protected void sendStartAuthentication(ServletRequest request, ServletResponse response, FilterChain chain, AuthenticationException reason) throws ServletException, IOException { HttpServletRequest httpRequest = (HttpServletRequest) request; SavedRequest savedRequest = new SavedRequest(httpRequest, portResolver); LOGGER.finer("Authentication entry point being called; SavedRequest added to Session: " + savedRequest); if (createSessionAllowed) { // Store the HTTP request itself. Used by AbstractProcessingFilter // for redirection after successful authentication (SEC-29) httpRequest.getSession().setAttribute(AbstractProcessingFilter.ACEGI_SAVED_REQUEST_KEY, savedRequest); } // SEC-112: Clear the SecurityContextHolder's Authentication, as the // existing Authentication is no longer considered valid SecurityContextHolder.getContext().setAuthentication(null); authenticationEntryPoint.commence(httpRequest, response, reason); }
/** * Called once the user logs in. Just forward to the top page. * Used only by {@link LegacySecurityRealm}. */ public void doLoginEntry( StaplerRequest req, StaplerResponse rsp ) throws IOException { if(req.getUserPrincipal()==null) { rsp.sendRedirect2("noPrincipal"); return; } // TODO fire something in SecurityListener? String from = req.getParameter("from"); if(from!=null && from.startsWith("/") && !from.equals("/loginError")) { rsp.sendRedirect2(from); // I'm bit uncomfortable letting users redirected to other sites, make sure the URL falls into this domain return; } String url = AbstractProcessingFilter.obtainFullRequestUrl(req); if(url!=null) { // if the login redirect is initiated by Acegi // this should send the user back to where s/he was from. rsp.sendRedirect2(url); return; } rsp.sendRedirect2("."); }
@Override public Authentication authenticate(HttpServletRequest req, HttpServletResponse rsp, String username, String password) throws IOException, ServletException { if (DISABLE) return null; UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password); authRequest.setDetails(authenticationDetailsSource.buildDetails(req)); try { Authentication a = Jenkins.getInstance().getSecurityRealm().getSecurityComponents().manager.authenticate(authRequest); // Authentication success LOGGER.log(FINER, "Authentication success: {0}", a); return a; } catch (AuthenticationException failed) { // Authentication failed LOGGER.log(FINER, "Authentication request for user: {0} failed: {1}", new Object[]{username,failed}); return null; } }
HttpServletResponse httpResponse = (HttpServletResponse) response; if (requiresAuthentication(httpRequest, httpResponse)) { if (logger.isDebugEnabled()) { logger.debug("Request is to process authentication"); onPreAuthentication(httpRequest, httpResponse); authResult = attemptAuthentication(httpRequest); unsuccessfulAuthentication(httpRequest, httpResponse, failed); successfulAuthentication(httpRequest, httpResponse, authResult);
public Authentication attemptAuthentication(HttpServletRequest request) throws AuthenticationException { String username = CAS_STATEFUL_IDENTIFIER; String password = request.getParameter("ticket"); if (password == null) { password = ""; } UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password); authRequest.setDetails(authenticationDetailsSource.buildDetails((HttpServletRequest) request)); return this.getAuthenticationManager().authenticate(authRequest); }
protected String determineTargetUrl(HttpServletRequest request) { // Don't attempt to obtain the url from the saved request if // alwaysUsedefaultTargetUrl is set String targetUrl = alwaysUseDefaultTargetUrl ? null : obtainFullRequestUrl(request); if (targetUrl == null) { targetUrl = getDefaultTargetUrl(); } return targetUrl; }
private void handleException(ServletRequest request, ServletResponse response, FilterChain chain, AcegiSecurityException exception) throws IOException, ServletException { if (exception instanceof AuthenticationException) { if (logger.isDebugEnabled()) { logger.debug("Authentication exception occurred; redirecting to authentication entry point", exception); } sendStartAuthentication(request, response, chain, (AuthenticationException) exception); } else if (exception instanceof AccessDeniedException) { if (authenticationTrustResolver.isAnonymous(SecurityContextHolder.getContext().getAuthentication())) { if (logger.isDebugEnabled()) { logger.debug("Access is denied (user is anonymous); redirecting to authentication entry point", exception); } sendStartAuthentication(request, response, chain, new InsufficientAuthenticationException( "Full authentication is required to access this resource")); } else { if (logger.isDebugEnabled()) { logger.debug("Access is denied (user is not anonymous); delegating to AccessDeniedHandler", exception); } accessDeniedHandler.handle(request, response, (AccessDeniedException) exception); } } }
public boolean equals(Object obj) { if (obj instanceof WebAuthenticationDetails) { WebAuthenticationDetails rhs = (WebAuthenticationDetails) obj; if ((remoteAddress == null) && (rhs.getRemoteAddress() != null)) { return false; } if ((remoteAddress != null) && (rhs.getRemoteAddress() == null)) { return false; } if (remoteAddress != null) { if (!remoteAddress.equals(rhs.getRemoteAddress())) { return false; } } if ((sessionId == null) && (rhs.getSessionId() != null)) { return false; } if ((sessionId != null) && (rhs.getSessionId() == null)) { return false; } if (sessionId != null) { if (!sessionId.equals(rhs.getSessionId())) { return false; } } return true; } return false; }
private void handleException(ServletRequest request, ServletResponse response, FilterChain chain, AcegiSecurityException exception) throws IOException, ServletException { if (exception instanceof AuthenticationException) { LOGGER.log(Level.FINER, "Authentication exception occurred; redirecting to authentication entry point", exception); sendStartAuthentication(request, response, chain, (AuthenticationException) exception); } else if (exception instanceof AccessDeniedException) { if (authenticationTrustResolver.isAnonymous(SecurityContextHolder.getContext().getAuthentication())) { LOGGER.log(Level.FINER, "Access is denied (user is anonymous); redirecting to authentication entry point", exception); sendStartAuthentication(request, response, chain, new InsufficientAuthenticationException( "Full authentication is required to access this resource",exception)); } else { LOGGER.log(Level.FINER, "Access is denied (user is not anonymous); delegating to AccessDeniedHandler", exception); accessDeniedHandler.handle(request, response, (AccessDeniedException) exception); } } }
/** * Constructor. * * <p> * NB: This constructor will cause a <code>HttpSession</code> to be created * (this is considered reasonable as all Acegi Security authentication * requests rely on <code>HttpSession</code> to store the * <code>Authentication</code> between requests * </p> * * @param request that the authentication request was received from */ public WebAuthenticationDetails(HttpServletRequest request) { this.remoteAddress = request.getRemoteAddr(); HttpSession session = request.getSession(false); this.sessionId = (session != null) ? session.getId() : null; doPopulateAdditionalInformation(request); }
handleException(request, response, chain, ex); handleException(request, response, chain, ex); handleException(request, response, chain, (AcegiSecurityException) ex.getRootCause());
auth.setDetails(authenticationDetailsSource.buildDetails(request));
/** * Called once the user logs in. Just forward to the top page. */ public void doLoginEntry(StaplerRequest req, StaplerResponse rsp) throws IOException { if (req.getUserPrincipal() == null) { rsp.sendRedirect2("noPrincipal"); return; } String from = req.getParameter("from"); if (from != null && from.startsWith("/") && !from.equals("/loginError")) { rsp.sendRedirect2(from); // I'm bit uncomfortable letting users redircted to other sites, make sure the URL falls into this domain return; } String url = AbstractProcessingFilter.obtainFullRequestUrl(req); if (url != null) { // if the login redirect is initiated by Acegi // this should send the user back to where s/he was from. rsp.sendRedirect2(url); return; } rsp.sendRedirect2("."); }
public String toString() { StringBuffer sb = new StringBuffer(); sb.append(super.toString() + ": "); sb.append("RemoteIpAddress: " + this.getRemoteAddress() + "; "); sb.append("SessionId: " + this.getSessionId()); return sb.toString(); } }
/** * Provided so that subclasses may configure what is put into the authentication request's details * property. * * @param request that an authentication request is being created for * @param authRequest the authentication request object that should have its details set */ protected void setDetails(HttpServletRequest request, UsernamePasswordAuthenticationToken authRequest) { authRequest.setDetails(authenticationDetailsSource.buildDetails(request)); } }
/** * Called once the user logs in. Just forward to the top page. */ public void doLoginEntry(StaplerRequest req, StaplerResponse rsp) throws IOException { if (req.getUserPrincipal() == null) { rsp.sendRedirect2("noPrincipal"); return; } String from = req.getParameter("from"); if (from != null && from.startsWith("/") && !from.equals("/loginError")) { rsp.sendRedirect2(from); // I'm bit uncomfortable letting users redircted to other sites, make sure the URL falls into this domain return; } String url = AbstractProcessingFilter.obtainFullRequestUrl(req); if (url != null) { // if the login redirect is initiated by Acegi // this should send the user back to where s/he was from. rsp.sendRedirect2(url); return; } rsp.sendRedirect2("."); }
protected Authentication createAuthentication(ServletRequest request) { Assert.isInstanceOf(HttpServletRequest.class, request, "ServletRequest must be an instance of HttpServletRequest"); AnonymousAuthenticationToken auth = new AnonymousAuthenticationToken(key, userAttribute.getPassword(), userAttribute.getAuthorities()); auth.setDetails(authenticationDetailsSource.buildDetails((HttpServletRequest) request)); return auth; }
/** * Called once the user logs in. Just forward to the top page. * Used only by {@link LegacySecurityRealm}. */ public void doLoginEntry( StaplerRequest req, StaplerResponse rsp ) throws IOException { if(req.getUserPrincipal()==null) { rsp.sendRedirect2("noPrincipal"); return; } // TODO fire something in SecurityListener? String from = req.getParameter("from"); if(from!=null && from.startsWith("/") && !from.equals("/loginError")) { rsp.sendRedirect2(from); // I'm bit uncomfortable letting users redirected to other sites, make sure the URL falls into this domain return; } String url = AbstractProcessingFilter.obtainFullRequestUrl(req); if(url!=null) { // if the login redirect is initiated by Acegi // this should send the user back to where s/he was from. rsp.sendRedirect2(url); return; } rsp.sendRedirect2("."); }