• Home
• org.jodd
• jodd-joy
• 3.7.1
• source code
• AuthUtil.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

jodd.joy.auth.AuthUtil Maven / Gradle / Ivy

// Copyright (c) 2003-present, Jodd Team (http://jodd.org)
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions are met:
//
// 1. Redistributions of source code must retain the above copyright notice,
// this list of conditions and the following disclaimer.
//
// 2. Redistributions in binary form must reproduce the above copyright
// notice, this list of conditions and the following disclaimer in the
// documentation and/or other materials provided with the distribution.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
// POSSIBILITY OF SUCH DAMAGE.

package jodd.joy.auth;

import jodd.joy.crypt.Threefish;
import jodd.servlet.ServletUtil;
import jodd.util.Base64;
import jodd.util.StringUtil;

import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

/**
 * Authentication utilities.
 */
public class AuthUtil {

	public static final String AUTH_SESSION_NAME = "AUTH";
	public static final String AUTH_COOKIE_NAME = "JODD_JOY_REMEMBERME";

	/**
	 * Returns new session object from the request attributes,
	 * usually created during user registration.
	 */
	public static Object getNewUserSession(HttpServletRequest servletRequest) {
		Object newUserSession = servletRequest.getAttribute(AUTH_SESSION_NAME);
		servletRequest.removeAttribute(AUTH_SESSION_NAME);
		return newUserSession;
	}

	/**
	 * Returns user session or null if there is no authenticated user.
	 */
	public static Object getUserSession(HttpSession httpSession) {
		if (httpSession == null) {
			return null;
		}
		return httpSession.getAttribute(AUTH_SESSION_NAME);
	}

	/**
	 * @see #getUserSession(javax.servlet.http.HttpSession)
	 */
	public static Object getUserSession(HttpServletRequest servletRequest) {
		return getUserSession(servletRequest.getSession(false));
	}

	/**
	 * Closes user session.
	 */
	public static void closeUserSession(HttpSession httpSession) {
		if (httpSession != null) {
			httpSession.removeAttribute(AUTH_SESSION_NAME);
		}
	}

	/**
	 * @see #closeUserSession(javax.servlet.http.HttpSession)
	 */
	public static void closeUserSession(HttpServletRequest servletRequest) {
		closeUserSession(servletRequest.getSession(false));
	}

	/**
	 * Starts user session by storing user session object into http session.
	 */
	public static void startUserSession(HttpSession httpSession, Object userSession) {
		httpSession.setAttribute(AUTH_SESSION_NAME, userSession);
	}

	/**
	 * @see #startUserSession(javax.servlet.http.HttpServletRequest, Object)
	 */
	public static void startUserSession(HttpServletRequest servletRequest, Object userSession) {
		HttpSession session = servletRequest.getSession(true);

		session.setAttribute(AUTH_SESSION_NAME, userSession);
	}

	// ---------------------------------------------------------------- cookies

	private static final Threefish ENCRYPTOR = new Threefish(Threefish.BLOCK_SIZE_BITS_256);
	private static final char COOKIE_DELIMETER = '*';
	
	static {
		ENCRYPTOR.init("jodd#auth!enc*ss@ap", 0x134298db8abf9485L, 0x603bce00abL);
	}

	/**
	 * Reads auth cookie and returns stored string array from cookie data.
	 * Returns null if cookie does not exist.
	 * Throws an exception if cookie data is invalid or corrupted.
	 */
	public static String[] readAuthCookie(HttpServletRequest request) throws Exception {
		Cookie cookie = ServletUtil.getCookie(request, AUTH_COOKIE_NAME);
		if (cookie == null) {
			return null;
		}
		String[] values = StringUtil.splitc(cookie.getValue(), COOKIE_DELIMETER);
		for (int i = 0; i < values.length; i++) {
			byte[] decoded = Base64.decode(values[i]);
			values[i] = ENCRYPTOR.decryptString(decoded);
		}
		return values;
	}

	/**
	 * Stores string array into the cookie.
	 */
	public static void storeAuthCookie(HttpServletResponse response, int cookieMaxAge, String... values) {
		StringBuilder sb = new StringBuilder();
		for (int i = 0; i < values.length; i++) {
			if (i > 0) {
				sb.append(COOKIE_DELIMETER);
			}
			byte[] encrypted = ENCRYPTOR.encryptString(values[i]); 
			sb.append(Base64.encodeToString(encrypted));
		}

		Cookie cookie = new Cookie(AUTH_COOKIE_NAME, sb.toString());
		//cookie.setDomain(SSORealm.SSO_DOMAIN);
		cookie.setMaxAge(cookieMaxAge);
		cookie.setPath("/");
		response.addCookie(cookie);
	}


	/**
	 * Removes auth cookie.
	 */
	public static void removeAuthCookie(HttpServletRequest servletRequest, HttpServletResponse servletResponse) {
		Cookie cookie = ServletUtil.getCookie(servletRequest, AUTH_COOKIE_NAME);
		if (cookie == null) {
			return;
		}
		cookie.setMaxAge(0);
		cookie.setPath("/");
		servletResponse.addCookie(cookie);
	}
}