All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.beangle.security.web.WebSecurityManager.scala Maven / Gradle / Ivy

The newest version!
/*
 * Copyright (C) 2005, The Beangle Software.
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Lesser General Public License as published
 * by the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.See the
 * GNU Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public License
 * along with this program.  If not, see .
 */

package org.beangle.security.web

import jakarta.servlet.http.{HttpServletRequest, HttpServletResponse}
import org.beangle.web.servlet.security.RequestConvertor
import org.beangle.security.authc._
import org.beangle.security.authz.Authorizer
import org.beangle.security.mgt.SecurityManager
import org.beangle.security.session.{Session, SessionProfileProvider, SessionRegistry}
import org.beangle.security.web.authc.WebClient
import org.beangle.security.web.session.SessionIdPolicy

class WebSecurityManager extends SecurityManager {

  var authenticator: Authenticator = _
  var authorizer: Authorizer = _
  var registry: SessionRegistry = _
  var sessionIdPolicy: SessionIdPolicy = _
  var requestConvertor: RequestConvertor = _
  var sessionProfileProvider: SessionProfileProvider = _

  override def login(sessionId: String, token: AuthenticationToken, client: Session.Agent): Session = {
    val account = authc(token)
    val profile = sessionProfileProvider.getProfile(account)
    registry.register(sessionId, account, client, profile)
  }

  def login(request: HttpServletRequest, response: HttpServletResponse, token: AuthenticationToken): Session = {
    val key = sessionIdPolicy.newId(request, response)
    val account = authc(token)
    val profile = sessionProfileProvider.getProfile(account)
    registry.register(key, account, WebClient.get(request), profile)
  }

  /** 认证token,并负责将detail传递给最终的account
   *
   * @param token
   * @return
   */
  private def authc(token: AuthenticationToken): Account = {
    val account = authenticator.authenticate(token)
    account match {
      case da: DefaultAccount =>
        da.credentialReadOnly = isCredentialReadOnly(token)
        da.details ++= token.details.filter(_._2.isInstanceOf[String]).map(kv=> (kv._1,kv._2.toString))
      case _ =>
    }
    account
  }

  private def isCredentialReadOnly(token: AuthenticationToken): Boolean = {
    token match {
      case _: PreauthToken => true
      case _ =>
        val a = token.removeDetail("credentialReadOnly")
        a.contains("true") || a.contains(true)
    }
  }

  def logout(request: HttpServletRequest, response: HttpServletResponse, session: Session): Unit = {
    registry.remove(session.id, null)
    sessionIdPolicy.delId(request, response)
    val s = request.getSession(false)
    if (null != s) s.invalidate()
  }

}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy