/* * JBoss, Home of Professional Open Source. * Copyright 2014 Red Hat, Inc., and individual contributors * as indicated by the @author tags. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package io.undertow.security.impl; import io.undertow.security.api.AuthenticatedSessionManager; import io.undertow.security.api.AuthenticatedSessionManager.AuthenticatedSession; import io.undertow.security.api.AuthenticationMechanism; import io.undertow.security.api.SecurityContext; import io.undertow.security.idm.Account; import io.undertow.security.idm.IdentityManager; import io.undertow.server.HttpServerExchange; /** * An {@link AuthenticationMechanism} which uses any cached {@link AuthenticatedSession}s. * * @author <a href="mailto:darran.lofthouse@jboss.com">Darran Lofthouse</a> */ public class CachedAuthenticatedSessionMechanism implements AuthenticationMechanism { private final IdentityManager identityManager; public CachedAuthenticatedSessionMechanism() { this(null); } public CachedAuthenticatedSessionMechanism(final IdentityManager identityManager) { this.identityManager = identityManager; } @SuppressWarnings("deprecation") private IdentityManager getIdentityManager(SecurityContext securityContext) { return identityManager != null ? identityManager : securityContext.getIdentityManager(); } @Override public AuthenticationMechanismOutcome authenticate(HttpServerExchange exchange, SecurityContext securityContext) { AuthenticatedSessionManager sessionManager = exchange.getAttachment(AuthenticatedSessionManager.ATTACHMENT_KEY); if (sessionManager != null) { return runCached(exchange, securityContext, sessionManager); } else { return AuthenticationMechanismOutcome.NOT_ATTEMPTED; } } public AuthenticationMechanismOutcome runCached(final HttpServerExchange exchange, final SecurityContext securityContext, final AuthenticatedSessionManager sessionManager) { AuthenticatedSession authSession = sessionManager.lookupSession(exchange); if (authSession != null) { Account account = getIdentityManager(securityContext).verify(authSession.getAccount()); if (account != null) { securityContext.authenticationComplete(account, authSession.getMechanism(), false); return AuthenticationMechanismOutcome.AUTHENTICATED; } else { sessionManager.clearSession(exchange); // We know we had a previously authenticated account but for some reason the IdentityManager is no longer // accepting it, we now return AuthenticationMechanismOutcome.NOT_ATTEMPTED; } } else { // It is possible an AuthenticatedSessionManager could have been available even if there was no chance of it // loading a session. return AuthenticationMechanismOutcome.NOT_ATTEMPTED; } } @Override public ChallengeResult sendChallenge(HttpServerExchange exchange, SecurityContext securityContext) { // This mechanism can only use what is already available and can not send a challenge of it's own. return ChallengeResult.NOT_SENT; } }