From 6a9bf66f38236397448a7c0c6e3c9e809b746d93 Mon Sep 17 00:00:00 2001 From: Stuart Douglas Date: Tue, 28 Feb 2017 08:23:59 +1100 Subject: [PATCH 1/2] Don't use absolute URI for the login page forward call --- .../security/http/impl/FormAuthenticationMechanism.java | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/src/main/java/org/wildfly/security/http/impl/FormAuthenticationMechanism.java b/src/main/java/org/wildfly/security/http/impl/FormAuthenticationMechanism.java index 160a53026d9..239c710d1fa 100644 --- a/src/main/java/org/wildfly/security/http/impl/FormAuthenticationMechanism.java +++ b/src/main/java/org/wildfly/security/http/impl/FormAuthenticationMechanism.java @@ -298,13 +298,7 @@ void sendLogin(HttpServerRequest request, HttpServerResponse response) throws Ht request.suspendRequest(); } - StringBuilder sb = new StringBuilder(); - sb.append(requestURI.getScheme()); - sb.append("://"); - sb.append(requestURI.getHost()); - sb.append(':').append(requestURI.getPort()); - sb.append(loginPage); - sendPage(sb.toString(), request, response); + sendPage(loginPage, request, response); } void sendPage(String page, HttpServerRequest request, HttpServerResponse response) throws HttpAuthenticationException { From a70c41aadb1029b7da8c77a77214092c98e90b46 Mon Sep 17 00:00:00 2001 From: Stuart Douglas Date: Tue, 28 Feb 2017 09:46:36 +1100 Subject: [PATCH 2/2] Make form auth logout work correctly --- .../impl/FormAuthenticationMechanism.java | 21 ++++++++++++------ .../SingleSignOnServerMechanismFactory.java | 22 +++++++++++++++++++ 2 files changed, 36 insertions(+), 7 deletions(-) diff --git a/src/main/java/org/wildfly/security/http/impl/FormAuthenticationMechanism.java b/src/main/java/org/wildfly/security/http/impl/FormAuthenticationMechanism.java index 239c710d1fa..66356bcd618 100644 --- a/src/main/java/org/wildfly/security/http/impl/FormAuthenticationMechanism.java +++ b/src/main/java/org/wildfly/security/http/impl/FormAuthenticationMechanism.java @@ -170,7 +170,8 @@ private void attemptAuthentication(HttpServerRequest request) throws HttpAuthent char[] passwordChars = password.toCharArray(); try { if (authenticate(null, username, passwordChars)) { - if (authorize(username, request)) { + IdentityCache identityCache = createIdentityCache(request, true); + if (authorize(username, request, identityCache)) { log.debugf("User %s authenticated successfully using FormAuthenticationMechanism!", username); succeed(); HttpScope session = getSessionScope(request, true); @@ -197,7 +198,7 @@ private void attemptAuthentication(HttpServerRequest request) throws HttpAuthent responder = (response) -> sendRedirect(response, postAuthenticationPath); } - request.authenticationComplete(responder); + request.authenticationComplete(responder, identityCache::remove); return; } else { failAndRedirectToErrorPage(request, username); @@ -215,10 +216,9 @@ private void attemptAuthentication(HttpServerRequest request) throws HttpAuthent } } - private boolean authorize(String username, HttpServerRequest request) throws HttpAuthenticationException { + private boolean authorize(String username, HttpServerRequest request, IdentityCache identityCache) throws HttpAuthenticationException { log.tracef("Authorizing username: [%s], Request URI: [%s], Context path: [%s]", username, request.getRequestURI(), this.contextPath); - IdentityCache identityCache = createIdentityCache(request, true); if (identityCache != null) { CachedIdentityAuthorizeCallback authorizeCallback = new CachedIdentityAuthorizeCallback(username, identityCache); try { @@ -257,7 +257,7 @@ private boolean attemptReAuthentication(HttpServerRequest request) throws HttpAu } catch (IOException | UnsupportedCallbackException e) { throw new HttpAuthenticationException(e); } - request.authenticationComplete(); + request.authenticationComplete(null, identityCache::remove); return true; } } @@ -305,7 +305,6 @@ void sendPage(String page, HttpServerRequest request, HttpServerResponse respons if (response.forward(page)) { return; } - // Work out how and send the login page. HttpScope application = request.getScope(Scope.APPLICATION); if (application != null && application.supportsResources()) { @@ -327,7 +326,15 @@ void sendPage(String page, HttpServerRequest request, HttpServerResponse respons } } - sendRedirect(response, contextPath + page); + URI requestURI = request.getRequestURI(); + StringBuilder sb = new StringBuilder(); + sb.append(requestURI.getScheme()); + sb.append("://"); + sb.append(requestURI.getHost()); + sb.append(':').append(requestURI.getPort()); + sb.append(contextPath); + sb.append(page); + sendRedirect(response, sb.toString()); } private void sendRedirect(HttpServerResponse response, String location) { diff --git a/src/main/java/org/wildfly/security/http/util/sso/SingleSignOnServerMechanismFactory.java b/src/main/java/org/wildfly/security/http/util/sso/SingleSignOnServerMechanismFactory.java index 90e9063435a..eb29f142178 100644 --- a/src/main/java/org/wildfly/security/http/util/sso/SingleSignOnServerMechanismFactory.java +++ b/src/main/java/org/wildfly/security/http/util/sso/SingleSignOnServerMechanismFactory.java @@ -159,6 +159,28 @@ public void authenticationComplete(HttpServerMechanismsResponder responder) { }); } + @Override + public void authenticationComplete(HttpServerMechanismsResponder responder, Runnable logoutHandler) { + request.authenticationComplete(response -> { + try { + String id = singleSignOnSession.getId(); + if (id != null) { + HttpServerCookie cookie = getCookie(request); + + if (cookie == null) { + response.setResponseCookie(createCookie(id, -1)); + } + } + + if (responder != null) { + responder.sendResponse(response); + } + } finally { + singleSignOnSession.close(); + } + }, logoutHandler); + } + @Override public void authenticationFailed(String message, HttpServerMechanismsResponder responder) { request.authenticationFailed(message, response -> {