1
2
3
4
5
6
7
8
9
10
11
12
13
14
15 package org.eclipse.jetty.security.authentication;
16
17 import java.io.IOException;
18 import java.io.ObjectInputStream;
19 import java.io.ObjectOutputStream;
20 import java.io.Serializable;
21
22 import javax.servlet.http.HttpSession;
23 import javax.servlet.http.HttpSessionActivationListener;
24 import javax.servlet.http.HttpSessionAttributeListener;
25 import javax.servlet.http.HttpSessionBindingEvent;
26 import javax.servlet.http.HttpSessionBindingListener;
27 import javax.servlet.http.HttpSessionEvent;
28
29 import org.eclipse.jetty.security.Authenticator;
30 import org.eclipse.jetty.security.LoginService;
31 import org.eclipse.jetty.security.SecurityHandler;
32 import org.eclipse.jetty.security.UserAuthentication;
33 import org.eclipse.jetty.server.Authentication;
34 import org.eclipse.jetty.server.UserIdentity;
35 import org.eclipse.jetty.server.UserIdentity.Scope;
36 import org.eclipse.jetty.util.log.Log;
37
38 public class SessionAuthentication implements Authentication.User, Serializable, HttpSessionActivationListener, HttpSessionBindingListener
39 {
40 private static final long serialVersionUID = -4643200685888258706L;
41
42
43
44 public final static String __J_AUTHENTICATED="org.eclipse.jetty.security.UserIdentity";
45
46 private final String _method;
47 private final String _name;
48 private final Object _credentials;
49
50 private transient UserIdentity _userIdentity;
51 private transient HttpSession _session;
52
53 public SessionAuthentication(String method, UserIdentity userIdentity, Object credentials)
54 {
55 _method = method;
56 _userIdentity = userIdentity;
57 _name=_userIdentity.getUserPrincipal().getName();
58 _credentials=credentials;
59 }
60
61 public String getAuthMethod()
62 {
63 return _method;
64 }
65
66 public UserIdentity getUserIdentity()
67 {
68 return _userIdentity;
69 }
70
71 public boolean isUserInRole(Scope scope, String role)
72 {
73 return _userIdentity.isUserInRole(role, scope);
74 }
75
76 private void readObject(ObjectInputStream stream)
77 throws IOException, ClassNotFoundException
78 {
79 stream.defaultReadObject();
80
81 SecurityHandler security=SecurityHandler.getCurrentSecurityHandler();
82 if (security==null)
83 throw new IllegalStateException("!SecurityHandler");
84 LoginService login_service=security.getLoginService();
85 if (login_service==null)
86 throw new IllegalStateException("!LoginService");
87
88 _userIdentity=login_service.login(_name,_credentials);
89 Log.debug("Deserialized and relogged in {}",this);
90 }
91
92 public void logout()
93 {
94 if (_session!=null && _session.getAttribute(__J_AUTHENTICATED)!=null)
95 _session.removeAttribute(__J_AUTHENTICATED);
96 else
97 doLogout();
98 }
99
100 private void doLogout()
101 {
102 SecurityHandler security=SecurityHandler.getCurrentSecurityHandler();
103 if (security!=null)
104 security.logout(this);
105 if (_session!=null)
106 _session.removeAttribute(LoginAuthenticator.SESSION_SECURED);
107 }
108
109 @Override
110 public String toString()
111 {
112 return "Session"+super.toString();
113 }
114
115 public void sessionWillPassivate(HttpSessionEvent se)
116 {
117 }
118
119 public void sessionDidActivate(HttpSessionEvent se)
120 {
121 if (_session==null)
122 _session=se.getSession();
123 }
124
125 public void valueBound(HttpSessionBindingEvent event)
126 {
127 }
128
129 public void valueUnbound(HttpSessionBindingEvent event)
130 {
131 doLogout();
132 }
133
134 }