View Javadoc

1   // ========================================================================
2   // Copyright (c) 2008-2009 Mort Bay Consulting Pty. Ltd.
3   // ------------------------------------------------------------------------
4   // All rights reserved. This program and the accompanying materials
5   // are made available under the terms of the Eclipse Public License v1.0
6   // and Apache License v2.0 which accompanies this distribution.
7   // The Eclipse Public License is available at 
8   // http://www.eclipse.org/legal/epl-v10.html
9   // The Apache License v2.0 is available at
10  // http://www.opensource.org/licenses/apache2.0.php
11  // You may elect to redistribute this code under either of these licenses. 
12  // ========================================================================
13  
14  package org.eclipse.jetty.security.authentication;
15  
16  import java.util.Enumeration;
17  import java.util.HashMap;
18  import java.util.Map;
19  
20  import javax.servlet.http.HttpServletRequest;
21  import javax.servlet.http.HttpServletResponse;
22  import javax.servlet.http.HttpSession;
23  
24  import org.eclipse.jetty.security.Authenticator;
25  import org.eclipse.jetty.security.IdentityService;
26  import org.eclipse.jetty.security.LoginService;
27  import org.eclipse.jetty.server.SessionManager;
28  
29  public abstract class LoginAuthenticator implements Authenticator
30  {
31      public final static String SESSION_SECURED="org.eclipse.jetty.security.secured";
32      protected final DeferredAuthentication _deferred=new DeferredAuthentication(this);
33      protected LoginService _loginService;
34      protected IdentityService _identityService;
35      private boolean _renewSession;
36  
37      protected LoginAuthenticator()
38      {
39      }
40  
41      public void setConfiguration(AuthConfiguration configuration)
42      {
43          _loginService=configuration.getLoginService();
44          if (_loginService==null)
45              throw new IllegalStateException("No LoginService for "+this+" in "+configuration);
46          _identityService=configuration.getIdentityService();
47          if (_identityService==null)
48              throw new IllegalStateException("No IdentityService for "+this+" in "+configuration);
49          _renewSession=configuration.isSessionRenewedOnAuthentication();
50      }
51      
52      public LoginService getLoginService()
53      {
54          return _loginService;
55      }
56      
57      /* ------------------------------------------------------------ */
58      /** Change the session when the request is authenticated for the first time
59       * @param request
60       * @param response
61       * @return The new session.
62       */
63      protected HttpSession renewSessionOnAuthentication(HttpServletRequest request, HttpServletResponse response)
64      {
65          HttpSession httpSession = request.getSession(false);
66          if (_renewSession && httpSession!=null && httpSession.getAttribute(SESSION_SECURED)==null)
67          {
68              synchronized (this)
69              {
70                  Map<String,Object> attributes = new HashMap<String, Object>();
71                  for (Enumeration<String> e=httpSession.getAttributeNames();e.hasMoreElements();)
72                  {
73                      String name=e.nextElement();
74                      attributes.put(name,httpSession.getAttribute(name));
75                      httpSession.removeAttribute(name);
76                  }
77                  httpSession.invalidate();
78                  httpSession = request.getSession(true);
79                  httpSession.setAttribute(SESSION_SECURED,Boolean.TRUE);
80                  for (Map.Entry<String, Object> entry: attributes.entrySet())
81                      httpSession.setAttribute(entry.getKey(),entry.getValue());
82              }
83          }
84          
85          return httpSession;
86      }
87  }