1
2
3
4
5
6
7
8
9
10
11
12
13
14 package org.eclipse.jetty.security.authentication;
15
16 import java.util.Enumeration;
17 import java.util.HashMap;
18 import java.util.Map;
19
20 import javax.servlet.http.HttpServletRequest;
21 import javax.servlet.http.HttpServletResponse;
22 import javax.servlet.http.HttpSession;
23
24 import org.eclipse.jetty.security.Authenticator;
25 import org.eclipse.jetty.security.IdentityService;
26 import org.eclipse.jetty.security.LoginService;
27 import org.eclipse.jetty.server.SessionManager;
28
29 public abstract class LoginAuthenticator implements Authenticator
30 {
31 public final static String SESSION_SECURED="org.eclipse.jetty.security.secured";
32 protected final DeferredAuthentication _deferred=new DeferredAuthentication(this);
33 protected LoginService _loginService;
34 protected IdentityService _identityService;
35 private boolean _renewSession;
36
37 protected LoginAuthenticator()
38 {
39 }
40
41 public void setConfiguration(AuthConfiguration configuration)
42 {
43 _loginService=configuration.getLoginService();
44 if (_loginService==null)
45 throw new IllegalStateException("No LoginService for "+this+" in "+configuration);
46 _identityService=configuration.getIdentityService();
47 if (_identityService==null)
48 throw new IllegalStateException("No IdentityService for "+this+" in "+configuration);
49 _renewSession=configuration.isSessionRenewedOnAuthentication();
50 }
51
52 public LoginService getLoginService()
53 {
54 return _loginService;
55 }
56
57
58
59
60
61
62
63 protected HttpSession renewSessionOnAuthentication(HttpServletRequest request, HttpServletResponse response)
64 {
65 HttpSession httpSession = request.getSession(false);
66 if (_renewSession && httpSession!=null && httpSession.getAttribute(SESSION_SECURED)==null)
67 {
68 synchronized (this)
69 {
70 Map<String,Object> attributes = new HashMap<String, Object>();
71 for (Enumeration<String> e=httpSession.getAttributeNames();e.hasMoreElements();)
72 {
73 String name=e.nextElement();
74 attributes.put(name,httpSession.getAttribute(name));
75 httpSession.removeAttribute(name);
76 }
77 httpSession.invalidate();
78 httpSession = request.getSession(true);
79 httpSession.setAttribute(SESSION_SECURED,Boolean.TRUE);
80 for (Map.Entry<String, Object> entry: attributes.entrySet())
81 httpSession.setAttribute(entry.getKey(),entry.getValue());
82 }
83 }
84
85 return httpSession;
86 }
87 }