Java Code Examples for io.undertow.security.api.SecurityContext#getAuthenticatedAccount()
The following examples show how to use
io.undertow.security.api.SecurityContext#getAuthenticatedAccount() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: HttpServletRequestImpl.java From quarkus-http with Apache License 2.0 | 5 votes |
|
@Override
public boolean isUserInRole(final String role) {
if (role == null) {
return false;
}
//according to the servlet spec this aways returns false
if (role.equals("*")) {
return false;
}
SecurityContext sc = exchange.getSecurityContext();
Account account = sc.getAuthenticatedAccount();
if (account == null) {
return false;
}
ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
if (role.equals("**")) {
Set<String> roles = servletRequestContext.getDeployment().getDeploymentInfo().getSecurityRoles();
if (!roles.contains("**")) {
return true;
}
}
final ServletChain servlet = servletRequestContext.getCurrentServlet();
final Deployment deployment = servletContext.getDeployment();
final AuthorizationManager authorizationManager = deployment.getDeploymentInfo().getAuthorizationManager();
return authorizationManager.isUserInRole(role, account, servlet.getManagedServlet().getServletInfo(), this, deployment);
}
Example 2
| Source File: HttpServletRequestImpl.java From quarkus-http with Apache License 2.0 | 5 votes |
|
@Override
public Principal getUserPrincipal() {
SecurityContext securityContext = exchange.getSecurityContext();
Principal result = null;
Account account = null;
if (securityContext != null && (account = securityContext.getAuthenticatedAccount()) != null) {
result = account.getPrincipal();
}
return result;
}
Example 3
| Source File: SingleSignOnAuthenticationMechanism.java From quarkus-http with Apache License 2.0 | 5 votes |
|
@Override
public void beforeCommit(HttpServerExchange exchange) {
SecurityContext sc = exchange.getSecurityContext();
Account account = sc.getAuthenticatedAccount();
if (account != null) {
try (SingleSignOn sso = singleSignOnManager.createSingleSignOn(account, sc.getMechanismName())) {
Session session = getSession(exchange);
registerSessionIfRequired(sso, session);
exchange.getResponseCookies().put(cookieName, new CookieImpl(cookieName, sso.getId()).setHttpOnly(httpOnly).setSecure(secure).setDomain(domain).setPath(path));
}
}
}
Example 4
| Source File: AuthenticationTestBase.java From quarkus-http with Apache License 2.0 | 5 votes |
|
protected static String getAuthenticatedUser(final HttpServerExchange exchange) {
SecurityContext context = exchange.getSecurityContext();
if (context != null) {
Account account = context.getAuthenticatedAccount();
if (account != null) {
// An account must always return a Principal otherwise it is not an Account.
return account.getPrincipal().getName();
}
}
return null;
}
Example 5
| Source File: SingleSignOnAuthenticationMechanism.java From lams with GNU General Public License v2.0 | 5 votes |
|
@Override
public StreamSinkConduit wrap(ConduitFactory<StreamSinkConduit> factory, HttpServerExchange exchange) {
SecurityContext sc = exchange.getSecurityContext();
Account account = sc.getAuthenticatedAccount();
if (account != null) {
try (SingleSignOn sso = singleSignOnManager.createSingleSignOn(account, sc.getMechanismName())) {
Session session = getSession(exchange);
registerSessionIfRequired(sso, session);
exchange.getResponseCookies().put(cookieName, new CookieImpl(cookieName, sso.getId()).setHttpOnly(httpOnly).setSecure(secure).setDomain(domain).setPath(path));
}
}
return factory.create();
}
Example 6
| Source File: HttpServletRequestImpl.java From lams with GNU General Public License v2.0 | 5 votes |
|
@Override
public boolean isUserInRole(final String role) {
if (role == null) {
return false;
}
//according to the servlet spec this aways returns false
if (role.equals("*")) {
return false;
}
SecurityContext sc = exchange.getSecurityContext();
Account account = sc.getAuthenticatedAccount();
if (account == null) {
return false;
}
ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
if (role.equals("**")) {
Set<String> roles = servletRequestContext.getDeployment().getDeploymentInfo().getSecurityRoles();
if (!roles.contains("**")) {
return true;
}
}
final ServletChain servlet = servletRequestContext.getCurrentServlet();
final Deployment deployment = servletContext.getDeployment();
final AuthorizationManager authorizationManager = deployment.getDeploymentInfo().getAuthorizationManager();
return authorizationManager.isUserInRole(role, account, servlet.getManagedServlet().getServletInfo(), this, deployment);
}
Example 7
| Source File: HttpServletRequestImpl.java From lams with GNU General Public License v2.0 | 5 votes |
|
@Override
public Principal getUserPrincipal() {
SecurityContext securityContext = exchange.getSecurityContext();
Principal result = null;
Account account = null;
if (securityContext != null && (account = securityContext.getAuthenticatedAccount()) != null) {
result = account.getPrincipal();
}
return result;
}
Example 8
| Source File: ServerSentEventConnection.java From lams with GNU General Public License v2.0 | 5 votes |
|
/**
*
* @return The account that was associated with the SSE request
*/
public Account getAccount() {
SecurityContext sc = exchange.getSecurityContext();
if (sc != null) {
return sc.getAuthenticatedAccount();
}
return null;
}
Example 9
| Source File: AsyncWebSocketHttpServerExchange.java From lams with GNU General Public License v2.0 | 5 votes |
|
@Override
public Principal getUserPrincipal() {
SecurityContext sc = exchange.getSecurityContext();
if(sc == null) {
return null;
}
Account authenticatedAccount = sc.getAuthenticatedAccount();
if(authenticatedAccount == null) {
return null;
}
return authenticatedAccount.getPrincipal();
}
Example 10
| Source File: AsyncWebSocketHttpServerExchange.java From lams with GNU General Public License v2.0 | 5 votes |
|
@Override
public boolean isUserInRole(String role) {
SecurityContext sc = exchange.getSecurityContext();
if(sc == null) {
return false;
}
Account authenticatedAccount = sc.getAuthenticatedAccount();
if(authenticatedAccount == null) {
return false;
}
return authenticatedAccount.getRoles().contains(role);
}
Example 11
| Source File: UndertowKeycloakConsumer.java From keycloak with Apache License 2.0 | 4 votes |
|
@Override
public void handleRequest(HttpServerExchange httpExchange) throws Exception {
if (shouldSkip(httpExchange.getRequestPath())) {
super.handleRequest(httpExchange);
return;
}
//perform only non-blocking operation on exchange
if (httpExchange.isInIoThread()) {
httpExchange.dispatch(this);
return;
}
OIDCUndertowHttpFacade facade = new OIDCUndertowHttpFacade(httpExchange);
KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade);
if (deployment == null || !deployment.isConfigured()) {
httpExchange.setStatusCode(StatusCodes.FORBIDDEN);
LOG.fine("deployment not configured");
return;
}
LOG.fine("executing PreAuthActionsHandler");
SessionManagementBridge bridge = new SessionManagementBridge(userSessionManagement, sessionManager);
PreAuthActionsHandler preAuth = new PreAuthActionsHandler(bridge, deploymentContext, facade);
if (preAuth.handleRequest()) return;
SecurityContext securityContext = httpExchange.getSecurityContext();
if (securityContext == null) {
securityContext = new SecurityContextImpl(httpExchange, IDENTITY_MANAGER);
}
AdapterTokenStore tokenStore = getTokenStore(httpExchange, facade, deployment, securityContext);
tokenStore.checkCurrentToken();
LOG.fine("executing AuthenticatedActionsHandler");
RequestAuthenticator authenticator = new UndertowRequestAuthenticator(facade, deployment, confidentialPort, securityContext, httpExchange, tokenStore);
AuthOutcome outcome = authenticator.authenticate();
if (outcome == AuthOutcome.AUTHENTICATED) {
LOG.fine("AUTHENTICATED");
if (httpExchange.isResponseComplete()) {
return;
}
AuthenticatedActionsHandler actions = new AuthenticatedActionsHandler(deployment, facade);
if (actions.handledRequest()) {
return;
} else {
final Account authenticatedAccount = securityContext.getAuthenticatedAccount();
if (authenticatedAccount instanceof KeycloakUndertowAccount) {
final KeycloakUndertowAccount kua = (KeycloakUndertowAccount) authenticatedAccount;
httpExchange.putAttachment(KEYCLOAK_PRINCIPAL_KEY, (KeycloakPrincipal) kua.getPrincipal());
}
Set<String> roles = Optional
.ofNullable(authenticatedAccount.getRoles())
.orElse((Set<String>) Collections.EMPTY_SET);
LOG.log(Level.FINE, "Allowed roles: {0}, current roles: {1}", new Object[] {allowedRoles, roles});
if (isRoleAllowed(roles, httpExchange)) {
super.handleRequest(httpExchange);
} else {
httpExchange.setStatusCode(StatusCodes.FORBIDDEN);
}
return;
}
}
AuthChallenge challenge = authenticator.getChallenge();
if (challenge != null) {
LOG.fine("challenge");
challenge.challenge(facade);
return;
}
httpExchange.setStatusCode(StatusCodes.FORBIDDEN);
}
