Changeset 1903


Ignore:
Timestamp:
2011-05-23 09:33:54 (12 months ago)
Author:
jgou
Message:

provide some sort of fallback for setting the ChallengeResponse? in the following cases:

  • challengeresponse is not yet set : this is the case for custom auth methods such as the kauri form-based auth
  • the set challengeresponse doesn't match the selectedAuthMethod : corner case, could happen when e.g. form-based and basic auth are both used to protect the same resource
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/modules/kauri-security/kauri-security-impl/src/main/java/org/kauriproject/security/infrastructure/SecurityFilter.java

    r1712 r1903  
    3030import org.restlet.Request; 
    3131import org.restlet.Response; 
     32import org.restlet.data.ChallengeResponse; 
     33import org.restlet.data.ChallengeScheme; 
    3234import org.restlet.data.ClientInfo; 
    3335import org.restlet.data.Status; 
     
    190192            if (authority.getAuthority() != null) { 
    191193                Role role = getRestletRole(authority.getAuthority()); 
    192                 principals.add(role); //FIXME: remove ? 
    193                 clientInfo.getRoles().add(role); //FIXME: OK ? 
     194                principals.add(role); 
     195                clientInfo.getRoles().add(role); 
    194196            } 
    195197        } 
     
    197199        if (authToken.getPrincipal() instanceof UserDetails) { 
    198200            UserDetails userDetails = (UserDetails)authToken.getPrincipal(); 
    199             User user = new User(userDetails.getUsername());//TODO: check, was: new UserPrincipal(userDetails.getUsername()) 
    200             principals.add(user); //FIXME: remove ? 
    201             clientInfo.setUser(user); //FIXME: OK ? 
     201            User user = new User(userDetails.getUsername()); 
     202            principals.add(user); 
     203            clientInfo.setUser(user); 
    202204        } 
    203205 
    204206        request.getAttributes().put("principal", authToken.getPrincipal()); 
    205  
    206207        request.getAttributes().put(Realm.REALM_REQ_ATTR_NAME, filterContext.realm); 
     208         
     209        // ensure that a correct challengeresponse is available in the restlet/jaxrs (security)context 
     210        ChallengeResponse currentChallengeResponse = request.getChallengeResponse(); 
     211        if(currentChallengeResponse == null || !currentChallengeResponse.getIdentifier().equals(authToken.getName())) { 
     212          ChallengeResponse challengeResponse = new ChallengeResponse(ChallengeScheme.CUSTOM); 
     213          challengeResponse.setRealm(filterContext.realm.getName()); 
     214          challengeResponse.setIdentifier(authToken.getName()); 
     215          request.setChallengeResponse(challengeResponse); 
     216        }  
    207217    } 
    208218 
Note: See TracChangeset for help on using the changeset viewer.