public AuthResult validateRequest(Request request, HttpServletResponse response, boolean isAuthMandatory, UserIdentity cachedIdentity) throws ServerAuthException {
try {
Session session = request.getSessionInternal(isAuthMandatory);
if (session == null) {
//default identity??
return new AuthResult(TomcatAuthStatus.SUCCESS, null, false);
}
if (matchRequest(request, session)) {
if (logger.isDebugEnabled()) {
logger.debug("Restore request from session '" + session.getIdInternal() + "'");
}
if (!restoreRequest(request, session)) {
if (logger.isDebugEnabled()) {
logger.debug("Proceed to restored request");
}
response.sendError(HttpServletResponse.SC_BAD_REQUEST);
return new AuthResult(TomcatAuthStatus.SEND_FAILURE, null, false);
}
}
if (cachedIdentity != null) {
return new AuthResult(TomcatAuthStatus.SUCCESS, cachedIdentity, true);
}
//we have not yet completed authentication.
// Acquire references to objects we will need to evaluate
MessageBytes uriMB = MessageBytes.newInstance();
CharChunk uriCC = uriMB.getCharChunk();
uriCC.setLimit(-1);
String contextPath = request.getContextPath();
String requestURI = request.getDecodedRequestURI();
// Is this the action request from the login page?
boolean loginAction =
requestURI.startsWith(contextPath) &&
requestURI.endsWith(Constants.FORM_ACTION);
// No -- Save this request and redirect to the form login page
if (!loginAction) {
if (logger.isDebugEnabled()) {
logger.debug("Save request in session '" + session.getIdInternal() + "'");
}
if (!isAuthMandatory) {
return new AuthResult(TomcatAuthStatus.SUCCESS, null, false);
}
try {
saveRequest(request, session);
} catch (IOException ioe) {
logger.debug("Request body too big to save during authentication");
response.sendError(HttpServletResponse.SC_BAD_REQUEST,
sm.getString("authenticator.requestBodyTooBig"));
return new AuthResult(TomcatAuthStatus.SEND_FAILURE, null, false);
}
forwardToLoginPage(request, response);
return new AuthResult(TomcatAuthStatus.SEND_CONTINUE, unauthenticatedIdentity, false);
}
// Yes -- Validate the specified credentials and redirect
// to the error page if they are not correct
// if (characterEncoding != null) {
// request.setCharacterEncoding(characterEncoding);
// }
String username = request.getParameter(Constants.FORM_USERNAME);
String password = request.getParameter(Constants.FORM_PASSWORD);
if (logger.isDebugEnabled()) {
logger.debug("Authenticating username '" + username + "'");
}
UserIdentity userIdentity = loginService.login(username, password);
if (userIdentity == null) {
forwardToErrorPage(request, response);
//TODO right status?
return new AuthResult(TomcatAuthStatus.SEND_FAILURE, unauthenticatedIdentity, false);
}
if (logger.isDebugEnabled()) {
logger.debug("Authentication of '" + username + "' was successful");
}
session = request.getSessionInternal(false);
if (session == null) {
if (logger.isDebugEnabled()) {
logger.debug("User took so long to log on the session expired");
}
response.sendError(HttpServletResponse.SC_REQUEST_TIMEOUT,
sm.getString("authenticator.sessionExpired"));
return new AuthResult(TomcatAuthStatus.SEND_FAILURE, unauthenticatedIdentity, false);
}
// Redirect the user to the original request URI (which will cause
// the original request to be restored)
requestURI = savedRequestURL(session);
if (logger.isDebugEnabled()) {
logger.debug("Redirecting to original '" + requestURI + "'");
}
if (requestURI == null) {
response.sendError(HttpServletResponse.SC_BAD_REQUEST,
sm.getString("authenticator.formlogin"));
return new AuthResult(TomcatAuthStatus.SEND_FAILURE, null, false);
} else {
response.sendRedirect(response.encodeRedirectURL(requestURI));
return new AuthResult(TomcatAuthStatus.SEND_CONTINUE, userIdentity, true);
}
} catch (IOException e) {
throw new ServerAuthException(e);
}