/** * Try to authenticate the user making this request, based on the specified login configuration. * * Return TRUE if any specified constraint has been satisfied, or FALSE if we have created a response * challenge already. * * @param \AppserverIo\Psr\Servlet\Http\HttpServletRequestInterface $servletRequest The servlet request instance * @param \AppserverIo\Psr\Servlet\Http\HttpServletResponseInterface $servletResponse The servlet response instance * * @return boolean TRUE if authentication has already been processed on a request before, else FALSE * @throws \AppserverIo\Http\Authentication\AuthenticationException Is thrown if the request can't be authenticated */ public function authenticate(HttpServletRequestInterface $servletRequest, HttpServletResponseInterface $servletResponse) { // check if auth header is not set in coming request headers if ($servletRequest->hasHeader(Protocol::HEADER_AUTHORIZATION) === false) { // stop processing immediately $servletRequest->setDispatched(true); $servletResponse->setStatusCode(401); $servletResponse->addHeader(Protocol::HEADER_WWW_AUTHENTICATE, $this->getAuthenticateHeader()); return false; } // load the raw login credentials $rawAuthData = $servletRequest->getHeader(Protocol::HEADER_AUTHORIZATION); // set auth hash got from auth data request header and check if username and password has been passed if (strstr($credentials = base64_decode(trim(strstr($rawAuthData, " "))), ':') === false) { // stop processing immediately $servletRequest->setDispatched(true); $servletResponse->setStatusCode(401); $servletResponse->addHeader(Protocol::HEADER_WWW_AUTHENTICATE, $this->getAuthenticateHeader()); return false; } // get out username and password list($username, $password) = explode(':', $credentials); // query whether or not a username and a password has been passed if ($password === null || $username === null) { // stop processing immediately $servletRequest->setDispatched(true); $servletResponse->setStatusCode(401); $servletResponse->addHeader(Protocol::HEADER_WWW_AUTHENTICATE, $this->getAuthenticateHeader()); return false; } // set username and password $this->username = new String($username); $this->password = new String($password); // load the realm to authenticate this request for /** @var AppserverIo\Appserver\ServletEngine\Security\RealmInterface $realm */ $realm = $this->getAuthenticationManager()->getRealm($this->getRealmName()); // authenticate the request and initialize the user principal $userPrincipal = $realm->authenticate($this->getUsername(), $this->getPassword()); // query whether or not the realm returned an authenticated user principal if ($userPrincipal == null) { // stop processing immediately $servletRequest->setDispatched(true); $servletResponse->setStatusCode(401); $servletResponse->setBodyStream('Unauthorized'); $servletResponse->addHeader(Protocol::HEADER_WWW_AUTHENTICATE, $this->getAuthenticateHeader()); return false; } // add the user principal and the authentication type to the request $servletRequest->setUserPrincipal($userPrincipal); $servletRequest->setAuthType($this->getAuthType()); return true; }
/** * Processes the request by invoking the request handler that executes the servlet * in a protected context. * * @param \AppserverIo\Psr\Servlet\Http\HttpServletRequestInterface $servletRequest The request instance * @param \AppserverIo\Psr\Servlet\Http\HttpServletResponseInterface $servletResponse The response instance * * @return void */ public function invoke(HttpServletRequestInterface $servletRequest, HttpServletResponseInterface $servletResponse) { try { // unpack the remote method call $remoteMethod = RemoteMethodProtocol::unpack($servletRequest->getBodyContent()); // load the application context /** @var \AppserverIo\Appserver\Application\Application $application */ $application = $servletRequest->getContext(); // prepare method name and parameters and invoke method $className = $remoteMethod->getClassName(); $methodName = $remoteMethod->getMethodName(); $parameters = $remoteMethod->getParameters(); $sessionId = $remoteMethod->getSessionId(); // load the bean manager and the bean instance $instance = $application->search($className, array($sessionId, array($application))); // invoke the remote method call on the local instance $response = call_user_func_array(array($instance, $methodName), $parameters); // serialize the remote method and write it to the socket $servletResponse->appendBodyStream(RemoteMethodProtocol::pack($response)); // re-attach the bean instance in the container and unlock it $application->search('BeanContextInterface')->attach($instance, $sessionId); } catch (\Exception $e) { // catch the exception and append it to the body stream $servletResponse->appendBodyStream(RemoteMethodProtocol::pack(RemoteExceptionWrapper::factory($e))); } // finally dispatch this request, because we have finished processing it $servletRequest->setDispatched(true); }
/** * Processes the request by invoking the request handler that attaches the message to the * requested queue in a protected context. * * @param \AppserverIo\Psr\Servlet\Http\HttpServletRequestInterface $servletRequest The request instance * @param \AppserverIo\Psr\Servlet\Http\HttpServletResponseInterface $servletResponse The response instance * * @return void * @throws \Exception Is thrown if the requested message queue is not available */ public function invoke(HttpServletRequestInterface $servletRequest, HttpServletResponseInterface $servletResponse) { // load the application context /** @var \AppserverIo\Appserver\Application\Application $application */ $application = $servletRequest->getContext(); // unpack the message $message = MessageQueueProtocol::unpack($servletRequest->getBodyContent()); // load message queue name $queueName = $message->getDestination()->getName(); // lookup the message queue manager and attach the message $queueManager = $application->search('QueueContextInterface'); if ($messageQueue = $queueManager->lookup($queueName)) { $messageQueue->attach($message); } else { throw new \Exception("Can\\'t find queue for message queue {$queueName}"); } // finally dispatch this request, because we have finished processing it $servletRequest->setDispatched(true); }
/** * Processes the request by invoking the request handler that executes the servlet * in a protected context. * * @param \AppserverIo\Psr\Servlet\Http\HttpServletRequestInterface $servletRequest The request instance * @param \AppserverIo\Psr\Servlet\Http\HttpServletResponseInterface $servletResponse The response instance * * @return void */ public function invoke(HttpServletRequestInterface $servletRequest, HttpServletResponseInterface $servletResponse) { try { // unpack the remote method call $remoteMethod = RemoteMethodProtocol::unpack($servletRequest->getBodyContent()); // load the application context /** @var \AppserverIo\Appserver\Application\Application $application */ $application = $servletRequest->getContext(); // invoke the remote method and re-attach the bean instance to the container $response = $application->search(BeanContextInterface::IDENTIFIER)->invoke($remoteMethod, new ArrayList()); // serialize the remote method and write it to the socket $servletResponse->appendBodyStream(RemoteMethodProtocol::pack($response)); } catch (\Exception $e) { // catch the exception and append it to the body stream $servletResponse->appendBodyStream(RemoteMethodProtocol::pack(RemoteExceptionWrapper::factory($e))); } // finally dispatch this request, because we have finished processing it $servletRequest->setDispatched(true); }
/** * Forward's the request to the configured error page. * * @param \AppserverIo\Psr\Servlet\Http\HttpServletRequestInterface $servletRequest The servlet request instance * @param \AppserverIo\Psr\Servlet\Http\HttpServletResponseInterface $servletResponse The servlet response instance * * @return void */ protected function forwardToErrorPage(HttpServletRequestInterface $servletRequest, HttpServletResponseInterface $servletResponse) { // query whether or not we've an error page configured if ($formLoginConfig = $this->getConfigData()->getFormLoginConfig()) { if ($formErrorPage = $formLoginConfig->getFormErrorPage()) { // initialize the location to redirect to $location = $formErrorPage->__toString(); if ($baseModifier = $servletRequest->getBaseModifier()) { $location = $baseModifier . $location; } // redirect to the configured error page $servletRequest->setDispatched(true); $servletResponse->setStatusCode(307); $servletResponse->addHeader(Protocol::HEADER_LOCATION, $location); return; } } // redirect to the default error page $servletRequest->setAttribute(RequestHandlerKeys::ERROR_MESSAGE, 'Please configure a form-error-page when using auth-method \'Form\' in the login-config of your application\'s web.xml'); $servletRequest->setDispatched(true); $servletResponse->setStatusCode(500); }