1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.eclipse.jetty.security.authentication;
21
22 import java.io.IOException;
23 import java.io.ObjectInputStream;
24 import java.io.Serializable;
25
26 import javax.servlet.http.HttpSession;
27 import javax.servlet.http.HttpSessionActivationListener;
28 import javax.servlet.http.HttpSessionBindingEvent;
29 import javax.servlet.http.HttpSessionBindingListener;
30 import javax.servlet.http.HttpSessionEvent;
31
32 import org.eclipse.jetty.security.AbstractUserAuthentication;
33 import org.eclipse.jetty.security.LoginService;
34 import org.eclipse.jetty.security.SecurityHandler;
35 import org.eclipse.jetty.server.UserIdentity;
36 import org.eclipse.jetty.server.session.AbstractSession;
37 import org.eclipse.jetty.util.log.Log;
38 import org.eclipse.jetty.util.log.Logger;
39
40 public class SessionAuthentication extends AbstractUserAuthentication implements Serializable, HttpSessionActivationListener, HttpSessionBindingListener
41 {
42 private static final Logger LOG = Log.getLogger(SessionAuthentication.class);
43
44 private static final long serialVersionUID = -4643200685888258706L;
45
46
47
48 public final static String __J_AUTHENTICATED="org.eclipse.jetty.security.UserIdentity";
49
50 private final String _name;
51 private final Object _credentials;
52 private transient HttpSession _session;
53
54 public SessionAuthentication(String method, UserIdentity userIdentity, Object credentials)
55 {
56 super(method, userIdentity);
57 _name=userIdentity.getUserPrincipal().getName();
58 _credentials=credentials;
59 }
60
61
62 private void readObject(ObjectInputStream stream)
63 throws IOException, ClassNotFoundException
64 {
65 stream.defaultReadObject();
66
67 SecurityHandler security=SecurityHandler.getCurrentSecurityHandler();
68 if (security==null)
69 throw new IllegalStateException("!SecurityHandler");
70 LoginService login_service=security.getLoginService();
71 if (login_service==null)
72 throw new IllegalStateException("!LoginService");
73
74 _userIdentity=login_service.login(_name,_credentials, null);
75 LOG.debug("Deserialized and relogged in {}",this);
76 }
77
78 public void logout()
79 {
80 if (_session!=null && _session.getAttribute(__J_AUTHENTICATED)!=null)
81 _session.removeAttribute(__J_AUTHENTICATED);
82
83 doLogout();
84 }
85
86 private void doLogout()
87 {
88 SecurityHandler security=SecurityHandler.getCurrentSecurityHandler();
89 if (security!=null)
90 security.logout(this);
91 if (_session!=null)
92 _session.removeAttribute(AbstractSession.SESSION_CREATED_SECURE);
93 }
94
95 @Override
96 public String toString()
97 {
98 return String.format("%s@%x{%s,%s}",this.getClass().getSimpleName(),hashCode(),_session==null?"-":_session.getId(),_userIdentity);
99 }
100
101 @Override
102 public void sessionWillPassivate(HttpSessionEvent se)
103 {
104
105 }
106
107 @Override
108 public void sessionDidActivate(HttpSessionEvent se)
109 {
110 if (_session==null)
111 {
112 _session=se.getSession();
113 }
114 }
115
116 @Override
117 public void valueBound(HttpSessionBindingEvent event)
118 {
119 if (_session==null)
120 {
121 _session=event.getSession();
122 }
123 }
124
125 @Override
126 public void valueUnbound(HttpSessionBindingEvent event)
127 {
128 doLogout();
129 }
130
131 }