/*
 * JBoss, Home of Professional Open Source.
 * Copyright 2014 Red Hat, Inc., and individual contributors
 * as indicated by the @author tags.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 */
package io.undertow.security.impl;

import io.undertow.security.api.AuthenticatedSessionManager;
import io.undertow.security.api.AuthenticatedSessionManager.AuthenticatedSession;
import io.undertow.security.api.AuthenticationMechanism;
import io.undertow.security.api.SecurityContext;
import io.undertow.security.idm.Account;
import io.undertow.security.idm.IdentityManager;
import io.undertow.server.HttpServerExchange;

An AuthenticationMechanism which uses any cached AuthenticatedSessions.
Author:Darran Lofthouse
/** * An {@link AuthenticationMechanism} which uses any cached {@link AuthenticatedSession}s. * * @author <a href="mailto:darran.lofthouse@jboss.com">Darran Lofthouse</a> */
public class CachedAuthenticatedSessionMechanism implements AuthenticationMechanism { private final IdentityManager identityManager; public CachedAuthenticatedSessionMechanism() { this(null); } public CachedAuthenticatedSessionMechanism(final IdentityManager identityManager) { this.identityManager = identityManager; } @SuppressWarnings("deprecation") private IdentityManager getIdentityManager(SecurityContext securityContext) { return identityManager != null ? identityManager : securityContext.getIdentityManager(); } @Override public AuthenticationMechanismOutcome authenticate(HttpServerExchange exchange, SecurityContext securityContext) { AuthenticatedSessionManager sessionManager = exchange.getAttachment(AuthenticatedSessionManager.ATTACHMENT_KEY); if (sessionManager != null) { return runCached(exchange, securityContext, sessionManager); } else { return AuthenticationMechanismOutcome.NOT_ATTEMPTED; } } public AuthenticationMechanismOutcome runCached(final HttpServerExchange exchange, final SecurityContext securityContext, final AuthenticatedSessionManager sessionManager) { AuthenticatedSession authSession = sessionManager.lookupSession(exchange); if (authSession != null) { Account account = getIdentityManager(securityContext).verify(authSession.getAccount()); if (account != null) { securityContext.authenticationComplete(account, authSession.getMechanism(), false); return AuthenticationMechanismOutcome.AUTHENTICATED; } else { sessionManager.clearSession(exchange); // We know we had a previously authenticated account but for some reason the IdentityManager is no longer // accepting it, we now return AuthenticationMechanismOutcome.NOT_ATTEMPTED; } } else { // It is possible an AuthenticatedSessionManager could have been available even if there was no chance of it // loading a session. return AuthenticationMechanismOutcome.NOT_ATTEMPTED; } } @Override public ChallengeResult sendChallenge(HttpServerExchange exchange, SecurityContext securityContext) { // This mechanism can only use what is already available and can not send a challenge of it's own. return ChallengeResult.NOT_SENT; } }