1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.eclipse.jetty.security.authentication;
21
22 import java.io.IOException;
23 import java.io.ObjectInputStream;
24 import java.io.Serializable;
25
26 import javax.servlet.http.HttpSession;
27 import javax.servlet.http.HttpSessionActivationListener;
28 import javax.servlet.http.HttpSessionBindingEvent;
29 import javax.servlet.http.HttpSessionBindingListener;
30 import javax.servlet.http.HttpSessionEvent;
31
32 import org.eclipse.jetty.security.LoginService;
33 import org.eclipse.jetty.security.SecurityHandler;
34 import org.eclipse.jetty.server.Authentication;
35 import org.eclipse.jetty.server.UserIdentity;
36 import org.eclipse.jetty.server.UserIdentity.Scope;
37 import org.eclipse.jetty.server.session.AbstractSession;
38 import org.eclipse.jetty.util.log.Log;
39 import org.eclipse.jetty.util.log.Logger;
40
41 public class SessionAuthentication implements Authentication.User, Serializable, HttpSessionActivationListener, HttpSessionBindingListener
42 {
43 private static final Logger LOG = Log.getLogger(SessionAuthentication.class);
44
45 private static final long serialVersionUID = -4643200685888258706L;
46
47
48
49 public final static String __J_AUTHENTICATED="org.eclipse.jetty.security.UserIdentity";
50
51 private final String _method;
52 private final String _name;
53 private final Object _credentials;
54
55 private transient UserIdentity _userIdentity;
56 private transient HttpSession _session;
57
58 public SessionAuthentication(String method, UserIdentity userIdentity, Object credentials)
59 {
60 _method = method;
61 _userIdentity = userIdentity;
62 _name=_userIdentity.getUserPrincipal().getName();
63 _credentials=credentials;
64 }
65
66 public String getAuthMethod()
67 {
68 return _method;
69 }
70
71 public UserIdentity getUserIdentity()
72 {
73 return _userIdentity;
74 }
75
76 public boolean isUserInRole(Scope scope, String role)
77 {
78 return _userIdentity.isUserInRole(role, scope);
79 }
80
81 private void readObject(ObjectInputStream stream)
82 throws IOException, ClassNotFoundException
83 {
84 stream.defaultReadObject();
85
86 SecurityHandler security=SecurityHandler.getCurrentSecurityHandler();
87 if (security==null)
88 throw new IllegalStateException("!SecurityHandler");
89 LoginService login_service=security.getLoginService();
90 if (login_service==null)
91 throw new IllegalStateException("!LoginService");
92
93 _userIdentity=login_service.login(_name,_credentials);
94 LOG.debug("Deserialized and relogged in {}",this);
95 }
96
97 public void logout()
98 {
99 if (_session!=null && _session.getAttribute(__J_AUTHENTICATED)!=null)
100 _session.removeAttribute(__J_AUTHENTICATED);
101
102 doLogout();
103 }
104
105 private void doLogout()
106 {
107 SecurityHandler security=SecurityHandler.getCurrentSecurityHandler();
108 if (security!=null)
109 security.logout(this);
110 if (_session!=null)
111 _session.removeAttribute(AbstractSession.SESSION_KNOWN_ONLY_TO_AUTHENTICATED);
112 }
113
114 @Override
115 public String toString()
116 {
117 return String.format("%s@%x{%s,%s}",this.getClass().getSimpleName(),hashCode(),_session==null?"-":_session.getId(),_userIdentity);
118 }
119
120 @Override
121 public void sessionWillPassivate(HttpSessionEvent se)
122 {
123
124 }
125
126 @Override
127 public void sessionDidActivate(HttpSessionEvent se)
128 {
129 if (_session==null)
130 {
131 _session=se.getSession();
132 }
133 }
134
135 @Override
136 public void valueBound(HttpSessionBindingEvent event)
137 {
138 if (_session==null)
139 {
140 _session=event.getSession();
141 }
142 }
143
144 @Override
145 public void valueUnbound(HttpSessionBindingEvent event)
146 {
147 doLogout();
148 }
149
150 }