@Override public void login(String username, String password, Request request) throws ServletException { Principal principal = doLogin(request, username, password); register(request, request.getResponse(), principal, getAuthMethod(), username, password); }
AuthenticatorProxy(Authenticator authenticator, Principal p, String authType) throws LifecycleException { this.authBase = (AuthenticatorBase) authenticator; this.principal = p; this.authType = authType == null ? RealmAdapter.PROXY_AUTH_TYPE : authType; setCache(authBase.getCache()); setContainer(authBase.getContainer()); start(); //finds sso valve and sets its value in proxy }
/** * Hook to the start and to set up the dependencies. * * @throws LifecycleException * the lifecycle exception */ @Override public void startInternal() throws LifecycleException { this.log.debug("Creating a windows authentication provider with continueContextsTimeout property set to: {}", this.continueContextsTimeout); this.auth = new WindowsAuthProviderImpl(this.continueContextsTimeout); super.startInternal(); }
@Override public void logout(HttpRequest request) throws ServletException { Session session = getSession(request); if (session != null) { session.setPrincipal(null); session.setAuthType(null); } // principal and authType set to null in the following register(request, (HttpResponse)request.getResponse(), null, null, null, null); }
/** * Attempts reauthentication to the <code>Realm</code> using * the credentials included in argument <code>entry</code>. * * @param ssoId identifier of SingleSignOn session with which the * caller is associated * @param request the request that needs to be authenticated */ protected boolean reauthenticateFromSSO(String ssoId, Request request) { if (sso == null || ssoId == null) return false; boolean reauthenticated = false; Container parent = getContainer(); if (parent != null) { Realm realm = parent.getRealm(); if (realm != null) { reauthenticated = sso.reauthenticate(ssoId, realm, request); } } if (reauthenticated) { associate(ssoId, request.getSessionInternal(true)); if (log.isDebugEnabled()) { log.debug(" Reauthenticated cached principal '" + request.getUserPrincipal().getName() + "' with auth type '" + request.getAuthType() + "'"); } } return reauthenticated; }
sessionIdGenerator.setSecureRandomAlgorithm(getSecureRandomAlgorithm()); sessionIdGenerator.setSecureRandomClass(getSecureRandomClass()); sessionIdGenerator.setSecureRandomProvider(getSecureRandomProvider());
if (requestURI.startsWith(contextPath) && requestURI.endsWith(Constants.FORM_ACTION)) { if (!authenticate(request, response, config)) { if (log.isDebugEnabled()) log.debug(" Failed authenticate() test ??" + requestURI ); getNext().invoke(request, response); return; log.debug(" Calling authenticate()"); if (!authenticate(request, response, config)) { if (log.isDebugEnabled()) { log.debug(" Failed authenticate() test"); log.debug(" Successfully passed all security constraints"); getNext().invoke(request, response);
associate(ssoId, request.getSessionInternal(true)); if (reauthenticateFromSSO(ssoId, request)) { return true; authType = getAuthMethod(); register(request, response, authorized, authType, username, null); return true;
boolean authRequired = isContinuationRequired(request); AuthConfigProvider jaspicProvider = getJaspicProvider(); if (jaspicProvider != null) { authRequired = true; log.debug(" Not subject to any constraint"); getNext().invoke(request, response); return; && HttpServletRequest.CLIENT_CERT_AUTH.equals(getAuthMethod())) { X509Certificate[] certs = getRequestCertificates(request); authRequired = certs != null && certs.length > 0; jaspicState = getJaspicState(jaspicProvider, request, response, hasAuthConstraint); if (jaspicState == null) { return; if (jaspicProvider == null && !doAuthenticate(request, response) || jaspicProvider != null && !authenticateJaspic(request, response, jaspicState, false)) { if (log.isDebugEnabled()) { log.debug(" Failed authenticate() test"); getNext().invoke(request, response); secureResponseJspic(request, response, jaspicState);
@Override protected Principal doLogin(final Request request, final String username, final String password) throws ServletException { this.log.debug("logging in: {}", username); IWindowsIdentity windowsIdentity; try { windowsIdentity = this.auth.logonUser(username, password); } catch (final Exception e) { this.log.error(e.getMessage()); this.log.trace("", e); return super.doLogin(request, username, password); } // disable guest login if (!this.allowGuestLogin && windowsIdentity.isGuest()) { this.log.warn("guest login disabled: {}", windowsIdentity.getFqn()); return super.doLogin(request, username, password); } try { this.log.debug("successfully logged in {} ({})", username, windowsIdentity.getSidString()); final GenericPrincipal genericPrincipal = this.createPrincipal(windowsIdentity); this.log.debug("roles: {}", String.join(", ", genericPrincipal.getRoles())); return genericPrincipal; } finally { windowsIdentity.dispose(); } }
/** * Register an authenticated Principal and authentication type in our * request, in the current session (if there is one), and with our * SingleSignOn valve, if there is one. Set the appropriate cookie to be * returned. * * @param request * The servlet request we are processing * @param response * The servlet response we are generating * @param principal * The authenticated Principal to be registered * @param authType * The authentication type to be registered * @param username * Username used to authenticate (if any) * @param password * Password used to authenticate (if any) */ public void register(Request request, HttpServletResponse response, Principal principal, String authType, String username, String password) { register(request, response, principal, authType, username, password, alwaysUseSession, cache); }
/** * API login. * * @param request Request we are processing * @param response Response we are creating * @param config Login configuration describing how authentication * should be performed * * @exception IOException if an input/output error occurs */ public boolean authenticate(Request request, HttpServletResponse response) throws IOException, ServletException { return authenticate(request, response, this.context.getLoginConfig()); }
public void login(Request request, String username, String password) throws ServletException { // Is there an SSO session against which we can try to reauthenticate? String ssoId = (String) request.getNote(Constants.REQ_SSOID_NOTE); if (ssoId != null) { if (log.isDebugEnabled()) log.debug("SSO Id " + ssoId + " set; attempting " + "reauthentication"); /* Try to reauthenticate using data cached by SSO. If this fails, either the original SSO logon was of DIGEST or SSL (which we can't reauthenticate ourselves because there is no cached username and password), or the realm denied the user's reauthentication for some reason. In either case we have to prompt the user for a logon */ if (reauthenticateFromSSO(ssoId, request)) return; } Realm realm = context.getRealm(); Principal principal = realm.authenticate(username, password); if (principal != null) { register(request, request.getResponseFacade(), principal, Constants.LOGIN_METHOD, username, password); } }
private boolean authenticateJaspic(Request request, Response response, JaspicState state, boolean requirePrincipal) { boolean cachedAuth = checkForCachedAuthentication(request, response, false); Subject client = new Subject(); AuthStatus authStatus; GenericPrincipal principal = getPrincipal(client); if (log.isDebugEnabled()) { log.debug("Authenticated user: " + principal); Map map = state.messageInfo.getMap(); if (map != null && map.containsKey("javax.servlet.http.registerSession")) { register(request, response, principal, "JASPIC", null, null, true, true); } else { register(request, response, principal, "JASPIC", null, null);
@Override public void logout(Request request) { AuthConfigProvider provider = getJaspicProvider(); if (provider != null) { MessageInfo messageInfo = new MessageInfoImpl(request, request.getResponse(), true); Subject client = (Subject) request.getNote(Constants.REQ_JASPIC_SUBJECT_NOTE); if (client != null) { ServerAuthContext serverAuthContext; try { ServerAuthConfig serverAuthConfig = provider.getServerAuthConfig("HttpServlet", jaspicAppContextID, CallbackHandlerImpl.getInstance()); String authContextID = serverAuthConfig.getAuthContextID(messageInfo); serverAuthContext = serverAuthConfig.getAuthContext(authContextID, null, null); serverAuthContext.cleanSubject(messageInfo, client); } catch (AuthException e) { log.debug(sm.getString("authenticator.jaspicCleanSubjectFail"), e); } } } Principal p = request.getPrincipal(); if (p instanceof TomcatPrincipal) { try { ((TomcatPrincipal) p).logout(); } catch (Throwable t) { ExceptionUtils.handleThrowable(t); log.debug(sm.getString("authenticator.tomcatPrincipalLogoutFail"), t); } } register(request, request.getResponse(), null, null, null, null); }
@Override public Container getContainer() { return authBase.getContainer(); }
/** * Attempts reauthentication to the <code>Realm</code> using * the credentials included in argument <code>entry</code>. * * @param ssoId identifier of SingleSignOn session with which the * caller is associated * @param request the request that needs to be authenticated */ protected boolean reauthenticateFromSSO(String ssoId, Request request) { if (sso == null || ssoId == null) return false; boolean reauthenticated = false; Container parent = getContainer(); if (parent != null) { Realm realm = parent.getRealm(); if (realm != null) { reauthenticated = sso.reauthenticate(ssoId, realm, request); } } if (reauthenticated) { associate(ssoId, request.getSessionInternal(true)); if (log.isDebugEnabled()) { log.debug(" Reauthenticated cached principal '" + request.getUserPrincipal().getName() + "' with auth type '" + request.getAuthType() + "'"); } } return reauthenticated; }
sessionIdGenerator.setSecureRandomAlgorithm(getSecureRandomAlgorithm()); sessionIdGenerator.setSecureRandomClass(getSecureRandomClass()); sessionIdGenerator.setSecureRandomProvider(getSecureRandomProvider());
if (requestURI.startsWith(contextPath) && requestURI.endsWith(Constants.FORM_ACTION)) { if (!authenticate(request, response, config)) { if (log.isDebugEnabled()) log.debug(" Failed authenticate() test ??" + requestURI ); getNext().invoke(request, response); return; log.debug(" Calling authenticate()"); if (!authenticate(request, response, config)) { if (log.isDebugEnabled()) { log.debug(" Failed authenticate() test"); log.debug(" Successfully passed all security constraints"); getNext().invoke(request, response);
associate(ssoId, request.getSessionInternal(true)); if (reauthenticateFromSSO(ssoId, request)) { return true; authType = getAuthMethod(); register(request, response, authorized, authType, username, null); return true;