1
2
3
4
5
6
7
8
9
10
11
12
13
14
15 package org.eclipse.jetty.security.authentication;
16
17 import java.io.IOException;
18 import java.io.ObjectInputStream;
19 import java.io.Serializable;
20
21 import javax.servlet.http.HttpSession;
22 import javax.servlet.http.HttpSessionActivationListener;
23 import javax.servlet.http.HttpSessionBindingEvent;
24 import javax.servlet.http.HttpSessionBindingListener;
25 import javax.servlet.http.HttpSessionEvent;
26
27 import org.eclipse.jetty.security.LoginService;
28 import org.eclipse.jetty.security.SecurityHandler;
29 import org.eclipse.jetty.server.Authentication;
30 import org.eclipse.jetty.server.UserIdentity;
31 import org.eclipse.jetty.server.UserIdentity.Scope;
32 import org.eclipse.jetty.util.log.Log;
33 import org.eclipse.jetty.util.log.Logger;
34
35 public class SessionAuthentication implements Authentication.User, Serializable, HttpSessionActivationListener, HttpSessionBindingListener
36 {
37 private static final Logger LOG = Log.getLogger(SessionAuthentication.class);
38
39 private static final long serialVersionUID = -4643200685888258706L;
40
41
42
43 public final static String __J_AUTHENTICATED="org.eclipse.jetty.security.UserIdentity";
44
45 private final String _method;
46 private final String _name;
47 private final Object _credentials;
48
49 private transient UserIdentity _userIdentity;
50 private transient HttpSession _session;
51
52 public SessionAuthentication(String method, UserIdentity userIdentity, Object credentials)
53 {
54 _method = method;
55 _userIdentity = userIdentity;
56 _name=_userIdentity.getUserPrincipal().getName();
57 _credentials=credentials;
58 }
59
60 public String getAuthMethod()
61 {
62 return _method;
63 }
64
65 public UserIdentity getUserIdentity()
66 {
67 return _userIdentity;
68 }
69
70 public boolean isUserInRole(Scope scope, String role)
71 {
72 return _userIdentity.isUserInRole(role, scope);
73 }
74
75 private void readObject(ObjectInputStream stream)
76 throws IOException, ClassNotFoundException
77 {
78 stream.defaultReadObject();
79
80 SecurityHandler security=SecurityHandler.getCurrentSecurityHandler();
81 if (security==null)
82 throw new IllegalStateException("!SecurityHandler");
83 LoginService login_service=security.getLoginService();
84 if (login_service==null)
85 throw new IllegalStateException("!LoginService");
86
87 _userIdentity=login_service.login(_name,_credentials);
88 LOG.debug("Deserialized and relogged in {}",this);
89 }
90
91 public void logout()
92 {
93 if (_session!=null && _session.getAttribute(__J_AUTHENTICATED)!=null)
94 _session.removeAttribute(__J_AUTHENTICATED);
95 else
96 doLogout();
97 }
98
99 private void doLogout()
100 {
101 SecurityHandler security=SecurityHandler.getCurrentSecurityHandler();
102 if (security!=null)
103 security.logout(this);
104 if (_session!=null)
105 _session.removeAttribute(LoginAuthenticator.SESSION_SECURED);
106 }
107
108 @Override
109 public String toString()
110 {
111 return "Session"+super.toString();
112 }
113
114 public void sessionWillPassivate(HttpSessionEvent se)
115 {
116 }
117
118 public void sessionDidActivate(HttpSessionEvent se)
119 {
120 if (_session==null)
121 _session=se.getSession();
122 }
123
124 public void valueBound(HttpSessionBindingEvent event)
125 {
126 }
127
128 public void valueUnbound(HttpSessionBindingEvent event)
129 {
130 doLogout();
131 }
132
133 }