This is an automated email from the ASF dual-hosted git repository. radcortez pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomee.git
commit 73f975ba6fdbe9c3c93a4f93dd6de7d746013ecd Author: Roberto Cortez <[email protected]> AuthorDate: Thu Dec 27 19:09:47 2018 +0000 TOMEE-2365 - First step of FormAuthentication. Forward to login page. --- .../security/cdi/LoginToContinueInterceptor.java | 34 +++++++++++++++++----- .../security/http/TomEEHttpMessageContext.java | 20 +++++++++++-- 2 files changed, 44 insertions(+), 10 deletions(-) diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/LoginToContinueInterceptor.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/LoginToContinueInterceptor.java index 98c8417..d35be0a 100644 --- a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/LoginToContinueInterceptor.java +++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/LoginToContinueInterceptor.java @@ -16,6 +16,8 @@ */ package org.apache.tomee.security.cdi; +import org.apache.tomee.security.http.LoginToContinueMechanism; + import javax.annotation.Priority; import javax.interceptor.AroundInvoke; import javax.interceptor.Interceptor; @@ -42,21 +44,22 @@ public class LoginToContinueInterceptor { HttpServletResponse.class, HttpMessageContext.class })) { - return validateRequest((HttpMessageContext) invocationContext.getParameters()[2]); + return validateRequest(invocationContext); } return invocationContext.proceed(); } - private AuthenticationStatus validateRequest(final HttpMessageContext httpMessageContext) + private AuthenticationStatus validateRequest(final InvocationContext invocationContext) throws AuthenticationException { + final HttpMessageContext httpMessageContext = (HttpMessageContext) invocationContext.getParameters()[2]; clearStaleState(httpMessageContext); if (httpMessageContext.getAuthParameters().isNewAuthentication()) { return processCallerInitiatedAuthentication(httpMessageContext); } else { - return processContainerInitiatedAuthentication(httpMessageContext); + return processContainerInitiatedAuthentication(invocationContext, httpMessageContext); } } @@ -64,14 +67,23 @@ public class LoginToContinueInterceptor { } - private AuthenticationStatus processCallerInitiatedAuthentication(final HttpMessageContext httpMessageContext) { + private AuthenticationStatus processCallerInitiatedAuthentication( + final HttpMessageContext httpMessageContext) { return null; } - private AuthenticationStatus processContainerInitiatedAuthentication(final HttpMessageContext httpMessageContext) { + private AuthenticationStatus processContainerInitiatedAuthentication( + final InvocationContext invocationContext, + final HttpMessageContext httpMessageContext) { if (isOnInitialProtectedURL(httpMessageContext)) { - return null; + final LoginToContinue loginToContinue = getLoginToContinue(invocationContext); + + if (loginToContinue.useForwardToLogin()) { + return httpMessageContext.forward(loginToContinue.loginPage()); + } else { + return httpMessageContext.redirect(loginToContinue.loginPage()); + } } if (isOnOnLoginPostback(httpMessageContext)) { @@ -86,7 +98,7 @@ public class LoginToContinueInterceptor { } private boolean isOnInitialProtectedURL(final HttpMessageContext httpMessageContext) { - return false; + return httpMessageContext.isProtected(); } private boolean isOnOnLoginPostback(final HttpMessageContext httpMessageContext) { @@ -96,4 +108,12 @@ public class LoginToContinueInterceptor { private boolean isOnOriginalURLAfterAuthenticate(final HttpMessageContext httpMessageContext) { return false; } + + private LoginToContinue getLoginToContinue(final InvocationContext invocationContext) { + if (invocationContext.getTarget() instanceof LoginToContinueMechanism) { + return ((LoginToContinueMechanism) invocationContext.getTarget()).getLoginToContinue(); + } + + throw new IllegalArgumentException(); + } } diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/http/TomEEHttpMessageContext.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/http/TomEEHttpMessageContext.java index 48a3272..4c087da 100644 --- a/tomee/tomee-security/src/main/java/org/apache/tomee/security/http/TomEEHttpMessageContext.java +++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/http/TomEEHttpMessageContext.java @@ -30,6 +30,7 @@ import javax.security.enterprise.CallerPrincipal; import javax.security.enterprise.authentication.mechanism.http.AuthenticationParameters; import javax.security.enterprise.authentication.mechanism.http.HttpMessageContext; import javax.security.enterprise.identitystore.CredentialValidationResult; +import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; @@ -37,6 +38,7 @@ import java.security.Principal; import java.util.Set; import static javax.security.enterprise.AuthenticationStatus.NOT_DONE; +import static javax.security.enterprise.AuthenticationStatus.SEND_CONTINUE; import static javax.security.enterprise.AuthenticationStatus.SEND_FAILURE; import static javax.security.enterprise.AuthenticationStatus.SUCCESS; import static javax.security.enterprise.identitystore.CredentialValidationResult.Status.VALID; @@ -94,7 +96,7 @@ public class TomEEHttpMessageContext implements HttpMessageContext { @Override public AuthenticationParameters getAuthParameters() { - return null; + return new AuthenticationParameters(); } @Override @@ -140,12 +142,24 @@ public class TomEEHttpMessageContext implements HttpMessageContext { @Override public AuthenticationStatus redirect(final String location) { - return null; + try { + getResponse().sendRedirect(location); + } catch (final IOException e) { + e.printStackTrace(); + } + + return SEND_CONTINUE; } @Override public AuthenticationStatus forward(final String path) { - return null; + try { + getRequest().getRequestDispatcher(path).forward(getRequest(), getResponse()); + } catch (final ServletException | IOException e) { + e.printStackTrace(); + } + + return SEND_CONTINUE; } @Override
