String ssoId = (String) request.getNote(Constants.REQ_SSOID_NOTE); if (ssoId != null) { getSession(request, true); session = getSession(request, true); if (principal != null) { session.setNote(Constants.FORM_PRINCIPAL_NOTE, principal); if (!matchRequest(request)) { register(request, response, principal, Constants.FORM_METHOD, username, password); if (matchRequest(request)) { session = getSession(request, true); register(request, response, principal, Constants.FORM_METHOD, (String) session.getNote(Constants.SESS_USERNAME_NOTE), (char[]) session.getNote(Constants.SESS_PASSWORD_NOTE)); String ssoId = (String) request.getNote(Constants.REQ_SSOID_NOTE); if (ssoId != null) { associate(ssoId, getSsoVersion(request), session); if (restoreRequest(request, session)) { if (log.isLoggable(Level.FINE)) log.log(Level.FINE, "Proceed to restored request"); session = getSession(request, true);
@Override public void invoke(Request request, Response response) throws IOException, ServletException { try { String requestURI = request.getDecodedRequestURI(); if (requestURI.endsWith("j_oauth_remote_logout")) { remoteLogout(request, response); return; } super.invoke(request, response); } finally { ResteasyProviderFactory.clearContextData(); // to clear push of SkeletonKeySession } }
associate(ssoId, request.getSessionInternal(true)); return (true); if (reauthenticateFromSSO(ssoId, request)) return true; if (principal != null) { session.setNote(Constants.FORM_PRINCIPAL_NOTE, principal); if (!matchRequest(request)) { register(request, response, principal, Constants.FORM_METHOD, username, password); if (matchRequest(request)) { session = request.getSessionInternal(true); if (log.isDebugEnabled()) principal = (Principal) session.getNote(Constants.FORM_PRINCIPAL_NOTE); register(request, response, principal, Constants.FORM_METHOD, (String) session.getNote(Constants.SESS_USERNAME_NOTE), (String) session.getNote(Constants.SESS_PASSWORD_NOTE)); if (restoreRequest(request, session)) { if (log.isDebugEnabled()) log.debug("Proceed to restored request"); log.debug("Save request in session '" + session.getIdInternal() + "'"); try {
if (checkForCachedAuthentication(request, response, true)) { return true; if (principal != null) { session.setNote(Constants.FORM_PRINCIPAL_NOTE, principal); if (!matchRequest(request)) { register(request, response, principal, HttpServletRequest.FORM_AUTH, username, password); if (matchRequest(request)) { session = request.getSessionInternal(true); if (log.isDebugEnabled()) { register(request, response, principal, HttpServletRequest.FORM_AUTH, (String) session.getNote(Constants.SESS_USERNAME_NOTE), (String) session.getNote(Constants.SESS_PASSWORD_NOTE)); if (restoreRequest(request, session)) { if (log.isDebugEnabled()) { log.debug("Proceed to restored request"); saveRequest(request, session); } catch (IOException ioe) { log.debug("Request body too big to save during authentication"); forwardToLoginPage(request, response, config); return false;
super.register(request, response, principal, arg3, arg4, arg5); return;
protected boolean restoreRequest(Request request) throws IOException { Session session = request.getSessionInternal(false); String uri = request.getDecodedRequestURI(); if (session != null && uri != null) { SavedRequest saved = (SavedRequest)session.getNote(SESSION_SAVED_REQUEST_PREFIX + uri); if (saved != null) { session.removeNote(SESSION_SAVED_REQUEST_PREFIX + uri); // cleanup session synchronized (session) { session.setNote(Constants.FORM_REQUEST_NOTE, saved); return super.restoreRequest(request, session); } } } return false; }
@Override protected boolean matchRequest(Request request) { Session session = request.getSessionInternal(false); String uri = request.getDecodedRequestURI(); if (session != null && uri != null) { SavedRequest saved = (SavedRequest) session.getNote(SESSION_SAVED_REQUEST_PREFIX + uri); if (saved != null) { synchronized (session) { session.setNote(Constants.FORM_REQUEST_NOTE, saved); return super.matchRequest(request); } } } return false; }
protected void saveRequest(Request request, String contextId) throws IOException { String uri = request.getDecodedRequestURI(); Session session = request.getSessionInternal(true); if (session != null) { LOG.debug("Save request in session '{}'", session.getIdInternal()); } if (session != null && uri != null) { SavedRequest saved; synchronized (session) { super.saveRequest(request, session); saved = (SavedRequest) session.getNote(Constants.FORM_REQUEST_NOTE); } session.setNote(SESSION_SAVED_REQUEST_PREFIX + uri, saved); StringBuilder sb = new StringBuilder(saved.getRequestURI()); if (saved.getQueryString() != null) { sb.append('?'); sb.append(saved.getQueryString()); } session.setNote(SESSION_SAVED_URI_PREFIX + contextId, sb.toString()); } }
/** * Dispatch to the form login-page * * @param request Request we are processing * @param response Response we are creating * @param config Login configuration describing how authentication should * be performed */ protected void forwardToLoginPage(Request request, HttpServletResponse response, LoginConfig config) throws IOException { if (trace) log.trace("forwardToLoginPage"); populateSession(request); super.forwardToLoginPage(request, response, config); }
/** * Dispatch to the form error-page * * @param request Request we are processing * @param response Response we are creating * @param config Login configuration describing how authentication should * be performed */ protected void forwardToErrorPage(Request request, HttpServletResponse response, LoginConfig config) throws IOException { if (trace) log.trace("forwardToErrorPage"); populateSession(request); super.forwardToErrorPage(request, response, config); SecurityAssociationActions.clearAuthException(); }
associate(ssoId, request.getSessionInternal(true)); return (true); if (reauthenticateFromSSO(ssoId, request)) return true; if (principal != null) { session.setNote(Constants.FORM_PRINCIPAL_NOTE, principal); if (!matchRequest(request)) { register(request, response, principal, HttpServletRequest.FORM_AUTH, username, password); if (matchRequest(request)) { session = request.getSessionInternal(true); if (log.isDebugEnabled()) principal = (Principal) session.getNote(Constants.FORM_PRINCIPAL_NOTE); register(request, response, principal, HttpServletRequest.FORM_AUTH, (String) session.getNote(Constants.SESS_USERNAME_NOTE), (String) session.getNote(Constants.SESS_PASSWORD_NOTE)); if (restoreRequest(request, session)) { if (log.isDebugEnabled()) log.debug("Proceed to restored request"); log.debug("Save request in session '" + session.getIdInternal() + "'"); try {
if (checkForCachedAuthentication(request, response, true)) { return true; if (principal != null) { session.setNote(Constants.FORM_PRINCIPAL_NOTE, principal); if (!matchRequest(request)) { register(request, response, principal, HttpServletRequest.FORM_AUTH, username, password); if (matchRequest(request)) { session = request.getSessionInternal(true); if (log.isDebugEnabled()) { register(request, response, principal, HttpServletRequest.FORM_AUTH, (String) session.getNote(Constants.SESS_USERNAME_NOTE), (String) session.getNote(Constants.SESS_PASSWORD_NOTE)); if (restoreRequest(request, session)) { if (log.isDebugEnabled()) { log.debug("Proceed to restored request"); saveRequest(request, session); } catch (IOException ioe) { log.debug("Request body too big to save during authentication"); forwardToLoginPage(request, response, config); return false;
super.register(request, response, principal, arg3, arg4, arg5); return;
protected boolean restoreRequest(Request request) throws IOException { Session session = request.getSessionInternal(false); String uri = request.getDecodedRequestURI(); if (session != null && uri != null) { SavedRequest saved = (SavedRequest)session.getNote(SESSION_SAVED_REQUEST_PREFIX + uri); if (saved != null) { session.removeNote(SESSION_SAVED_REQUEST_PREFIX + uri); // cleanup session synchronized (session) { session.setNote(Constants.FORM_REQUEST_NOTE, saved); return super.restoreRequest(request, session); } } } return false; }
@Override protected boolean matchRequest(Request request) { Session session = request.getSessionInternal(false); String uri = request.getDecodedRequestURI(); if (session != null && uri != null) { SavedRequest saved = (SavedRequest) session.getNote(SESSION_SAVED_REQUEST_PREFIX + uri); if (saved != null) { synchronized (session) { session.setNote(Constants.FORM_REQUEST_NOTE, saved); return super.matchRequest(request); } } } return false; }
protected void saveRequest(Request request, RequestState requestState) throws IOException { String contextId = requestState.getState(); String uri = request.getDecodedRequestURI(); Session session = request.getSessionInternal(true); if (session != null) { LOG.debug("Save request in session '{}'", session.getIdInternal()); } if (session != null && uri != null) { SavedRequest saved; synchronized (session) { super.saveRequest(request, session); saved = (SavedRequest) session.getNote(Constants.FORM_REQUEST_NOTE); } session.setNote(SESSION_SAVED_REQUEST_PREFIX + uri, saved); StringBuilder sb = new StringBuilder(saved.getRequestURI()); if (saved.getQueryString() != null) { sb.append('?'); sb.append(saved.getQueryString()); } session.setNote(SESSION_SAVED_URI_PREFIX + contextId, sb.toString()); //we set Request State as session attribute for later retrieval in SigninHandler request.getSession().setAttribute( FederationConstants.SESSION_SAVED_REQUEST_STATE_PREFIX + requestState.getState(), requestState); } }
associate(ssoId, request.getSessionInternal(true)); return (true); if (reauthenticateFromSSO(ssoId, request)) return true; if (principal != null) { session.setNote(Constants.FORM_PRINCIPAL_NOTE, principal); if (!matchRequest(request)) { register(request, response, principal, HttpServletRequest.FORM_AUTH, username, password); if (matchRequest(request)) { session = request.getSessionInternal(true); if (CatalinaLogger.AUTH_LOGGER.isDebugEnabled()) principal = (Principal) session.getNote(Constants.FORM_PRINCIPAL_NOTE); register(request, response, principal, HttpServletRequest.FORM_AUTH, (String) session.getNote(Constants.SESS_USERNAME_NOTE), (String) session.getNote(Constants.SESS_PASSWORD_NOTE)); if (restoreRequest(request, session)) { if (CatalinaLogger.AUTH_LOGGER.isDebugEnabled()) CatalinaLogger.AUTH_LOGGER.debug("Proceed to restored request"); CatalinaLogger.AUTH_LOGGER.debug("Save request in session '" + session.getIdInternal() + "'"); try {
super.register(request, response, principal, arg3, arg4, arg5); return;
@Override public void invoke(Request request, Response response) throws IOException, ServletException { log.trace("*********************** SAML ************"); CatalinaHttpFacade facade = new CatalinaHttpFacade(response, request); SamlDeployment deployment = deploymentContext.resolveDeployment(facade); if (request.getRequestURI().substring(request.getContextPath().length()).endsWith("/saml")) { if (deployment != null && deployment.isConfigured()) { SamlSessionStore tokenStore = getSessionStore(request, facade, deployment); SamlAuthenticator authenticator = new CatalinaSamlEndpoint(facade, deployment, tokenStore); executeAuthenticator(request, response, facade, deployment, authenticator); return; } } try { getSessionStore(request, facade, deployment).isLoggedIn(); // sets request UserPrincipal if logged in. we do this so that the UserPrincipal is available on unsecured, unconstrainted URLs super.invoke(request, response); } finally { } }
associate(ssoId, request.getSessionInternal(true)); return (true); if (reauthenticateFromSSO(ssoId, request)) return true; if (principal != null) { session.setNote(Constants.FORM_PRINCIPAL_NOTE, principal); if (!matchRequest(request)) { register(request, response, principal, Constants.FORM_METHOD, username, password); if (matchRequest(request)) { session = request.getSessionInternal(true); if (log.isDebugEnabled()) principal = (Principal) session.getNote(Constants.FORM_PRINCIPAL_NOTE); register(request, response, principal, Constants.FORM_METHOD, (String) session.getNote(Constants.SESS_USERNAME_NOTE), (String) session.getNote(Constants.SESS_PASSWORD_NOTE)); if (restoreRequest(request, session)) { if (log.isDebugEnabled()) log.debug("Proceed to restored request"); log.debug("Save request in session '" + session.getIdInternal() + "'"); try {