@Override public Session createOrRetrieveSession(HttpServerExchange exchange, SessionIdManager sessionIdManager) { final String sessionId = sessionIdManager.retrieveSessionIdFrom( exchange ); Session session = getSessionFromCache( sessionId ); if ( session == null && shouldNotStoreSession( exchange ) ) return new DefaultSession(SESSION_ID); else if ( session == null ) session = getSessionStore().createOrRetrieveSession(exchange, sessionIdManager); return session; }
@Override public void logout() { final Session currentSession = getCurrentSession(); if ( currentSession != null ) { configuration.getSessionStore().invalidateSession( currentSession ); configuration.getSessionIdManager().expiresSessionId( exchange ); notifySecurityEvent( LOGOUT ); } }
@Override public Account verify( final Credential credential ) { Account account = null; if ( credential instanceof UsernameAndPasswordCredential ) { final UsernameAndPasswordCredential passwordCredential = (UsernameAndPasswordCredential)credential; account = retrieveAccountFor( passwordCredential.getUsername(), passwordCredential.getPassword() ); } return account; }
@Override public boolean authenticate() { authenticated = true; final Account account = performAuthentication(); if ( account == null ){ authenticated = false; getCurrentSession().setAuthenticatedAccount( account ); configuration.getAuthenticationFailureListener().onAuthenticationFailure( exchange, getCurrentSession(), currentAuthMechanism ); } else { getCurrentSession().setAuthenticatedAccount( account ); configuration.getAuthenticationSuccessListener().onAuthenticationSuccess(exchange, getCurrentSession(), currentAuthMechanism); notifySecurityEvent( LOGIN ); } updateCurrentSession(); return authenticated; }
/** * Create a new {@link Session} and store it at the main storage. * * @param sessionId * @param exchange * @return */ default Session createAndStoreNewSession(String sessionId, HttpServerExchange exchange, SessionIdManager sessionIdManager ){ Session session = new DefaultSession( sessionId ); storeSession(session.getId(), session); sessionIdManager.attachSessionId(exchange, session.getId()); return session; }
@Override public Account retrieveAccountFor( String id, String password ) { if ( isValidIdAndPassword( id, password ) ) return new FixedUsernameAndRolesAccount( username(), role() ); return null; }
private Account performAuthentication() { final Iterator<AuthenticationMechanism> iterator = rule.mechanisms().iterator(); Account account = getCurrentSession().getAuthenticatedAccount(); while ( account == null && iterator.hasNext() ) { currentAuthMechanism = iterator.next(); account = currentAuthMechanism.authenticate( exchange, rule.identityManagers(), getCurrentSession() ); } return account; }
@Override public void updateCurrentSession() { if ( currentSession != null && currentSession.hasChanged() ) { try { configuration.getSessionStore().flush( currentSession ); } finally { currentSession.flush(); } } }
public AuthenticationRuleMatcher( final CDI provider, final Config authConfig, final AuthenticationEndpoints authenticationEndpoints) { this.authConfig = authConfig; this.provider = provider; mechanisms = instantiateMechanismsFoundOnConfig(); identityManagers = instantiateIdentityManagersFoundOnConfig(); securityContextFactory = instantiateSecurityContextFactory( authConfig ); rules = readRulesFromConfig(); this.authenticationEndpoints = authenticationEndpoints; }
@Override public void storeSession(String s, Session session) { if ( !session.getId().equals( SESSION_ID ) ) getSessionStore().storeSession(s, session); }
@Override public void handleRequest(final HttpServerExchange exchange) throws Exception { AuthenticationRule rule = retrieveRuleThatEnsureRequestShouldBeAuthenticated( exchange ); if ( rule == null ) rule = AuthenticationRule.EMPTY; final SecurityContext securityContext = getOrCreateSecurityContext(exchange, rule); if ( securityContext.isAuthenticated() ) next.handleRequest(exchange); else runAuthenticationInIOThread( exchange, rule, securityContext ); }
public Session getCurrentSession(){ if ( currentSession == null ) currentSession = configuration.getSessionStore().createOrRetrieveSession(exchange, configuration.getSessionIdManager()); return currentSession; }
@Override public DefaultSecurityContext createSecurityContextFor( final HttpServerExchange exchange, final AuthenticationRule rule, final SecurityConfiguration securityConfiguration ) { final boolean authenticationRequired = rule != AuthenticationRule.EMPTY && rule.authenticationRequired(); return new DefaultSecurityContext(rule, exchange, securityConfiguration, authenticationRequired); } }
void notifySecurityEvent(SecurityEventListener.SecurityEventType eventType) { for ( SecurityEventListener eventListener : configuration.getEventListeners() ) { eventListener.onEvent( eventType, exchange, getCurrentSession() ); } } }
@Override public void setAuthenticatedAccount(Account account){ if ( getCurrentSession() != null ) { getCurrentSession().setAuthenticatedAccount(account); notifySecurityEvent( PROFILE_UPDATED ); } }
@Override public Session createOrRetrieveSession( HttpServerExchange exchange, SessionIdManager sessionIdManager ) { final String sessionId = sessionIdManager.retrieveSessionIdFrom( exchange ); Session session = getSessionFromCache( sessionId ); if ( session == null ) synchronized ( cache ) { session = tryToCreateAndStoreNewSession(sessionId, exchange, sessionIdManager); } return session; }
private StringCursor getDecodedCredentialsFromHeader( HttpServerExchange exchange ) { StringCursor decodedCredentials = null; final StringCursor headerValue = getAuthenticationHeader( exchange ); if ( headerValue != null ) { final String authString = getAuthString( headerValue ); decodedCredentials = decode( authString ); } return decodedCredentials; }
public FixedUsernameAndRolesAccount( final String username, final String role ) { this( createAdminRoles( role ), new FixedUsernamePrincipal( username ) ); }
/** * Extracts the session id from the current request ({@code exchange}). * * @param exchange * @return */ default String retrieveSessionIdFrom(HttpServerExchange exchange ) { return retrieveSessionIdFrom( exchange, () -> createNewSessionId(exchange) ); }
public AuthenticationRule retrieveAuthenticationRuleForUrl( final String url ) { for ( final AuthenticationRule rule : rules ) if ( rule.matches( url ) ) return rule; return null; } }