Java Code Examples for org.apache.catalina.connector.Request#setUserPrincipal()

The following examples show how to use org.apache.catalina.connector.Request#setUserPrincipal() . These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may want to check out the right sidebar which shows the related API usage.
Example 1
Source Project: flex-blazeds   File: TomcatValve.java    License: Apache License 2.0 6 votes vote down vote up
private void handleMatch(Request request, Principal principal)
{
    TomcatLoginHolder.setLogin(new TomcatLoginImpl(getContainer(), request));

    // Copy over user principal and auth type values, just like in AuthenticatorBase.invoke()
    if (principal != null)
        return;

    Session session = getSession(request, false);
    if (session == null)
        return;

    principal = session.getPrincipal();
    if (principal != null) 
    {
        request.setAuthType(session.getAuthType());
        request.setUserPrincipal(principal);
    }
}
 
Example 2
Source Project: flex-blazeds   File: Tomcat7Valve.java    License: Apache License 2.0 6 votes vote down vote up
private void handleMatch(Request request, Principal principal)
{
    TomcatLoginHolder.setLogin(new TomcatLoginImpl(this, request));

    // Copy over user principal and auth type values, just like in AuthenticatorBase.invoke()
    if (principal != null)
        return;

    Session session = getSession(request, false);
    if (session == null)
        return;

    principal = session.getPrincipal();
    if (principal != null) 
    {
        request.setAuthType(session.getAuthType());
        request.setUserPrincipal(principal);
    }
}
 
Example 3
Source Project: Tomcat8-Source-Read   File: SingleSignOn.java    License: MIT License 5 votes vote down vote up
/**
 * Attempts reauthentication to the given <code>Realm</code> using
 * the credentials associated with the single sign-on session
 * identified by argument <code>ssoId</code>.
 * <p>
 * If reauthentication is successful, the <code>Principal</code> and
 * authorization type associated with the SSO session will be bound
 * to the given <code>Request</code> object via calls to
 * {@link Request#setAuthType Request.setAuthType()} and
 * {@link Request#setUserPrincipal Request.setUserPrincipal()}
 * </p>
 *
 * @param ssoId     identifier of SingleSignOn session with which the
 *                  caller is associated
 * @param realm     Realm implementation against which the caller is to
 *                  be authenticated
 * @param request   the request that needs to be authenticated
 *
 * @return  <code>true</code> if reauthentication was successful,
 *          <code>false</code> otherwise.
 */
protected boolean reauthenticate(String ssoId, Realm realm,
                                 Request request) {

    if (ssoId == null || realm == null) {
        return false;
    }

    boolean reauthenticated = false;

    SingleSignOnEntry entry = cache.get(ssoId);
    if (entry != null && entry.getCanReauthenticate()) {

        String username = entry.getUsername();
        if (username != null) {
            Principal reauthPrincipal =
                    realm.authenticate(username, entry.getPassword());
            if (reauthPrincipal != null) {
                reauthenticated = true;
                // Bind the authorization credentials to the request
                request.setAuthType(entry.getAuthType());
                request.setUserPrincipal(reauthPrincipal);
            }
        }
    }

    return reauthenticated;
}
 
Example 4
Source Project: Tomcat7.0.67   File: SingleSignOn.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Attempts reauthentication to the given <code>Realm</code> using
 * the credentials associated with the single sign-on session
 * identified by argument <code>ssoId</code>.
 * <p>
 * If reauthentication is successful, the <code>Principal</code> and
 * authorization type associated with the SSO session will be bound
 * to the given <code>Request</code> object via calls to 
 * {@link Request#setAuthType Request.setAuthType()} and 
 * {@link Request#setUserPrincipal Request.setUserPrincipal()}
 * </p>
 *
 * @param ssoId     identifier of SingleSignOn session with which the
 *                  caller is associated
 * @param realm     Realm implementation against which the caller is to
 *                  be authenticated
 * @param request   the request that needs to be authenticated
 * 
 * @return  <code>true</code> if reauthentication was successful,
 *          <code>false</code> otherwise.
 */
protected boolean reauthenticate(String ssoId, Realm realm,
                                 Request request) {

    if (ssoId == null || realm == null) {
        return false;
    }

    boolean reauthenticated = false;

    SingleSignOnEntry entry = cache.get(ssoId);
    if (entry != null && entry.getCanReauthenticate()) {
        
        String username = entry.getUsername();
        if (username != null) {
            Principal reauthPrincipal =
                    realm.authenticate(username, entry.getPassword());                
            if (reauthPrincipal != null) {                    
                reauthenticated = true;                    
                // Bind the authorization credentials to the request
                request.setAuthType(entry.getAuthType());
                request.setUserPrincipal(reauthPrincipal);
            }
        }
    }

    return reauthenticated;
}
 
Example 5
Source Project: tomcatsrc   File: SingleSignOn.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Attempts reauthentication to the given <code>Realm</code> using
 * the credentials associated with the single sign-on session
 * identified by argument <code>ssoId</code>.
 * <p>
 * If reauthentication is successful, the <code>Principal</code> and
 * authorization type associated with the SSO session will be bound
 * to the given <code>Request</code> object via calls to 
 * {@link Request#setAuthType Request.setAuthType()} and 
 * {@link Request#setUserPrincipal Request.setUserPrincipal()}
 * </p>
 *
 * @param ssoId     identifier of SingleSignOn session with which the
 *                  caller is associated
 * @param realm     Realm implementation against which the caller is to
 *                  be authenticated
 * @param request   the request that needs to be authenticated
 * 
 * @return  <code>true</code> if reauthentication was successful,
 *          <code>false</code> otherwise.
 */
protected boolean reauthenticate(String ssoId, Realm realm,
                                 Request request) {

    if (ssoId == null || realm == null) {
        return false;
    }

    boolean reauthenticated = false;

    SingleSignOnEntry entry = cache.get(ssoId);
    if (entry != null && entry.getCanReauthenticate()) {
        
        String username = entry.getUsername();
        if (username != null) {
            Principal reauthPrincipal =
                    realm.authenticate(username, entry.getPassword());                
            if (reauthPrincipal != null) {                    
                reauthenticated = true;                    
                // Bind the authorization credentials to the request
                request.setAuthType(entry.getAuthType());
                request.setUserPrincipal(reauthPrincipal);
            }
        }
    }

    return reauthenticated;
}
 
Example 6
protected void logoutInternal(Request request) {
    KeycloakSecurityContext ksc = (KeycloakSecurityContext)request.getAttribute(KeycloakSecurityContext.class.getName());
    if (ksc != null) {
        CatalinaHttpFacade facade = new OIDCCatalinaHttpFacade(request, null);
        KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade);
        if (ksc instanceof RefreshableKeycloakSecurityContext) {
            ((RefreshableKeycloakSecurityContext) ksc).logout(deployment);
        }

        AdapterTokenStore tokenStore = getTokenStore(request, facade, deployment);
        tokenStore.logout();
        request.removeAttribute(KeycloakSecurityContext.class.getName());
    }
    request.setUserPrincipal(null);
}
 
Example 7
protected void logoutInternal(Request request) {
    CatalinaHttpFacade facade = new CatalinaHttpFacade(null, request);
    SamlDeployment deployment = deploymentContext.resolveDeployment(facade);
    SamlSessionStore tokenStore = getSessionStore(request, facade, deployment);
    tokenStore.logoutAccount();
    request.setUserPrincipal(null);
}
 
Example 8
Source Project: Tomcat8-Source-Read   File: AuthenticatorBase.java    License: MIT License 4 votes vote down vote up
private boolean authenticateJaspic(Request request, Response response, JaspicState state,
        boolean requirePrincipal) {

    boolean cachedAuth = checkForCachedAuthentication(request, response, false);
    Subject client = new Subject();
    AuthStatus authStatus;
    try {
        authStatus = state.serverAuthContext.validateRequest(state.messageInfo, client, null);
    } catch (AuthException e) {
        log.debug(sm.getString("authenticator.loginFail"), e);
        return false;
    }

    request.setRequest((HttpServletRequest) state.messageInfo.getRequestMessage());
    response.setResponse((HttpServletResponse) state.messageInfo.getResponseMessage());

    if (authStatus == AuthStatus.SUCCESS) {
        GenericPrincipal principal = getPrincipal(client);
        if (log.isDebugEnabled()) {
            log.debug("Authenticated user: " + principal);
        }
        if (principal == null) {
            request.setUserPrincipal(null);
            request.setAuthType(null);
            if (requirePrincipal) {
                return false;
            }
        } else if (cachedAuth == false ||
                !principal.getUserPrincipal().equals(request.getUserPrincipal())) {
            // Skip registration if authentication credentials were
            // cached and the Principal did not change.
            @SuppressWarnings("rawtypes")// JASPIC API uses raw types
            Map map = state.messageInfo.getMap();
            if (map != null && map.containsKey("javax.servlet.http.registerSession")) {
                register(request, response, principal, "JASPIC", null, null, true, true);
            } else {
                register(request, response, principal, "JASPIC", null, null);
            }
        }
        request.setNote(Constants.REQ_JASPIC_SUBJECT_NOTE, client);
        return true;
    }
    return false;
}
 
Example 9
Source Project: Tomcat8-Source-Read   File: SingleSignOn.java    License: MIT License 4 votes vote down vote up
/**
 * Perform single-sign-on support processing for this request.
 *
 * @param request The servlet request we are processing
 * @param response The servlet response we are creating
 *
 * @exception IOException if an input/output error occurs
 * @exception ServletException if a servlet error occurs
 */
@Override
public void invoke(Request request, Response response)
    throws IOException, ServletException {

    request.removeNote(Constants.REQ_SSOID_NOTE);

    // Has a valid user already been authenticated?
    if (containerLog.isDebugEnabled()) {
        containerLog.debug(sm.getString("singleSignOn.debug.invoke", request.getRequestURI()));
    }
    if (request.getUserPrincipal() != null) {
        if (containerLog.isDebugEnabled()) {
            containerLog.debug(sm.getString("singleSignOn.debug.hasPrincipal",
                    request.getUserPrincipal().getName()));
        }
        getNext().invoke(request, response);
        return;
    }

    // Check for the single sign on cookie
    if (containerLog.isDebugEnabled()) {
        containerLog.debug(sm.getString("singleSignOn.debug.cookieCheck"));
    }
    Cookie cookie = null;
    Cookie cookies[] = request.getCookies();
    if (cookies != null) {
        for (int i = 0; i < cookies.length; i++) {
            if (Constants.SINGLE_SIGN_ON_COOKIE.equals(cookies[i].getName())) {
                cookie = cookies[i];
                break;
            }
        }
    }
    if (cookie == null) {
        if (containerLog.isDebugEnabled()) {
            containerLog.debug(sm.getString("singleSignOn.debug.cookieNotFound"));
        }
        getNext().invoke(request, response);
        return;
    }

    // Look up the cached Principal associated with this cookie value
    if (containerLog.isDebugEnabled()) {
        containerLog.debug(sm.getString("singleSignOn.debug.principalCheck",
                cookie.getValue()));
    }
    SingleSignOnEntry entry = cache.get(cookie.getValue());
    if (entry != null) {
        if (containerLog.isDebugEnabled()) {
            containerLog.debug(sm.getString("singleSignOn.debug.principalFound",
                    entry.getPrincipal() != null ? entry.getPrincipal().getName() : "",
                    entry.getAuthType()));
        }
        request.setNote(Constants.REQ_SSOID_NOTE, cookie.getValue());
        // Only set security elements if reauthentication is not required
        if (!getRequireReauthentication()) {
            request.setAuthType(entry.getAuthType());
            request.setUserPrincipal(entry.getPrincipal());
        }
    } else {
        if (containerLog.isDebugEnabled()) {
            containerLog.debug(sm.getString("singleSignOn.debug.principalNotFound",
                    cookie.getValue()));
        }
        // No need to return a valid SSO session ID
        cookie.setValue("REMOVE");
        // Age of zero will trigger removal
        cookie.setMaxAge(0);
        // Domain and path have to match the original cookie to 'replace'
        // the original cookie
        cookie.setPath("/");
        String domain = getCookieDomain();
        if (domain != null) {
            cookie.setDomain(domain);
        }
        // This is going to trigger a Set-Cookie header. While the value is
        // not security sensitive, ensure that expectations for secure and
        // httpOnly are met
        cookie.setSecure(request.isSecure());
        if (request.getServletContext().getSessionCookieConfig().isHttpOnly() ||
                request.getContext().getUseHttpOnly()) {
            cookie.setHttpOnly(true);
        }

        response.addCookie(cookie);
    }

    // Invoke the next Valve in our pipeline
    getNext().invoke(request, response);
}
 
Example 10
Source Project: Tomcat7.0.67   File: SingleSignOn.java    License: Apache License 2.0 4 votes vote down vote up
/**
 * Perform single-sign-on support processing for this request.
 *
 * @param request The servlet request we are processing
 * @param response The servlet response we are creating
 *
 * @exception IOException if an input/output error occurs
 * @exception ServletException if a servlet error occurs
 */
@Override
public void invoke(Request request, Response response)
    throws IOException, ServletException {

    request.removeNote(Constants.REQ_SSOID_NOTE);

    // Has a valid user already been authenticated?
    if (containerLog.isDebugEnabled()) {
        containerLog.debug(sm.getString("singleSignOn.debug.invoke", request.getRequestURI()));
    }
    if (request.getUserPrincipal() != null) {
        if (containerLog.isDebugEnabled()) {
            containerLog.debug(sm.getString("singleSignOn.debug.hasPrincipal",
                    request.getUserPrincipal().getName()));
        }
        getNext().invoke(request, response);
        return;
    }

    // Check for the single sign on cookie
    if (containerLog.isDebugEnabled()) {
        containerLog.debug(sm.getString("singleSignOn.debug.cookieCheck"));
    }
    Cookie cookie = null;
    Cookie cookies[] = request.getCookies();
    if (cookies != null) {
        for (int i = 0; i < cookies.length; i++) {
            if (Constants.SINGLE_SIGN_ON_COOKIE.equals(cookies[i].getName())) {
                cookie = cookies[i];
                break;
            }
        }
    }
    if (cookie == null) {
        if (containerLog.isDebugEnabled()) {
            containerLog.debug(sm.getString("singleSignOn.debug.cookieNotFound"));
        }
        getNext().invoke(request, response);
        return;
    }

    // Look up the cached Principal associated with this cookie value
    if (containerLog.isDebugEnabled()) {
        containerLog.debug(sm.getString("singleSignOn.debug.principalCheck",
                cookie.getValue()));
    }
    SingleSignOnEntry entry = cache.get(cookie.getValue());
    if (entry != null) {
        if (containerLog.isDebugEnabled()) {
            containerLog.debug(sm.getString("singleSignOn.debug.principalFound",
                    entry.getPrincipal() != null ? entry.getPrincipal().getName() : "",
                    entry.getAuthType()));
        }
        request.setNote(Constants.REQ_SSOID_NOTE, cookie.getValue());
        // Only set security elements if reauthentication is not required
        if (!getRequireReauthentication()) {
            request.setAuthType(entry.getAuthType());
            request.setUserPrincipal(entry.getPrincipal());
        }
    } else {
        if (containerLog.isDebugEnabled()) {
            containerLog.debug(sm.getString("singleSignOn.debug.principalNotFound",
                    cookie.getValue()));
        }
        // No need to return a valid SSO session ID
        cookie.setValue("REMOVE");
        // Age of zero will trigger removal
        cookie.setMaxAge(0);
        // Domain and path have to match the original cookie to 'replace'
        // the original cookie
        cookie.setPath("/");
        String domain = getCookieDomain();
        if (domain != null) {
            cookie.setDomain(domain);
        }
        // This is going to trigger a Set-Cookie header. While the value is
        // not security sensitive, ensure that expectations for secure and
        // httpOnly are met
        cookie.setSecure(request.isSecure());
        if (request.getServletContext().getSessionCookieConfig().isHttpOnly() ||
                request.getContext().getUseHttpOnly()) {
            cookie.setHttpOnly(true);
        }

        response.addCookie(cookie);
    }

    // Invoke the next Valve in our pipeline
    getNext().invoke(request, response);
}
 
Example 11
Source Project: tomcatsrc   File: SingleSignOn.java    License: Apache License 2.0 4 votes vote down vote up
/**
 * Perform single-sign-on support processing for this request.
 *
 * @param request The servlet request we are processing
 * @param response The servlet response we are creating
 *
 * @exception IOException if an input/output error occurs
 * @exception ServletException if a servlet error occurs
 */
@Override
public void invoke(Request request, Response response)
    throws IOException, ServletException {

    request.removeNote(Constants.REQ_SSOID_NOTE);

    // Has a valid user already been authenticated?
    if (containerLog.isDebugEnabled()) {
        containerLog.debug(sm.getString("singleSignOn.debug.invoke", request.getRequestURI()));
    }
    if (request.getUserPrincipal() != null) {
        if (containerLog.isDebugEnabled()) {
            containerLog.debug(sm.getString("singleSignOn.debug.hasPrincipal",
                    request.getUserPrincipal().getName()));
        }
        getNext().invoke(request, response);
        return;
    }

    // Check for the single sign on cookie
    if (containerLog.isDebugEnabled()) {
        containerLog.debug(sm.getString("singleSignOn.debug.cookieCheck"));
    }
    Cookie cookie = null;
    Cookie cookies[] = request.getCookies();
    if (cookies != null) {
        for (int i = 0; i < cookies.length; i++) {
            if (Constants.SINGLE_SIGN_ON_COOKIE.equals(cookies[i].getName())) {
                cookie = cookies[i];
                break;
            }
        }
    }
    if (cookie == null) {
        if (containerLog.isDebugEnabled()) {
            containerLog.debug(sm.getString("singleSignOn.debug.cookieNotFound"));
        }
        getNext().invoke(request, response);
        return;
    }

    // Look up the cached Principal associated with this cookie value
    if (containerLog.isDebugEnabled()) {
        containerLog.debug(sm.getString("singleSignOn.debug.principalCheck",
                cookie.getValue()));
    }
    SingleSignOnEntry entry = cache.get(cookie.getValue());
    if (entry != null) {
        if (containerLog.isDebugEnabled()) {
            containerLog.debug(sm.getString("singleSignOn.debug.principalFound",
                    entry.getPrincipal() != null ? entry.getPrincipal().getName() : "",
                    entry.getAuthType()));
        }
        request.setNote(Constants.REQ_SSOID_NOTE, cookie.getValue());
        // Only set security elements if reauthentication is not required
        if (!getRequireReauthentication()) {
            request.setAuthType(entry.getAuthType());
            request.setUserPrincipal(entry.getPrincipal());
        }
    } else {
        if (containerLog.isDebugEnabled()) {
            containerLog.debug(sm.getString("singleSignOn.debug.principalNotFound",
                    cookie.getValue()));
        }
        // No need to return a valid SSO session ID
        cookie.setValue("REMOVE");
        // Age of zero will trigger removal
        cookie.setMaxAge(0);
        // Domain and path have to match the original cookie to 'replace'
        // the original cookie
        cookie.setPath("/");
        String domain = getCookieDomain();
        if (domain != null) {
            cookie.setDomain(domain);
        }
        // This is going to trigger a Set-Cookie header. While the value is
        // not security sensitive, ensure that expectations for secure and
        // httpOnly are met
        cookie.setSecure(request.isSecure());
        if (request.getServletContext().getSessionCookieConfig().isHttpOnly() ||
                request.getContext().getUseHttpOnly()) {
            cookie.setHttpOnly(true);
        }

        response.addCookie(cookie);
    }

    // Invoke the next Valve in our pipeline
    getNext().invoke(request, response);
}