All Downloads are FREE. Search and download functionalities are using the official Maven repository.

fish.payara.security.authentication.twoIdentityStore.TwoIdentityStoreAuthenticationMechanism Maven / Gradle / Ivy

The newest version!
/*
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
 * 
 *    Copyright (c) [2018-2021] Payara Foundation and/or its affiliates. All rights reserved.
 * 
 *     The contents of this file are subject to the terms of either the GNU
 *     General Public License Version 2 only ("GPL") or the Common Development
 *     and Distribution License("CDDL") (collectively, the "License").  You
 *     may not use this file except in compliance with the License.  You can
 *     obtain a copy of the License at
 *     https://github.com/payara/Payara/blob/main/LICENSE.txt
 *     See the License for the specific
 *     language governing permissions and limitations under the License.
 * 
 *     When distributing the software, include this License Header Notice in each
 *     file and include the License file at glassfish/legal/LICENSE.txt.
 * 
 *     GPL Classpath Exception:
 *     The Payara Foundation designates this particular file as subject to the "Classpath"
 *     exception as provided by the Payara Foundation in the GPL Version 2 section of the License
 *     file that accompanied this code.
 * 
 *     Modifications:
 *     If applicable, add the following below the License Header, with the fields
 *     enclosed by brackets [] replaced by your own identifying information:
 *     "Portions Copyright [year] [name of copyright owner]"
 * 
 *     Contributor(s):
 *     If you wish your version of this file to be governed by only the CDDL or
 *     only the GPL Version 2, indicate your decision by adding "[Contributor]
 *     elects to include this software in this distribution under the [CDDL or GPL
 *     Version 2] license."  If you don't indicate a single choice of license, a
 *     recipient has the option to distribute your version of this file under
 *     either the CDDL, the GPL Version 2 or to extend the choice of license to
 *     its licensees as provided above.  However, if you add GPL Version 2 code
 *     and therefore, elected the GPL Version 2 license, then the option applies
 *     only if the new code is made subject to such option by the copyright
 *     holder.
 */
package fish.payara.security.authentication.twoIdentityStore;

import jakarta.enterprise.inject.Typed;
import jakarta.enterprise.inject.spi.CDI;
import jakarta.inject.Inject;
import jakarta.security.enterprise.AuthenticationException;
import jakarta.security.enterprise.AuthenticationStatus;
import jakarta.security.enterprise.authentication.mechanism.http.AutoApplySession;
import jakarta.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism;
import jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContext;
import jakarta.security.enterprise.authentication.mechanism.http.LoginToContinue;
import jakarta.security.enterprise.identitystore.CredentialValidationResult;
import jakarta.security.enterprise.identitystore.IdentityStoreHandler;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import org.glassfish.soteria.mechanisms.LoginToContinueHolder;

/**
 * Authentication mechanism that ensures two successful authentications. This can be with any two identity stores.
 *
 * @author Mark Wareham
 * 
 * @see fish.payara.security.annotations.TwoIdentityStoreAuthenticationMechanismDefinition
 */
@AutoApplySession
@LoginToContinue
@Typed(TwoIdentityStoreAuthenticationMechanism.class)
public class TwoIdentityStoreAuthenticationMechanism implements HttpAuthenticationMechanism,LoginToContinueHolder {

    private LoginToContinue loginToContinue;
    
    @Inject
    private TwoIdentityStoreAuthenticationMechanismState state;
    
    @Override
    public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, HttpMessageContext 
            httpMessageContext) throws AuthenticationException {
        
        if (!hasCredential(httpMessageContext)) {
            return httpMessageContext.doNothing();
        }
        IdentityStoreHandler identityStoreHandler = CDI.current().select(IdentityStoreHandler.class).get();
        CredentialValidationResult currentRoundValidationResult = identityStoreHandler.validate(
                        httpMessageContext.getAuthParameters().getCredential());

        //first ID Store
        if (!state.isFirstIDStoreBeenAttempted()) {
            state.setFirstValidationResult(currentRoundValidationResult);
            return httpMessageContext.doNothing();
        }
        
        //second ID Store
        CredentialValidationResult finalResult = collateResult(state.getFirstValidationResult(), currentRoundValidationResult);
        this.state.clean();
        return httpMessageContext.notifyContainerAboutLogin(finalResult);

    }

    private static boolean hasCredential(HttpMessageContext httpMessageContext) {
        return httpMessageContext.getAuthParameters().getCredential() != null;
    }

    public TwoIdentityStoreAuthenticationMechanism loginToContinue(LoginToContinue loginToContinue) {
        setLoginToContinue(loginToContinue);
        return this;
    }

    @Override
    public void cleanSubject(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext) {
        httpMessageContext.cleanClientSubject();
        this.state.clean();
    }

    private CredentialValidationResult collateResult(
            CredentialValidationResult firstValidationResult,
            CredentialValidationResult secondValidationResult) {

        if (firstValidationResult.getStatus() == CredentialValidationResult.Status.VALID
                && secondValidationResult.getStatus() == CredentialValidationResult.Status.VALID) {
            return firstValidationResult;
        } else if (secondValidationResult.getStatus() != CredentialValidationResult.Status.VALID) {
            return secondValidationResult;
        } else {
            return firstValidationResult;
        }
    }
    
    @Override
    public LoginToContinue getLoginToContinue() {
        return loginToContinue;
    }

    public void setLoginToContinue(LoginToContinue loginToContinue) {
        this.loginToContinue = loginToContinue;
    }
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy