@Override public void run() { try { if ( !context.isAuthenticationRequired() || ( context.authenticate() && context.isAuthenticated() ) ) { if ( !exchange.isResponseStarted() ) tryExecuteChain(); } else endCommunicationWithClient(); // UNCHECKED: It really should handle all exceptions here } catch ( final Throwable cause ) { // CHECKED handleException( cause ); } }
boolean matchesExpectedRoles() { int matchedRoles = 0; for ( String expectedRole : expectedRoles ) for ( String role : context.getAuthenticatedAccount().getRoles() ) if ( expectedRole.equals( role ) ) matchedRoles++; return matchedRoles == expectedRoles.size(); }
@Override public void handleRequest(HttpServerExchange exchange) throws Exception { final SecurityContext securityContext = (SecurityContext)exchange.getSecurityContext(); final Session currentSession = securityContext.getCurrentSession(); securityConfiguration.getSessionStore().invalidateSession( currentSession ); securityContext.setCurrentSession( null ); if ( securityContext.authenticate() && !exchange.isResponseStarted() ) BodyResponseSender .response( exchange,200, "plain/text","AUTHENTICATED" ); } }
public static SecurityContext createSecurityContext(){ final Session session = mock( Session.class ); final SecurityContext securityContext = mock( SecurityContext.class ); doReturn( session ).when( securityContext ).getCurrentSession(); return securityContext; }
void tryExecuteChain() throws Exception { if ( !context.isAuthenticated() || matchesExpectedRoles() ) next.handleRequest(exchange); else handlePermissionDenied(); }
@Override public void exchangeEvent(HttpServerExchange exchange, NextListener nextListener) { try { securityContext.updateCurrentSession(); // it should handle any exceptions here... } catch ( Throwable cause ) { log.error( "Can't update the current session: " + cause.getMessage(), cause ); } finally { nextListener.proceed(); } } }
@Override public void handleRequest( HttpServerExchange exchange ) throws Exception { final SecurityContext securityContext = (SecurityContext)exchange.getSecurityContext(); if ( securityContext == null ) { exchange.setStatusCode( StatusCodes.INTERNAL_SERVER_ERROR ); exchange.getResponseSender().send( NOT_LOGGED_IN ); } else { securityContext.logout(); if ( Methods.GET.equals( exchange.getRequestMethod() ) ) Redirect.to( exchange, authenticationEndpoints.getLoginPage() ); else exchange.endExchange(); } } }
@Override public void handleRequest( final HttpServerExchange exchange ) throws Exception { try { final SecurityContext securityContext = (SecurityContext) exchange.getSecurityContext(); final Session session = securityContext.getCurrentSession(); final Map<String, Object> templateVariables = new HashMap<>(); for ( ConfigurationHook hook : configurationHooks ) templateVariables.putAll( hook.configure( exchange, session ) ); exchange.setStatusCode( StatusCodes.OK ); exchange.getResponseHeaders().put( Headers.CONTENT_TYPE, CONTENT_HTML ); exchange.getResponseSender().send( applyVariables( getHtml(), templateVariables ) ); } catch ( Throwable cause ) { handleFailure( exchange, cause ); } }
@Override public void handleRequest(final HttpServerExchange exchange) throws Exception { AuthenticationRule rule = retrieveRuleThatEnsureRequestShouldBeAuthenticated( exchange ); if ( rule == null ) rule = AuthenticationRule.EMPTY; final SecurityContext securityContext = getOrCreateSecurityContext(exchange, rule); if ( securityContext.isAuthenticated() ) next.handleRequest(exchange); else runAuthenticationInIOThread( exchange, rule, securityContext ); }