1 |
|
/*
|
|
1 |
|
/*
|
2 |
|
* License
d to the A
pache Soft
ware Found
ation (ASF
) under on
e or more
|
|
2 |
|
* License
d to the A
pache Soft
ware Found
ation (ASF
) under on
e or more
|
3 |
|
* contrib
utor licen
se agreeme
nts. See
the NOTICE
file dist
ributed wi
th
|
|
3 |
|
* contrib
utor licen
se agreeme
nts. See
the NOTICE
file dist
ributed wi
th
|
4 |
|
* this wo
rk for add
itional in
formation
regarding
copyright
ownership.
|
|
4 |
|
* this wo
rk for add
itional in
formation
regarding
copyright
ownership.
|
5 |
|
* The ASF
licenses
this file
to You und
er the Apa
che Licens
e, Version
2.0
|
|
5 |
|
* The ASF
licenses
this file
to You und
er the Apa
che Licens
e, Version
2.0
|
6 |
|
* (the "L
icense");
you may no
t use this
file exce
pt in comp
liance wit
h
|
|
6 |
|
* (the "L
icense");
you may no
t use this
file exce
pt in comp
liance wit
h
|
7 |
|
* the Lic
ense. You
may obtai
n a copy o
f the Lice
nse at
|
|
7 |
|
* the Lic
ense. You
may obtai
n a copy o
f the Lice
nse at
|
8 |
|
*
|
|
8 |
|
*
|
9 |
|
* ht
tp://www.a
pache.org/
licenses/L
ICENSE-2.0
|
|
9 |
|
* ht
tp://www.a
pache.org/
licenses/L
ICENSE-2.0
|
10 |
|
*
|
|
10 |
|
*
|
11 |
|
* Unless
required b
y applicab
le law or
agreed to
in writing
, software
|
|
11 |
|
* Unless
required b
y applicab
le law or
agreed to
in writing
, software
|
12 |
|
* distrib
uted under
the Licen
se is dist
ributed on
an "AS IS
" BASIS,
|
|
12 |
|
* distrib
uted under
the Licen
se is dist
ributed on
an "AS IS
" BASIS,
|
13 |
|
* WITHOUT
WARRANTIE
S OR CONDI
TIONS OF A
NY KIND, e
ither expr
ess or imp
lied.
|
|
13 |
|
* WITHOUT
WARRANTIE
S OR CONDI
TIONS OF A
NY KIND, e
ither expr
ess or imp
lied.
|
14 |
|
* See the
License f
or the spe
cific lang
uage gover
ning permi
ssions and
|
|
14 |
|
* See the
License f
or the spe
cific lang
uage gover
ning permi
ssions and
|
15 |
|
* limitat
ions under
the Licen
se.
|
|
15 |
|
* limitat
ions under
the Licen
se.
|
16 |
|
*/
|
|
16 |
|
*/
|
17 |
|
package or
g.apache.c
atalina.au
thenticato
r;
|
|
17 |
|
package or
g.apache.c
atalina.au
thenticato
r;
|
18 |
|
|
|
18 |
|
|
19 |
|
import jav
a.io.IOExc
eption;
|
|
19 |
|
import jav
a.io.IOExc
eption;
|
20 |
|
|
|
20 |
|
|
21 |
|
import jav
ax.servlet
.http.Http
ServletRes
ponse;
|
|
21 |
|
import jav
ax.servlet
.http.Http
ServletRes
ponse;
|
22 |
|
|
|
22 |
|
|
23 |
|
import org
.apache.ca
talina.con
nector.Req
uest;
|
|
23 |
|
import org
.apache.ca
talina.con
nector.Req
uest;
|
24 |
|
|
|
24 |
|
|
25 |
|
/**
|
|
25 |
|
/**
|
26 |
|
* An <b>A
uthenticat
or</b> and
<b>Valve<
/b> implem
entation t
hat checks
|
|
26 |
|
* An <b>A
uthenticat
or</b> and
<b>Valve<
/b> implem
entation t
hat checks
|
27 |
|
* only se
curity con
straints n
ot involvi
ng user au
thenticati
on.
|
|
27 |
|
* only se
curity con
straints n
ot involvi
ng user au
thenticati
on.
|
28 |
|
*
|
|
28 |
|
*
|
29 |
|
* @author
Craig R.
McClanahan
|
|
29 |
|
* @author
Craig R.
McClanahan
|
30 |
|
*/
|
|
30 |
|
*/
|
31 |
|
public fin
al class N
onLoginAut
henticator
extends A
uthenticat
orBase {
|
|
31 |
|
public fin
al class N
onLoginAut
henticator
extends A
uthenticat
orBase {
|
32 |
|
|
|
32 |
|
|
33 |
|
|
|
33 |
|
|
34 |
|
// ---
----------
----------
----------
----------
----------
---- Publi
c Methods
|
|
34 |
|
// ---
----------
----------
----------
----------
----------
---- Publi
c Methods
|
35 |
|
|
|
35 |
|
|
36 |
|
|
|
36 |
|
|
37 |
|
/**
|
|
37 |
|
/**
|
38 |
|
* <p>
Authentica
te the use
r making t
his reques
t, based o
n the fact
that no
|
|
38 |
|
* <p>
Authentica
te the use
r making t
his reques
t, based o
n the fact
that no
|
39 |
|
* <co
de>login-c
onfig</cod
e> has bee
n defined
for the co
ntainer.</
p>
|
|
39 |
|
* <co
de>login-c
onfig</cod
e> has bee
n defined
for the co
ntainer.</
p>
|
40 |
|
*
|
|
40 |
|
*
|
41 |
|
* <p>
This imple
mentation
means "log
in the use
r even tho
ugh there
is no
|
|
41 |
|
* <p>
This imple
mentation
means "log
in the use
r even tho
ugh there
is no
|
42 |
|
* sel
f-containe
d way to e
stablish a
security
Principal
for that u
ser".</p>
|
|
42 |
|
* sel
f-containe
d way to e
stablish a
security
Principal
for that u
ser".</p>
|
43 |
|
*
|
|
43 |
|
*
|
44 |
|
* <p>
This metho
d is calle
d by the A
uthenticat
orBase sup
er class t
o
|
|
44 |
|
* <p>
This metho
d is calle
d by the A
uthenticat
orBase sup
er class t
o
|
45 |
|
* est
ablish a P
rincipal f
or the use
r BEFORE t
he contain
er securit
y
|
|
45 |
|
* est
ablish a P
rincipal f
or the use
r BEFORE t
he contain
er securit
y
|
46 |
|
* con
straints a
re examine
d, i.e. it
is not ye
t known wh
ether the
user
|
|
46 |
|
* con
straints a
re examine
d, i.e. it
is not ye
t known wh
ether the
user
|
47 |
|
* wil
l eventual
ly be perm
itted to a
ccess the
requested
resource.
|
|
47 |
|
* wil
l eventual
ly be perm
itted to a
ccess the
requested
resource.
|
48 |
|
* The
refore, it
is necess
ary to alw
ays return
<code>tru
e</code> t
o
|
|
48 |
|
* The
refore, it
is necess
ary to alw
ays return
<code>tru
e</code> t
o
|
49 |
|
* ind
icate the
user has n
ot failed
authentica
tion.</p>
|
|
49 |
|
* ind
icate the
user has n
ot failed
authentica
tion.</p>
|
50 |
|
*
|
|
50 |
|
*
|
51 |
|
* <p>
There are
two cases:
</p>
|
|
51 |
|
* <p>
There are
two cases:
</p>
|
52 |
|
* <ul
>
|
|
52 |
|
* <ul
>
|
53 |
|
* <li
>without S
ingleSigno
n: a Sessi
on instanc
e does not
yet exist
|
|
53 |
|
* <li
>without S
ingleSigno
n: a Sessi
on instanc
e does not
yet exist
|
54 |
|
*
and there
is no <co
de>auth-me
thod</code
> to authe
nticate th
e
|
|
54 |
|
*
and there
is no <co
de>auth-me
thod</code
> to authe
nticate th
e
|
55 |
|
*
user, so
leave Requ
est's Prin
cipal as n
ull.
|
|
55 |
|
*
user, so
leave Requ
est's Prin
cipal as n
ull.
|
56 |
|
*
Note: Aut
henticator
Base will
later exam
ine the se
curity con
straints
|
|
56 |
|
*
Note: Aut
henticator
Base will
later exam
ine the se
curity con
straints
|
57 |
|
*
to
determine
whether th
e resource
is access
ible by a
user
|
|
57 |
|
*
to
determine
whether th
e resource
is access
ible by a
user
|
58 |
|
*
wit
hout a sec
urity Prin
cipal and
Role (i.e.
unauthent
icated).
|
|
58 |
|
*
wit
hout a sec
urity Prin
cipal and
Role (i.e.
unauthent
icated).
|
59 |
|
* </l
i>
|
|
59 |
|
* </l
i>
|
60 |
|
* <li
>with Sing
leSignon:
if the use
r has alre
ady authen
ticated vi
a
|
|
60 |
|
* <li
>with Sing
leSignon:
if the use
r has alre
ady authen
ticated vi
a
|
61 |
|
*
another c
ontainer (
using its
own login
configurat
ion), then
|
|
61 |
|
*
another c
ontainer (
using its
own login
configurat
ion), then
|
62 |
|
*
associate
this Sess
ion with t
he SSOEntr
y so it in
herits the
|
|
62 |
|
*
associate
this Sess
ion with t
he SSOEntr
y so it in
herits the
|
63 |
|
*
already-e
stablished
security
Principal
and associ
ated Roles
.
|
|
63 |
|
*
already-e
stablished
security
Principal
and associ
ated Roles
.
|
64 |
|
*
Note: Thi
s particul
ar session
will beco
me a full
member of
the
|
|
64 |
|
*
Note: Thi
s particul
ar session
will beco
me a full
member of
the
|
65 |
|
*
Sin
gleSignOnE
ntry Sessi
on collect
ion and so
will pote
ntially
|
|
65 |
|
*
Sin
gleSignOnE
ntry Sessi
on collect
ion and so
will pote
ntially
|
66 |
|
*
kee
p the SSOE
"alive",
even if al
l the othe
r properly
|
|
66 |
|
*
kee
p the SSOE
"alive",
even if al
l the othe
r properly
|
67 |
|
*
aut
henticated
Sessions
expire fir
st... unti
l it expir
es too.
|
|
67 |
|
*
aut
henticated
Sessions
expire fir
st... unti
l it expir
es too.
|
68 |
|
* </l
i>
|
|
68 |
|
* </l
i>
|
69 |
|
* </u
l>
|
|
69 |
|
* </u
l>
|
70 |
|
*
|
|
70 |
|
*
|
71 |
|
* @pa
ram reques
t Request
we are pr
ocessing
|
|
71 |
|
* @pa
ram reques
t Request
we are pr
ocessing
|
72 |
|
* @pa
ram respon
se Respons
e we are c
reating
|
|
72 |
|
* @pa
ram respon
se Respons
e we are c
reating
|
73 |
|
* @re
turn boole
an to indi
cate wheth
er the use
r is authe
nticated
|
|
73 |
|
* @re
turn boole
an to indi
cate wheth
er the use
r is authe
nticated
|
74 |
|
* @ex
ception IO
Exception
if an inpu
t/output e
rror occur
s
|
|
74 |
|
* @ex
ception IO
Exception
if an inpu
t/output e
rror occur
s
|
75 |
|
*/
|
|
75 |
|
*/
|
76 |
|
@Overr
ide
|
|
76 |
|
@Overr
ide
|
77 |
|
p
ubli
c
boolean
a
uthenticat
e(Request
request, H
ttpServlet
Response r
esponse)
|
|
77 |
|
p
rote
c
ted
boolean
doA
uthenticat
e(Request
request, H
ttpServlet
Response r
esponse)
|
78 |
|
th
rows IOExc
eption {
|
|
78 |
|
th
rows IOExc
eption {
|
79 |
|
|
|
79 |
|
|
80 |
|
//
Don't try
and use S
SO to auth
enticate s
ince there
is no aut
h
|
|
80 |
|
//
Don't try
and use S
SO to auth
enticate s
ince there
is no aut
h
|
81 |
|
//
configure
d for this
web appli
cation
|
|
81 |
|
//
configure
d for this
web appli
cation
|
82 |
|
if
(checkFor
CachedAuth
entication
(request,
response,
true)) {
|
|
82 |
|
if
(checkFor
CachedAuth
entication
(request,
response,
true)) {
|
83 |
|
// save
the inheri
ted Princi
pal in thi
s session
so it can
remain
|
|
83 |
|
// save
the inheri
ted Princi
pal in thi
s session
so it can
remain
|
84 |
|
// authe
nticated u
ntil it ex
pires
|
|
84 |
|
// authe
nticated u
ntil it ex
pires
|
85 |
|
if (cach
e) {
|
|
85 |
|
if (cach
e) {
|
86 |
|
requ
est.getSes
sionIntern
al(true).s
etPrincipa
l(request.
getUserPri
ncipal());
|
|
86 |
|
requ
est.getSes
sionIntern
al(true).s
etPrincipa
l(request.
getUserPri
ncipal());
|
87 |
|
}
|
|
87 |
|
}
|
88 |
|
return t
rue;
|
|
88 |
|
return t
rue;
|
89 |
|
}
|
|
89 |
|
}
|
90 |
|
|
|
90 |
|
|
91 |
|
//
No Princi
pal means
the user i
s not alre
ady authen
ticated
|
|
91 |
|
//
No Princi
pal means
the user i
s not alre
ady authen
ticated
|
92 |
|
//
and so wi
ll not be
assigned a
ny roles.
It is safe
to
|
|
92 |
|
//
and so wi
ll not be
assigned a
ny roles.
It is safe
to
|
93 |
|
//
to say th
e user is
now authen
ticated be
cause acce
ss to
|
|
93 |
|
//
to say th
e user is
now authen
ticated be
cause acce
ss to
|
94 |
|
//
protected
resources
will only
be allowe
d with a m
atching ro
le.
|
|
94 |
|
//
protected
resources
will only
be allowe
d with a m
atching ro
le.
|
95 |
|
//
i.e. SC_F
ORBIDDEN (
403 status
) will be
generated
later.
|
|
95 |
|
//
i.e. SC_F
ORBIDDEN (
403 status
) will be
generated
later.
|
96 |
|
if
(containe
rLog.isDeb
ugEnabled(
))
|
|
96 |
|
if
(containe
rLog.isDeb
ugEnabled(
))
|
97 |
|
containe
rLog.debug
("User aut
henticated
without a
ny roles")
;
|
|
97 |
|
containe
rLog.debug
("User aut
henticated
without a
ny roles")
;
|
98 |
|
re
turn true;
|
|
98 |
|
re
turn true;
|
99 |
|
}
|
|
99 |
|
}
|
100 |
|
|
|
100 |
|
|
101 |
|
|
|
101 |
|
|
102 |
|
/**
|
|
102 |
|
/**
|
103 |
|
* Ret
urn the au
thenticati
on method,
which is
vendor-spe
cific and
|
|
103 |
|
* Ret
urn the au
thenticati
on method,
which is
vendor-spe
cific and
|
104 |
|
* not
defined b
y HttpServ
letRequest
.
|
|
104 |
|
* not
defined b
y HttpServ
letRequest
.
|
105 |
|
*/
|
|
105 |
|
*/
|
106 |
|
@Overr
ide
|
|
106 |
|
@Overr
ide
|
107 |
|
protec
ted String
getAuthMe
thod() {
|
|
107 |
|
protec
ted String
getAuthMe
thod() {
|
108 |
|
re
turn "NONE
";
|
|
108 |
|
re
turn "NONE
";
|
109 |
|
}
|
|
109 |
|
}
|
110 |
|
}
|
|
110 |
|
}
|