- // Authenticate from session
- if (isSessionAuthenticated(httpSession)) {
- filterChain.doFilter(request, response);
- return;
- }
-
- // TODO Kerberos
-
- // TODO Certificate
-
- // Process basic auth
- String basicAuth = request.getHeader(HEADER_AUTHORIZATION);
- if (basicAuth != null) {
- UsernamePasswordAuthenticationToken token = basicAuth(basicAuth);
- Authentication auth = authenticationManager.authenticate(token);
- SecurityContextHolder.getContext().setAuthentication(auth);
- httpSession.setAttribute(SPRING_SECURITY_CONTEXT_KEY,
- SecurityContextHolder.getContext());
- httpSession.setAttribute(ATTR_AUTH, Boolean.FALSE);
- filterChain.doFilter(request, response);
- return;
- }
-
- Boolean doBasicAuth = true;
- if (doBasicAuth) {
- requestBasicAuth(httpSession, response);
- // skip filter chain
- return;
- }
-
- // TODO Login page
-
- // Anonymous
- KernelUtils.anonymousLogin(authenticationManager);