1
2
3
4
5
6
7
8
9
10
11
12
13
14
15 package org.eclipse.jetty.security.authentication;
16
17 import java.io.IOException;
18 import java.io.ObjectInputStream;
19 import java.io.ObjectOutputStream;
20 import java.io.Serializable;
21
22 import javax.servlet.http.HttpSession;
23 import javax.servlet.http.HttpSessionActivationListener;
24 import javax.servlet.http.HttpSessionAttributeListener;
25 import javax.servlet.http.HttpSessionBindingEvent;
26 import javax.servlet.http.HttpSessionBindingListener;
27 import javax.servlet.http.HttpSessionEvent;
28
29 import org.eclipse.jetty.security.Authenticator;
30 import org.eclipse.jetty.security.LoginService;
31 import org.eclipse.jetty.security.SecurityHandler;
32 import org.eclipse.jetty.security.UserAuthentication;
33 import org.eclipse.jetty.server.Authentication;
34 import org.eclipse.jetty.server.UserIdentity;
35 import org.eclipse.jetty.server.UserIdentity.Scope;
36 import org.eclipse.jetty.util.log.Log;
37 import org.eclipse.jetty.util.log.Logger;
38
39 public class SessionAuthentication implements Authentication.User, Serializable, HttpSessionActivationListener, HttpSessionBindingListener
40 {
41 private static final Logger LOG = Log.getLogger(SessionAuthentication.class);
42
43 private static final long serialVersionUID = -4643200685888258706L;
44
45
46
47 public final static String __J_AUTHENTICATED="org.eclipse.jetty.security.UserIdentity";
48
49 private final String _method;
50 private final String _name;
51 private final Object _credentials;
52
53 private transient UserIdentity _userIdentity;
54 private transient HttpSession _session;
55
56 public SessionAuthentication(String method, UserIdentity userIdentity, Object credentials)
57 {
58 _method = method;
59 _userIdentity = userIdentity;
60 _name=_userIdentity.getUserPrincipal().getName();
61 _credentials=credentials;
62 }
63
64 public String getAuthMethod()
65 {
66 return _method;
67 }
68
69 public UserIdentity getUserIdentity()
70 {
71 return _userIdentity;
72 }
73
74 public boolean isUserInRole(Scope scope, String role)
75 {
76 return _userIdentity.isUserInRole(role, scope);
77 }
78
79 private void readObject(ObjectInputStream stream)
80 throws IOException, ClassNotFoundException
81 {
82 stream.defaultReadObject();
83
84 SecurityHandler security=SecurityHandler.getCurrentSecurityHandler();
85 if (security==null)
86 throw new IllegalStateException("!SecurityHandler");
87 LoginService login_service=security.getLoginService();
88 if (login_service==null)
89 throw new IllegalStateException("!LoginService");
90
91 _userIdentity=login_service.login(_name,_credentials);
92 LOG.debug("Deserialized and relogged in {}",this);
93 }
94
95 public void logout()
96 {
97 if (_session!=null && _session.getAttribute(__J_AUTHENTICATED)!=null)
98 _session.removeAttribute(__J_AUTHENTICATED);
99 else
100 doLogout();
101 }
102
103 private void doLogout()
104 {
105 SecurityHandler security=SecurityHandler.getCurrentSecurityHandler();
106 if (security!=null)
107 security.logout(this);
108 if (_session!=null)
109 _session.removeAttribute(LoginAuthenticator.SESSION_SECURED);
110 }
111
112 @Override
113 public String toString()
114 {
115 return "Session"+super.toString();
116 }
117
118 public void sessionWillPassivate(HttpSessionEvent se)
119 {
120 }
121
122 public void sessionDidActivate(HttpSessionEvent se)
123 {
124 if (_session==null)
125 _session=se.getSession();
126 }
127
128 public void valueBound(HttpSessionBindingEvent event)
129 {
130 }
131
132 public void valueUnbound(HttpSessionBindingEvent event)
133 {
134 doLogout();
135 }
136
137 }