public boolean isTryingToLogin(HttpServerExchange exchange) { return getCallbackUrlMethod().equals( exchange.getRequestMethod().toString() ) && getCallbackUrl().equals( exchange.getRelativePath() ); } }
private boolean isUrlFromAuthenticationResources( final String url ) { return authenticationEndpoints.getErrorPage().equals( url ) || authenticationEndpoints.getLoginPage().equals( url ); } }
private void sendRedirectBack(HttpServerExchange exchange) { Redirect.to(exchange, authenticationEndpoints.getSuccessPage() ); }
@Override public void load( Builder server, DeploymentContext context ) throws IOException { final boolean defaultEnabledState = config.getBoolean( "server.smart-routes.auth.enabled" ); if ( !isEmpty( authenticationEndpoints.getLoginPage() ) && config.getBoolean( "server.smart-routes.auth.login-form-enabled", defaultEnabledState ) ) context.register( authenticationEndpoints.getLoginPage(), "GET", loginHttpHandler ); if ( !isEmpty( authenticationEndpoints.getLogoutUrl() ) && config.getBoolean( "server.smart-routes.auth.logout-url-enabled", defaultEnabledState ) ) { context.register( authenticationEndpoints.getLogoutUrl(), authenticationEndpoints.getLogoutUrlMethod(), logoutHttpHandler ); } if ( !isEmpty( authenticationEndpoints.getCallbackUrl() ) && config.getBoolean( "server.smart-routes.auth.callback-url-enabled", defaultEnabledState )) { context.register( authenticationEndpoints.getCallbackUrl(), authenticationEndpoints.getCallbackUrlMethod(), authCallbackVerificationHttpHandler ); } }
@Override public void load(Undertow.Builder builder, final DeploymentContext context ) { final AuthenticationRuleMatcher ruleMatcher = createRuleMatcher(); if ( !ruleMatcher.rules().isEmpty() ) { log.info( "Configuring authentication rules..." ); configureAllAuthenticationMechanismsUsedOnTheApplication( ruleMatcher ); authenticationEndpoints.logDetailedInformationAboutThisConfig(); securityConfiguration.logDetailedInformationAboutThisConfig(); final HttpHandler rootHandler = context.rootHandler(); final AuthenticationHttpHandler authenticationHandler = new AuthenticationHttpHandler( ruleMatcher, authenticationEndpoints.getPermissionDeniedPage(), rootHandler, securityConfiguration ); context.rootHandler(authenticationHandler); } }
private boolean isPostLocation(HttpServerExchange exchange) { return exchange.getRelativePath().equals( authenticationEndpoints.getCallbackUrl() ); }
String readAndParseTemplate(){ final Map<String, Object> templateVariables = readTemplateVariables(); final String loginTemplatePage = config.getLoginTemplate(); final String template = SystemResource.readFileAsString( loginTemplatePage, "UTF-8" ); return applyVariables( template, templateVariables ); }
@Override public Credential readCredential(HttpServerExchange exchange) throws IOException { final Tuple<String,String> contentTypeAndEncoding = URL .fixContentType( exchange.getRequestHeaders().getFirst(Headers.CONTENT_TYPE ), null ); if ( Mimes.JSON.equals( contentTypeAndEncoding.getFirst() ) && formAuthConfiguration.isTryingToLogin( exchange ) ) { if ( !exchange.isBlocking() ) exchange.startBlocking(); final JSONCredentials json = jackson.objectMapper().readValue(exchange.getInputStream(), JSONCredentials.class); return new UsernameAndPasswordCredential(json.username, json.password); } return null; }
@Override public void handleRequest( HttpServerExchange exchange ) throws Exception { final SecurityContext securityContext = (SecurityContext)exchange.getSecurityContext(); if ( securityContext == null ) { exchange.setStatusCode( StatusCodes.INTERNAL_SERVER_ERROR ); exchange.getResponseSender().send( NOT_LOGGED_IN ); } else { securityContext.logout(); if ( Methods.GET.equals( exchange.getRequestMethod() ) ) Redirect.to( exchange, authenticationEndpoints.getLoginPage() ); else exchange.endExchange(); } } }
@Override public boolean matches( HttpServerExchange exchange ) { final String url = exchange.getRelativePath(); return ( authenticationEndpoints.getCallbackUrl().equals( url ) || ( !isUrlFromAuthenticationResources( url ) ) ); }
@Override public boolean sendAuthenticationChallenge(HttpServerExchange exchange, Session session) { final String newLocation = isCurrentRequestTryingToAuthenticate(exchange) ? authenticationEndpoints.getErrorPage() : authenticationEndpoints.getLoginPage(); Redirect.to(exchange, newLocation); return true; }