View Javadoc

1   // ========================================================================
2   // Copyright (c) 2008-2009 Mort Bay Consulting Pty. Ltd.
3   // ------------------------------------------------------------------------
4   // All rights reserved. This program and the accompanying materials
5   // are made available under the terms of the Eclipse Public License v1.0
6   // and Apache License v2.0 which accompanies this distribution.
7   // The Eclipse Public License is available at 
8   // http://www.eclipse.org/legal/epl-v10.html
9   // The Apache License v2.0 is available at
10  // http://www.opensource.org/licenses/apache2.0.php
11  // You may elect to redistribute this code under either of these licenses. 
12  // ========================================================================
13  
14  package org.eclipse.jetty.security.authentication;
15  
16  import javax.servlet.ServletRequest;
17  import javax.servlet.ServletResponse;
18  import javax.servlet.http.HttpServletRequest;
19  import javax.servlet.http.HttpSession;
20  import javax.servlet.http.HttpSessionAttributeListener;
21  import javax.servlet.http.HttpSessionBindingEvent;
22  import javax.servlet.http.HttpSessionEvent;
23  import javax.servlet.http.HttpSessionListener;
24  
25  import org.eclipse.jetty.security.Authenticator;
26  import org.eclipse.jetty.security.UserAuthentication;
27  import org.eclipse.jetty.security.ServerAuthException;
28  import org.eclipse.jetty.server.Authentication;
29  import org.eclipse.jetty.server.UserIdentity;
30  
31  /**
32   * @version $Rev: 4793 $ $Date: 2009-03-19 00:00:01 +0100 (Thu, 19 Mar 2009) $
33   */
34  public class SessionCachingAuthenticator extends DelegateAuthenticator
35  {
36      public final static String __J_AUTHENTICATED = "org.eclipse.jetty.server.Auth";
37  
38      public SessionCachingAuthenticator(Authenticator delegate)
39      {
40          super(delegate);
41      }
42  
43      public Authentication validateRequest(ServletRequest request, ServletResponse response, boolean mandatory) throws ServerAuthException
44      {
45          HttpSession session = ((HttpServletRequest)request).getSession(mandatory);
46          // not mandatory and not authenticated
47          if (session == null) 
48              return Authentication.NOT_CHECKED;
49  
50          Authentication authentication = (Authentication) session.getAttribute(__J_AUTHENTICATED);
51          if (authentication != null) 
52              return authentication;
53  
54          authentication = _delegate.validateRequest(request, response, mandatory);
55          if (authentication instanceof Authentication.User)
56          {
57              Authentication cached=new SessionAuthentication(_delegate,((Authentication.User)authentication).getUserIdentity());
58              session.setAttribute(__J_AUTHENTICATED, cached);
59          }
60          
61          return authentication;
62      }
63      
64      protected class SessionAuthentication extends UserAuthentication implements HttpSessionAttributeListener
65      {
66          public SessionAuthentication(Authenticator authenticator, UserIdentity userIdentity)
67          {
68              super(authenticator,userIdentity);
69          }
70  
71          public void attributeAdded(HttpSessionBindingEvent event)
72          {
73          }
74  
75          public void attributeRemoved(HttpSessionBindingEvent event)
76          {
77              logout();
78          }
79          
80          public void attributeReplaced(HttpSessionBindingEvent arg0)
81          {
82              logout();
83          }
84          
85          public String toString()
86          {
87              return "Session"+super.toString();
88          }
89          
90      }
91  }