public function authenticate(HttpServletRequestInterface $servletRequest, HttpServletResponseInterface $servletResponse)
{
// start the session, if not already done
/** @var \AppserverIo\Psr\Servlet\Http\HttpSessionInterface $session */
$session = $servletRequest->getSession(true);
// start the session if not already done
if ($session->isStarted() === false) {
$session->start();
}
// try to load the principal from the session if available
if ($session->hasKey(Constants::PRINCIPAL)) {
if ($session->getData(Constants::PRINCIPAL) instanceof PrincipalInterface) {
// invoke the onCache callback and return
$this->onCache($servletRequest, $servletResponse);
return true;
}
}
// is this the re-submit of the original request URI after successful
// authentication? If so, forward the *original* request instead
if ($this->matchRequest($servletRequest)) {
// invoke the onRestore callback and return
$this->onResubmit($servletRequest, $servletResponse);
return true;
}
// is this the action request from the login page?
if (FormKeys::FORM_ACTION !== pathinfo($servletRequest->getRequestUri(), PATHINFO_FILENAME)) {
// invoke the onLogin callback and redirect to the login page
$this->onLogin($servletRequest, $servletResponse);
return false;
}
// invoke the onCredentials callback to load the credentials from the request
$this->onCredentials($servletRequest, $servletResponse);
// load the realm to authenticate this request for
/** @var AppserverIo\Appserver\ServletEngine\Security\RealmInterface $realm */
$realm = $this->getAuthenticationManager()->getRealm($this->getRealmName());
// authenticate the request and initialize the user principal
$userPrincipal = $realm->authenticate($this->getUsername(), $this->getPassword());
// query whether or not the realm returned an authenticated user principal
if ($userPrincipal == null) {
// invoke the onFailure callback and forward the user to the error page
$this->onFailure($realm, $servletRequest, $servletResponse);
return false;
}
// invoke the onSuccess callback and redirect the user to the original page
$this->onSuccess($userPrincipal, $servletRequest, $servletResponse);
return false;
}