SessionAuthentication xref

View Javadoc

1   // ========================================================================
2   // Copyright (c) 2009-2009 Mort Bay Consulting Pty. Ltd.
3   // ------------------------------------------------------------------------
4   // All rights reserved. This program and the accompanying materials
5   // are made available under the terms of the Eclipse Public License v1.0
6   // and Apache License v2.0 which accompanies this distribution.
7   // The Eclipse Public License is available at 
8   // http://www.eclipse.org/legal/epl-v10.html
9   // The Apache License v2.0 is available at
10  // http://www.opensource.org/licenses/apache2.0.php
11  // You may elect to redistribute this code under either of these licenses. 
12  // ========================================================================
13  
14  
15  package org.eclipse.jetty.security.authentication;
16  
17  import java.io.IOException;
18  import java.io.ObjectInputStream;
19  import java.io.ObjectOutputStream;
20  import java.io.Serializable;
21  
22  import javax.servlet.http.HttpSession;
23  import javax.servlet.http.HttpSessionActivationListener;
24  import javax.servlet.http.HttpSessionAttributeListener;
25  import javax.servlet.http.HttpSessionBindingEvent;
26  import javax.servlet.http.HttpSessionBindingListener;
27  import javax.servlet.http.HttpSessionEvent;
28  
29  import org.eclipse.jetty.security.Authenticator;
30  import org.eclipse.jetty.security.LoginService;
31  import org.eclipse.jetty.security.SecurityHandler;
32  import org.eclipse.jetty.security.UserAuthentication;
33  import org.eclipse.jetty.server.Authentication;
34  import org.eclipse.jetty.server.UserIdentity;
35  import org.eclipse.jetty.server.UserIdentity.Scope;
36  import org.eclipse.jetty.util.log.Log;
37  
38  public class SessionAuthentication implements Authentication.User, Serializable, HttpSessionActivationListener, HttpSessionBindingListener
39  {
40      private static final long serialVersionUID = -4643200685888258706L;
41  
42      
43  
44      public final static String __J_AUTHENTICATED="org.eclipse.jetty.security.UserIdentity";
45  
46      private final String _method;
47      private final String _name;
48      private final Object _credentials;
49      
50      private transient UserIdentity _userIdentity;
51      private transient HttpSession _session;
52      
53      public SessionAuthentication(String method, UserIdentity userIdentity, Object credentials)
54      {
55          _method = method;
56          _userIdentity = userIdentity;
57          _name=_userIdentity.getUserPrincipal().getName();
58          _credentials=credentials;
59      }
60  
61      public String getAuthMethod()
62      {
63          return _method;
64      }
65  
66      public UserIdentity getUserIdentity()
67      {
68          return _userIdentity;
69      }
70  
71      public boolean isUserInRole(Scope scope, String role)
72      {
73          return _userIdentity.isUserInRole(role, scope);
74      }
75  
76      private void readObject(ObjectInputStream stream) 
77          throws IOException, ClassNotFoundException 
78      {
79          stream.defaultReadObject();
80          
81          SecurityHandler security=SecurityHandler.getCurrentSecurityHandler();
82          if (security==null)
83              throw new IllegalStateException("!SecurityHandler");
84          LoginService login_service=security.getLoginService();
85          if (login_service==null)
86              throw new IllegalStateException("!LoginService");
87          
88          _userIdentity=login_service.login(_name,_credentials);
89          Log.debug("Deserialized and relogged in {}",this);
90      }
91      
92      public void logout()
93      {
94          if (_session!=null && _session.getAttribute(__J_AUTHENTICATED)!=null)
95              _session.removeAttribute(__J_AUTHENTICATED);
96          else 
97              doLogout();
98      }
99      
100     private void doLogout()
101     {
102         SecurityHandler security=SecurityHandler.getCurrentSecurityHandler();
103         if (security!=null)
104             security.logout(this);
105         if (_session!=null)
106             _session.removeAttribute(LoginAuthenticator.SESSION_SECURED);
107     }
108         
109     @Override
110     public String toString()
111     {
112         return "Session"+super.toString();
113     }
114 
115     public void sessionWillPassivate(HttpSessionEvent se)
116     {
117     }
118 
119     public void sessionDidActivate(HttpSessionEvent se)
120     {
121         if (_session==null)
122             _session=se.getSession();
123     }
124 
125     public void valueBound(HttpSessionBindingEvent event)
126     {
127     }
128 
129     public void valueUnbound(HttpSessionBindingEvent event)
130     {
131         doLogout();
132     }
133     
134 }