Commit 424dfc7b07e074348c06747d1c119dde21f3598d
Exists in
master
Merge branch '2.4.0' of git@github.com:demoiselle/framework.git into 2.4.0
Showing
5 changed files
with
69 additions
and
16 deletions
Show diff stats
impl/extension/servlet/src/main/java/br/gov/frameworkdemoiselle/security/ServletAuthenticator.java
| ... | ... | @@ -65,11 +65,14 @@ public class ServletAuthenticator implements Authenticator { |
| 65 | 65 | @Override |
| 66 | 66 | public void authenticate() throws AuthenticationException { |
| 67 | 67 | try { |
| 68 | - if (getRequest().getUserPrincipal() == null) { | |
| 69 | - getRequest().login(getCredentials().getUsername(), getCredentials().getPassword()); | |
| 70 | - } | |
| 68 | + getRequest().login(getCredentials().getUsername(), getCredentials().getPassword()); | |
| 69 | + | |
| 71 | 70 | } catch (ServletException cause) { |
| 72 | - throw new AuthenticationException(getBundle().getString("authentication-failed"), cause); | |
| 71 | + if (cause.getMessage().contains("invalid")) { | |
| 72 | + throw new InvalidCredentialsException(getBundle().getString("invalid-credentials")); | |
| 73 | + } else { | |
| 74 | + throw new AuthenticationException(getBundle().getString("authentication-failed"), cause); | |
| 75 | + } | |
| 73 | 76 | } |
| 74 | 77 | } |
| 75 | 78 | ... | ... |
impl/extension/servlet/src/main/resources/demoiselle-servlet-bundle.properties
| ... | ... | @@ -34,4 +34,5 @@ |
| 34 | 34 | # 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA. |
| 35 | 35 | |
| 36 | 36 | has-permission-not-supported=N\u00E3o \u00E9 poss\u00EDvel utilizar @{0}, pois esta funcionalidade n\u00E3o \u00E9 suportada pelo JAAS. |
| 37 | +invalid-credentials=Usu\u00E1rio ou senha inv\u00E1lidos. | |
| 37 | 38 | authentication-failed=Falha no processo de autentica\u00E7\u00E3o. | ... | ... |
impl/extension/servlet/src/test/java/security/authentication/form/HelperServlet.java
| 1 | 1 | package security.authentication.form; |
| 2 | 2 | |
| 3 | +import static org.apache.http.HttpStatus.SC_EXPECTATION_FAILED; | |
| 3 | 4 | import static org.apache.http.HttpStatus.SC_FORBIDDEN; |
| 4 | 5 | import static org.apache.http.HttpStatus.SC_OK; |
| 5 | 6 | |
| ... | ... | @@ -10,8 +11,8 @@ import javax.servlet.http.HttpServlet; |
| 10 | 11 | import javax.servlet.http.HttpServletRequest; |
| 11 | 12 | import javax.servlet.http.HttpServletResponse; |
| 12 | 13 | |
| 13 | -import br.gov.frameworkdemoiselle.security.AuthenticationException; | |
| 14 | 14 | import br.gov.frameworkdemoiselle.security.Credentials; |
| 15 | +import br.gov.frameworkdemoiselle.security.InvalidCredentialsException; | |
| 15 | 16 | import br.gov.frameworkdemoiselle.security.SecurityContext; |
| 16 | 17 | import br.gov.frameworkdemoiselle.util.Beans; |
| 17 | 18 | |
| ... | ... | @@ -21,19 +22,48 @@ public class HelperServlet extends HttpServlet { |
| 21 | 22 | |
| 22 | 23 | @Override |
| 23 | 24 | protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { |
| 24 | - String result = request.getHeader("Authorization"); | |
| 25 | - result = (result == null ? request.getHeader("authorization") : result); | |
| 25 | + if (request.getRequestURI().endsWith("/login")) { | |
| 26 | + login(request, response); | |
| 27 | + } else { | |
| 28 | + logout(request, response); | |
| 29 | + } | |
| 30 | + } | |
| 26 | 31 | |
| 27 | - Credentials credentials = Beans.getReference(Credentials.class); | |
| 28 | - credentials.setUsername(request.getParameter("username")); | |
| 29 | - credentials.setPassword(request.getParameter("password")); | |
| 32 | + private void login(HttpServletRequest request, HttpServletResponse response) { | |
| 33 | + loadCredentials(request); | |
| 34 | + SecurityContext securityContext = Beans.getReference(SecurityContext.class); | |
| 30 | 35 | |
| 31 | 36 | try { |
| 32 | - Beans.getReference(SecurityContext.class).login(); | |
| 33 | - response.setStatus(SC_OK); | |
| 37 | + securityContext.login(); | |
| 38 | + | |
| 39 | + if (securityContext.isLoggedIn()) { | |
| 40 | + response.setStatus(SC_OK); | |
| 41 | + } else { | |
| 42 | + response.setStatus(SC_FORBIDDEN); | |
| 43 | + } | |
| 34 | 44 | |
| 35 | - } catch (AuthenticationException e) { | |
| 45 | + } catch (InvalidCredentialsException e) { | |
| 36 | 46 | response.setStatus(SC_FORBIDDEN); |
| 37 | 47 | } |
| 38 | 48 | } |
| 49 | + | |
| 50 | + private void logout(HttpServletRequest request, HttpServletResponse response) { | |
| 51 | + loadCredentials(request); | |
| 52 | + SecurityContext securityContext = Beans.getReference(SecurityContext.class); | |
| 53 | + | |
| 54 | + securityContext.login(); | |
| 55 | + securityContext.logout(); | |
| 56 | + | |
| 57 | + if (!securityContext.isLoggedIn()) { | |
| 58 | + response.setStatus(SC_OK); | |
| 59 | + } else { | |
| 60 | + response.setStatus(SC_EXPECTATION_FAILED); | |
| 61 | + } | |
| 62 | + } | |
| 63 | + | |
| 64 | + private void loadCredentials(HttpServletRequest request) { | |
| 65 | + Credentials credentials = Beans.getReference(Credentials.class); | |
| 66 | + credentials.setUsername(request.getParameter("username")); | |
| 67 | + credentials.setPassword(request.getParameter("password")); | |
| 68 | + } | |
| 39 | 69 | } | ... | ... |
impl/extension/servlet/src/test/java/security/authentication/form/ServletAuthenticatorTest.java
| ... | ... | @@ -40,7 +40,7 @@ public class ServletAuthenticatorTest { |
| 40 | 40 | |
| 41 | 41 | @Test |
| 42 | 42 | public void loginSucessfull() throws ClientProtocolException, IOException, URISyntaxException { |
| 43 | - URIBuilder uriBuilder = new URIBuilder(deploymentUrl + "/helper"); | |
| 43 | + URIBuilder uriBuilder = new URIBuilder(deploymentUrl + "/helper/login"); | |
| 44 | 44 | uriBuilder.setParameter("username", "demoiselle"); |
| 45 | 45 | uriBuilder.setParameter("password", "changeit"); |
| 46 | 46 | |
| ... | ... | @@ -53,7 +53,7 @@ public class ServletAuthenticatorTest { |
| 53 | 53 | |
| 54 | 54 | @Test |
| 55 | 55 | public void loginFailed() throws ClientProtocolException, IOException, URISyntaxException { |
| 56 | - URIBuilder uriBuilder = new URIBuilder(deploymentUrl + "/helper"); | |
| 56 | + URIBuilder uriBuilder = new URIBuilder(deploymentUrl + "/helper/login"); | |
| 57 | 57 | uriBuilder.setParameter("username", "invalid"); |
| 58 | 58 | uriBuilder.setParameter("password", "invalid"); |
| 59 | 59 | |
| ... | ... | @@ -63,4 +63,22 @@ public class ServletAuthenticatorTest { |
| 63 | 63 | int status = response.getStatusLine().getStatusCode(); |
| 64 | 64 | assertEquals(SC_FORBIDDEN, status); |
| 65 | 65 | } |
| 66 | + | |
| 67 | + @Test | |
| 68 | + public void logoutSucessfull() throws ClientProtocolException, IOException, URISyntaxException { | |
| 69 | + URIBuilder uriBuilder = new URIBuilder(deploymentUrl + "/helper/logout"); | |
| 70 | + uriBuilder.setParameter("username", "demoiselle"); | |
| 71 | + uriBuilder.setParameter("password", "changeit"); | |
| 72 | + | |
| 73 | + HttpGet httpGet = new HttpGet(uriBuilder.build()); | |
| 74 | + HttpResponse httpResponse = HttpClientBuilder.create().build().execute(httpGet); | |
| 75 | + | |
| 76 | + int status = httpResponse.getStatusLine().getStatusCode(); | |
| 77 | + assertEquals(SC_OK, status); | |
| 78 | + } | |
| 79 | + | |
| 80 | + @Test | |
| 81 | + public void logoutFailed() throws ClientProtocolException, IOException, URISyntaxException { | |
| 82 | + URIBuilder uriBuilder = new URIBuilder(deploymentUrl + "/helper/logout"); | |
| 83 | + } | |
| 66 | 84 | } | ... | ... |
impl/extension/servlet/src/test/resources/security/authentication/form/web.xml
| ... | ... | @@ -56,6 +56,7 @@ |
| 56 | 56 | </servlet> |
| 57 | 57 | <servlet-mapping> |
| 58 | 58 | <servlet-name>Helper Servlet</servlet-name> |
| 59 | - <url-pattern>/helper</url-pattern> | |
| 59 | + <url-pattern>/helper/login</url-pattern> | |
| 60 | + <url-pattern>/helper/logout</url-pattern> | |
| 60 | 61 | </servlet-mapping> |
| 61 | 62 | </web-app> |
| 62 | 63 | \ No newline at end of file | ... | ... |