@Override public boolean isProtected() { return getWrapped().isProtected(); }
@Override public boolean isProtected() { return getWrapped().isProtected(); }
@Override public boolean isProtected() { return getWrapped().isProtected(); }
@Override public boolean isProtected() { return getWrapped().isProtected(); }
private boolean isOnProtectedURLWithStaleData(HttpMessageContext httpMessageContext) { return httpMessageContext.isProtected() && // When HttpServletRequest#authenticate is called, it counts as "mandated" authentication // which here means isProtected() is true. But we want to use HttpServletRequest#authenticate // to resume a dialog started by accessing a protected page, so therefore exclude it here. !httpMessageContext.isAuthenticationRequest() && getSavedRequest(httpMessageContext.getRequest()) != null && getSavedAuthentication(httpMessageContext.getRequest()) == null && // Some servers consider the Servlet special URL "/j_security_check" as // a protected URL !httpMessageContext.getRequest().getRequestURI().endsWith("j_security_check"); }
private boolean isOnInitialProtectedURL(HttpMessageContext httpMessageContext) { return httpMessageContext.isProtected() && // When HttpServletRequest#authenticate is called, it counts as "mandated" authentication // which here means isProtected() is true. But we want to use HttpServletRequest#authenticate // to resume a dialog started by accessing a protected page, so therefore exclude it here. !httpMessageContext.isAuthenticationRequest() && getSavedRequest(httpMessageContext.getRequest()) == null && getSavedAuthentication(httpMessageContext.getRequest()) == null && // Some servers consider the Servlet special URL "/j_security_check" as // a protected URL !httpMessageContext.getRequest().getRequestURI().endsWith("j_security_check"); }
private boolean isOnProtectedURLWithStaleData(HttpMessageContext httpMessageContext) { return httpMessageContext.isProtected() && // When HttpServletRequest#authenticate is called, it counts as "mandated" authentication // which here means isProtected() is true. But we want to use HttpServletRequest#authenticate // to resume a dialog started by accessing a protected page, so therefore exclude it here. !httpMessageContext.isAuthenticationRequest() && getSavedRequest(httpMessageContext.getRequest()) != null && getSavedAuthentication(httpMessageContext.getRequest()) == null && // Some servers consider the Servlet special URL "/j_security_check" as // a protected URL !httpMessageContext.getRequest().getRequestURI().endsWith("j_security_check"); }
private boolean isOnInitialProtectedURL(HttpMessageContext httpMessageContext) { return httpMessageContext.isProtected() && // When HttpServletRequest#authenticate is called, it counts as "mandated" authentication // which here means isProtected() is true. But we want to use HttpServletRequest#authenticate // to resume a dialog started by accessing a protected page, so therefore exclude it here. !httpMessageContext.isAuthenticationRequest() && getSavedRequest(httpMessageContext.getRequest()) == null && getSavedAuthentication(httpMessageContext.getRequest()) == null && // Some servers consider the Servlet special URL "/j_security_check" as // a protected URL !httpMessageContext.getRequest().getRequestURI().endsWith("j_security_check"); }
} else if (context.isProtected()) {
@Override public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMsgContext) throws AuthenticationException { String[] credentials = getCredentials(request); if (!isEmpty(credentials)) { IdentityStoreHandler identityStoreHandler = CDI.current().select(IdentityStoreHandler.class).get(); CredentialValidationResult result = identityStoreHandler.validate( new UsernamePasswordCredential(credentials[0], new Password(credentials[1]))); if (result.getStatus() == VALID) { return httpMsgContext.notifyContainerAboutLogin( result.getCallerPrincipal(), result.getCallerGroups()); } } if (httpMsgContext.isProtected()) { response.setHeader("WWW-Authenticate", format("Basic realm=\"%s\"", basicAuthenticationMechanismDefinition.realmName())); return httpMsgContext.responseUnauthorized(); } return httpMsgContext.doNothing(); }
@Override public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMsgContext) throws AuthenticationException { String[] credentials = getCredentials(request); if (!isEmpty(credentials)) { IdentityStoreHandler identityStoreHandler = CDI.current().select(IdentityStoreHandler.class).get(); CredentialValidationResult result = identityStoreHandler.validate( new UsernamePasswordCredential(credentials[0], new Password(credentials[1]))); if (result.getStatus() == VALID) { return httpMsgContext.notifyContainerAboutLogin( result.getCallerPrincipal(), result.getCallerGroups()); } } if (httpMsgContext.isProtected()) { response.setHeader("WWW-Authenticate", format("Basic realm=\"%s\"", basicAuthenticationMechanismDefinition.realmName())); return httpMsgContext.responseUnauthorized(); } return httpMsgContext.doNothing(); }