1
2
3
4
5
6
7
8
9
10
11
12
13
14 package org.eclipse.jetty.security.authentication;
15
16 import java.util.Enumeration;
17 import java.util.HashMap;
18 import java.util.Map;
19
20 import javax.servlet.http.HttpServletRequest;
21 import javax.servlet.http.HttpServletResponse;
22 import javax.servlet.http.HttpSession;
23
24 import org.eclipse.jetty.security.Authenticator;
25 import org.eclipse.jetty.security.IdentityService;
26 import org.eclipse.jetty.security.LoginService;
27
28 public abstract class LoginAuthenticator implements Authenticator
29 {
30 public final static String SESSION_SECURED="org.eclipse.jetty.security.secured";
31 protected final DeferredAuthentication _deferred=new DeferredAuthentication(this);
32 protected LoginService _loginService;
33 protected IdentityService _identityService;
34 private boolean _renewSession;
35
36 protected LoginAuthenticator()
37 {
38 }
39
40 public void setConfiguration(AuthConfiguration configuration)
41 {
42 _loginService=configuration.getLoginService();
43 if (_loginService==null)
44 throw new IllegalStateException("No LoginService for "+this+" in "+configuration);
45 _identityService=configuration.getIdentityService();
46 if (_identityService==null)
47 throw new IllegalStateException("No IdentityService for "+this+" in "+configuration);
48 _renewSession=configuration.isSessionRenewedOnAuthentication();
49 }
50
51 public LoginService getLoginService()
52 {
53 return _loginService;
54 }
55
56
57
58
59
60
61
62 protected HttpSession renewSessionOnAuthentication(HttpServletRequest request, HttpServletResponse response)
63 {
64 HttpSession httpSession = request.getSession(false);
65 if (_renewSession && httpSession!=null && httpSession.getAttribute(SESSION_SECURED)==null)
66 {
67 synchronized (this)
68 {
69 Map<String,Object> attributes = new HashMap<String, Object>();
70 for (Enumeration<String> e=httpSession.getAttributeNames();e.hasMoreElements();)
71 {
72 String name=e.nextElement();
73 attributes.put(name,httpSession.getAttribute(name));
74 httpSession.removeAttribute(name);
75 }
76 httpSession.invalidate();
77 httpSession = request.getSession(true);
78 httpSession.setAttribute(SESSION_SECURED,Boolean.TRUE);
79 for (Map.Entry<String, Object> entry: attributes.entrySet())
80 httpSession.setAttribute(entry.getKey(),entry.getValue());
81 }
82 }
83
84 return httpSession;
85 }
86 }