|
|
|
/** |
|
* Custom cookie authentication |
|
*/ |
|
public class CustomCookieAuthenticator extends DefaultCookieAuthenticator { |
|
|
|
private static final String LOGIN_FORM_PATH = "/auth/loginForm"; |
|
private static final String LOGIN_PATH = "login"; |
|
private static final String LOGOUT_PATH = "logout"; |
|
|
|
|
|
private final UserDirectory userDirectory; |
|
|
|
|
|
@Inject CustomCookieAuthenticator(UserDirectory userDirectory) { |
|
this(userDirectory, false); |
|
} |
|
|
|
|
|
CustomCookieAuthenticator(UserDirectory userDirectory, boolean optional) { |
|
super(null, optional, AuthUtil.getRealm(), AuthUtil.getEncryptSecretKey()); |
|
this.userDirectory = userDirectory; |
|
} |
|
|
|
@Inject void initialize() { |
|
setEncryptAlgorithm(AuthUtil.getEncryptAlgorithm()); |
|
setCookieName(AuthUtil.getCookieName()); |
|
setLoginFormPath(LOGIN_FORM_PATH); |
|
setLoginPath(LOGIN_PATH); |
|
setLogoutPath(LOGOUT_PATH); |
|
|
|
setVerifier(new SecretVerifier() { |
|
@Override public String getIdentifier(Request request, Response response) { |
|
String identifier = super.getIdentifier(request, response); |
|
return userDirectory.normalize(identifier); |
|
} |
|
|
|
@Override public int verify(String identifier, char[] secret) { |
|
boolean valid = userDirectory.verifyUser(identifier, secret); |
|
return valid ? RESULT_VALID : RESULT_INVALID; |
|
} |
|
|
|
@Override protected User createUser( |
|
String identifier, Request request, Response response) { |
|
User user = super.createUser(identifier, request, response); |
|
Iterables.addAll( |
|
request.getClientInfo().getPrincipals(), |
|
userDirectory.getPrincipals(identifier, request.getAttributes())); |
|
return user; |
|
} |
|
}); |
|
|
|
setEnroler(new Enroler() { |
|
@Override public void enrole(ClientInfo clientInfo) { |
|
clientInfo.setRoles( |
|
userDirectory.getRoles( |
|
clientInfo.getUser().getIdentifier(), |
|
clientInfo.getPrincipals() |
|
) |
|
.transform(AuthRole::role) |
|
.toList() |
|
); |
|
} |
|
}); |
|
} |
|
|
|
|
|
@Override protected void login(Request request, Response response) { |
|
// Clear the credentials cookie so later processing doesn't replace |
|
// the form values with the old credentials. |
|
request.getCookies().removeFirst(getCookieName()); |
|
|
|
super.login(request, response); |
|
} |
|
|
|
|
|
@Override protected CookieSetting getCredentialsCookie(Request request, Response response) { |
|
CookieSetting credentialsCookie = super.getCredentialsCookie(request, response); |
|
String path = AuthUtil.getCookieScope(); |
|
String domain = AuthUtil.getCookieDomain(request); |
|
if (domain == null) { |
|
credentialsCookie.setPath(path); |
|
return credentialsCookie; |
|
} else { |
|
CookieSetting newCookie = new CookieSetting( |
|
credentialsCookie.getVersion(), |
|
credentialsCookie.getName(), |
|
credentialsCookie.getValue(), |
|
path, |
|
domain |
|
); |
|
response.getCookieSettings().removeFirst(credentialsCookie.getName()); |
|
response.getCookieSettings().add(newCookie); |
|
return newCookie; |
|
} |
|
} |
|
|
|
@Override public void challenge(Response response, boolean stale) { |
|
super.challenge(response, stale); |
|
|
|
Optional<String> user = userDirectory.defaultUserFromRef( |
|
response.getRequest().getResourceRef()); |
|
if (user.isPresent()) { |
|
response.getLocationRef().addQueryParameter( |
|
LoginFormServerResource.INITIAL_USER_VALUE, |
|
user.get() |
|
); |
|
} |
|
} |
|
} |