src/java/org/eclipse/jetty/security/authentication/SessionAuthentication.java - platform/external/jetty - Git at Google

 //
 //  ========================================================================
 //  Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd.
 //  ------------------------------------------------------------------------
 //  All rights reserved. This program and the accompanying materials
 //  are made available under the terms of the Eclipse Public License v1.0
 //  and Apache License v2.0 which accompanies this distribution.
 //
 //      The Eclipse Public License is available at
 //      http://www.eclipse.org/legal/epl-v10.html
 //
 //      The Apache License v2.0 is available at
 //      http://www.opensource.org/licenses/apache2.0.php
 //
 //  You may elect to redistribute this code under either of these licenses.
 //  ========================================================================
 //


 package org.eclipse.jetty.security.authentication;

 import java.io.IOException;
 import java.io.ObjectInputStream;
 import java.io.Serializable;

 import javax.servlet.http.HttpSession;
 import javax.servlet.http.HttpSessionActivationListener;
 import javax.servlet.http.HttpSessionBindingEvent;
 import javax.servlet.http.HttpSessionBindingListener;
 import javax.servlet.http.HttpSessionEvent;

 import org.eclipse.jetty.security.LoginService;
 import org.eclipse.jetty.security.SecurityHandler;
 import org.eclipse.jetty.server.Authentication;
 import org.eclipse.jetty.server.UserIdentity;
 import org.eclipse.jetty.server.UserIdentity.Scope;
 import org.eclipse.jetty.server.session.AbstractSessionManager;
 import org.eclipse.jetty.util.log.Log;
 import org.eclipse.jetty.util.log.Logger;

 public class SessionAuthentication implements Authentication.User, Serializable, HttpSessionActivationListener, HttpSessionBindingListener
 {
     private static final Logger LOG = Log.getLogger(SessionAuthentication.class);

     private static final long serialVersionUID = -4643200685888258706L;


     public final static String __J_AUTHENTICATED="org.eclipse.jetty.security.UserIdentity";

     private final String _method;
     private final String _name;
     private final Object _credentials;

     private transient UserIdentity _userIdentity;
     private transient HttpSession _session;

     public SessionAuthentication(String method, UserIdentity userIdentity, Object credentials)
     {
         _method = method;
         _userIdentity = userIdentity;
         _name=_userIdentity.getUserPrincipal().getName();
         _credentials=credentials;
     }

     public String getAuthMethod()
     {
         return _method;
     }

     public UserIdentity getUserIdentity()
     {
         return _userIdentity;
     }

     public boolean isUserInRole(Scope scope, String role)
     {
         return _userIdentity.isUserInRole(role, scope);
     }

     private void readObject(ObjectInputStream stream)
         throws IOException, ClassNotFoundException
     {
         stream.defaultReadObject();

         SecurityHandler security=SecurityHandler.getCurrentSecurityHandler();
         if (security==null)
             throw new IllegalStateException("!SecurityHandler");
         LoginService login_service=security.getLoginService();
         if (login_service==null)
             throw new IllegalStateException("!LoginService");

         _userIdentity=login_service.login(_name,_credentials);
         LOG.debug("Deserialized and relogged in {}",this);
     }

     public void logout()
     {
         if (_session!=null && _session.getAttribute(__J_AUTHENTICATED)!=null)
             _session.removeAttribute(__J_AUTHENTICATED);

         doLogout();
     }

     private void doLogout()
     {
         SecurityHandler security=SecurityHandler.getCurrentSecurityHandler();
         if (security!=null)
             security.logout(this);
         if (_session!=null)
             _session.removeAttribute(AbstractSessionManager.SESSION_KNOWN_ONLY_TO_AUTHENTICATED);
     }

     @Override
     public String toString()
     {
         return "Session"+super.toString();
     }

     public void sessionWillPassivate(HttpSessionEvent se)
     {

     }

     public void sessionDidActivate(HttpSessionEvent se)
     {
         if (_session==null)
         {
             _session=se.getSession();
         }
     }

     public void valueBound(HttpSessionBindingEvent event)
     {
         if (_session==null)
         {
             _session=event.getSession();
         }
     }

     public void valueUnbound(HttpSessionBindingEvent event)
     {
         doLogout();
     }

 }
	//
	// ========================================================================
	// Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd.
	// ------------------------------------------------------------------------
	// All rights reserved. This program and the accompanying materials
	// are made available under the terms of the Eclipse Public License v1.0
	// and Apache License v2.0 which accompanies this distribution.
	//
	// The Eclipse Public License is available at
	// http://www.eclipse.org/legal/epl-v10.html
	//
	// The Apache License v2.0 is available at
	// http://www.opensource.org/licenses/apache2.0.php
	//
	// You may elect to redistribute this code under either of these licenses.
	// ========================================================================
	//


	package org.eclipse.jetty.security.authentication;

	import java.io.IOException;
	import java.io.ObjectInputStream;
	import java.io.Serializable;

	import javax.servlet.http.HttpSession;
	import javax.servlet.http.HttpSessionActivationListener;
	import javax.servlet.http.HttpSessionBindingEvent;
	import javax.servlet.http.HttpSessionBindingListener;
	import javax.servlet.http.HttpSessionEvent;

	import org.eclipse.jetty.security.LoginService;
	import org.eclipse.jetty.security.SecurityHandler;
	import org.eclipse.jetty.server.Authentication;
	import org.eclipse.jetty.server.UserIdentity;
	import org.eclipse.jetty.server.UserIdentity.Scope;
	import org.eclipse.jetty.server.session.AbstractSessionManager;
	import org.eclipse.jetty.util.log.Log;
	import org.eclipse.jetty.util.log.Logger;

	public class SessionAuthentication implements Authentication.User, Serializable, HttpSessionActivationListener, HttpSessionBindingListener
	{
	private static final Logger LOG = Log.getLogger(SessionAuthentication.class);

	private static final long serialVersionUID = -4643200685888258706L;



	public final static String __J_AUTHENTICATED="org.eclipse.jetty.security.UserIdentity";

	private final String _method;
	private final String _name;
	private final Object _credentials;

	private transient UserIdentity _userIdentity;
	private transient HttpSession _session;

	public SessionAuthentication(String method, UserIdentity userIdentity, Object credentials)
	{
	_method = method;
	_userIdentity = userIdentity;
	_name=_userIdentity.getUserPrincipal().getName();
	_credentials=credentials;
	}

	public String getAuthMethod()
	{
	return _method;
	}

	public UserIdentity getUserIdentity()
	{
	return _userIdentity;
	}

	public boolean isUserInRole(Scope scope, String role)
	{
	return _userIdentity.isUserInRole(role, scope);
	}

	private void readObject(ObjectInputStream stream)
	throws IOException, ClassNotFoundException
	{
	stream.defaultReadObject();

	SecurityHandler security=SecurityHandler.getCurrentSecurityHandler();
	if (security==null)
	throw new IllegalStateException("!SecurityHandler");
	LoginService login_service=security.getLoginService();
	if (login_service==null)
	throw new IllegalStateException("!LoginService");

	_userIdentity=login_service.login(_name,_credentials);
	LOG.debug("Deserialized and relogged in {}",this);
	}

	public void logout()
	{
	if (_session!=null && _session.getAttribute(__J_AUTHENTICATED)!=null)
	_session.removeAttribute(__J_AUTHENTICATED);

	doLogout();
	}

	private void doLogout()
	{
	SecurityHandler security=SecurityHandler.getCurrentSecurityHandler();
	if (security!=null)
	security.logout(this);
	if (_session!=null)
	_session.removeAttribute(AbstractSessionManager.SESSION_KNOWN_ONLY_TO_AUTHENTICATED);
	}

	@Override
	public String toString()
	{
	return "Session"+super.toString();
	}

	public void sessionWillPassivate(HttpSessionEvent se)
	{

	}

	public void sessionDidActivate(HttpSessionEvent se)
	{
	if (_session==null)
	{
	_session=se.getSession();
	}
	}

	public void valueBound(HttpSessionBindingEvent event)
	{
	if (_session==null)
	{
	_session=event.getSession();
	}
	}

	public void valueUnbound(HttpSessionBindingEvent event)
	{
	doLogout();
	}

	}