void logDetailedInformationAboutThisConfig(){ log.info( "Defined security parameters (depending on the modules you've loaded, not all onFinish are actually in use):" ); log.info( " security-context-factory: " + getClassName(factory) ); log.info( " session-id-manager: " + getClassName(sessionIdManager) ); log.info( " session-store: " + getClassName(sessionStore) ); log.info( " password-encoder: " + getClassName(passwordEncoder) ); log.info( " authentication-request-matcher: " + getClassName(authenticationRequestMatcher) ); log.info( " authentication-success-listener: " + getClassName(authenticationSuccessListener) ); log.info( " authentication-failure-listener: " + getClassName(authenticationFailureListener) ); }
public Session getCurrentSession(){ if ( currentSession == null ) currentSession = configuration.getSessionStore().createOrRetrieveSession(exchange, configuration.getSessionIdManager()); return currentSession; }
@PostConstruct public void readConfiguration(){ factory = loadConfiguredClass( "server.auth.security-context-factory", SecurityContextFactory.class ); sessionIdManager = loadConfiguredClass( "server.auth.session-id-manager", SessionIdManager.class ); sessionStore = loadConfiguredClass( "server.auth.session-store", SessionStore.class ); passwordEncoder = loadConfiguredClass( "server.auth.password-encoder", PasswordEncoder.class ); authenticationRequestMatcher = loadConfiguredClass( "server.auth.authentication-request-matcher", AuthenticationRequestMatcher.class ); authenticationSuccessListener = loadConfiguredClass( "server.auth.authentication-success-listener", AuthenticationSuccessListener.class ); authenticationFailureListener = loadConfiguredClass( "server.auth.authentication-failure-listener", AuthenticationFailureListener.class ); }
@Override public boolean authenticate() { authenticated = true; final Account account = performAuthentication(); if ( account == null ){ authenticated = false; getCurrentSession().setAuthenticatedAccount( account ); configuration.getAuthenticationFailureListener().onAuthenticationFailure( exchange, getCurrentSession(), currentAuthMechanism ); } else { getCurrentSession().setAuthenticatedAccount( account ); configuration.getAuthenticationSuccessListener().onAuthenticationSuccess(exchange, getCurrentSession(), currentAuthMechanism); notifySecurityEvent( LOGIN ); } updateCurrentSession(); return authenticated; }
@Override public void updateCurrentSession() { if ( currentSession != null && currentSession.hasChanged() ) { try { configuration.getSessionStore().flush( currentSession ); } finally { currentSession.flush(); } } }
void notifySecurityEvent(SecurityEventListener.SecurityEventType eventType) { for ( SecurityEventListener eventListener : configuration.getEventListeners() ) { eventListener.onEvent( eventType, exchange, getCurrentSession() ); } } }
private AuthenticationRule retrieveRuleThatEnsureRequestShouldBeAuthenticated( final HttpServerExchange exchange ) { final AuthenticationRequestMatcher authRequestMatcher = securityConfiguration.getAuthenticationRequestMatcher(); return authRequestMatcher != null && !authRequestMatcher.matches( exchange ) ? null : authenticationRuleMatcher.retrieveAuthenticationRuleForUrl( exchange.getRelativePath() ); }
@Override public Account retrieveAccountFor( String id, String password ) { final PasswordEncoder encoder = securityConfiguration.getPasswordEncoder(); final String storedPassword = retrieveUserPassword( id ); Account account = null; if ( encoder.matches( password, storedPassword ) ) { final Set<String> roles = retrieveUserRoles( id ); account = new FixedUsernameAndRolesAccount( id, roles ); } return account; }
private SecurityContext getOrCreateSecurityContext( final HttpServerExchange exchange, final AuthenticationRule rule ) { SecurityContext securityContext = (SecurityContext)exchange.getSecurityContext(); if ( securityContext == null ) { securityContext = securityConfiguration.getFactory().createSecurityContextFor(exchange, rule, securityConfiguration); exchange.setSecurityContext( securityContext ); } exchange.addExchangeCompleteListener( new SecurityContextAutoUpdater( securityContext ) ); return securityContext; }
@Override public void handleRequest(HttpServerExchange exchange) throws Exception { final SecurityContext securityContext = (SecurityContext)exchange.getSecurityContext(); final Session currentSession = securityContext.getCurrentSession(); securityConfiguration.getSessionStore().invalidateSession( currentSession ); securityContext.setCurrentSession( null ); if ( securityContext.authenticate() && !exchange.isResponseStarted() ) BodyResponseSender .response( exchange,200, "plain/text","AUTHENTICATED" ); } }
@Override public void logout() { final Session currentSession = getCurrentSession(); if ( currentSession != null ) { configuration.getSessionStore().invalidateSession( currentSession ); configuration.getSessionIdManager().expiresSessionId( exchange ); notifySecurityEvent( LOGOUT ); } }