//
   //  ========================================================================
   //  Copyright (c) 1995-2013 Mort Bay Consulting Pty. Ltd.
   //  ------------------------------------------------------------------------
   //  All rights reserved. This program and the accompanying materials
   //  are made available under the terms of the Eclipse Public License v1.0
   //  and Apache License v2.0 which accompanies this distribution.
   //
   //      The Eclipse Public License is available at
  //      http://www.eclipse.org/legal/epl-v10.html
  //
  //      The Apache License v2.0 is available at
  //      http://www.opensource.org/licenses/apache2.0.php
  //
  //  You may elect to redistribute this code under either of these licenses.
  //  ========================================================================
  //
  
  
  package org.eclipse.jetty.security.authentication;
  
  import java.io.IOException;
  import java.io.ObjectInputStream;
  import java.io.Serializable;
  
  import javax.servlet.http.HttpSession;
  import javax.servlet.http.HttpSessionActivationListener;
  import javax.servlet.http.HttpSessionBindingEvent;
  import javax.servlet.http.HttpSessionBindingListener;
  import javax.servlet.http.HttpSessionEvent;
  
  import org.eclipse.jetty.security.LoginService;
  import org.eclipse.jetty.security.SecurityHandler;
  import org.eclipse.jetty.server.Authentication;
  import org.eclipse.jetty.server.UserIdentity;
  import org.eclipse.jetty.server.UserIdentity.Scope;
  import org.eclipse.jetty.server.session.AbstractSession;
  import org.eclipse.jetty.util.log.Log;
  import org.eclipse.jetty.util.log.Logger;
  
  public class SessionAuthentication implements Authentication.User, Serializable, HttpSessionActivationListener, HttpSessionBindingListener
  {
      private static final Logger LOG = Log.getLogger(SessionAuthentication.class);
  
      private static final long serialVersionUID = -4643200685888258706L;
  
  
  
      public final static String __J_AUTHENTICATED="org.eclipse.jetty.security.UserIdentity";
  
      private final String _method;
      private final String _name;
      private final Object _credentials;
  
      private transient UserIdentity _userIdentity;
      private transient HttpSession _session;
  
      public SessionAuthentication(String method, UserIdentity userIdentity, Object credentials)
      {
          _method = method;
          _userIdentity = userIdentity;
          _name=_userIdentity.getUserPrincipal().getName();
          _credentials=credentials;
      }
  
      public String getAuthMethod()
      {
          return _method;
      }
  
      public UserIdentity getUserIdentity()
      {
          return _userIdentity;
      }
  
      public boolean isUserInRole(Scope scope, String role)
      {
          return _userIdentity.isUserInRole(role, scope);
      }
  
      private void readObject(ObjectInputStream stream)
          throws IOException, ClassNotFoundException
      {
          stream.defaultReadObject();
  
          SecurityHandler security=SecurityHandler.getCurrentSecurityHandler();
          if (security==null)
              throw new IllegalStateException("!SecurityHandler");
          LoginService login_service=security.getLoginService();
          if (login_service==null)
              throw new IllegalStateException("!LoginService");
  
          _userIdentity=login_service.login(_name,_credentials);
          LOG.debug("Deserialized and relogged in {}",this);
      }
  
      public void logout()
      {
          if (_session!=null && _session.getAttribute(__J_AUTHENTICATED)!=null)
             _session.removeAttribute(__J_AUTHENTICATED);
 
         doLogout();
     }
 
     private void doLogout()
     {
         SecurityHandler security=SecurityHandler.getCurrentSecurityHandler();
         if (security!=null)
             security.logout(this);
         if (_session!=null)
             _session.removeAttribute(AbstractSession.SESSION_KNOWN_ONLY_TO_AUTHENTICATED);
     }
 
     @Override
     public String toString()
     {
         return String.format("%s@%x{%s,%s}",this.getClass().getSimpleName(),hashCode(),_session==null?"-":_session.getId(),_userIdentity);
     }
 
     @Override
     public void sessionWillPassivate(HttpSessionEvent se)
     {
        
     }
 
     @Override
     public void sessionDidActivate(HttpSessionEvent se)
     {
         if (_session==null)
         {
             _session=se.getSession();
         }
     }
 
     @Override
     public void valueBound(HttpSessionBindingEvent event)
     {
         if (_session==null)
         {
             _session=event.getSession();
         }
     }
 
     @Override
     public void valueUnbound(HttpSessionBindingEvent event)
     {
         doLogout();
     }
 
 }