1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.eclipse.jetty.security.authentication;
20
21 import javax.servlet.http.HttpServletRequest;
22 import javax.servlet.http.HttpServletResponse;
23 import javax.servlet.http.HttpSession;
24
25 import org.eclipse.jetty.security.Authenticator;
26 import org.eclipse.jetty.security.IdentityService;
27 import org.eclipse.jetty.security.LoginService;
28 import org.eclipse.jetty.server.session.AbstractSessionManager;
29
30 public abstract class LoginAuthenticator implements Authenticator
31 {
32 protected LoginService _loginService;
33 protected IdentityService _identityService;
34 private boolean _renewSession;
35
36 protected LoginAuthenticator()
37 {
38 }
39
40 public void setConfiguration(AuthConfiguration configuration)
41 {
42 _loginService=configuration.getLoginService();
43 if (_loginService==null)
44 throw new IllegalStateException("No LoginService for "+this+" in "+configuration);
45 _identityService=configuration.getIdentityService();
46 if (_identityService==null)
47 throw new IllegalStateException("No IdentityService for "+this+" in "+configuration);
48 _renewSession=configuration.isSessionRenewedOnAuthentication();
49 }
50
51 public LoginService getLoginService()
52 {
53 return _loginService;
54 }
55
56
57
58
59
60
61
62
63
64
65
66 protected HttpSession renewSession(HttpServletRequest request, HttpServletResponse response)
67 {
68 HttpSession httpSession = request.getSession(false);
69
70
71
72 if (_renewSession && httpSession!=null && httpSession.getAttribute(AbstractSessionManager.SESSION_KNOWN_ONLY_TO_AUTHENTICATED)!=Boolean.TRUE)
73 {
74 synchronized (this)
75 {
76 httpSession = AbstractSessionManager.renewSession(request, httpSession,true);
77 }
78 }
79 return httpSession;
80 }
81 }