1 23 24 package com.sun.web.security; 25 26 import java.security.*; 27 import java.io.*; 28 import java.util.logging.Logger ; 29 import java.util.logging.Level ; 30 import javax.servlet.ServletRequest ; 31 import javax.servlet.ServletRequestWrapper ; 32 import javax.servlet.http.HttpServletRequest ; 33 import javax.servlet.http.HttpServletResponse ; 34 import javax.servlet.http.HttpSession ; 35 36 import org.apache.catalina.Session; 37 import org.apache.catalina.Context; 38 import org.apache.catalina.Manager; 39 import org.apache.coyote.Request; 40 41 import com.sun.web.security.WebPrincipal; 42 43 import com.sun.logging.LogDomains; 44 45 import com.sun.enterprise.security.auth.LoginContextDriver; 46 import com.sun.enterprise.security.SecurityContext; 47 48 import org.apache.coyote.tomcat5.CoyoteRequest; 49 import org.apache.coyote.tomcat5.CoyoteRequestFacade; 50 51 57 58 public class WebProgrammaticLogin 59 { 60 61 public static final String WEBAUTH_PROGRAMMATIC="PROGRAMMATIC"; 63 64 private static Logger logger = 65 LogDomains.getLogger(LogDomains.SECURITY_LOGGER); 66 67 68 98 public static Boolean login(String user, String password, String realm, 99 HttpServletRequest request, 100 HttpServletResponse response) 101 { 102 104 CoyoteRequest req = getUnwrappedCoyoteRequest(request); 105 if (req == null) { 106 return Boolean.valueOf(false); 107 } 108 109 LoginContextDriver.login(user, password, realm); 111 112 116 SecurityContext secCtx = SecurityContext.getCurrent(); 117 assert (secCtx != null); 119 WebPrincipal principal = new WebPrincipal(user, password, secCtx); 120 req.setUserPrincipal(principal); 121 req.setAuthType(WEBAUTH_PROGRAMMATIC); 122 123 if(logger.isLoggable(Level.FINE)){ 124 logger.log(Level.FINE, "Programmatic login set principal in http request to: "+ 125 user); 126 } 127 128 132 Session realSession = getSession(req); 133 if (realSession != null) { 134 realSession.setPrincipal((Principal)principal); 135 realSession.setAuthType(WEBAUTH_PROGRAMMATIC); 136 if(logger.isLoggable(Level.FINE)){ 137 logger.log(Level.FINE, "Programmatic login set principal in session."); 138 } 139 } else { 140 if(logger.isLoggable(Level.FINE)){ 141 logger.log(Level.FINE,"Programmatic login: No session available."); 142 } 143 } 144 145 return Boolean.valueOf(true); 146 } 147 148 149 152 private static CoyoteRequest getUnwrappedCoyoteRequest(HttpServletRequest request){ 153 CoyoteRequest req = null; 154 ServletRequest servletRequest = request; 155 try{ 156 157 while (servletRequest instanceof ServletRequestWrapper ) { 158 servletRequest = ((ServletRequestWrapper )request).getRequest(); 159 } 160 161 if (servletRequest instanceof CoyoteRequestFacade) { 162 req = ((CoyoteRequestFacade)servletRequest).getUnwrappedCoyoteRequest(); 163 } 164 165 } catch (AccessControlException ex){ 166 logger.log(Level.FINE, "Programmatic login faiied to get request"); 167 } 168 return req; 169 } 170 171 183 public static Boolean logout(HttpServletRequest request, 184 HttpServletResponse response) throws Exception 185 { 186 188 CoyoteRequest req = getUnwrappedCoyoteRequest(request); 189 if (req == null) { 190 return Boolean.valueOf(false); 191 } 192 193 195 LoginContextDriver.logout(); 196 198 req.setUserPrincipal(null); 199 req.setAuthType(null); 200 if(logger.isLoggable(Level.FINE)){ 201 logger.log(Level.FINE, "Programmatic logout removed principal from request."); 202 } 203 204 206 Session realSession = getSession(req); 207 if (realSession != null) { 208 realSession.setPrincipal(null); 209 realSession.setAuthType(null); 210 if(logger.isLoggable(Level.FINE)){ 211 logger.log(Level.FINE, "Programmatic logout removed principal from "+ 212 "session."); 213 } 214 } 215 216 return Boolean.valueOf(true); 217 } 218 219 220 225 private static Session getSession(CoyoteRequest request) 226 { 227 HttpSession session = request.getSession(false); 228 229 if (session != null) { 230 Context context = request.getContext(); 231 if (context != null) { 232 Manager manager = context.getManager(); 233 if (manager != null) { 234 String sessionId = session.getId(); 236 try { 237 Session realSession = manager.findSession(sessionId); 238 return realSession; 239 } catch (IOException e) { 240 return null; 242 } 243 } 244 } 245 } 246 247 return null; 248 } 249 } 250 | Popular Tags |