Commit 424dfc7b07e074348c06747d1c119dde21f3598d
Exists in
master
Merge branch '2.4.0' of git@github.com:demoiselle/framework.git into 2.4.0
Showing
5 changed files
with
69 additions
and
16 deletions
Show diff stats
impl/extension/servlet/src/main/java/br/gov/frameworkdemoiselle/security/ServletAuthenticator.java
@@ -65,11 +65,14 @@ public class ServletAuthenticator implements Authenticator { | @@ -65,11 +65,14 @@ public class ServletAuthenticator implements Authenticator { | ||
65 | @Override | 65 | @Override |
66 | public void authenticate() throws AuthenticationException { | 66 | public void authenticate() throws AuthenticationException { |
67 | try { | 67 | try { |
68 | - if (getRequest().getUserPrincipal() == null) { | ||
69 | - getRequest().login(getCredentials().getUsername(), getCredentials().getPassword()); | ||
70 | - } | 68 | + getRequest().login(getCredentials().getUsername(), getCredentials().getPassword()); |
69 | + | ||
71 | } catch (ServletException cause) { | 70 | } catch (ServletException cause) { |
72 | - throw new AuthenticationException(getBundle().getString("authentication-failed"), cause); | 71 | + if (cause.getMessage().contains("invalid")) { |
72 | + throw new InvalidCredentialsException(getBundle().getString("invalid-credentials")); | ||
73 | + } else { | ||
74 | + throw new AuthenticationException(getBundle().getString("authentication-failed"), cause); | ||
75 | + } | ||
73 | } | 76 | } |
74 | } | 77 | } |
75 | 78 |
impl/extension/servlet/src/main/resources/demoiselle-servlet-bundle.properties
@@ -34,4 +34,5 @@ | @@ -34,4 +34,5 @@ | ||
34 | # 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA. | 34 | # 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA. |
35 | 35 | ||
36 | has-permission-not-supported=N\u00E3o \u00E9 poss\u00EDvel utilizar @{0}, pois esta funcionalidade n\u00E3o \u00E9 suportada pelo JAAS. | 36 | has-permission-not-supported=N\u00E3o \u00E9 poss\u00EDvel utilizar @{0}, pois esta funcionalidade n\u00E3o \u00E9 suportada pelo JAAS. |
37 | +invalid-credentials=Usu\u00E1rio ou senha inv\u00E1lidos. | ||
37 | authentication-failed=Falha no processo de autentica\u00E7\u00E3o. | 38 | authentication-failed=Falha no processo de autentica\u00E7\u00E3o. |
impl/extension/servlet/src/test/java/security/authentication/form/HelperServlet.java
1 | package security.authentication.form; | 1 | package security.authentication.form; |
2 | 2 | ||
3 | +import static org.apache.http.HttpStatus.SC_EXPECTATION_FAILED; | ||
3 | import static org.apache.http.HttpStatus.SC_FORBIDDEN; | 4 | import static org.apache.http.HttpStatus.SC_FORBIDDEN; |
4 | import static org.apache.http.HttpStatus.SC_OK; | 5 | import static org.apache.http.HttpStatus.SC_OK; |
5 | 6 | ||
@@ -10,8 +11,8 @@ import javax.servlet.http.HttpServlet; | @@ -10,8 +11,8 @@ import javax.servlet.http.HttpServlet; | ||
10 | import javax.servlet.http.HttpServletRequest; | 11 | import javax.servlet.http.HttpServletRequest; |
11 | import javax.servlet.http.HttpServletResponse; | 12 | import javax.servlet.http.HttpServletResponse; |
12 | 13 | ||
13 | -import br.gov.frameworkdemoiselle.security.AuthenticationException; | ||
14 | import br.gov.frameworkdemoiselle.security.Credentials; | 14 | import br.gov.frameworkdemoiselle.security.Credentials; |
15 | +import br.gov.frameworkdemoiselle.security.InvalidCredentialsException; | ||
15 | import br.gov.frameworkdemoiselle.security.SecurityContext; | 16 | import br.gov.frameworkdemoiselle.security.SecurityContext; |
16 | import br.gov.frameworkdemoiselle.util.Beans; | 17 | import br.gov.frameworkdemoiselle.util.Beans; |
17 | 18 | ||
@@ -21,19 +22,48 @@ public class HelperServlet extends HttpServlet { | @@ -21,19 +22,48 @@ public class HelperServlet extends HttpServlet { | ||
21 | 22 | ||
22 | @Override | 23 | @Override |
23 | protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { | 24 | protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { |
24 | - String result = request.getHeader("Authorization"); | ||
25 | - result = (result == null ? request.getHeader("authorization") : result); | 25 | + if (request.getRequestURI().endsWith("/login")) { |
26 | + login(request, response); | ||
27 | + } else { | ||
28 | + logout(request, response); | ||
29 | + } | ||
30 | + } | ||
26 | 31 | ||
27 | - Credentials credentials = Beans.getReference(Credentials.class); | ||
28 | - credentials.setUsername(request.getParameter("username")); | ||
29 | - credentials.setPassword(request.getParameter("password")); | 32 | + private void login(HttpServletRequest request, HttpServletResponse response) { |
33 | + loadCredentials(request); | ||
34 | + SecurityContext securityContext = Beans.getReference(SecurityContext.class); | ||
30 | 35 | ||
31 | try { | 36 | try { |
32 | - Beans.getReference(SecurityContext.class).login(); | ||
33 | - response.setStatus(SC_OK); | 37 | + securityContext.login(); |
38 | + | ||
39 | + if (securityContext.isLoggedIn()) { | ||
40 | + response.setStatus(SC_OK); | ||
41 | + } else { | ||
42 | + response.setStatus(SC_FORBIDDEN); | ||
43 | + } | ||
34 | 44 | ||
35 | - } catch (AuthenticationException e) { | 45 | + } catch (InvalidCredentialsException e) { |
36 | response.setStatus(SC_FORBIDDEN); | 46 | response.setStatus(SC_FORBIDDEN); |
37 | } | 47 | } |
38 | } | 48 | } |
49 | + | ||
50 | + private void logout(HttpServletRequest request, HttpServletResponse response) { | ||
51 | + loadCredentials(request); | ||
52 | + SecurityContext securityContext = Beans.getReference(SecurityContext.class); | ||
53 | + | ||
54 | + securityContext.login(); | ||
55 | + securityContext.logout(); | ||
56 | + | ||
57 | + if (!securityContext.isLoggedIn()) { | ||
58 | + response.setStatus(SC_OK); | ||
59 | + } else { | ||
60 | + response.setStatus(SC_EXPECTATION_FAILED); | ||
61 | + } | ||
62 | + } | ||
63 | + | ||
64 | + private void loadCredentials(HttpServletRequest request) { | ||
65 | + Credentials credentials = Beans.getReference(Credentials.class); | ||
66 | + credentials.setUsername(request.getParameter("username")); | ||
67 | + credentials.setPassword(request.getParameter("password")); | ||
68 | + } | ||
39 | } | 69 | } |
impl/extension/servlet/src/test/java/security/authentication/form/ServletAuthenticatorTest.java
@@ -40,7 +40,7 @@ public class ServletAuthenticatorTest { | @@ -40,7 +40,7 @@ public class ServletAuthenticatorTest { | ||
40 | 40 | ||
41 | @Test | 41 | @Test |
42 | public void loginSucessfull() throws ClientProtocolException, IOException, URISyntaxException { | 42 | public void loginSucessfull() throws ClientProtocolException, IOException, URISyntaxException { |
43 | - URIBuilder uriBuilder = new URIBuilder(deploymentUrl + "/helper"); | 43 | + URIBuilder uriBuilder = new URIBuilder(deploymentUrl + "/helper/login"); |
44 | uriBuilder.setParameter("username", "demoiselle"); | 44 | uriBuilder.setParameter("username", "demoiselle"); |
45 | uriBuilder.setParameter("password", "changeit"); | 45 | uriBuilder.setParameter("password", "changeit"); |
46 | 46 | ||
@@ -53,7 +53,7 @@ public class ServletAuthenticatorTest { | @@ -53,7 +53,7 @@ public class ServletAuthenticatorTest { | ||
53 | 53 | ||
54 | @Test | 54 | @Test |
55 | public void loginFailed() throws ClientProtocolException, IOException, URISyntaxException { | 55 | public void loginFailed() throws ClientProtocolException, IOException, URISyntaxException { |
56 | - URIBuilder uriBuilder = new URIBuilder(deploymentUrl + "/helper"); | 56 | + URIBuilder uriBuilder = new URIBuilder(deploymentUrl + "/helper/login"); |
57 | uriBuilder.setParameter("username", "invalid"); | 57 | uriBuilder.setParameter("username", "invalid"); |
58 | uriBuilder.setParameter("password", "invalid"); | 58 | uriBuilder.setParameter("password", "invalid"); |
59 | 59 | ||
@@ -63,4 +63,22 @@ public class ServletAuthenticatorTest { | @@ -63,4 +63,22 @@ public class ServletAuthenticatorTest { | ||
63 | int status = response.getStatusLine().getStatusCode(); | 63 | int status = response.getStatusLine().getStatusCode(); |
64 | assertEquals(SC_FORBIDDEN, status); | 64 | assertEquals(SC_FORBIDDEN, status); |
65 | } | 65 | } |
66 | + | ||
67 | + @Test | ||
68 | + public void logoutSucessfull() throws ClientProtocolException, IOException, URISyntaxException { | ||
69 | + URIBuilder uriBuilder = new URIBuilder(deploymentUrl + "/helper/logout"); | ||
70 | + uriBuilder.setParameter("username", "demoiselle"); | ||
71 | + uriBuilder.setParameter("password", "changeit"); | ||
72 | + | ||
73 | + HttpGet httpGet = new HttpGet(uriBuilder.build()); | ||
74 | + HttpResponse httpResponse = HttpClientBuilder.create().build().execute(httpGet); | ||
75 | + | ||
76 | + int status = httpResponse.getStatusLine().getStatusCode(); | ||
77 | + assertEquals(SC_OK, status); | ||
78 | + } | ||
79 | + | ||
80 | + @Test | ||
81 | + public void logoutFailed() throws ClientProtocolException, IOException, URISyntaxException { | ||
82 | + URIBuilder uriBuilder = new URIBuilder(deploymentUrl + "/helper/logout"); | ||
83 | + } | ||
66 | } | 84 | } |
impl/extension/servlet/src/test/resources/security/authentication/form/web.xml
@@ -56,6 +56,7 @@ | @@ -56,6 +56,7 @@ | ||
56 | </servlet> | 56 | </servlet> |
57 | <servlet-mapping> | 57 | <servlet-mapping> |
58 | <servlet-name>Helper Servlet</servlet-name> | 58 | <servlet-name>Helper Servlet</servlet-name> |
59 | - <url-pattern>/helper</url-pattern> | 59 | + <url-pattern>/helper/login</url-pattern> |
60 | + <url-pattern>/helper/logout</url-pattern> | ||
60 | </servlet-mapping> | 61 | </servlet-mapping> |
61 | </web-app> | 62 | </web-app> |
62 | \ No newline at end of file | 63 | \ No newline at end of file |