Examples of io.undertow.security.api.SecurityContext

• io.undertow.security.api.SecurityContext
  The security context. This context is attached to the exchange and holds all security related information. @author Stuart Douglas @author Darran Lofthouse @see io.undertow.security.impl.SecurityContextImpl

        }
    }

    @Override
    public void logout() throws ServletException {
        SecurityContext sc = exchange.getAttachment(SecurityContext.ATTACHMENT_KEY);
        sc.logout();
    }

    }

    @Override
    public void handleRequest(final HttpServerExchange exchange) throws Exception {
        List<Set<String>> roles = exchange.getAttachmentList(ServletAttachments.REQUIRED_ROLES);
        SecurityContext sc = exchange.getAttachment(SecurityContext.ATTACHMENT_KEY);
        HttpServletRequest request = HttpServletRequestImpl.getRequestImpl(exchange.getAttachment(HttpServletRequestImpl.ATTACHMENT_KEY));
        if (request.getDispatcherType() != DispatcherType.REQUEST) {
            next.handleRequest(exchange);
        } else if (roles == null || roles.isEmpty()) {
            next.handleRequest(exchange);
        } else {
            for (final Set<String> roleSet : roles) {
                boolean found = false;
                Account account = sc.getAuthenticatedAccount();
                for (String role : roleSet) {
                    if (account.isUserInRole(role)) {
                        found = true;
                        break;
                    }

        this.servletContext = servletContext;
    }

    @Override
    public void handleRequest(HttpServerExchange exchange) throws Exception {
        SecurityContext securityContext = exchange.getAttachment(SecurityContext.ATTACHMENT_KEY);
        securityContext.registerNotificationReceiver(NOTIFICATION_RECEIVER);

        HttpSession session = servletContext.getSession(exchange, false);
        // If there was no existing HttpSession then there could not be a cached AuthenticatedSession so don't bother setting
        // the AuthenticatedSessionManager.
        if (session != null) {

    @Override
    public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject)
            throws AuthException {
        HttpServerExchange exchange = (HttpServerExchange) messageInfo.getMap().get(JASPIAuthenticationMechanism.HTTP_SERVER_EXCHANGE_ATTACHMENT_KEY);
        SecurityContext securityContext = (SecurityContext) messageInfo.getMap().get(JASPIAuthenticationMechanism.SECURITY_CONTEXT_ATTACHMENT_KEY);
        ServletRequestContext src = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
        List<AuthenticationMechanism> mechanisms = src.getDeployment().getAuthenticationMechanisms();

        try {
            boolean success = false;

        return exchange;
    }

    @Override
    public String getAuthType() {
        SecurityContext securityContext = exchange.getSecurityContext();

        return securityContext != null ? securityContext.getMechanismName() : null;
    }

        }
        //according to the servlet spec this aways returns false
        if (role.equals("*")) {
            return false;
        }
        SecurityContext sc = exchange.getSecurityContext();
        Account account = sc.getAuthenticatedAccount();
        if (account == null) {
            return false;
        }
        ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);

        return authorizationManager.isUserInRole(role, account, servlet.getManagedServlet().getServletInfo(), this, deployment);
    }

    @Override
    public Principal getUserPrincipal() {
        SecurityContext securityContext = exchange.getSecurityContext();
        Principal result = null;
        Account account = null;
        if (securityContext != null && (account = securityContext.getAuthenticatedAccount()) != null) {
            result = account.getPrincipal();
        }
        return result;
    }

    public boolean authenticate(final HttpServletResponse response) throws IOException, ServletException {
        if (response.isCommitted()) {
            throw UndertowServletMessages.MESSAGES.responseAlreadyCommited();
        }

        SecurityContext sc = exchange.getSecurityContext();
        sc.setAuthenticationRequired();
        // TODO: this will set the status code and headers without going through any potential
        // wrappers, is this a problem?
        if (sc.authenticate()) {
            if (sc.isAuthenticated()) {
                return true;
            } else {
                throw UndertowServletMessages.MESSAGES.authenticationFailed();
            }
        } else {

    @Override
    public void login(final String username, final String password) throws ServletException {
        if (username == null || password == null) {
            throw UndertowServletMessages.MESSAGES.loginFailed();
        }
        SecurityContext sc = exchange.getSecurityContext();
        if (sc.isAuthenticated()) {
            throw UndertowServletMessages.MESSAGES.userAlreadyLoggedIn();
        }
        boolean login = false;
        try {
            login = sc.login(username, password);
        }
        catch (SecurityException se) {
            if (se.getCause() instanceof ServletException)
                throw (ServletException) se.getCause();
            throw new ServletException(se);

        }
    }

    @Override
    public void logout() throws ServletException {
        SecurityContext sc = exchange.getSecurityContext();
        sc.logout();
        if(servletContext.getDeployment().getDeploymentInfo().isInvalidateSessionOnLogout()) {
            HttpSession session = getSession(false);
            if(session != null) {
                session.invalidate();
            }