/**
* Try to authenticate the user making this request, based on the specified login configuration.
*
* Return TRUE if any specified constraint has been satisfied, or FALSE if we have created a response
* challenge already.
*
* @param \AppserverIo\Psr\Servlet\Http\HttpServletRequestInterface $servletRequest The servlet request instance
* @param \AppserverIo\Psr\Servlet\Http\HttpServletResponseInterface $servletResponse The servlet response instance
*
* @return boolean TRUE if authentication has already been processed on a request before, else FALSE
* @throws \AppserverIo\Http\Authentication\AuthenticationException Is thrown if the request can't be authenticated
*/
public function authenticate(HttpServletRequestInterface $servletRequest, HttpServletResponseInterface $servletResponse)
{
// check if auth header is not set in coming request headers
if ($servletRequest->hasHeader(Protocol::HEADER_AUTHORIZATION) === false) {
// stop processing immediately
$servletRequest->setDispatched(true);
$servletResponse->setStatusCode(401);
$servletResponse->addHeader(Protocol::HEADER_WWW_AUTHENTICATE, $this->getAuthenticateHeader());
return false;
}
// load the raw login credentials
$rawAuthData = $servletRequest->getHeader(Protocol::HEADER_AUTHORIZATION);
// set auth hash got from auth data request header and check if username and password has been passed
if (strstr($credentials = base64_decode(trim(strstr($rawAuthData, " "))), ':') === false) {
// stop processing immediately
$servletRequest->setDispatched(true);
$servletResponse->setStatusCode(401);
$servletResponse->addHeader(Protocol::HEADER_WWW_AUTHENTICATE, $this->getAuthenticateHeader());
return false;
}
// get out username and password
list($username, $password) = explode(':', $credentials);
// query whether or not a username and a password has been passed
if ($password === null || $username === null) {
// stop processing immediately
$servletRequest->setDispatched(true);
$servletResponse->setStatusCode(401);
$servletResponse->addHeader(Protocol::HEADER_WWW_AUTHENTICATE, $this->getAuthenticateHeader());
return false;
}
// set username and password
$this->username = new String($username);
$this->password = new String($password);
// load the realm to authenticate this request for
/** @var AppserverIo\Appserver\ServletEngine\Security\RealmInterface $realm */
$realm = $this->getAuthenticationManager()->getRealm($this->getRealmName());
// authenticate the request and initialize the user principal
$userPrincipal = $realm->authenticate($this->getUsername(), $this->getPassword());
// query whether or not the realm returned an authenticated user principal
if ($userPrincipal == null) {
// stop processing immediately
$servletRequest->setDispatched(true);
$servletResponse->setStatusCode(401);
$servletResponse->setBodyStream('Unauthorized');
$servletResponse->addHeader(Protocol::HEADER_WWW_AUTHENTICATE, $this->getAuthenticateHeader());
return false;
}
// add the user principal and the authentication type to the request
$servletRequest->setUserPrincipal($userPrincipal);
$servletRequest->setAuthType($this->getAuthType());
return true;
}
/**
* Processes the request by invoking the request handler that executes the servlet
* in a protected context.
*
* @param \AppserverIo\Psr\Servlet\Http\HttpServletRequestInterface $servletRequest The request instance
* @param \AppserverIo\Psr\Servlet\Http\HttpServletResponseInterface $servletResponse The response instance
*
* @return void
*/
public function invoke(HttpServletRequestInterface $servletRequest, HttpServletResponseInterface $servletResponse)
{
try {
// unpack the remote method call
$remoteMethod = RemoteMethodProtocol::unpack($servletRequest->getBodyContent());
// load the application context
/** @var \AppserverIo\Appserver\Application\Application $application */
$application = $servletRequest->getContext();
// prepare method name and parameters and invoke method
$className = $remoteMethod->getClassName();
$methodName = $remoteMethod->getMethodName();
$parameters = $remoteMethod->getParameters();
$sessionId = $remoteMethod->getSessionId();
// load the bean manager and the bean instance
$instance = $application->search($className, array($sessionId, array($application)));
// invoke the remote method call on the local instance
$response = call_user_func_array(array($instance, $methodName), $parameters);
// serialize the remote method and write it to the socket
$servletResponse->appendBodyStream(RemoteMethodProtocol::pack($response));
// re-attach the bean instance in the container and unlock it
$application->search('BeanContextInterface')->attach($instance, $sessionId);
} catch (\Exception $e) {
// catch the exception and append it to the body stream
$servletResponse->appendBodyStream(RemoteMethodProtocol::pack(RemoteExceptionWrapper::factory($e)));
}
// finally dispatch this request, because we have finished processing it
$servletRequest->setDispatched(true);
}
/**
* Processes the request by invoking the request handler that attaches the message to the
* requested queue in a protected context.
*
* @param \AppserverIo\Psr\Servlet\Http\HttpServletRequestInterface $servletRequest The request instance
* @param \AppserverIo\Psr\Servlet\Http\HttpServletResponseInterface $servletResponse The response instance
*
* @return void
* @throws \Exception Is thrown if the requested message queue is not available
*/
public function invoke(HttpServletRequestInterface $servletRequest, HttpServletResponseInterface $servletResponse)
{
// load the application context
/** @var \AppserverIo\Appserver\Application\Application $application */
$application = $servletRequest->getContext();
// unpack the message
$message = MessageQueueProtocol::unpack($servletRequest->getBodyContent());
// load message queue name
$queueName = $message->getDestination()->getName();
// lookup the message queue manager and attach the message
$queueManager = $application->search('QueueContextInterface');
if ($messageQueue = $queueManager->lookup($queueName)) {
$messageQueue->attach($message);
} else {
throw new \Exception("Can\\'t find queue for message queue {$queueName}");
}
// finally dispatch this request, because we have finished processing it
$servletRequest->setDispatched(true);
}
/**
* Processes the request by invoking the request handler that executes the servlet
* in a protected context.
*
* @param \AppserverIo\Psr\Servlet\Http\HttpServletRequestInterface $servletRequest The request instance
* @param \AppserverIo\Psr\Servlet\Http\HttpServletResponseInterface $servletResponse The response instance
*
* @return void
*/
public function invoke(HttpServletRequestInterface $servletRequest, HttpServletResponseInterface $servletResponse)
{
try {
// unpack the remote method call
$remoteMethod = RemoteMethodProtocol::unpack($servletRequest->getBodyContent());
// load the application context
/** @var \AppserverIo\Appserver\Application\Application $application */
$application = $servletRequest->getContext();
// invoke the remote method and re-attach the bean instance to the container
$response = $application->search(BeanContextInterface::IDENTIFIER)->invoke($remoteMethod, new ArrayList());
// serialize the remote method and write it to the socket
$servletResponse->appendBodyStream(RemoteMethodProtocol::pack($response));
} catch (\Exception $e) {
// catch the exception and append it to the body stream
$servletResponse->appendBodyStream(RemoteMethodProtocol::pack(RemoteExceptionWrapper::factory($e)));
}
// finally dispatch this request, because we have finished processing it
$servletRequest->setDispatched(true);
}
/**
* Forward's the request to the configured error page.
*
* @param \AppserverIo\Psr\Servlet\Http\HttpServletRequestInterface $servletRequest The servlet request instance
* @param \AppserverIo\Psr\Servlet\Http\HttpServletResponseInterface $servletResponse The servlet response instance
*
* @return void
*/
protected function forwardToErrorPage(HttpServletRequestInterface $servletRequest, HttpServletResponseInterface $servletResponse)
{
// query whether or not we've an error page configured
if ($formLoginConfig = $this->getConfigData()->getFormLoginConfig()) {
if ($formErrorPage = $formLoginConfig->getFormErrorPage()) {
// initialize the location to redirect to
$location = $formErrorPage->__toString();
if ($baseModifier = $servletRequest->getBaseModifier()) {
$location = $baseModifier . $location;
}
// redirect to the configured error page
$servletRequest->setDispatched(true);
$servletResponse->setStatusCode(307);
$servletResponse->addHeader(Protocol::HEADER_LOCATION, $location);
return;
}
}
// redirect to the default error page
$servletRequest->setAttribute(RequestHandlerKeys::ERROR_MESSAGE, 'Please configure a form-error-page when using auth-method \'Form\' in the login-config of your application\'s web.xml');
$servletRequest->setDispatched(true);
$servletResponse->setStatusCode(500);
}
