org.apache.catalina.connector.Request Java Examples

The following examples show how to use org.apache.catalina.connector.Request. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: SessionFlushValve.java    From session-managers with Apache License 2.0 6 votes vote down vote up
@Override
public void invoke(final Request request, final Response response) {
    this.lockTemplate.withReadLock(new LockTemplate.LockedOperation<Void>() {

        @Override
        public Void invoke() throws IOException, ServletException {
            try {
                SessionFlushValve.this.next.invoke(request, response);
            } finally {
                Session session = request.getSessionInternal(false);
                if (session != null && session.isValid()) {
                    SessionFlushValve.this.store.save(session);
                }
            }

            return null;
        }

    });

}
 
Example #2
Source File: AccessLogValve.java    From tomcatsrc with Apache License 2.0 6 votes vote down vote up
@Override
public void addElement(StringBuilder buf, Date date, Request request,
        Response response, long time) {
    Object value = null;
    if (request != null) {
        value = request.getAttribute(header);
    } else {
        value = "??";
    }
    if (value != null) {
        if (value instanceof String) {
            buf.append((String) value);
        } else {
            buf.append(value.toString());
        }
    } else {
        buf.append('-');
    }
}
 
Example #3
Source File: AuthenticatorBase.java    From Tomcat8-Source-Read with MIT License 6 votes vote down vote up
/**
 * Look for the X509 certificate chain in the Request under the key
 * <code>javax.servlet.request.X509Certificate</code>. If not found, trigger
 * extracting the certificate chain from the Coyote request.
 *
 * @param request
 *            Request to be processed
 *
 * @return The X509 certificate chain if found, <code>null</code> otherwise.
 */
protected X509Certificate[] getRequestCertificates(final Request request)
        throws IllegalStateException {

    X509Certificate certs[] =
            (X509Certificate[]) request.getAttribute(Globals.CERTIFICATES_ATTR);

    if ((certs == null) || (certs.length < 1)) {
        try {
            request.getCoyoteRequest().action(ActionCode.REQ_SSL_CERTIFICATE, null);
            certs = (X509Certificate[]) request.getAttribute(Globals.CERTIFICATES_ATTR);
        } catch (IllegalStateException ise) {
            // Request body was too large for save buffer
            // Return null which will trigger an auth failure
        }
    }

    return certs;
}
 
Example #4
Source File: AbstractAccessLogValve.java    From Tomcat8-Source-Read with MIT License 6 votes vote down vote up
@Override
public void addElement(CharArrayWriter buf, Date date, Request request,
        Response response, long time) {
    if (millis) {
        buf.append(Long.toString(time));
    } else {
        // second
        buf.append(Long.toString(time / 1000));
        buf.append('.');
        int remains = (int) (time % 1000);
        buf.append(Long.toString(remains / 100));
        remains = remains % 100;
        buf.append(Long.toString(remains / 10));
        buf.append(Long.toString(remains % 10));
    }
}
 
Example #5
Source File: WebappAuthenticationValve.java    From carbon-device-mgt with Apache License 2.0 6 votes vote down vote up
private void processRequest(Request request, Response response, CompositeValve compositeValve,
                            AuthenticationInfo authenticationInfo) {
    switch (authenticationInfo.getStatus()) {
    case SUCCESS:
    case CONTINUE:
        this.getNext().invoke(request, response, compositeValve);
        break;
    case FAILURE:
        String msg = "Failed to authorize incoming request";
        if (authenticationInfo.getMessage() != null && !authenticationInfo.getMessage().isEmpty()) {
            msg = authenticationInfo.getMessage();
            response.setHeader("WWW-Authenticate", "Basic");
        }

        if (log.isDebugEnabled()) {
            log.debug(msg + " , API : " + Encode.forUriComponent(request.getRequestURI()));
        }
        AuthenticationFrameworkUtil.handleResponse(request, response, HttpServletResponse.SC_UNAUTHORIZED, msg);
        break;
    }
}
 
Example #6
Source File: AuthenticationFrameworkUtil.java    From carbon-device-mgt with Apache License 2.0 6 votes vote down vote up
static void handleResponse(Request request, Response response, int statusCode, String payload) {
    response.setStatus(statusCode);
    String targetResponseContentType =
            request.getHeader(Constants.HTTPHeaders.HEADER_HTTP_ACCEPT);
    if (targetResponseContentType != null && !"".equals(targetResponseContentType) &&
            !Constants.ContentTypes.CONTENT_TYPE_ANY.equals(targetResponseContentType)) {
        response.setContentType(targetResponseContentType);
    } else {
        response.setContentType(Constants.ContentTypes.CONTENT_TYPE_APPLICATION_XML);
    }
    response.setCharacterEncoding("UTF-8");
    try {
        response.getWriter().write(payload);
    } catch (IOException e) {
        log.error("Error occurred while sending faulty response back to the client", e);
    }
}
 
Example #7
Source File: RedisSessionRequestValve.java    From redis-session-manager with Apache License 2.0 6 votes vote down vote up
@Override
public void invoke(Request request, Response response) throws IOException, ServletException {
    Context context = request.getContext();
    if (context == null) {
        response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, sm.getString("standardHost.noContext"));
        return;
    }
    Thread.currentThread().setContextClassLoader(context.getLoader().getClassLoader());

    boolean processed = false;
    try {
        if (ignorePattern == null || !ignorePattern.matcher(request.getRequestURI()).matches()) {
            processed = true;
            if (log.isTraceEnabled()) {
                log.trace("Will save to redis after request for [" + getQueryString(request) + "]");
            }
        } else {
            if (log.isTraceEnabled()) {
                log.trace("Ignoring [" + getQueryString(request) + "]");
            }
        }
        getNext().invoke(request, response);
    } finally {
        manager.afterRequest(processed);
    }
}
 
Example #8
Source File: JvmRouteBinderValve.java    From tomcatsrc with Apache License 2.0 6 votes vote down vote up
/**
 * Detect possible the JVMRoute change at cluster backup node..
 * 
 * @param request
 *            tomcat request being processed
 * @param response
 *            tomcat response being processed
 * @exception IOException
 *                if an input/output error has occurred
 * @exception ServletException
 *                if a servlet error has occurred
 */
@Override
public void invoke(Request request, Response response) throws IOException,
        ServletException {

     if (getEnabled() &&
             request.getContext() != null &&
             request.getContext().getDistributable() &&
             !request.isAsyncDispatching()) {
         // valve cluster can access manager - other cluster handle turnover 
         // at host level - hopefully!
         Manager manager = request.getContext().getManager();

         if (manager != null && (
                 (manager instanceof ClusterManager
                   && getCluster() != null
                   && getCluster().getManager(((ClusterManager)manager).getName()) != null)
                 ||
                 (manager instanceof PersistentManager)))
             handlePossibleTurnover(request);
    }
    // Pass this request on to the next valve in our pipeline
    getNext().invoke(request, response);
}
 
Example #9
Source File: JvmRouteBinderValve.java    From Tomcat8-Source-Read with MIT License 6 votes vote down vote up
/**
 * handle possible session turn over.
 *
 * @see JvmRouteBinderValve#handleJvmRoute(Request, String, String)
 * @param request current request
 */
protected void handlePossibleTurnover(Request request) {
    String sessionID = request.getRequestedSessionId() ;
    if (sessionID != null) {
        long t1 = System.currentTimeMillis();
        String jvmRoute = getLocalJvmRoute(request);
        if (jvmRoute == null) {
            if (log.isDebugEnabled()) {
                log.debug(sm.getString("jvmRoute.missingJvmRouteAttribute"));
            }
            return;
        }
        handleJvmRoute( request, sessionID, jvmRoute);
        if (log.isDebugEnabled()) {
            long t2 = System.currentTimeMillis();
            long time = t2 - t1;
            log.debug(sm.getString("jvmRoute.turnoverInfo", Long.valueOf(time)));
        }
    }
}
 
Example #10
Source File: CdiEventRealm.java    From tomee with Apache License 2.0 5 votes vote down vote up
@Override
public SecurityConstraint[] findSecurityConstraints(final Request request, final Context context) {
    final SecurityConstraint[] sc = super.findSecurityConstraints(request, context);

    if (beanManager() == null) {
        return sc;
    }

    final FindSecurityConstraintsEvent event = new FindSecurityConstraintsEvent(request.getRequest(), context.getPath());
    beanManager().fireEvent(event);

    if (!event.getRoles().isEmpty()) {
        final SecurityConstraint s = new SecurityConstraint();
        final SecurityCollection collection = new SecurityCollection();

        collection.addPattern("/*"); // only for the current request
        collection.addMethod(request.getMethod());
        s.addCollection(collection);

        if (event.getUserConstraint() != null) {
            s.setUserConstraint(event.getUserConstraint());
        }

        for(final String r: event.getRoles()) {
            s.addAuthRole(r);
        }

        return new SecurityConstraint[] { s };
    }

    return sc;
}
 
Example #11
Source File: AccessLogValve.java    From tomcatsrc with Apache License 2.0 5 votes vote down vote up
@Override
public void addElement(StringBuilder buf, Date date, Request request,
        Response response, long time) {
    if (request == null) {
        buf.append('-');
    } else {
        Session session = request.getSessionInternal(false);
        if (session == null) {
            buf.append('-');
        } else {
            buf.append(session.getIdInternal());
        }
    }
}
 
Example #12
Source File: AbstractAccessLogValve.java    From Tomcat8-Source-Read with MIT License 5 votes vote down vote up
@Override
public void addElement(CharArrayWriter buf, Date date, Request request,
        Response response, long time) {
    if (request != null) {
        String value = request.getRemoteUser();
        if (value != null) {
            buf.append(value);
        } else {
            buf.append('-');
        }
    } else {
        buf.append('-');
    }
}
 
Example #13
Source File: OpenEJBSecurityListener.java    From tomee with Apache License 2.0 5 votes vote down vote up
@Override
public void invoke(final Request request, final Response response) throws IOException, ServletException {
    requests.set(request);
    try {
        getNext().invoke(request, response);
    } finally {
        requests.remove();
    }
}
 
Example #14
Source File: TestRemoteIpValve.java    From Tomcat8-Source-Read with MIT License 5 votes vote down vote up
@Test
public void testInvokeUntrustedProxyInTheChain() throws Exception {
    // PREPARE
    RemoteIpValve remoteIpValve = new RemoteIpValve();
    remoteIpValve.setInternalProxies("192\\.168\\.0\\.10|192\\.168\\.0\\.11");
    remoteIpValve.setTrustedProxies("proxy1|proxy2|proxy3");
    remoteIpValve.setRemoteIpHeader("x-forwarded-for");
    remoteIpValve.setProxiesHeader("x-forwarded-by");
    RemoteAddrAndHostTrackerValve remoteAddrAndHostTrackerValve = new RemoteAddrAndHostTrackerValve();
    remoteIpValve.setNext(remoteAddrAndHostTrackerValve);

    Request request = new MockRequest();
    request.setCoyoteRequest(new org.apache.coyote.Request());
    request.setRemoteAddr("192.168.0.10");
    request.setRemoteHost("remote-host-original-value");
    request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-for")
        .setString("140.211.11.130, proxy1, untrusted-proxy, proxy2");

    // TEST
    remoteIpValve.invoke(request, null);

    // VERIFY
    String actualXForwardedFor = remoteAddrAndHostTrackerValve.getForwardedFor();
    Assert.assertEquals("ip/host before untrusted-proxy must appear in x-forwarded-for", "140.211.11.130, proxy1", actualXForwardedFor);

    String actualXForwardedBy = remoteAddrAndHostTrackerValve.getForwardedBy();
    Assert.assertEquals("ip/host after untrusted-proxy must appear in  x-forwarded-by", "proxy2", actualXForwardedBy);

    String actualRemoteAddr = remoteAddrAndHostTrackerValve.getRemoteAddr();
    Assert.assertEquals("remoteAddr", "untrusted-proxy", actualRemoteAddr);

    String actualRemoteHost = remoteAddrAndHostTrackerValve.getRemoteHost();
    Assert.assertEquals("remoteHost", "untrusted-proxy", actualRemoteHost);

    String actualPostInvokeRemoteAddr = request.getRemoteAddr();
    Assert.assertEquals("postInvoke remoteAddr", "192.168.0.10", actualPostInvokeRemoteAddr);

    String actualPostInvokeRemoteHost = request.getRemoteHost();
    Assert.assertEquals("postInvoke remoteAddr", "remote-host-original-value", actualPostInvokeRemoteHost);
}
 
Example #15
Source File: AccessLogValve.java    From tomcatsrc with Apache License 2.0 5 votes vote down vote up
@Override
public void addElement(StringBuilder buf, Date date, Request request,
        Response response, long time) {
    if (requestAttributesEnabled) {
        Object addr = request.getAttribute(REMOTE_ADDR_ATTRIBUTE);
        if (addr == null) {
            buf.append(request.getRemoteAddr());
        } else {
            buf.append(addr);
        }
    } else {
        buf.append(request.getRemoteAddr());
    }
}
 
Example #16
Source File: AuthenticatorBase.java    From Tomcat7.0.67 with Apache License 2.0 5 votes vote down vote up
/**
 * Attempts reauthentication to the <code>Realm</code> using
 * the credentials included in argument <code>entry</code>.
 *
 * @param ssoId identifier of SingleSignOn session with which the
 *              caller is associated
 * @param request   the request that needs to be authenticated
 */
protected boolean reauthenticateFromSSO(String ssoId, Request request) {

    if (sso == null || ssoId == null)
        return false;

    boolean reauthenticated = false;

    Container parent = getContainer();
    if (parent != null) {
        Realm realm = parent.getRealm();
        if (realm != null) {
            reauthenticated = sso.reauthenticate(ssoId, realm, request);
        }
    }

    if (reauthenticated) {
        associate(ssoId, request.getSessionInternal(true));

        if (log.isDebugEnabled()) {
            log.debug(" Reauthenticated cached principal '" +
                      request.getUserPrincipal().getName() +
                      "' with auth type '" +  request.getAuthType() + "'");
        }
    }

    return reauthenticated;
}
 
Example #17
Source File: TestCometProcessor.java    From Tomcat7.0.67 with Apache License 2.0 5 votes vote down vote up
@Override
public void invoke(Request request, Response response)
        throws IOException, ServletException {

    CometEventImpl event = new CometEventImpl(request, response);

    getNext().invoke(request, response);

    if (request.isComet()) {
        Thread t = new AsyncCometCloseThread(event);
        t.start();
    }
}
 
Example #18
Source File: DigestAuthenticator.java    From Tomcat7.0.67 with Apache License 2.0 5 votes vote down vote up
/**
 * Generate a unique token. The token is generated according to the
 * following pattern. NOnceToken = Base64 ( MD5 ( client-IP ":"
 * time-stamp ":" private-key ) ).
 *
 * @param request HTTP Servlet request
 */
protected String generateNonce(Request request) {

    long currentTime = System.currentTimeMillis();

    synchronized (lastTimestampLock) {
        if (currentTime > lastTimestamp) {
            lastTimestamp = currentTime;
        } else {
            currentTime = ++lastTimestamp;
        }
    }

    String ipTimeKey =
        request.getRemoteAddr() + ":" + currentTime + ":" + getKey();

    byte[] buffer = ConcurrentMessageDigest.digestMD5(
            ipTimeKey.getBytes(B2CConverter.ISO_8859_1));
    String nonce = currentTime + ":" + MD5Encoder.encode(buffer);

    NonceInfo info = new NonceInfo(currentTime, getNonceCountWindowSize());
    synchronized (nonces) {
        nonces.put(nonce, info);
    }

    return nonce;
}
 
Example #19
Source File: AccessLogValve.java    From tomcatsrc with Apache License 2.0 5 votes vote down vote up
@Override
public void addElement(StringBuilder buf, Date date, Request request,
        Response response, long time) {
    long commitTime = response.getCoyoteResponse().getCommitTime();
    if (commitTime == -1) {
        buf.append('-');
    } else {
        long delta =
                commitTime - request.getCoyoteRequest().getStartTime();
        buf.append(Long.toString(delta));
    }
}
 
Example #20
Source File: TestMimeHeadersIntegration.java    From Tomcat8-Source-Read with MIT License 5 votes vote down vote up
@Override
public void log(Request request, Response response, long time) {
    super.log(request, response, time);
    try {
        MimeHeaders mh = request.getCoyoteRequest().getMimeHeaders();
        Field headersArrayField = MimeHeaders.class
                .getDeclaredField("headers");
        headersArrayField.setAccessible(true);
        arraySize = ((Object[]) headersArrayField.get(mh)).length;
    } catch (Exception ex) {
        Assert.assertNull(ex.getMessage(), ex);
    }
}
 
Example #21
Source File: AccessLogValve.java    From tomcatsrc with Apache License 2.0 5 votes vote down vote up
@Override
public void addElement(StringBuilder buf, Date date, Request request,
        Response response, long time) {
    if (request != null) {
        String value = request.getRemoteUser();
        if (value != null) {
            buf.append(value);
        } else {
            buf.append('-');
        }
    } else {
        buf.append('-');
    }
}
 
Example #22
Source File: JvmRouteBinderValve.java    From tomcatsrc with Apache License 2.0 5 votes vote down vote up
/**
 * Change Request Session id
 * @param request current request
 * @param sessionId
 *            original session id
 * @param newSessionID
 *            new session id for node migration
 */
protected void changeRequestSessionID(Request request, String sessionId, String newSessionID) {
    request.changeSessionId(newSessionID);

    // set original sessionid at request, to allow application detect the
    // change
    if (sessionIdAttribute != null && !"".equals(sessionIdAttribute)) {
        if (log.isDebugEnabled()) {
            log.debug(sm.getString("jvmRoute.set.orignalsessionid",sessionIdAttribute,sessionId));
        }
        request.setAttribute(sessionIdAttribute, sessionId);
    }
}
 
Example #23
Source File: AbstractAccessLogValve.java    From Tomcat8-Source-Read with MIT License 5 votes vote down vote up
@Override
public void addElement(CharArrayWriter buf, Date date, Request request,
        Response response, long time) {
    if (requestAttributesEnabled) {
        Object proto = request.getAttribute(PROTOCOL_ATTRIBUTE);
        if (proto == null) {
            buf.append(request.getProtocol());
        } else {
            buf.append(proto.toString());
        }
    } else {
        buf.append(request.getProtocol());
    }
}
 
Example #24
Source File: BSTAuthenticatorTest.java    From carbon-device-mgt with Apache License 2.0 5 votes vote down vote up
@Test(description = "This test case tests the canHandle method of the BSTAuthenticator under missing soap headers")
public void testCanHandleWithMissingHeaders() throws IOException, IllegalAccessException {
    Request request = createSoapRequest("WrongBST1.xml");
    Assert.assertFalse(bstAuthenticator.canHandle(request),
            "BST Authenticator can handle a request with missing headers ");
    request = createSoapRequest("WrongBST2.xml");
    Assert.assertFalse(bstAuthenticator.canHandle(request),
            "BST Authenticator can handle a request with missing headers ");
}
 
Example #25
Source File: TestRemoteIpValve.java    From Tomcat7.0.67 with Apache License 2.0 5 votes vote down vote up
@Test
public void testInvokeAllProxiesAreTrusted() throws Exception {

    // PREPARE
    RemoteIpValve remoteIpValve = new RemoteIpValve();
    remoteIpValve.setInternalProxies("192\\.168\\.0\\.10|192\\.168\\.0\\.11");
    remoteIpValve.setTrustedProxies("proxy1|proxy2|proxy3");
    remoteIpValve.setRemoteIpHeader("x-forwarded-for");
    remoteIpValve.setProxiesHeader("x-forwarded-by");
    RemoteAddrAndHostTrackerValve remoteAddrAndHostTrackerValve = new RemoteAddrAndHostTrackerValve();
    remoteIpValve.setNext(remoteAddrAndHostTrackerValve);

    Request request = new MockRequest();
    request.setCoyoteRequest(new org.apache.coyote.Request());
    request.setRemoteAddr("192.168.0.10");
    request.setRemoteHost("remote-host-original-value");
    request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-for").setString("140.211.11.130, proxy1, proxy2");

    // TEST
    remoteIpValve.invoke(request, null);

    // VERIFY
    String actualXForwardedFor = request.getHeader("x-forwarded-for");
    assertNull("all proxies are trusted, x-forwarded-for must be null", actualXForwardedFor);

    String actualXForwardedBy = request.getHeader("x-forwarded-by");
    assertEquals("all proxies are trusted, they must appear in x-forwarded-by", "proxy1, proxy2", actualXForwardedBy);

    String actualRemoteAddr = remoteAddrAndHostTrackerValve.getRemoteAddr();
    assertEquals("remoteAddr", "140.211.11.130", actualRemoteAddr);

    String actualRemoteHost = remoteAddrAndHostTrackerValve.getRemoteHost();
    assertEquals("remoteHost", "140.211.11.130", actualRemoteHost);

    String actualPostInvokeRemoteAddr = request.getRemoteAddr();
    assertEquals("postInvoke remoteAddr", "192.168.0.10", actualPostInvokeRemoteAddr);

    String actualPostInvokeRemoteHost = request.getRemoteHost();
    assertEquals("postInvoke remoteAddr", "remote-host-original-value", actualPostInvokeRemoteHost);
}
 
Example #26
Source File: AccessLogValve.java    From Tomcat7.0.67 with Apache License 2.0 5 votes vote down vote up
@Override
public void addElement(StringBuilder buf, Date date, Request request,
        Response response, long time) {
    if (requestAttributesEnabled) {
        Object addr = request.getAttribute(REMOTE_ADDR_ATTRIBUTE);
        if (addr == null) {
            buf.append(request.getRemoteAddr());
        } else {
            buf.append(addr);
        }
    } else {
        buf.append(request.getRemoteAddr());
    }
}
 
Example #27
Source File: SemaphoreValve.java    From tomcatsrc with Apache License 2.0 5 votes vote down vote up
/**
 * Do concurrency control on the request using the semaphore.
 *
 * @param request The servlet request to be processed
 * @param response The servlet response to be created
 *
 * @exception IOException if an input/output error occurs
 * @exception ServletException if a servlet error occurs
 */
@Override
public void invoke(Request request, Response response)
    throws IOException, ServletException {

    if (controlConcurrency(request, response)) {
        boolean shouldRelease = true;
        try {
            if (block) {
                if (interruptible) {
                    try {
                        semaphore.acquire();
                    } catch (InterruptedException e) {
                        shouldRelease = false;
                        permitDenied(request, response);
                        return;
                    }
                } else {
                    semaphore.acquireUninterruptibly();
                }
            } else {
                if (!semaphore.tryAcquire()) {
                    shouldRelease = false;
                    permitDenied(request, response);
                    return;
                }
            }
            getNext().invoke(request, response);
        } finally {
            if (shouldRelease) {
                semaphore.release();
            }
        }
    } else {
        getNext().invoke(request, response);
    }

}
 
Example #28
Source File: ApplicationDispatcher.java    From tomcatsrc with Apache License 2.0 5 votes vote down vote up
/**
 * Unwrap the request if we have wrapped it.
 */
private void unwrapRequest(State state) {

    if (state.wrapRequest == null)
        return;

    if (state.outerRequest.isAsyncStarted()) {
        if (!state.outerRequest.getAsyncContext().hasOriginalRequestAndResponse()) {
            return;
        }
    }

    ServletRequest previous = null;
    ServletRequest current = state.outerRequest;
    while (current != null) {

        // If we run into the container request we are done
        if ((current instanceof Request)
            || (current instanceof RequestFacade))
            break;

        // Remove the current request if it is our wrapper
        if (current == state.wrapRequest) {
            ServletRequest next =
              ((ServletRequestWrapper) current).getRequest();
            if (previous == null)
                state.outerRequest = next;
            else
                ((ServletRequestWrapper) previous).setRequest(next);
            break;
        }

        // Advance to the next request in the chain
        previous = current;
        current = ((ServletRequestWrapper) current).getRequest();

    }

}
 
Example #29
Source File: RemoteHostValve.java    From Tomcat8-Source-Read with MIT License 5 votes vote down vote up
@Override
public void invoke(Request request, Response response) throws IOException, ServletException {
    String property;
    if (getAddConnectorPort()) {
        property = request.getRequest().getRemoteHost() + ";" + request.getConnector().getPort();
    } else {
        property = request.getRequest().getRemoteHost();
    }
    process(property, request, response);
}
 
Example #30
Source File: AbstractSamlAuthenticatorValve.java    From keycloak with Apache License 2.0 5 votes vote down vote up
protected boolean authenticateInternal(Request request, HttpServletResponse response, Object loginConfig) throws IOException {
    log.trace("authenticateInternal");
    CatalinaHttpFacade facade = new CatalinaHttpFacade(response, request);
    SamlDeployment deployment = deploymentContext.resolveDeployment(facade);
    if (deployment == null || !deployment.isConfigured()) {
        log.trace("deployment not configured");
        return false;
    }
    SamlSessionStore tokenStore = getSessionStore(request, facade, deployment);


    SamlAuthenticator authenticator = new CatalinaSamlAuthenticator(facade, deployment, tokenStore);
    return executeAuthenticator(request, response, facade, deployment, authenticator);
}