| // |
| // ======================================================================== |
| // Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd. |
| // ------------------------------------------------------------------------ |
| // All rights reserved. This program and the accompanying materials |
| // are made available under the terms of the Eclipse Public License v1.0 |
| // and Apache License v2.0 which accompanies this distribution. |
| // |
| // The Eclipse Public License is available at |
| // http://www.eclipse.org/legal/epl-v10.html |
| // |
| // The Apache License v2.0 is available at |
| // http://www.opensource.org/licenses/apache2.0.php |
| // |
| // You may elect to redistribute this code under either of these licenses. |
| // ======================================================================== |
| // |
| |
| |
| package org.eclipse.jetty.security.authentication; |
| |
| import java.io.IOException; |
| import java.io.ObjectInputStream; |
| import java.io.Serializable; |
| |
| import javax.servlet.http.HttpSession; |
| import javax.servlet.http.HttpSessionActivationListener; |
| import javax.servlet.http.HttpSessionBindingEvent; |
| import javax.servlet.http.HttpSessionBindingListener; |
| import javax.servlet.http.HttpSessionEvent; |
| |
| import org.eclipse.jetty.security.LoginService; |
| import org.eclipse.jetty.security.SecurityHandler; |
| import org.eclipse.jetty.server.Authentication; |
| import org.eclipse.jetty.server.UserIdentity; |
| import org.eclipse.jetty.server.UserIdentity.Scope; |
| import org.eclipse.jetty.server.session.AbstractSessionManager; |
| import org.eclipse.jetty.util.log.Log; |
| import org.eclipse.jetty.util.log.Logger; |
| |
| public class SessionAuthentication implements Authentication.User, Serializable, HttpSessionActivationListener, HttpSessionBindingListener |
| { |
| private static final Logger LOG = Log.getLogger(SessionAuthentication.class); |
| |
| private static final long serialVersionUID = -4643200685888258706L; |
| |
| |
| |
| public final static String __J_AUTHENTICATED="org.eclipse.jetty.security.UserIdentity"; |
| |
| private final String _method; |
| private final String _name; |
| private final Object _credentials; |
| |
| private transient UserIdentity _userIdentity; |
| private transient HttpSession _session; |
| |
| public SessionAuthentication(String method, UserIdentity userIdentity, Object credentials) |
| { |
| _method = method; |
| _userIdentity = userIdentity; |
| _name=_userIdentity.getUserPrincipal().getName(); |
| _credentials=credentials; |
| } |
| |
| public String getAuthMethod() |
| { |
| return _method; |
| } |
| |
| public UserIdentity getUserIdentity() |
| { |
| return _userIdentity; |
| } |
| |
| public boolean isUserInRole(Scope scope, String role) |
| { |
| return _userIdentity.isUserInRole(role, scope); |
| } |
| |
| private void readObject(ObjectInputStream stream) |
| throws IOException, ClassNotFoundException |
| { |
| stream.defaultReadObject(); |
| |
| SecurityHandler security=SecurityHandler.getCurrentSecurityHandler(); |
| if (security==null) |
| throw new IllegalStateException("!SecurityHandler"); |
| LoginService login_service=security.getLoginService(); |
| if (login_service==null) |
| throw new IllegalStateException("!LoginService"); |
| |
| _userIdentity=login_service.login(_name,_credentials); |
| LOG.debug("Deserialized and relogged in {}",this); |
| } |
| |
| public void logout() |
| { |
| if (_session!=null && _session.getAttribute(__J_AUTHENTICATED)!=null) |
| _session.removeAttribute(__J_AUTHENTICATED); |
| |
| doLogout(); |
| } |
| |
| private void doLogout() |
| { |
| SecurityHandler security=SecurityHandler.getCurrentSecurityHandler(); |
| if (security!=null) |
| security.logout(this); |
| if (_session!=null) |
| _session.removeAttribute(AbstractSessionManager.SESSION_KNOWN_ONLY_TO_AUTHENTICATED); |
| } |
| |
| @Override |
| public String toString() |
| { |
| return "Session"+super.toString(); |
| } |
| |
| public void sessionWillPassivate(HttpSessionEvent se) |
| { |
| |
| } |
| |
| public void sessionDidActivate(HttpSessionEvent se) |
| { |
| if (_session==null) |
| { |
| _session=se.getSession(); |
| } |
| } |
| |
| public void valueBound(HttpSessionBindingEvent event) |
| { |
| if (_session==null) |
| { |
| _session=event.getSession(); |
| } |
| } |
| |
| public void valueUnbound(HttpSessionBindingEvent event) |
| { |
| doLogout(); |
| } |
| |
| } |