• Home
• com.expanset.jersey
• jersey-contrib
• 1.0.1
• source code
• SessionAuthenticationManager.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.expanset.jersey.security.SessionAuthenticationManager Maven / Gradle / Ivy

package com.expanset.jersey.security;

import java.util.Optional;

import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.inject.Inject;
import javax.inject.Provider;
import javax.servlet.http.HttpSession;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.core.Configuration;
import javax.ws.rs.core.SecurityContext;

import org.apache.commons.lang.Validate;
import org.apache.commons.lang3.StringUtils;
import org.jvnet.hk2.annotations.Contract;
import org.jvnet.hk2.annotations.Service;

import com.expanset.common.RememberOptions;
import com.expanset.hk2.security.AbstractCredentials;
import com.expanset.hk2.security.AuthenicationResult;
import com.expanset.hk2.security.AuthenticationManager;
import com.expanset.hk2.security.AuthenticationService;

/**
 *  Session stored credentials authentication service.
 */
@Service
@Contract
public class SessionAuthenticationManager implements AuthenticationManager {

	@Inject
	protected Provider requestProvider;	
	
	@Inject
	protected Provider sessionProvider;
	
	@Inject
	protected Provider authenticationServiceProvider;	
	
	protected final String sessionKey;
	
	@Inject
	public SessionAuthenticationManager(Configuration webConfig) {
		String sessionKey = (String)webConfig.getProperty(SessionAuthenticationFeature.SESSION_KEY);
		if(StringUtils.isEmpty(sessionKey)) {
			sessionKey = SessionAuthenticationFeature.SESSION_KEY_DEFAULT;
		}		
				
		this.sessionKey = sessionKey;
	}

	@Override
	public void saveAuthentication(
			@Nonnull AbstractCredentials credentials, 
			@Nullable RememberOptions rememberOptions) {
		Validate.notNull(credentials, "credentials");
		
		sessionProvider.get().setAttribute(sessionKey, credentials);
	}
	
	@Override
	public void removeAuthentication(@Nullable RememberOptions rememberOptions) {
		sessionProvider.get().removeAttribute(sessionKey);
	}
	
	public void authenticateCurrentRequest() {
		final ContainerRequestContext request = requestProvider.get();
		final AbstractCredentials credentials = 
				(AbstractCredentials)sessionProvider.get().getAttribute(sessionKey);
		if(credentials != null) {
			final Optional authenicationResult = 
					authenticationServiceProvider.get().authenticate(credentials);
			if(authenicationResult.isPresent()) {
				request.setSecurityContext(new DefaultSecurityContext(
						SecurityContext.FORM_AUTH,
						authenicationResult.get(), 
						credentials.isSecure()));
			}
		}
	}
}