = this.savedRequestURL(session); if (savedRequestURL == null) { savedRequestURL = request.getContextPath() + (this.landingPage != null ? this.landingPage : ""); if (debug) this.log.debug("no saved requested in the session, making" + " it GET " + savedRequestURL); final SavedRequest saved = new SavedRequest(); saved.setMethod("GET"); saved.setRequestURI(savedRequestURL); saved.setDecodedRequestURI(savedRequestURL); session.setNote(Constants.FORM_REQUEST_NOTE, saved); } // redirect to the original request URL if (debug) this.log.debug("redirecting to the original request URL at " + savedRequestURL); response.sendRedirect(response.encodeRedirectURL(savedRequestURL)); }
/** * Process authenticated user and redirect to the original request. * * @param request The request. * @param response The HTTP response. * @param config Web-application login configuration. * @param principal Authenticated principal, or {@code null} if * authentication was unsuccessful, in which case the method forwards to the * configured error page. * @param loginName User login name. * @param password User password. * @param openID {@code true} if OpenID authentication. * * @throws IOException If an I/O error happens sending data in the response. */ protected void processAuthenticatedUser(Request request, HttpServletResponse response, LoginConfig config, Principal principal, String loginName, String password, boolean openID) throws IOException { final boolean debug = this.log.isDebugEnabled(); // check if user authenticated if (principal == null) { if (debug) this.log.debug("failed to authenticate the user in the" + " realm, forwarding to the error page"); this.forwardToErrorPage(request, response, config); return; } if (debug) this.log.debug("successfully authenticated user " + principal.getName()); // save the principal data for the original request restoration Session session = request.getSessionInternal(true); session.setNote(Constants.FORM_PRINCIPAL_NOTE, principal); session.setNote(Constants.SESS_USERNAME_NOTE, loginName); session.setNote(Constants.SESS_PASSWORD_NOTE, password); if (openID) session.setNote(OPENID_AUTH_NOTE, Boolean.TRUE); // get saved request URL from the session String savedRequestURL = this.savedRequestURL(session); if (savedRequestURL == null) { savedRequestURL = request.getContextPath() + (this.landingPage != null ? this.landingPage : ""); if (debug) this.log.debug("no saved requested in the session, making" + " it GET " + savedRequestURL); SavedRequest saved = new SavedRequest(); saved.setMethod("GET"); saved.setRequestURI(savedRequestURL); saved.setDecodedRequestURI(savedRequestURL); session.setNote(Constants.FORM_REQUEST_NOTE, saved); } // redirect to the original request URL if (debug) this.log.debug("redirecting to the original request URL at " + savedRequestURL); response.sendRedirect(response.encodeRedirectURL(savedRequestURL)); }
/** * Return the <code>Principal</code> associated with the specified username * and digest, if there is one; otherwise return <code>null</code>. * * @param username Username of the <code>Principal</code> to look up * @param clientDigest Digest to use in authenticating this username * @param nonce Server generated nonce * @param nc Nonce count * @param cnonce Client generated nonce * @param qop Quality of protection aplied to the message * @param realmName Realm name * @param md5a2 Second MD5 digest used to calculate the digest * MD5(Method + ":" + uri) * @param authMethod The authentication scheme in use */ public Principal authenticate(String username, String clientDigest, String nonce, String nc, String cnonce, String qop, String realmName, String md5a2) { return authenticate(username, new JAASCallbackHandler(this, username, clientDigest, nonce, nc, cnonce, qop, realmName, md5a2, Constants.DIGEST_METHOD)); }
/** * Return the <code>Principal</code> associated with the specified username * and digest, if there is one; otherwise return <code>null</code>. * * @param username Username of the <code>Principal</code> to look up * @param clientDigest Digest to use in authenticating this username * @param nonce Server generated nonce * @param nc Nonce count * @param cnonce Client generated nonce * @param qop Quality of protection applied to the message * @param realmName Realm name * @param md5a2 Second MD5 digest used to calculate the digest * MD5(Method + ":" + uri) */ @Override public Principal authenticate(String username, String clientDigest, String nonce, String nc, String cnonce, String qop, String realmName, String md5a2) { return authenticate(username, new JAASCallbackHandler(this, username, clientDigest, nonce, nc, cnonce, qop, realmName, md5a2, Constants.DIGEST_METHOD)); }
