tomee-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From radcor...@apache.org
Subject [tomee] 35/48: TOMEE-2365 - Actual implementation of the form authentication validation.
Date Wed, 09 Jan 2019 17:26:23 GMT
This is an automated email from the ASF dual-hosted git repository.

radcortez pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomee.git

commit 6121de4d9231b119625f9148455603199139fa46
Author: Roberto Cortez <radcortez@yahoo.com>
AuthorDate: Fri Dec 28 13:11:22 2018 +0000

    TOMEE-2365 - Actual implementation of the form authentication validation.
---
 .../security/cdi/FormAuthenticationMechanism.java  | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/FormAuthenticationMechanism.java
b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/FormAuthenticationMechanism.java
index 8846a7a..f60e7ea 100644
--- a/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/FormAuthenticationMechanism.java
+++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/cdi/FormAuthenticationMechanism.java
@@ -25,8 +25,11 @@ import javax.security.enterprise.AuthenticationStatus;
 import javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism;
 import javax.security.enterprise.authentication.mechanism.http.HttpMessageContext;
 import javax.security.enterprise.authentication.mechanism.http.LoginToContinue;
+import javax.security.enterprise.credential.UsernamePasswordCredential;
+import javax.security.enterprise.identitystore.IdentityStoreHandler;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.HttpMethod;
 import java.util.function.Supplier;
 
 @ApplicationScoped
@@ -34,12 +37,23 @@ import java.util.function.Supplier;
 public class FormAuthenticationMechanism implements HttpAuthenticationMechanism, LoginToContinueMechanism
{
     @Inject
     private Supplier<LoginToContinue> loginToContinue;
+    @Inject
+    private IdentityStoreHandler identityStoreHandler;
 
     @Override
     public AuthenticationStatus validateRequest(final HttpServletRequest request, final HttpServletResponse
response,
                                                 final HttpMessageContext httpMessageContext)
             throws AuthenticationException {
-        throw new UnsupportedOperationException();
+
+        final String username = request.getParameter("j_username");
+        final String password = request.getParameter("j_password");
+
+        if (validateForm(httpMessageContext.getRequest(), username, password)) {
+            return httpMessageContext.notifyContainerAboutLogin(
+                    identityStoreHandler.validate(new UsernamePasswordCredential(username,
password)));
+        }
+
+        return httpMessageContext.doNothing();
     }
 
     @Override
@@ -58,4 +72,10 @@ public class FormAuthenticationMechanism implements HttpAuthenticationMechanism,
     public LoginToContinue getLoginToContinue() {
         return loginToContinue.get();
     }
+
+    private boolean validateForm(final HttpServletRequest request, final String username,
final String password) {
+        return request.getMethod().equals(HttpMethod.POST) &&
+               username != null && !username.isEmpty() &&
+               password != null && !password.isEmpty();
+    }
 }


Mime
View raw message