Commit 424dfc7b07e074348c06747d1c119dde21f3598d

Authored by Emerson Oliveira
2 parents 72d3e71c 850cc214
Exists in master

Merge branch '2.4.0' of git@github.com:demoiselle/framework.git into 2.4.0

impl/extension/servlet/src/main/java/br/gov/frameworkdemoiselle/security/ServletAuthenticator.java
@@ -65,11 +65,14 @@ public class ServletAuthenticator implements Authenticator { @@ -65,11 +65,14 @@ public class ServletAuthenticator implements Authenticator {
65 @Override 65 @Override
66 public void authenticate() throws AuthenticationException { 66 public void authenticate() throws AuthenticationException {
67 try { 67 try {
68 - if (getRequest().getUserPrincipal() == null) {  
69 - getRequest().login(getCredentials().getUsername(), getCredentials().getPassword());  
70 - } 68 + getRequest().login(getCredentials().getUsername(), getCredentials().getPassword());
  69 +
71 } catch (ServletException cause) { 70 } catch (ServletException cause) {
72 - throw new AuthenticationException(getBundle().getString("authentication-failed"), cause); 71 + if (cause.getMessage().contains("invalid")) {
  72 + throw new InvalidCredentialsException(getBundle().getString("invalid-credentials"));
  73 + } else {
  74 + throw new AuthenticationException(getBundle().getString("authentication-failed"), cause);
  75 + }
73 } 76 }
74 } 77 }
75 78
impl/extension/servlet/src/main/resources/demoiselle-servlet-bundle.properties
@@ -34,4 +34,5 @@ @@ -34,4 +34,5 @@
34 # 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA. 34 # 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA.
35 35
36 has-permission-not-supported=N\u00E3o \u00E9 poss\u00EDvel utilizar @{0}, pois esta funcionalidade n\u00E3o \u00E9 suportada pelo JAAS. 36 has-permission-not-supported=N\u00E3o \u00E9 poss\u00EDvel utilizar @{0}, pois esta funcionalidade n\u00E3o \u00E9 suportada pelo JAAS.
  37 +invalid-credentials=Usu\u00E1rio ou senha inv\u00E1lidos.
37 authentication-failed=Falha no processo de autentica\u00E7\u00E3o. 38 authentication-failed=Falha no processo de autentica\u00E7\u00E3o.
impl/extension/servlet/src/test/java/security/authentication/form/HelperServlet.java
1 package security.authentication.form; 1 package security.authentication.form;
2 2
  3 +import static org.apache.http.HttpStatus.SC_EXPECTATION_FAILED;
3 import static org.apache.http.HttpStatus.SC_FORBIDDEN; 4 import static org.apache.http.HttpStatus.SC_FORBIDDEN;
4 import static org.apache.http.HttpStatus.SC_OK; 5 import static org.apache.http.HttpStatus.SC_OK;
5 6
@@ -10,8 +11,8 @@ import javax.servlet.http.HttpServlet; @@ -10,8 +11,8 @@ import javax.servlet.http.HttpServlet;
10 import javax.servlet.http.HttpServletRequest; 11 import javax.servlet.http.HttpServletRequest;
11 import javax.servlet.http.HttpServletResponse; 12 import javax.servlet.http.HttpServletResponse;
12 13
13 -import br.gov.frameworkdemoiselle.security.AuthenticationException;  
14 import br.gov.frameworkdemoiselle.security.Credentials; 14 import br.gov.frameworkdemoiselle.security.Credentials;
  15 +import br.gov.frameworkdemoiselle.security.InvalidCredentialsException;
15 import br.gov.frameworkdemoiselle.security.SecurityContext; 16 import br.gov.frameworkdemoiselle.security.SecurityContext;
16 import br.gov.frameworkdemoiselle.util.Beans; 17 import br.gov.frameworkdemoiselle.util.Beans;
17 18
@@ -21,19 +22,48 @@ public class HelperServlet extends HttpServlet { @@ -21,19 +22,48 @@ public class HelperServlet extends HttpServlet {
21 22
22 @Override 23 @Override
23 protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { 24 protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
24 - String result = request.getHeader("Authorization");  
25 - result = (result == null ? request.getHeader("authorization") : result); 25 + if (request.getRequestURI().endsWith("/login")) {
  26 + login(request, response);
  27 + } else {
  28 + logout(request, response);
  29 + }
  30 + }
26 31
27 - Credentials credentials = Beans.getReference(Credentials.class);  
28 - credentials.setUsername(request.getParameter("username"));  
29 - credentials.setPassword(request.getParameter("password")); 32 + private void login(HttpServletRequest request, HttpServletResponse response) {
  33 + loadCredentials(request);
  34 + SecurityContext securityContext = Beans.getReference(SecurityContext.class);
30 35
31 try { 36 try {
32 - Beans.getReference(SecurityContext.class).login();  
33 - response.setStatus(SC_OK); 37 + securityContext.login();
  38 +
  39 + if (securityContext.isLoggedIn()) {
  40 + response.setStatus(SC_OK);
  41 + } else {
  42 + response.setStatus(SC_FORBIDDEN);
  43 + }
34 44
35 - } catch (AuthenticationException e) { 45 + } catch (InvalidCredentialsException e) {
36 response.setStatus(SC_FORBIDDEN); 46 response.setStatus(SC_FORBIDDEN);
37 } 47 }
38 } 48 }
  49 +
  50 + private void logout(HttpServletRequest request, HttpServletResponse response) {
  51 + loadCredentials(request);
  52 + SecurityContext securityContext = Beans.getReference(SecurityContext.class);
  53 +
  54 + securityContext.login();
  55 + securityContext.logout();
  56 +
  57 + if (!securityContext.isLoggedIn()) {
  58 + response.setStatus(SC_OK);
  59 + } else {
  60 + response.setStatus(SC_EXPECTATION_FAILED);
  61 + }
  62 + }
  63 +
  64 + private void loadCredentials(HttpServletRequest request) {
  65 + Credentials credentials = Beans.getReference(Credentials.class);
  66 + credentials.setUsername(request.getParameter("username"));
  67 + credentials.setPassword(request.getParameter("password"));
  68 + }
39 } 69 }
impl/extension/servlet/src/test/java/security/authentication/form/ServletAuthenticatorTest.java
@@ -40,7 +40,7 @@ public class ServletAuthenticatorTest { @@ -40,7 +40,7 @@ public class ServletAuthenticatorTest {
40 40
41 @Test 41 @Test
42 public void loginSucessfull() throws ClientProtocolException, IOException, URISyntaxException { 42 public void loginSucessfull() throws ClientProtocolException, IOException, URISyntaxException {
43 - URIBuilder uriBuilder = new URIBuilder(deploymentUrl + "/helper"); 43 + URIBuilder uriBuilder = new URIBuilder(deploymentUrl + "/helper/login");
44 uriBuilder.setParameter("username", "demoiselle"); 44 uriBuilder.setParameter("username", "demoiselle");
45 uriBuilder.setParameter("password", "changeit"); 45 uriBuilder.setParameter("password", "changeit");
46 46
@@ -53,7 +53,7 @@ public class ServletAuthenticatorTest { @@ -53,7 +53,7 @@ public class ServletAuthenticatorTest {
53 53
54 @Test 54 @Test
55 public void loginFailed() throws ClientProtocolException, IOException, URISyntaxException { 55 public void loginFailed() throws ClientProtocolException, IOException, URISyntaxException {
56 - URIBuilder uriBuilder = new URIBuilder(deploymentUrl + "/helper"); 56 + URIBuilder uriBuilder = new URIBuilder(deploymentUrl + "/helper/login");
57 uriBuilder.setParameter("username", "invalid"); 57 uriBuilder.setParameter("username", "invalid");
58 uriBuilder.setParameter("password", "invalid"); 58 uriBuilder.setParameter("password", "invalid");
59 59
@@ -63,4 +63,22 @@ public class ServletAuthenticatorTest { @@ -63,4 +63,22 @@ public class ServletAuthenticatorTest {
63 int status = response.getStatusLine().getStatusCode(); 63 int status = response.getStatusLine().getStatusCode();
64 assertEquals(SC_FORBIDDEN, status); 64 assertEquals(SC_FORBIDDEN, status);
65 } 65 }
  66 +
  67 + @Test
  68 + public void logoutSucessfull() throws ClientProtocolException, IOException, URISyntaxException {
  69 + URIBuilder uriBuilder = new URIBuilder(deploymentUrl + "/helper/logout");
  70 + uriBuilder.setParameter("username", "demoiselle");
  71 + uriBuilder.setParameter("password", "changeit");
  72 +
  73 + HttpGet httpGet = new HttpGet(uriBuilder.build());
  74 + HttpResponse httpResponse = HttpClientBuilder.create().build().execute(httpGet);
  75 +
  76 + int status = httpResponse.getStatusLine().getStatusCode();
  77 + assertEquals(SC_OK, status);
  78 + }
  79 +
  80 + @Test
  81 + public void logoutFailed() throws ClientProtocolException, IOException, URISyntaxException {
  82 + URIBuilder uriBuilder = new URIBuilder(deploymentUrl + "/helper/logout");
  83 + }
66 } 84 }
impl/extension/servlet/src/test/resources/security/authentication/form/web.xml
@@ -56,6 +56,7 @@ @@ -56,6 +56,7 @@
56 </servlet> 56 </servlet>
57 <servlet-mapping> 57 <servlet-mapping>
58 <servlet-name>Helper Servlet</servlet-name> 58 <servlet-name>Helper Servlet</servlet-name>
59 - <url-pattern>/helper</url-pattern> 59 + <url-pattern>/helper/login</url-pattern>
  60 + <url-pattern>/helper/logout</url-pattern>
60 </servlet-mapping> 61 </servlet-mapping>
61 </web-app> 62 </web-app>
62 \ No newline at end of file 63 \ No newline at end of file