Java Code Examples for org.eclipse.jetty.server.Authentication#SEND_CONTINUE
The following examples show how to use
org.eclipse.jetty.server.Authentication#SEND_CONTINUE .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: AvaticaSpnegoAuthenticator.java From calcite-avatica with Apache License 2.0 | 6 votes |
|
/**
* Jetty has a bug in which if there is an Authorization header sent by a client which is
* not of the Negotiate type, Jetty does not send the challenge to negotiate. This works
* around that issue, forcing the challenge to be sent. Will require investigation on
* upgrade to a newer version of Jetty.
*/
Authentication sendChallengeIfNecessary(Authentication computedAuth, ServletRequest request,
ServletResponse response) throws IOException {
if (computedAuth == Authentication.UNAUTHENTICATED) {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
String header = req.getHeader(HttpHeader.AUTHORIZATION.asString());
// We have an authorization header, but it's not Negotiate
if (header != null && !header.startsWith(HttpHeader.NEGOTIATE.asString())) {
LOG.debug("Client sent Authorization header that was not for Negotiate,"
+ " sending challenge anyways.");
if (DeferredAuthentication.isDeferred(res)) {
return Authentication.UNAUTHENTICATED;
}
res.setHeader(HttpHeader.WWW_AUTHENTICATE.asString(), HttpHeader.NEGOTIATE.asString());
res.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return Authentication.SEND_CONTINUE;
}
}
return computedAuth;
}
Example 2
| Source File: SSOUserAuthenticator.java From datacollector with Apache License 2.0 | 6 votes |
|
Authentication redirectToLogin(HttpServletRequest httpReq, HttpServletResponse httpRes) throws ServerAuthException {
boolean repeatedRedirect = httpReq.getParameter(SSOConstants.REPEATED_REDIRECT_PARAM) != null;
String urlToLogin = getLoginUrl(httpReq, repeatedRedirect);
try {
LOG.debug("Redirecting to login '{}'", urlToLogin);
if (doMetaRedirectToSso) {
httpRes.setContentType("text/html");
httpRes.setStatus(HttpServletResponse.SC_OK);
httpRes.getWriter().println(String.format(HTML_META_REDIRECT, urlToLogin));
} else {
httpRes.sendRedirect(urlToLogin);
}
return Authentication.SEND_CONTINUE;
} catch (IOException ex) {
throw new ServerAuthException(Utils.format("Could not redirect to '{}': {}", urlToLogin, ex.toString(), ex));
}
}
Example 3
| Source File: SSOUserAuthenticator.java From datacollector with Apache License 2.0 | 5 votes |
|
Authentication redirectToSelf(HttpServletRequest httpReq, HttpServletResponse httpRes) throws ServerAuthException {
String authToken = httpReq.getParameter(SSOConstants.USER_AUTH_TOKEN_PARAM);
String urlWithoutToken = getRequestUrlWithoutToken(httpReq);
httpRes.setHeader(SSOConstants.X_USER_AUTH_TOKEN, authToken);
try {
LOG.debug("Redirecting to self without token '{}'", urlWithoutToken);
httpRes.sendRedirect(urlWithoutToken);
return Authentication.SEND_CONTINUE;
} catch (IOException ex) {
throw new ServerAuthException(Utils.format("Could not redirect to '{}': {}", urlWithoutToken, ex.toString(), ex));
}
}
Example 4
| Source File: FederationAuthenticator.java From cxf-fediz with Apache License 2.0 | 4 votes |
|
private Authentication handleCachedAuthentication(HttpServletRequest request, HttpServletResponse response,
HttpSession session, FedizContext fedConfig) throws IOException {
Authentication authentication =
(Authentication) session.getAttribute(SessionAuthentication.__J_AUTHENTICATED);
if (authentication != null) {
// Has authentication been revoked?
if (authentication instanceof Authentication.User
&& isTokenExpired(fedConfig, ((Authentication.User)authentication).getUserIdentity())) {
session.removeAttribute(SessionAuthentication.__J_AUTHENTICATED);
} else {
//logout
String action = request.getParameter(FederationConstants.PARAM_ACTION);
boolean logout = FederationConstants.ACTION_SIGNOUT.equals(action);
String logoutUrl = fedConfig.getLogoutURL();
String uri = request.getRequestURI();
if (uri == null) {
uri = URIUtil.SLASH;
}
String contextName = request.getSession().getServletContext().getContextPath();
if (contextName == null || contextName.isEmpty()) {
contextName = "/";
}
if (logout || logoutUrl != null && !logoutUrl.isEmpty() && uri.equals(contextName + logoutUrl)) {
session.invalidate();
FedizProcessor wfProc =
FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol());
signOutRedirectToIssuer(request, response, wfProc);
return Authentication.SEND_CONTINUE;
}
String jUri = (String)session.getAttribute(J_URI);
@SuppressWarnings("unchecked")
MultiMap<String> jPost = (MultiMap<String>)session.getAttribute(J_POST);
if (jUri != null && jPost != null) {
StringBuffer buf = request.getRequestURL();
if (request.getQueryString() != null) {
buf.append('?').append(request.getQueryString());
}
if (jUri.equals(buf.toString())) {
// This is a retry of an original POST request
// so restore method and parameters
session.removeAttribute(J_POST);
Request baseRequest = (Request)request;
// (req instanceof Request)?(Request)
// req:HttpConnection.getCurrentConnection().getRequest();
baseRequest.setMethod(HttpMethod.POST.asString());
baseRequest.setQueryParameters(jPost);
}
} else if (jUri != null) {
session.removeAttribute(J_URI);
}
return authentication;
}
}
return null;
}
Example 5
| Source File: AbstractKeycloakJettyAuthenticator.java From keycloak with Apache License 2.0 | 4 votes |
|
@Override
public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory) throws ServerAuthException {
if (log.isTraceEnabled()) {
log.trace("*** authenticate");
}
Request request = resolveRequest(req);
OIDCJettyHttpFacade facade = new OIDCJettyHttpFacade(request, (HttpServletResponse) res);
KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade);
if (deployment == null || !deployment.isConfigured()) {
log.debug("*** deployment isn't configured return false");
return Authentication.UNAUTHENTICATED;
}
PreAuthActionsHandler handler = new PreAuthActionsHandler(createSessionManagement(request), deploymentContext, facade);
if (handler.handleRequest()) {
return Authentication.SEND_SUCCESS;
}
if (!mandatory)
return new DeferredAuthentication(this);
AdapterTokenStore tokenStore = getTokenStore(request, facade, deployment);
nodesRegistrationManagement.tryRegister(deployment);
tokenStore.checkCurrentToken();
JettyRequestAuthenticator authenticator = createRequestAuthenticator(request, facade, deployment, tokenStore);
AuthOutcome outcome = authenticator.authenticate();
if (outcome == AuthOutcome.AUTHENTICATED) {
if (facade.isEnded()) {
return Authentication.SEND_SUCCESS;
}
Authentication authentication = register(request, authenticator.principal);
AuthenticatedActionsHandler authenticatedActionsHandler = new AuthenticatedActionsHandler(deployment, facade);
if (authenticatedActionsHandler.handledRequest()) {
return Authentication.SEND_SUCCESS;
}
return authentication;
}
AuthChallenge challenge = authenticator.getChallenge();
if (challenge != null) {
challenge.challenge(facade);
}
return Authentication.SEND_CONTINUE;
}
Example 6
| Source File: AbstractSamlAuthenticator.java From keycloak with Apache License 2.0 | 4 votes |
|
@Override
public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory) throws ServerAuthException {
if (log.isTraceEnabled()) {
log.trace("*** authenticate");
}
Request request = resolveRequest(req);
JettyHttpFacade facade = new JettyHttpFacade(request, (HttpServletResponse) res);
SamlDeployment deployment = deploymentContext.resolveDeployment(facade);
if (deployment == null || !deployment.isConfigured()) {
log.debug("*** deployment isn't configured return false");
return Authentication.UNAUTHENTICATED;
}
boolean isEndpoint = request.getRequestURI().substring(request.getContextPath().length()).endsWith("/saml");
if (!mandatory && !isEndpoint)
return new DeferredAuthentication(this);
JettySamlSessionStore tokenStore = getTokenStore(request, facade, deployment);
SamlAuthenticator authenticator = null;
if (isEndpoint) {
authenticator = new SamlAuthenticator(facade, deployment, tokenStore) {
@Override
protected void completeAuthentication(SamlSession account) {
}
@Override
protected SamlAuthenticationHandler createBrowserHandler(HttpFacade facade, SamlDeployment deployment, SamlSessionStore sessionStore) {
return new SamlEndpoint(facade, deployment, sessionStore);
}
};
} else {
authenticator = new SamlAuthenticator(facade, deployment, tokenStore) {
@Override
protected void completeAuthentication(SamlSession account) {
}
@Override
protected SamlAuthenticationHandler createBrowserHandler(HttpFacade facade, SamlDeployment deployment, SamlSessionStore sessionStore) {
return new BrowserHandler(facade, deployment, sessionStore);
}
};
}
AuthOutcome outcome = authenticator.authenticate();
if (outcome == AuthOutcome.AUTHENTICATED) {
if (facade.isEnded()) {
return Authentication.SEND_SUCCESS;
}
SamlSession samlSession = tokenStore.getAccount();
Authentication authentication = register(request, samlSession);
return authentication;
}
if (outcome == AuthOutcome.LOGGED_OUT) {
logoutCurrent(request);
if (deployment.getLogoutPage() != null) {
forwardToLogoutPage(request, (HttpServletResponse)res, deployment);
}
return Authentication.SEND_CONTINUE;
}
AuthChallenge challenge = authenticator.getChallenge();
if (challenge != null) {
challenge.challenge(facade);
}
return Authentication.SEND_CONTINUE;
}
