SecurityContextCreationHandler.java

package org.jboss.as.undertow.security;

import io.undertow.server.HandlerWrapper;
import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
import org.jboss.security.SecurityContext;

/**
 * Handler that creates the security context and attaches it to the exchange. It is not associated with the current
 * thread at this point, as request may not have been dispatched into the final thread that will actually run the
 * servlet request.
 *
 * @author Stuart Douglas
 */
public class SecurityContextCreationHandler implements HttpHandler {

    private final String securityDomain;
    private final HttpHandler next;

    public SecurityContextCreationHandler(final String securityDomain, final HttpHandler next) {
        this.securityDomain = securityDomain;
        this.next = next;
    }

    @Override
    public void handleRequest(final HttpServerExchange exchange) throws Exception {
        try {
            final SecurityContext sc = SecurityActions.createSecurityContext(securityDomain);
            exchange.putAttachment(UndertowSecurityAttachments.SECURITY_CONTEXT_ATTACHMENT, sc);
            SecurityActions.setSecurityContextOnAssociation(sc);

            next.handleRequest(exchange);

        } finally {
            SecurityActions.clearSecurityContext();
        }

    }

    public static final HandlerWrapper wrapper(final String securityDomain) {
        return new HandlerWrapper() {
            @Override
            public HttpHandler wrap(final HttpHandler handler) {
                return new SecurityContextCreationHandler(securityDomain, handler);
            }
        };
    }
}