using servlet3 auth as source

Author: porcelli

pom.xml

@@ -58,7 +58,7 @@
     <weld-spi.version>1.1.Final</weld-spi.version>
     <weld.version>1.1.13.Final</weld.version>
 
-    <servlet-api.version>2.5</servlet-api.version>
+    <servlet-api.version>3.0.1</servlet-api.version>
     <jsp-api.version>2.0</jsp-api.version>
     <jboss-ejb3-api.version>3.1.0</jboss-ejb3-api.version>
     <xml-apis.version>1.3.04</xml-apis.version>
@@ -734,7 +734,7 @@
 
       <dependency>
         <groupId>javax.servlet</groupId>
-        <artifactId>servlet-api</artifactId>
+        <artifactId>javax.servlet-api</artifactId>
         <version>${servlet-api.version}</version>
       </dependency>
 

uberfire-security/uberfire-security-server/pom.xml

@@ -44,7 +44,7 @@
 
     <dependency>
       <groupId>javax.servlet</groupId>
-      <artifactId>servlet-api</artifactId>
+      <artifactId>javax.servlet-api</artifactId>
       <scope>provided</scope>
     </dependency>
 

uberfire-security/uberfire-security-server/src/main/java/org/uberfire/security/server/auth/JACCAuthenticationScheme.java

@@ -16,7 +16,7 @@ public void challengeClient(SecurityContext context) {
     }
 
     @Override
-    public Credential buildCredential(SecurityContext context) {
+    public Credential buildCredential( SecurityContext context) {
 
         final HttpSecurityContext httpSecurityContext = checkInstanceOf("context", context, HttpSecurityContext.class);
 

uberfire-security/uberfire-security-server/src/main/java/org/uberfire/security/server/auth/source/HttpServletRequestAuthenticationSource.java

@@ -0,0 +1,41 @@
+package org.uberfire.security.server.auth.source;
+
+import javax.security.jacc.PolicyContext;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+
+import org.uberfire.security.auth.Credential;
+import org.uberfire.security.impl.auth.UserNameCredential;
+import org.uberfire.security.impl.auth.UsernamePasswordCredential;
+
+import static org.kie.commons.validation.Preconditions.*;
+
+public class HttpServletRequestAuthenticationSource extends JACCAuthenticationSource {
+
+    @Override
+    public boolean supportsCredential( final Credential credential ) {
+        if ( credential == null ) {
+            return false;
+        }
+        return credential instanceof UserNameCredential;
+    }
+
+    @Override
+    public boolean authenticate( Credential credential ) {
+        try {
+            final UserNameCredential userNameCredential = checkInstanceOf( "credential", credential, UserNameCredential.class );
+            if ( userNameCredential instanceof UsernamePasswordCredential ) {
+
+                final HttpServletRequest request = (HttpServletRequest) PolicyContext.getContext( "javax.servlet.http.HttpServletRequest" );
+                try {
+                    request.login( userNameCredential.getUserName(), ( (UsernamePasswordCredential) userNameCredential ).getPassword().toString() );
+                } catch ( final ServletException ex ) {
+                    return false;
+                }
+            }
+            return super.authenticate( credential );
+        } catch ( final Exception e ) {
+            return false;
+        }
+    }
+}

uberfire-server/pom.xml

@@ -54,7 +54,7 @@
 
     <dependency>
       <groupId>javax.servlet</groupId>
-      <artifactId>servlet-api</artifactId>
+      <artifactId>javax.servlet-api</artifactId>
       <scope>provided</scope>
     </dependency>
   </dependencies>