1
2
3
4
5
6
7
8
9
10
11
12
13
14 package org.eclipse.jetty.security.authentication;
15
16 import javax.servlet.ServletRequest;
17 import javax.servlet.ServletResponse;
18 import javax.servlet.http.HttpServletRequest;
19 import javax.servlet.http.HttpSession;
20 import javax.servlet.http.HttpSessionAttributeListener;
21 import javax.servlet.http.HttpSessionBindingEvent;
22 import javax.servlet.http.HttpSessionEvent;
23 import javax.servlet.http.HttpSessionListener;
24
25 import org.eclipse.jetty.security.Authenticator;
26 import org.eclipse.jetty.security.UserAuthentication;
27 import org.eclipse.jetty.security.ServerAuthException;
28 import org.eclipse.jetty.server.Authentication;
29 import org.eclipse.jetty.server.UserIdentity;
30
31
32
33
34 public class SessionCachingAuthenticator extends DelegateAuthenticator
35 {
36 public final static String __J_AUTHENTICATED = "org.eclipse.jetty.server.Auth";
37
38 public SessionCachingAuthenticator(Authenticator delegate)
39 {
40 super(delegate);
41 }
42
43 public Authentication validateRequest(ServletRequest request, ServletResponse response, boolean mandatory) throws ServerAuthException
44 {
45 HttpSession session = ((HttpServletRequest)request).getSession(mandatory);
46
47 if (session == null)
48 return Authentication.NOT_CHECKED;
49
50 Authentication authentication = (Authentication) session.getAttribute(__J_AUTHENTICATED);
51 if (authentication != null)
52 return authentication;
53
54 authentication = _delegate.validateRequest(request, response, mandatory);
55 if (authentication instanceof Authentication.User)
56 {
57 Authentication cached=new SessionAuthentication(_delegate,((Authentication.User)authentication).getUserIdentity());
58 session.setAttribute(__J_AUTHENTICATED, cached);
59 }
60
61 return authentication;
62 }
63
64 protected class SessionAuthentication extends UserAuthentication implements HttpSessionAttributeListener
65 {
66 public SessionAuthentication(Authenticator authenticator, UserIdentity userIdentity)
67 {
68 super(authenticator,userIdentity);
69 }
70
71 public void attributeAdded(HttpSessionBindingEvent event)
72 {
73 }
74
75 public void attributeRemoved(HttpSessionBindingEvent event)
76 {
77 logout();
78 }
79
80 public void attributeReplaced(HttpSessionBindingEvent arg0)
81 {
82 logout();
83 }
84
85 public String toString()
86 {
87 return "Session"+super.toString();
88 }
89
90 }
91 }