private void authenticate(WorkContext context) { HttpServletRequest request = (HttpServletRequest) context.getHeaders().get("fabric3.httpRequest"); if (!"https".equals(request.getScheme())) { // authentication must be done over HTTPS //throw new WebApplicationException(Response.Status.FORBIDDEN); } // check if the subject was cached in the session HttpSession session = request.getSession(false); if (session != null) { SecuritySubject subject = (SecuritySubject) session.getAttribute(FABRIC3_SUBJECT); if (subject != null) { context.setSubject(subject); return; } } try { authenticator.authenticate(request, context); } catch (NoCredentialsException e) { Response rsResponse = Response.status(UNAUTHORIZED).header("WWW-Authenticate", "Basic realm=\"fabric3\"").build(); throw new WebApplicationException(rsResponse); } catch (AuthenticationException e) { throw new WebApplicationException(FORBIDDEN); } }
public void run() { WorkContext workContext = WorkContextCache.getAndResetThreadWorkContext(); try { workContext.setSubject(subject); workContext.addHeaders(headers); workContext.addCallbackReferences(stack); delegate.run(); } finally { workContext.reset(); } } }
public T call() throws Exception { WorkContext workContext = WorkContextCache.getAndResetThreadWorkContext(); try { workContext.setSubject(subject); workContext.addHeaders(headers); workContext.addCallbackReferences(stack); return delegate.call(); } finally { workContext.reset(); } } }
public void authenticate(HttpServletRequest request, WorkContext context) throws AuthenticationException, NoCredentialsException { if (context.getSubject() != null) { // subject was previously authenticated return; } if (authenticationService == null) { throw new AuthenticationException("Authentication service not installed"); } String header = request.getHeader("Authorization"); if ((header == null) || !header.startsWith("Basic ")) { throw new NoCredentialsException(); } String base64Token = header.substring(6); try { String decoded = new String(Base64.decode(base64Token), "UTF-8"); String username = ""; String password = ""; int delimeter = decoded.indexOf(":"); if (delimeter != -1) { username = decoded.substring(0, delimeter); password = decoded.substring(delimeter + 1); } UsernamePasswordToken token = new UsernamePasswordToken(username, password); SecuritySubject subject = authenticationService.authenticate(token); context.setSubject(subject); // authorized } catch (UnsupportedEncodingException e) { throw new AssertionError(e); } }
workContext.setSubject(new Subject(false, principals, new HashSet<Principal>(), new HashSet<Principal>()));
public Message invoke(Message msg) { UsernamePasswordToken token = new UsernamePasswordToken(username, password); try { SecuritySubject subject = authenticationService.authenticate(token); msg.getWorkContext().setSubject(subject); } catch (AuthenticationException e) { throw new ServiceUnavailableException("Error authenticating", e); } return next.invoke(msg); }
public void run() { WorkContext workContext = WorkContextCache.getAndResetThreadWorkContext(); workContext.addCallbackReferences(stack); workContext.addHeaders(headers); workContext.setSubject(subject); Message message = MessageCache.getAndResetMessage(); message.setBody(payload); message.setWorkContext(workContext); Message response = next.invoke(message); if (response.isFault()) { // log the exception monitor.onError((Throwable) response.getBody()); } message.reset(); workContext.reset(); }