public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject,
Subject serviceSubject) throws AuthException
{
Request request = (Request) messageInfo.getRequestMessage();
Response response = (Response) messageInfo.getResponseMessage();
Principal principal;
context = request.getContext();
LoginConfig config = context.getLoginConfig();
// References to objects we will need later
Session session = null;
//Lets find out if the cache is enabled or not
cache = (Boolean) messageInfo.getMap().get("CACHE");
// Have we authenticated this user before but have caching disabled?
if (!cache) {
session = request.getSessionInternal(true);
log.debug("Checking for reauthenticate in session " + session);
String username =
(String) session.getNote(Constants.SESS_USERNAME_NOTE);
String password =
(String) session.getNote(Constants.SESS_PASSWORD_NOTE);
if ((username != null) && (password != null)) {
log.debug("Reauthenticating username '" + username + "'");
principal =
context.getRealm().authenticate(username, password);
if (principal != null) {
session.setNote(Constants.FORM_PRINCIPAL_NOTE, principal);
if (!matchRequest(request)) {
registerWithCallbackHandler(principal, username, password);
/*register(request, response, principal,
Constants.FORM_METHOD,
username, password);*/
return AuthStatus.SUCCESS;
}
}
log.trace("Reauthentication failed, proceed normally");
}
}
// Is this the re-submit of the original request URI after successful
// authentication? If so, forward the *original* request instead.
if (matchRequest(request)) {
session = request.getSessionInternal(true);
log.trace("Restore request from session '"
+ session.getIdInternal()
+ "'");
principal = (Principal)
session.getNote(Constants.FORM_PRINCIPAL_NOTE);
registerWithCallbackHandler(principal,
(String) session.getNote(Constants.SESS_USERNAME_NOTE),
(String) session.getNote(Constants.SESS_PASSWORD_NOTE));
/*register(request, response, principal, Constants.FORM_METHOD,
(String) session.getNote(Constants.SESS_USERNAME_NOTE),
(String) session.getNote(Constants.SESS_PASSWORD_NOTE));*/
// If we're caching principals we no longer need the username
// and password in the session, so remove them
if (cache) {
session.removeNote(Constants.SESS_USERNAME_NOTE);
session.removeNote(Constants.SESS_PASSWORD_NOTE);
}
if (restoreRequest(request, session)) {
log.trace("Proceed to restored request");
return (AuthStatus.SUCCESS);
} else {
log.trace("Restore of original request failed");
try
{
response.sendError(HttpServletResponse.SC_BAD_REQUEST);
}
catch (IOException e)
{
log.error(e.getLocalizedMessage(),e);
}
return AuthStatus.FAILURE;
}
}
// Acquire references to objects we will need to evaluate
MessageBytes uriMB = MessageBytes.newInstance();
CharChunk uriCC = uriMB.getCharChunk();
uriCC.setLimit(-1);
String contextPath = request.getContextPath();
String requestURI = request.getDecodedRequestURI();
// Is this the action request from the login page?
boolean loginAction =
requestURI.startsWith(contextPath) &&
requestURI.endsWith(Constants.FORM_ACTION);
// No -- Save this request and redirect to the form login page
if (!loginAction) {
session = request.getSessionInternal(true);
log.trace("Save request in session '" + session.getIdInternal() + "'");
try {
saveRequest(request, session);
} catch (IOException ioe) {
log.trace("Request body too big to save during authentication");
try
{
response.sendError(HttpServletResponse.SC_FORBIDDEN,
sm.getString("authenticator.requestBodyTooBig"));
}
catch (IOException e)
{
log.error("Exception in Form authentication:",e);
throw new AuthException(e.getLocalizedMessage());
}
return (AuthStatus.FAILURE);
}
forwardToLoginPage(request, response, config);
return (AuthStatus.SEND_CONTINUE);
}
// Yes -- Validate the specified credentials and redirect
// to the error page if they are not correct
Realm realm = context.getRealm();
String characterEncoding = request.getCharacterEncoding();
if (characterEncoding != null) {
try
{
request.setCharacterEncoding(characterEncoding);
}
catch (UnsupportedEncodingException e)
{
log.error(e.getLocalizedMessage(), e);
}
}
String username = request.getParameter(Constants.FORM_USERNAME);
String password = request.getParameter(Constants.FORM_PASSWORD);
log.trace("Authenticating username '" + username + "'");
principal = realm.authenticate(username, password);
if (principal == null) {
forwardToErrorPage(request, response, config);
return (AuthStatus.FAILURE);
}
log.trace("Authentication of '" + username + "' was successful");
if (session == null)
session = request.getSessionInternal(false);
if (session == null) {
log.trace
("User took so long to log on the session expired");
try
{
response.sendError(HttpServletResponse.SC_REQUEST_TIMEOUT,
sm.getString("authenticator.sessionExpired"));
}
catch (IOException e)
{
log.error(e.getLocalizedMessage(),e);
}
return (AuthStatus.FAILURE);
}
// Save the authenticated Principal in our session
session.setNote(Constants.FORM_PRINCIPAL_NOTE, principal);
// Save the username and password as well
session.setNote(Constants.SESS_USERNAME_NOTE, username);
session.setNote(Constants.SESS_PASSWORD_NOTE, password);
// Redirect the user to the original request URI (which will cause
// the original request to be restored)
requestURI = savedRequestURL(session);
log.trace("Redirecting to original '" + requestURI + "'");
try
{
if (requestURI == null)
response.sendError(HttpServletResponse.SC_BAD_REQUEST,
sm.getString("authenticator.formlogin"));
else
response.sendRedirect(response.encodeRedirectURL(requestURI));
}
catch(IOException ioe)
{
log.error(ioe.getLocalizedMessage(),ioe);
}