ref #18

src/main/java/br/eti/arthurgregorio/library/application/controllers/UserSessionBean.java

@@ -13,6 +13,7 @@
 import javax.inject.Named;
 import javax.security.enterprise.SecurityContext;
 import java.io.Serializable;
+import java.security.Principal;
 
 /**
  * The controller of the session bean. This class hold the current user on the application and his data
@@ -41,11 +42,13 @@ public class UserSessionBean implements Serializable {
     @PostConstruct
     protected void initialize() {
 
-        final String principalUsername = this.securityContext.getCallerPrincipal().getName();
+        final Principal principal = this.securityContext.getCallerPrincipal();
 
-        this.principal = this.userRepository
-                .findOptionalByUsername(principalUsername)
-                .orElseThrow(() -> new IllegalStateException(String.format("User %s has no local user", principalUsername)));
+        if (principal != null) {
+            this.principal = this.userRepository
+                    .findOptionalByUsername(principal.getName())
+                    .orElseThrow(() -> new IllegalStateException(String.format("User %s has no local user", principal)));
+        }
     }
 
     /**

src/main/java/br/eti/arthurgregorio/library/infrastructure/soteria/BasicAuthenticationMechanism.java

@@ -5,6 +5,7 @@
 import javax.enterprise.context.ApplicationScoped;
 import javax.inject.Inject;
 import javax.security.enterprise.authentication.mechanism.http.AutoApplySession;
+import javax.security.enterprise.authentication.mechanism.http.HttpMessageContext;
 import javax.security.enterprise.authentication.mechanism.http.LoginToContinue;
 import javax.security.enterprise.authentication.mechanism.http.RememberMe;
 import javax.security.enterprise.identitystore.IdentityStore;
@@ -21,8 +22,8 @@
         isRememberMeExpression = "#{self.isRememberMe(httpMessageContext)}"
 )
 @LoginToContinue(
-        loginPage = "/login.xhtml?continue=true",
-        errorPage = "",
+        loginPage = "/index.xhtml?continue=true",
+        errorPage = "/index.xhtml?error=true",
         useForwardToLogin = false
 )
 @ApplicationScoped
@@ -36,4 +37,13 @@ public class BasicAuthenticationMechanism extends FormAuthenticationMechanism {
     public BasicAuthenticationMechanism(IdentityStore identityStore) {
         super(identityStore);
     }
+
+    /**
+     *
+     * @param context
+     * @return
+     */
+    public Boolean isRememberMe(HttpMessageContext context) {
+        return context.getAuthParameters().isRememberMe();
+    }
 }

src/main/java/br/eti/arthurgregorio/library/infrastructure/soteria/auth/AuthenticationFilter.java

@@ -0,0 +1,54 @@
+package br.eti.arthurgregorio.library.infrastructure.soteria.auth;
+
+import org.omnifaces.filter.HttpFilter;
+import org.omnifaces.util.Servlets;
+import org.slf4j.Logger;
+
+import javax.inject.Inject;
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebFilter;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+import java.io.IOException;
+
+import static org.apache.commons.lang3.StringUtils.isBlank;
+
+/**
+ * @author Arthur Gregorio
+ *
+ * @version 1.0.0
+ * @since 1.0.0, 13/11/2018
+ */
+@WebFilter(urlPatterns = "/secured/*")
+public class AuthenticationFilter extends HttpFilter {
+
+    @Inject
+    private Logger logger;
+
+    /**
+     *
+     * @param request
+     * @param response
+     * @param session
+     * @param chain
+     * @throws ServletException
+     * @throws IOException
+     */
+    @Override
+    public void doFilter(HttpServletRequest request, HttpServletResponse response, HttpSession session, FilterChain chain)
+            throws ServletException, IOException {
+
+        final String requestedPath = request.getRequestURI().substring(request.getContextPath().length())
+                .replaceAll("[/]+$", "");
+
+        final String user = request.getRemoteUser();
+
+        if (isBlank(user)) {
+            this.logger.info(String.format("The user must be authenticated to access this [%s]", requestedPath));
+            Servlets.facesRedirect(request, response, "/index.xhtml");
+        }
+        chain.doFilter(request, response);
+    }
+}

src/main/java/br/eti/arthurgregorio/library/infrastructure/soteria/auth/FormAuthenticationMechanism.java

@@ -1,6 +1,5 @@
 package br.eti.arthurgregorio.library.infrastructure.soteria.auth;
 
-import javax.security.enterprise.AuthenticationException;
 import javax.security.enterprise.AuthenticationStatus;
 import javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism;
 import javax.security.enterprise.authentication.mechanism.http.HttpMessageContext;
@@ -20,6 +19,7 @@ public class FormAuthenticationMechanism implements HttpAuthenticationMechanism
     private IdentityStore identityStore;
 
     /**
+     * Basic constructor
      *
      * @param identityStore
      */
@@ -34,17 +34,15 @@ public FormAuthenticationMechanism(IdentityStore identityStore) {
      * @param response
      * @param context
      * @return
-     * @throws AuthenticationException
      */
     @Override
-    public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, HttpMessageContext context) throws AuthenticationException {
+    public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, HttpMessageContext context) {
 
         final Credential credential = context.getAuthParameters().getCredential();
 
-        if (credential == null) {
-            return context.doNothing();
+        if (credential != null) {
+            return context.notifyContainerAboutLogin(this.identityStore.validate(credential));
         }
-
-        return context.notifyContainerAboutLogin(this.identityStore.validate(credential));
+        return context.doNothing();
     }
-}
+}