1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.eclipse.jetty.security.authentication;
20
21 import javax.servlet.ServletRequest;
22 import javax.servlet.http.HttpServletRequest;
23 import javax.servlet.http.HttpServletResponse;
24 import javax.servlet.http.HttpSession;
25
26 import org.eclipse.jetty.security.Authenticator;
27 import org.eclipse.jetty.security.IdentityService;
28 import org.eclipse.jetty.security.LoginService;
29 import org.eclipse.jetty.server.Authentication;
30 import org.eclipse.jetty.server.UserIdentity;
31 import org.eclipse.jetty.server.session.AbstractSessionManager;
32
33 public abstract class LoginAuthenticator implements Authenticator
34 {
35 protected LoginService _loginService;
36 protected IdentityService _identityService;
37 private boolean _renewSession;
38
39 protected LoginAuthenticator()
40 {
41 }
42
43
44
45 public UserIdentity login(String username, Object password, ServletRequest request)
46 {
47 UserIdentity user = _loginService.login(username,password);
48 if (user!=null)
49 {
50 renewSession((HttpServletRequest)request, null);
51 return user;
52 }
53 return null;
54 }
55
56
57 public void setConfiguration(AuthConfiguration configuration)
58 {
59 _loginService=configuration.getLoginService();
60 if (_loginService==null)
61 throw new IllegalStateException("No LoginService for "+this+" in "+configuration);
62 _identityService=configuration.getIdentityService();
63 if (_identityService==null)
64 throw new IllegalStateException("No IdentityService for "+this+" in "+configuration);
65 _renewSession=configuration.isSessionRenewedOnAuthentication();
66 }
67
68 public LoginService getLoginService()
69 {
70 return _loginService;
71 }
72
73
74
75
76
77
78
79
80
81
82
83 protected HttpSession renewSession(HttpServletRequest request, HttpServletResponse response)
84 {
85 HttpSession httpSession = request.getSession(false);
86
87
88
89 if (_renewSession && httpSession!=null && httpSession.getAttribute(AbstractSessionManager.SESSION_KNOWN_ONLY_TO_AUTHENTICATED)!=Boolean.TRUE)
90 {
91 synchronized (this)
92 {
93 httpSession = AbstractSessionManager.renewSession(request, httpSession,true);
94 }
95 }
96 return httpSession;
97 }
98 }