All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.eclipse.jetty.security.authentication.SessionAuthentication Maven / Gradle / Ivy

There is a newer version: 1.0-rc5
Show newest version
// ========================================================================
// Copyright (c) 2009-2009 Mort Bay Consulting Pty. Ltd.
// ------------------------------------------------------------------------
// All rights reserved. This program and the accompanying materials
// are made available under the terms of the Eclipse Public License v1.0
// and Apache License v2.0 which accompanies this distribution.
// The Eclipse Public License is available at 
// http://www.eclipse.org/legal/epl-v10.html
// The Apache License v2.0 is available at
// http://www.opensource.org/licenses/apache2.0.php
// You may elect to redistribute this code under either of these licenses. 
// ========================================================================


package org.eclipse.jetty.security.authentication;

import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.Serializable;

import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpSessionActivationListener;
import javax.servlet.http.HttpSessionAttributeListener;
import javax.servlet.http.HttpSessionBindingEvent;
import javax.servlet.http.HttpSessionBindingListener;
import javax.servlet.http.HttpSessionEvent;

import org.eclipse.jetty.security.Authenticator;
import org.eclipse.jetty.security.LoginService;
import org.eclipse.jetty.security.SecurityHandler;
import org.eclipse.jetty.security.UserAuthentication;
import org.eclipse.jetty.server.Authentication;
import org.eclipse.jetty.server.UserIdentity;
import org.eclipse.jetty.server.UserIdentity.Scope;
import org.eclipse.jetty.util.log.Log;

public class SessionAuthentication implements Authentication.User, Serializable, HttpSessionActivationListener, HttpSessionBindingListener
{
    private static final long serialVersionUID = -4643200685888258706L;

    

    public final static String __J_AUTHENTICATED="org.eclipse.jetty.security.UserIdentity";

    private final String _method;
    private final String _name;
    private final Object _credentials;
    
    private transient UserIdentity _userIdentity;
    private transient HttpSession _session;
    
    public SessionAuthentication(String method, UserIdentity userIdentity, Object credentials)
    {
        _method = method;
        _userIdentity = userIdentity;
        _name=_userIdentity.getUserPrincipal().getName();
        _credentials=credentials;
    }

    public String getAuthMethod()
    {
        return _method;
    }

    public UserIdentity getUserIdentity()
    {
        return _userIdentity;
    }

    public boolean isUserInRole(Scope scope, String role)
    {
        return _userIdentity.isUserInRole(role, scope);
    }

    private void readObject(ObjectInputStream stream) 
        throws IOException, ClassNotFoundException 
    {
        stream.defaultReadObject();
        
        SecurityHandler security=SecurityHandler.getCurrentSecurityHandler();
        if (security==null)
            throw new IllegalStateException("!SecurityHandler");
        LoginService login_service=security.getLoginService();
        if (login_service==null)
            throw new IllegalStateException("!LoginService");
        
        _userIdentity=login_service.login(_name,_credentials);
        Log.debug("Deserialized and relogged in {}",this);
    }
    
    public void logout()
    {
        if (_session!=null && _session.getAttribute(__J_AUTHENTICATED)!=null)
            _session.removeAttribute(__J_AUTHENTICATED);
        else 
            doLogout();
    }
    
    private void doLogout()
    {
        SecurityHandler security=SecurityHandler.getCurrentSecurityHandler();
        if (security!=null)
            security.logout(this);
        if (_session!=null)
            _session.removeAttribute(LoginAuthenticator.SESSION_SECURED);
    }
        
    @Override
    public String toString()
    {
        return "Session"+super.toString();
    }

    public void sessionWillPassivate(HttpSessionEvent se)
    {
    }

    public void sessionDidActivate(HttpSessionEvent se)
    {
        if (_session==null)
            _session=se.getSession();
    }

    public void valueBound(HttpSessionBindingEvent event)
    {
    }

    public void valueUnbound(HttpSessionBindingEvent event)
    {
        doLogout();
    }
    
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy