failedClientAuth = true; skipClientAuth = true; doGet(req, resp); subject.getPrincipals().add(principal); loggedInAddress = getLoggedInUser(subject); context = login(req.getReader()); } catch (LoginException e) { String message = "The username or password you entered is incorrect."; loggedInAddress = getLoggedInUser(subject); } catch (InvalidParticipantAddress e1) { throw new IllegalStateException( LOG.info("Authenticated user " + loggedInAddress); redirectLoggedInUser(req, resp);
/** * On GET, present a login form if the user isn't authenticated. */ @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { // If the user is already logged in, we'll try to redirect them immediately. resp.setCharacterEncoding("UTF-8"); req.setCharacterEncoding("UTF-8"); HttpSession session = req.getSession(false); ParticipantId user = sessionManager.getLoggedInUser(session); if (user != null) { redirectLoggedInUser(req, resp); } else { if (isClientAuthEnabled && !failedClientAuth) { X509Certificate[] certs = (X509Certificate[]) req.getAttribute("javax.servlet.request.X509Certificate"); if (certs != null) { doPost(req, resp); } } if (!isLoginPageDisabled) { resp.setStatus(HttpServletResponse.SC_OK); } else { resp.setStatus(HttpServletResponse.SC_FORBIDDEN); } resp.setContentType("text/html;charset=utf-8"); AuthenticationPage.write(resp.getWriter(), new GxpContext(req.getLocale()), domain, "", RESPONSE_STATUS_NONE, isLoginPageDisabled, analyticsAccount); } }
/** * Get the participant id of the given subject. * * The subject is searched for compatible principals. When other * authentication types are added, this method will need to be updated to * support their principal types. * * @throws InvalidParticipantAddress The subject's address is invalid */ private ParticipantId getLoggedInUser(Subject subject) throws InvalidParticipantAddress { String address = null; for (Principal p : subject.getPrincipals()) { // TODO(josephg): When we support other authentication types (LDAP, etc), // this method will need to read the address portion out of the other principal types. if (p instanceof ParticipantPrincipal) { address = ((ParticipantPrincipal) p).getName(); break; } else if (p instanceof X500Principal) { return attemptClientCertificateLogin((X500Principal)p); } } return address == null ? null : ParticipantId.of(address); }
public void testGetReturnsSomething() throws IOException { when(req.getSession(eq(false))).thenReturn(null); PrintWriter writer = mock(PrintWriter.class); when(resp.getWriter()).thenReturn(writer); when(req.getLocale()).thenReturn(Locale.ENGLISH); servlet.doGet(req, resp); verify(resp).setStatus(HttpServletResponse.SC_OK); }
private void attemptLogin(String address, String password, boolean expectSuccess) throws IOException { // The query string is escaped. PercentEscaper escaper = new PercentEscaper(PercentEscaper.SAFECHARS_URLENCODER, true); String data = "address=" + escaper.escape(address) + "&" + "password=" + escaper.escape(password); Reader reader = new StringReader(data); when(req.getReader()).thenReturn(new BufferedReader(reader)); PrintWriter writer = mock(PrintWriter.class); when(resp.getWriter()).thenReturn(writer); when(req.getSession(false)).thenReturn(null); when(req.getSession(true)).thenReturn(session); when(req.getLocale()).thenReturn(Locale.ENGLISH); // Servlet control flow forces us to set these return values first and // verify the logged in user was set afterwards. if (expectSuccess) { when(manager.getLoggedInUser(Mockito.any())).thenReturn(USER); when(session.getAttribute("user")).thenReturn(USER); } servlet.doPost(req, resp); if (expectSuccess) { verify(manager).setLoggedInUser(session, USER); } } }
@Override protected void setUp() throws Exception { MockitoAnnotations.initMocks(this); AccountStore store = new MemoryStore(); HumanAccountData account = new HumanAccountDataImpl(USER, new PasswordDigest("password".toCharArray())); store.putAccount(account); Config config = ConfigFactory.parseMap(ImmutableMap.<String, Object>of( "administration.disable_registration", false, "administration.analytics_account", "UA-someid", "security.enable_clientauth", false, "security.clientauth_cert_domain", "", "administration.disable_loginpage", false) ); servlet = new AuthenticationServlet(store, AuthTestUtil.makeConfiguration(), manager, "examPLe.com", config); AccountStoreHolder.init(store, "eXaMple.com"); when(session.getId()).thenReturn(""); }
for (Rdn rdn: ldapName.getRdns()) { if (rdn.getType().equals(OID_EMAIL)) { String email = decodeEmailFromCertificate((byte[])rdn.getValue()); if (email.endsWith("@" + clientAuthCertDomain)) {
public void testGetReturnsSomething() throws IOException { when(req.getSession(false)).thenReturn(null); PrintWriter writer = mock(PrintWriter.class); when(resp.getWriter()).thenReturn(writer); when(req.getLocale()).thenReturn(Locale.ENGLISH); servlet.doGet(req, resp); verify(resp).setStatus(HttpServletResponse.SC_OK); }
servlet.doPost(req, resp); if (expectSuccess) { if (participant.isAnonymous())
@Override protected void setUp() throws Exception { MockitoAnnotations.initMocks(this); AccountStore store = new MemoryStore(); HumanAccountData account = new HumanAccountDataImpl(USER, new PasswordDigest("password".toCharArray())); store.putAccount(account); Config config = ConfigFactory.parseMap(ImmutableMap.<String, Object>of( "administration.disable_registration", false, "administration.analytics_account", "UA-someid", "security.enable_clientauth", false, "security.clientauth_cert_domain", "", "administration.disable_loginpage", false) ); servlet = new AuthenticationServlet(store, AuthTestUtil.makeConfiguration(), manager, "examPLe.com", config, welcomeBot); AccountStoreHolder.init(store, "eXaMple.com"); }
public void testGetRedirects() throws IOException { String location = "/abc123?nested=query&string"; when(req.getSession(false)).thenReturn(session); when(manager.getLoggedInUser(session)).thenReturn(USER); configureRedirectString(location); servlet.doGet(req, resp); verify(resp).sendRedirect(location); }
public void testGetRedirects() throws IOException { String location = "/abc123?nested=query&string"; when(req.getSession(eq(false))).thenReturn(session); when(manager.getLoggedInUser(eq(session))).thenReturn(USER); when(manager.getLoggedInUser(eq(req))).thenReturn(USER); configureRedirectString(location); servlet.doGet(req, resp); verify(resp).sendRedirect(location); }