[tomee] 35/48: TOMEE-2365 - Actual implementation of the form authentication validation.

[radcortez]

This is an automated email from the ASF dual-hosted git repository.

radcortez pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomee.git

commit 6121de4d9231b119625f9148455603199139fa46
Author: Roberto Cortez <radcor...@yahoo.com>
AuthorDate: Fri Dec 28 13:11:22 2018 +0000

    TOMEE-2365 - Actual implementation of the form authentication validation.
---
 .../security/cdi/FormAuthenticationMechanism.java  | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git 
a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/FormAuthenticationMechanism.java
 
b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/FormAuthenticationMechanism.java
index 8846a7a..f60e7ea 100644
--- 
a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/FormAuthenticationMechanism.java
+++ 
b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/FormAuthenticationMechanism.java
@@ -25,8 +25,11 @@ import javax.security.enterprise.AuthenticationStatus;
 import 
javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism;
 import 
javax.security.enterprise.authentication.mechanism.http.HttpMessageContext;
 import javax.security.enterprise.authentication.mechanism.http.LoginToContinue;
+import javax.security.enterprise.credential.UsernamePasswordCredential;
+import javax.security.enterprise.identitystore.IdentityStoreHandler;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.HttpMethod;
 import java.util.function.Supplier;
 
 @ApplicationScoped
@@ -34,12 +37,23 @@ import java.util.function.Supplier;
 public class FormAuthenticationMechanism implements 
HttpAuthenticationMechanism, LoginToContinueMechanism {
     @Inject
     private Supplier<LoginToContinue> loginToContinue;
+    @Inject
+    private IdentityStoreHandler identityStoreHandler;
 
     @Override
     public AuthenticationStatus validateRequest(final HttpServletRequest 
request, final HttpServletResponse response,
                                                 final HttpMessageContext 
httpMessageContext)
             throws AuthenticationException {
-        throw new UnsupportedOperationException();
+
+        final String username = request.getParameter("j_username");
+        final String password = request.getParameter("j_password");
+
+        if (validateForm(httpMessageContext.getRequest(), username, password)) 
{
+            return httpMessageContext.notifyContainerAboutLogin(
+                    identityStoreHandler.validate(new 
UsernamePasswordCredential(username, password)));
+        }
+
+        return httpMessageContext.doNothing();
     }
 
     @Override
@@ -58,4 +72,10 @@ public class FormAuthenticationMechanism implements 
HttpAuthenticationMechanism,
     public LoginToContinue getLoginToContinue() {
         return loginToContinue.get();
     }
+
+    private boolean validateForm(final HttpServletRequest request, final 
String username, final String password) {
+        return request.getMethod().equals(HttpMethod.POST) &&
+               username != null && !username.isEmpty() &&
+               password != null && !password.isEmpty();
+    }
 }