io.undertow.security.api.SecurityContext Java Examples

The following examples show how to use io.undertow.security.api.SecurityContext. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: AuthenticationCallHandler.java    From quarkus-http with Apache License 2.0 6 votes vote down vote up
/**
 * Only allow the request through if successfully authenticated or if authentication is not required.
 *
 * @see io.undertow.server.HttpHandler#handleRequest(io.undertow.server.HttpServerExchange)
 */
@Override
public void handleRequest(final HttpServerExchange exchange) throws Exception {
    if(exchange.isInIoThread()) {
        exchange.dispatch(this);
        return;
    }
    SecurityContext context = exchange.getSecurityContext();
    if (context.authenticate()) {
        if(!exchange.isComplete()) {
           next.handleRequest(exchange);
        }
    } else {
        exchange.endExchange();
    }
}
 
Example #2
Source File: AbstractSamlAuthMech.java    From keycloak with Apache License 2.0 6 votes vote down vote up
protected void registerNotifications(final SecurityContext securityContext) {

        final NotificationReceiver logoutReceiver = new NotificationReceiver() {
            @Override
            public void handleNotification(SecurityNotification notification) {
                if (notification.getEventType() != SecurityNotification.EventType.LOGGED_OUT)
                    return;

                HttpServerExchange exchange = notification.getExchange();
                UndertowHttpFacade facade = createFacade(exchange);
                SamlDeployment deployment = deploymentContext.resolveDeployment(facade);
                SamlSessionStore sessionStore = getTokenStore(exchange, facade, deployment, securityContext);
                sessionStore.logoutAccount();
            }
        };

        securityContext.registerNotificationReceiver(logoutReceiver);
    }
 
Example #3
Source File: CachedAuthenticatedSessionMechanism.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
public AuthenticationMechanismOutcome runCached(final HttpServerExchange exchange, final SecurityContext securityContext, final AuthenticatedSessionManager sessionManager) {
    AuthenticatedSession authSession = sessionManager.lookupSession(exchange);
    if (authSession != null) {
        Account account = getIdentityManager(securityContext).verify(authSession.getAccount());
        if (account != null) {
            securityContext.authenticationComplete(account, authSession.getMechanism(), false);
            return AuthenticationMechanismOutcome.AUTHENTICATED;
        } else {
            sessionManager.clearSession(exchange);
            // We know we had a previously authenticated account but for some reason the IdentityManager is no longer
            // accepting it, we now
            return AuthenticationMechanismOutcome.NOT_ATTEMPTED;
        }
    } else {
        // It is possible an AuthenticatedSessionManager could have been available even if there was no chance of it
        // loading a session.
        return AuthenticationMechanismOutcome.NOT_ATTEMPTED;
    }

}
 
Example #4
Source File: ServletAuthenticationCallHandler.java    From quarkus-http with Apache License 2.0 6 votes vote down vote up
/**
 * Only allow the request through if successfully authenticated or if authentication is not required.
 *
 * @see io.undertow.server.HttpHandler#handleRequest(io.undertow.server.HttpServerExchange)
 */
@Override
public void handleRequest(final HttpServerExchange exchange) throws Exception {
    if(exchange.isInIoThread()) {
        exchange.dispatch(this);
        return;
    }
    SecurityContext context = exchange.getSecurityContext();
    if (context.authenticate()) {
        if(!exchange.isComplete()) {
           next.handleRequest(exchange);
        }
    } else {
        if(exchange.getStatusCode() >= StatusCodes.BAD_REQUEST && !exchange.isComplete()) {
            ServletRequestContext src = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
            src.getOriginalResponse().sendError(exchange.getStatusCode());
        } else {
            exchange.endExchange();
        }
    }
}
 
Example #5
Source File: CachedAuthenticatedSessionHandler.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
@Override
public void handleRequest(HttpServerExchange exchange) throws Exception {
    SecurityContext securityContext = exchange.getSecurityContext();
    securityContext.registerNotificationReceiver(NOTIFICATION_RECEIVER);
    SessionManager sessionManager = exchange.getAttachment(SessionManager.ATTACHMENT_KEY);
    SessionConfig sessionConfig = exchange.getAttachment(SessionConfig.ATTACHMENT_KEY);
    if (sessionManager == null || sessionConfig == null) {
        next.handleRequest(exchange);
        return;
    }
    Session session = sessionManager.getSession(exchange, sessionConfig);
    // If there was no existing HttpSession then there could not be a cached AuthenticatedSession so don't bother setting
    // the AuthenticatedSessionManager.
    if (session != null) {
        exchange.putAttachment(AuthenticatedSessionManager.ATTACHMENT_KEY, SESSION_MANAGER);
    }

    next.handleRequest(exchange);
}
 
Example #6
Source File: AuthenticationCallHandler.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Only allow the request through if successfully authenticated or if authentication is not required.
 *
 * @see io.undertow.server.HttpHandler#handleRequest(io.undertow.server.HttpServerExchange)
 */
@Override
public void handleRequest(final HttpServerExchange exchange) throws Exception {
    if(exchange.isInIoThread()) {
        exchange.dispatch(this);
        return;
    }
    SecurityContext context = exchange.getSecurityContext();
    if (context.authenticate()) {
        if(!exchange.isComplete()) {
           next.handleRequest(exchange);
        }
    } else {
        exchange.endExchange();
    }
}
 
Example #7
Source File: ServletAuthenticationCallHandler.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Only allow the request through if successfully authenticated or if authentication is not required.
 *
 * @see io.undertow.server.HttpHandler#handleRequest(io.undertow.server.HttpServerExchange)
 */
@Override
public void handleRequest(final HttpServerExchange exchange) throws Exception {
    if(exchange.isInIoThread()) {
        exchange.dispatch(this);
        return;
    }
    SecurityContext context = exchange.getSecurityContext();
    if (context.authenticate()) {
        if(!exchange.isComplete()) {
           next.handleRequest(exchange);
        }
    } else {
        if(exchange.getStatusCode() >= StatusCodes.BAD_REQUEST && !exchange.isComplete()) {
            ServletRequestContext src = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
            src.getOriginalResponse().sendError(exchange.getStatusCode());
        } else {
            exchange.endExchange();
        }
    }
}
 
Example #8
Source File: GSSAPIAuthenticationMechanism.java    From quarkus-http with Apache License 2.0 5 votes vote down vote up
public ChallengeResult sendChallenge(final HttpServerExchange exchange, final SecurityContext securityContext) {
    NegotiationContext negContext = exchange.getAttachment(NegotiationContext.ATTACHMENT_KEY);

    String header = NEGOTIATION_PLAIN;

    if (negContext != null) {
        byte[] responseChallenge = negContext.useResponseToken();
        exchange.putAttachment(NegotiationContext.ATTACHMENT_KEY, null);
        if (responseChallenge != null) {
            header = NEGOTIATE_PREFIX + FlexBase64.encodeString(responseChallenge, false);
        }
    } else {
        Subject server = null;
        try {
            server = subjectFactory.getSubjectForHost(getHostName(exchange));
        } catch (GeneralSecurityException e) {
            // Deliberately ignore - no Subject so don't offer GSSAPI is our main concern here.
        }
        if (server == null) {
            return ChallengeResult.NOT_SENT;
        }
    }

    exchange.addResponseHeader(WWW_AUTHENTICATE, header);

    UndertowLogger.SECURITY_LOGGER.debugf("Sending GSSAPI challenge for %s", exchange);
    return new ChallengeResult(true, UNAUTHORIZED);
}
 
Example #9
Source File: AbstractUndertowRequestAuthenticator.java    From keycloak with Apache License 2.0 5 votes vote down vote up
public AbstractUndertowRequestAuthenticator(HttpFacade facade, KeycloakDeployment deployment, int sslRedirectPort,
                                            SecurityContext securityContext, HttpServerExchange exchange,
                                            AdapterTokenStore tokenStore) {
    super(facade, deployment, tokenStore, sslRedirectPort);
    this.securityContext = securityContext;
    this.exchange = exchange;
}
 
Example #10
Source File: AsyncWebSocketHttpServerExchange.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
@Override
public Principal getUserPrincipal() {
    SecurityContext sc = exchange.getSecurityContext();
    if(sc == null) {
        return null;
    }
    Account authenticatedAccount = sc.getAuthenticatedAccount();
    if(authenticatedAccount == null) {
        return null;
    }
    return authenticatedAccount.getPrincipal();
}
 
Example #11
Source File: AuthenticationConstraintHandler.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/**
 * @see io.undertow.server.HttpHandler#handleRequest(io.undertow.server.HttpServerExchange)
 */
@Override
public void handleRequest(HttpServerExchange exchange) throws Exception {
    if (isAuthenticationRequired(exchange)) {
        SecurityContext context = exchange.getSecurityContext();
        UndertowLogger.SECURITY_LOGGER.debugf("Setting authentication required for exchange %s", exchange);
        context.setAuthenticationRequired();
    }

    next.handleRequest(exchange);
}
 
Example #12
Source File: CachedAuthenticatedSessionMechanism.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
@Override
public AuthenticationMechanismOutcome authenticate(HttpServerExchange exchange, SecurityContext securityContext) {
    AuthenticatedSessionManager sessionManager = exchange.getAttachment(AuthenticatedSessionManager.ATTACHMENT_KEY);
    if (sessionManager != null) {
        return runCached(exchange, securityContext, sessionManager);
    } else {
        return AuthenticationMechanismOutcome.NOT_ATTEMPTED;
    }
}
 
Example #13
Source File: WildflyAuthenticationMechanism.java    From keycloak with Apache License 2.0 5 votes vote down vote up
@Override
protected ServletRequestAuthenticator createRequestAuthenticator(KeycloakDeployment deployment, HttpServerExchange exchange, SecurityContext securityContext, UndertowHttpFacade facade) {
    int confidentialPort = getConfidentilPort(exchange);
    AdapterTokenStore tokenStore = getTokenStore(exchange, facade, deployment, securityContext);
    return new WildflyRequestAuthenticator(facade, deployment,
            confidentialPort, securityContext, exchange, tokenStore);
}
 
Example #14
Source File: HttpServerExchange.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
public void setSecurityContext(SecurityContext securityContext) {
    SecurityManager sm = System.getSecurityManager();
    if(sm != null) {
        sm.checkPermission(SET_SECURITY_CONTEXT);
    }
    this.securityContext = securityContext;
}
 
Example #15
Source File: HttpServletRequestImpl.java    From quarkus-http with Apache License 2.0 5 votes vote down vote up
@Override
public boolean isUserInRole(final String role) {
    if (role == null) {
        return false;
    }
    //according to the servlet spec this aways returns false
    if (role.equals("*")) {
        return false;
    }
    SecurityContext sc = exchange.getSecurityContext();
    Account account = sc.getAuthenticatedAccount();
    if (account == null) {
        return false;
    }
    ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);

    if (role.equals("**")) {
        Set<String> roles = servletRequestContext.getDeployment().getDeploymentInfo().getSecurityRoles();
        if (!roles.contains("**")) {
            return true;
        }
    }

    final ServletChain servlet = servletRequestContext.getCurrentServlet();
    final Deployment deployment = servletContext.getDeployment();
    final AuthorizationManager authorizationManager = deployment.getDeploymentInfo().getAuthorizationManager();
    return authorizationManager.isUserInRole(role, account, servlet.getManagedServlet().getServletInfo(), this, deployment);
}
 
Example #16
Source File: HttpServletRequestImpl.java    From quarkus-http with Apache License 2.0 5 votes vote down vote up
@Override
public void logout() throws ServletException {
    SecurityContext sc = exchange.getSecurityContext();
    sc.logout();
    if (servletContext.getDeployment().getDeploymentInfo().isInvalidateSessionOnLogout()) {
        HttpSession session = getSession(false);
        if (session != null) {
            session.invalidate();
        }
    }
}
 
Example #17
Source File: HttpServletRequestImpl.java    From quarkus-http with Apache License 2.0 5 votes vote down vote up
@Override
public Principal getUserPrincipal() {
    SecurityContext securityContext = exchange.getSecurityContext();
    Principal result = null;
    Account account = null;
    if (securityContext != null && (account = securityContext.getAuthenticatedAccount()) != null) {
        result = account.getPrincipal();
    }
    return result;
}
 
Example #18
Source File: SecurityContextFactoryImpl.java    From quarkus-http with Apache License 2.0 5 votes vote down vote up
@Override
public SecurityContext createSecurityContext(final HttpServerExchange exchange, final AuthenticationMode mode,
    final IdentityManager identityManager, final String programmaticMechName) {
    SecurityContextImpl securityContext = SecurityActions.createSecurityContextImpl(exchange, mode, identityManager);
    if (programmaticMechName != null)
        securityContext.setProgramaticMechName(programmaticMechName);
    return securityContext;
}
 
Example #19
Source File: AuthenticationMechanismsHandler.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
@Override
public void handleRequest(final HttpServerExchange exchange) throws Exception {
    final SecurityContext sc = exchange.getSecurityContext();
    if(sc != null && sc instanceof AuthenticationMechanismContext) {
        AuthenticationMechanismContext amc = (AuthenticationMechanismContext) sc;
        for(int i = 0; i < authenticationMechanisms.length; ++i) {
            amc.addAuthenticationMechanism(authenticationMechanisms[i]);
        }
    }
    next.handleRequest(exchange);
}
 
Example #20
Source File: ClientCertAuthenticationMechanism.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
public AuthenticationMechanismOutcome authenticate(final HttpServerExchange exchange, final SecurityContext securityContext) {
    SSLSessionInfo sslSession = exchange.getConnection().getSslSessionInfo();
    if (sslSession != null) {
        try {
            Certificate[] clientCerts = getPeerCertificates(exchange, sslSession, securityContext);
            if (clientCerts[0] instanceof X509Certificate) {
                Credential credential = new X509CertificateCredential((X509Certificate) clientCerts[0]);

                IdentityManager idm = getIdentityManager(securityContext);
                Account account = idm.verify(credential);
                if (account != null) {
                    securityContext.authenticationComplete(account, name, false);
                    return AuthenticationMechanismOutcome.AUTHENTICATED;
                }
            }
        } catch (SSLPeerUnverifiedException e) {
            // No action - this mechanism can not attempt authentication without peer certificates so allow it to drop out
            // to NOT_ATTEMPTED.
        }
    }

    /*
     * For ClientCert we do not have a concept of a failed authentication, if the client did use a key then it was deemed
     * acceptable for the connection to be established, this mechanism then just 'attempts' to use it for authentication but
     * does not mandate success.
     */

    return AuthenticationMechanismOutcome.NOT_ATTEMPTED;
}
 
Example #21
Source File: BasicAuthenticationMechanism.java    From quarkus-http with Apache License 2.0 5 votes vote down vote up
@Override
public ChallengeResult sendChallenge(HttpServerExchange exchange, SecurityContext securityContext) {
    if(silent) {
        //if this is silent we only send a challenge if the request contained auth headers
        //otherwise we assume another method will send the challenge
        String authHeader = exchange.getRequestHeader(AUTHORIZATION);
        if(authHeader == null) {
            return ChallengeResult.NOT_SENT;
        }
    }
    exchange.addResponseHeader(WWW_AUTHENTICATE, challenge);
    UndertowLogger.SECURITY_LOGGER.debugf("Sending basic auth challenge %s for %s", challenge, exchange);
    return new ChallengeResult(true, UNAUTHORIZED);
}
 
Example #22
Source File: ClientCertAuthenticationMechanism.java    From quarkus-http with Apache License 2.0 5 votes vote down vote up
public AuthenticationMechanismOutcome authenticate(final HttpServerExchange exchange, final SecurityContext securityContext) {
    SSLSessionInfo sslSession = exchange.getSslSessionInfo();
    if (sslSession != null) {
        try {
            Certificate[] clientCerts = getPeerCertificates(exchange, sslSession, securityContext);
            if (clientCerts[0] instanceof X509Certificate) {
                Credential credential = new X509CertificateCredential((X509Certificate) clientCerts[0]);

                IdentityManager idm = getIdentityManager(securityContext);
                Account account = idm.verify(credential);
                if (account != null) {
                    securityContext.authenticationComplete(account, name, false);
                    return AuthenticationMechanismOutcome.AUTHENTICATED;
                }
            }
        } catch (SSLPeerUnverifiedException e) {
            // No action - this mechanism can not attempt authentication without peer certificates so allow it to drop out
            // to NOT_ATTEMPTED.
        }
    }

    /*
     * For ClientCert we do not have a concept of a failed authentication, if the client did use a key then it was deemed
     * acceptable for the connection to be established, this mechanism then just 'attempts' to use it for authentication but
     * does not mandate success.
     */

    return AuthenticationMechanismOutcome.NOT_ATTEMPTED;
}
 
Example #23
Source File: DigestAuthenticationMechanism.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
@Override
public ChallengeResult sendChallenge(final HttpServerExchange exchange, final SecurityContext securityContext) {
    DigestContext context = exchange.getAttachment(DigestContext.ATTACHMENT_KEY);
    boolean stale = context == null ? false : context.isStale();

    StringBuilder rb = new StringBuilder(DIGEST_PREFIX);
    rb.append(Headers.REALM.toString()).append("=\"").append(realmName).append("\",");
    rb.append(Headers.DOMAIN.toString()).append("=\"").append(domain).append("\",");
    // based on security constraints.
    rb.append(Headers.NONCE.toString()).append("=\"").append(nonceManager.nextNonce(null, exchange)).append("\",");
    // Not currently using OPAQUE as it offers no integrity, used for session data leaves it vulnerable to
    // session fixation type issues as well.
    rb.append(Headers.OPAQUE.toString()).append("=\"00000000000000000000000000000000\"");
    if (stale) {
        rb.append(",stale=true");
    }
    if (supportedAlgorithms.size() > 0) {
        // This header will need to be repeated once for each algorithm.
        rb.append(",").append(Headers.ALGORITHM.toString()).append("=%s");
    }
    if (qopString != null) {
        rb.append(",").append(Headers.QOP.toString()).append("=\"").append(qopString).append("\"");
    }

    String theChallenge = rb.toString();
    HeaderMap responseHeader = exchange.getResponseHeaders();
    if (supportedAlgorithms.isEmpty()) {
        responseHeader.add(WWW_AUTHENTICATE, theChallenge);
    } else {
        for (DigestAlgorithm current : supportedAlgorithms) {
            responseHeader.add(WWW_AUTHENTICATE, String.format(theChallenge, current.getToken()));
        }
    }

    return new ChallengeResult(true, UNAUTHORIZED);
}
 
Example #24
Source File: DigestAuthenticationMechanism.java    From quarkus-http with Apache License 2.0 5 votes vote down vote up
public AuthenticationMechanismOutcome authenticate(final HttpServerExchange exchange,
                                                   final SecurityContext securityContext) {
    List<String> authHeaders = exchange.getRequestHeaders(AUTHORIZATION);
    if (authHeaders != null) {
        for (String current : authHeaders) {
            if (current.startsWith(DIGEST_PREFIX)) {
                String digestChallenge = current.substring(PREFIX_LENGTH);

                try {
                    DigestContext context = new DigestContext();
                    Map<DigestAuthorizationToken, String> parsedHeader = parseHeader(digestChallenge);
                    context.setMethod(exchange.getRequestMethod());
                    context.setParsedHeader(parsedHeader);
                    // Some form of Digest authentication is going to occur so get the DigestContext set on the exchange.
                    exchange.putAttachment(DigestContext.ATTACHMENT_KEY, context);

                    UndertowLogger.SECURITY_LOGGER.debugf("Found digest header %s in %s", current, exchange);

                    return handleDigestHeader(exchange, securityContext);
                } catch (Exception e) {
                    e.printStackTrace();
                }
            }

            // By this point we had a header we should have been able to verify but for some reason
            // it was not correctly structured.
            return AuthenticationMechanismOutcome.NOT_AUTHENTICATED;
        }
    }

    // No suitable header has been found in this request,
    return AuthenticationMechanismOutcome.NOT_ATTEMPTED;
}
 
Example #25
Source File: DigestAuthenticationMechanism.java    From quarkus-http with Apache License 2.0 5 votes vote down vote up
@Override
public ChallengeResult sendChallenge(final HttpServerExchange exchange, final SecurityContext securityContext) {
    DigestContext context = exchange.getAttachment(DigestContext.ATTACHMENT_KEY);
    boolean stale = context == null ? false : context.isStale();

    StringBuilder rb = new StringBuilder(DIGEST_PREFIX);
    rb.append(HttpHeaderNames.REALM.toString()).append("=\"").append(realmName).append("\",");
    rb.append(HttpHeaderNames.DOMAIN.toString()).append("=\"").append(domain).append("\",");
    // based on security constraints.
    rb.append(HttpHeaderNames.NONCE.toString()).append("=\"").append(nonceManager.nextNonce(null, exchange)).append("\",");
    // Not currently using OPAQUE as it offers no integrity, used for session data leaves it vulnerable to
    // session fixation type issues as well.
    rb.append(HttpHeaderNames.OPAQUE.toString()).append("=\"00000000000000000000000000000000\"");
    if (stale) {
        rb.append(",stale=true");
    }
    if (supportedAlgorithms.size() > 0) {
        // This header will need to be repeated once for each algorithm.
        rb.append(",").append(HttpHeaderNames.ALGORITHM.toString()).append("=%s");
    }
    if (qopString != null) {
        rb.append(",").append(HttpHeaderNames.QOP.toString()).append("=\"").append(qopString).append("\"");
    }

    String theChallenge = rb.toString();
    if (supportedAlgorithms.isEmpty()) {
        exchange.addResponseHeader(WWW_AUTHENTICATE, theChallenge);
    } else {
        for (DigestAlgorithm current : supportedAlgorithms) {
            exchange.addResponseHeader(WWW_AUTHENTICATE, String.format(theChallenge, current.getToken()));
        }
    }

    return new ChallengeResult(true, UNAUTHORIZED);
}
 
Example #26
Source File: AuthenticationTypeExchangeAttribute.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
@Override
public String readAttribute(HttpServerExchange exchange) {
    SecurityContext sc = exchange.getSecurityContext();
    if(sc == null) {
        return null;
    }
    return sc.getMechanismName();
}
 
Example #27
Source File: CachedAuthenticatedSessionHandler.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
@Override
public void handleRequest(HttpServerExchange exchange) throws Exception {
    SecurityContext securityContext = exchange.getSecurityContext();
    securityContext.registerNotificationReceiver(NOTIFICATION_RECEIVER);

    HttpSession session = servletContext.getSession(exchange, false);
    // If there was no existing HttpSession then there could not be a cached AuthenticatedSession so don't bother setting
    // the AuthenticatedSessionManager.
    if (session != null) {
        exchange.putAttachment(AuthenticatedSessionManager.ATTACHMENT_KEY, SESSION_MANAGER);
        SavedRequest.tryRestoreRequest(exchange, session); //not sure if this is where it belongs
    }

    next.handleRequest(exchange);
}
 
Example #28
Source File: AuthenticationTypeExchangeAttribute.java    From quarkus-http with Apache License 2.0 5 votes vote down vote up
@Override
public String readAttribute(HttpServerExchange exchange) {
    SecurityContext sc = exchange.getSecurityContext();
    if(sc == null) {
        return null;
    }
    return sc.getMechanismName();
}
 
Example #29
Source File: JDBCLogHandler.java    From quarkus-http with Apache License 2.0 5 votes vote down vote up
public void logMessage(String pattern, HttpServerExchange exchange) {
    JDBCLogAttribute jdbcLogAttribute = new JDBCLogAttribute();

    if (pattern.equals("combined")) {
        jdbcLogAttribute.pattern = pattern;
    }
    jdbcLogAttribute.remoteHost = ((InetSocketAddress) exchange.getSourceAddress()).getAddress().getHostAddress();
    SecurityContext sc = exchange.getSecurityContext();
    if (sc == null || !sc.isAuthenticated()) {
        jdbcLogAttribute.user = null;
    } else {
        jdbcLogAttribute.user = sc.getAuthenticatedAccount().getPrincipal().getName();
    }
    jdbcLogAttribute.query = exchange.getQueryString();

    jdbcLogAttribute.bytes = exchange.getResponseContentLength();
    if (jdbcLogAttribute.bytes < 0) {
        jdbcLogAttribute.bytes = 0;
    }

    jdbcLogAttribute.status = exchange.getStatusCode();

    if (jdbcLogAttribute.pattern.equals("combined")) {
        jdbcLogAttribute.virtualHost = exchange.getRequestHeader(HttpHeaderNames.HOST);
        jdbcLogAttribute.method = exchange.getRequestMethod();
        jdbcLogAttribute.referer = exchange.getRequestHeader(HttpHeaderNames.REFERER);
        jdbcLogAttribute.userAgent = exchange.getRequestHeader(HttpHeaderNames.USER_AGENT);
    }

    this.pendingMessages.add(jdbcLogAttribute);
    int state = stateUpdater.get(this);
    if (state == 0) {
        if (stateUpdater.compareAndSet(this, 0, 1)) {
            this.executor = exchange.getWorker();
            this.executor.execute(this);
        }
    }
}
 
Example #30
Source File: SecurityContextFactoryImpl.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
@Override
public SecurityContext createSecurityContext(final HttpServerExchange exchange, final AuthenticationMode mode,
    final IdentityManager identityManager, final String programmaticMechName) {
    SecurityContextImpl securityContext = SecurityActions.createSecurityContextImpl(exchange, mode, identityManager);
    if (programmaticMechName != null)
        securityContext.setProgramaticMechName(programmaticMechName);
    return securityContext;
}