All Downloads are FREE. Search and download functionalities are using the official Maven repository.

io.undertow.security.impl.CachedAuthenticatedSessionMechanism Maven / Gradle / Ivy

There is a newer version: 2.3.18.Final
Show newest version
/*
 * JBoss, Home of Professional Open Source.
 * Copyright 2014 Red Hat, Inc., and individual contributors
 * as indicated by the @author tags.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 */
package io.undertow.security.impl;

import io.undertow.security.api.AuthenticatedSessionManager;
import io.undertow.security.api.AuthenticatedSessionManager.AuthenticatedSession;
import io.undertow.security.api.AuthenticationMechanism;
import io.undertow.security.api.SecurityContext;
import io.undertow.security.idm.Account;
import io.undertow.security.idm.IdentityManager;
import io.undertow.server.HttpServerExchange;

/**
 * An {@link AuthenticationMechanism} which uses any cached {@link AuthenticatedSession}s.
 *
 * @author Darran Lofthouse
 */
public class CachedAuthenticatedSessionMechanism implements AuthenticationMechanism {

    private final IdentityManager identityManager;

    public CachedAuthenticatedSessionMechanism() {
        this(null);
    }

    public CachedAuthenticatedSessionMechanism(final IdentityManager identityManager) {
        this.identityManager = identityManager;
    }

    @SuppressWarnings("deprecation")
    private IdentityManager getIdentityManager(SecurityContext securityContext) {
        return identityManager != null ? identityManager : securityContext.getIdentityManager();
    }

    @Override
    public AuthenticationMechanismOutcome authenticate(HttpServerExchange exchange, SecurityContext securityContext) {
        AuthenticatedSessionManager sessionManager = exchange.getAttachment(AuthenticatedSessionManager.ATTACHMENT_KEY);
        if (sessionManager != null) {
            return runCached(exchange, securityContext, sessionManager);
        } else {
            return AuthenticationMechanismOutcome.NOT_ATTEMPTED;
        }
    }

    public AuthenticationMechanismOutcome runCached(final HttpServerExchange exchange, final SecurityContext securityContext, final AuthenticatedSessionManager sessionManager) {
        AuthenticatedSession authSession = sessionManager.lookupSession(exchange);
        if (authSession != null) {
            Account account = getIdentityManager(securityContext).verify(authSession.getAccount());
            if (account != null) {
                securityContext.authenticationComplete(account, authSession.getMechanism(), false);
                return AuthenticationMechanismOutcome.AUTHENTICATED;
            } else {
                sessionManager.clearSession(exchange);
                // We know we had a previously authenticated account but for some reason the IdentityManager is no longer
                // accepting it, we now
                return AuthenticationMechanismOutcome.NOT_ATTEMPTED;
            }
        } else {
            // It is possible an AuthenticatedSessionManager could have been available even if there was no chance of it
            // loading a session.
            return AuthenticationMechanismOutcome.NOT_ATTEMPTED;
        }

    }

    @Override
    public ChallengeResult sendChallenge(HttpServerExchange exchange, SecurityContext securityContext) {
        // This mechanism can only use what is already available and can not send a challenge of it's own.
        return ChallengeResult.NOT_SENT;
    }

}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy