public function handleRequest(HttpServletRequestInterface $servletRequest, HttpServletResponseInterface $servletResponse)
{
// initialize authenticated flag
$authenticated = true;
// iterate over all servlets and return the matching one
/** @var \AppserverIo\Appserver\ServletEngine\Security\MappingInterface $mapping */
foreach ($this->getMappings() as $mapping) {
try {
// query whether or not the URI matches against the URL pattern
if ($mapping->match($servletRequest)) {
// query whether or not the the HTTP method has to be denied or authenticated
if (in_array($servletRequest->getMethod(), $mapping->getHttpMethodOmissions())) {
// this resource has to be omitted
$authenticated = false;
} elseif (in_array($servletRequest->getMethod(), $mapping->getHttpMethods())) {
// load the authentication method and authenticate the request
$authenticator = $this->getAuthenticator($mapping);
// if we've an user principal, query the roles
if ($authenticator->authenticate($servletRequest, $servletResponse)) {
// initialize the roles flag
$inRole = false;
// query whether or not the user has at least one of the requested roles
foreach ($mapping->getRoleNames() as $role) {
if ($servletRequest->isUserInRole(new String($role))) {
$inRole = true;
break;
}
}
// if not, throw an SecurityException
if ($inRole === false) {
throw new SecurityException('User doesn\'t have necessary privileges', 403);
}
}
} else {
// load the session
if ($session = $servletRequest->getSession(true)) {
// start it, if not already done
if ($session->isStarted() === false) {
$session->start();
}
// and query whether or not the session contains a user principal
if ($session->hasKey(Constants::PRINCIPAL)) {
$servletRequest->setUserPrincipal($session->getData(Constants::PRINCIPAL));
}
}
}
// stop processing, because we're authenticated
break;
}
} catch (SecurityException $se) {
// load the system logger and debug log the exception
/** @var \Psr\Log\LoggerInterface $systemLogger */
if ($systemLogger = $this->getApplication()->getNamingDirectory()->search(NamingDirectoryKeys::SYSTEM_LOGGER)) {
$systemLogger->error($se->__toString());
}
// stop processing, because authentication failed for some reason
$servletResponse->setStatusCode($se->getCode());
$servletRequest->setAttribute(RequestHandlerKeys::ERROR_MESSAGE, $se->__toString());
$servletRequest->setDispatched(true);
return false;
} catch (\Exception $e) {
// load the system logger and debug log the exception
/** @var \Psr\Log\LoggerInterface $systemLogger */
if ($systemLogger = $this->getApplication()->getNamingDirectory()->search(NamingDirectoryKeys::SYSTEM_LOGGER)) {
$systemLogger->error($e->__toString());
}
// stop processing, because authentication failed for some reason
$servletResponse->setStatusCode(500);
$servletRequest->setAttribute(RequestHandlerKeys::ERROR_MESSAGE, $e->__toString());
$servletRequest->setDispatched(true);
return false;
}
}
// we did not find an adapter for that URI pattern, no authentication required then
return $authenticated;
}