1 28 package net.sf.jguard.jee.authentication.http; 29 30 31 import java.io.IOException ; 32 import java.util.ArrayList ; 33 import java.util.Collection ; 34 import java.util.Iterator ; 35 import java.util.Set ; 36 37 import javax.security.auth.Subject ; 38 import javax.security.auth.login.Configuration ; 39 import javax.security.auth.login.LoginException ; 40 import javax.servlet.http.HttpServletRequest ; 41 import javax.servlet.http.HttpServletResponse ; 42 import javax.servlet.http.HttpSession ; 43 import javax.servlet.http.HttpSessionActivationListener ; 44 import javax.servlet.http.HttpSessionBindingEvent ; 45 import javax.servlet.http.HttpSessionBindingListener ; 46 import javax.servlet.http.HttpSessionEvent ; 47 48 import net.sf.jguard.core.CoreConstants; 49 import net.sf.jguard.core.authentication.credentials.JGuardCredential; 50 import net.sf.jguard.ext.SecurityConstants; 51 import net.sf.jguard.ext.authentication.AuthenticationException; 52 import net.sf.jguard.ext.authentication.manager.AuthenticationManager; 53 import net.sf.jguard.ext.authentication.manager.AuthenticationUtils; 54 import net.sf.jguard.ext.registration.SubjectTemplate; 55 import net.sf.jguard.ext.util.SubjectUtils; 56 import net.sf.jguard.jee.authentication.callbacks.HttpCallbackHandler; 57 58 import org.apache.commons.logging.Log; 59 import org.apache.commons.logging.LogFactory; 60 61 62 63 69 public class HttpAuthenticationUtils implements HttpSessionActivationListener ,HttpSessionBindingListener { 70 private static final Log logger = LogFactory.getLog(HttpAuthenticationUtils.class); 71 72 73 private AuthenticationUtils authenticationUtils = null; 74 75 public HttpAuthenticationUtils(){ 76 super(); 77 authenticationUtils = new AuthenticationUtils(); 78 } 79 80 public HttpAuthenticationUtils(Configuration configuration){ 81 super(); 82 authenticationUtils = new AuthenticationUtils(configuration); 83 } 84 85 86 93 private void useLoginContext(HttpServletRequest request,HttpServletResponse response,boolean afterRegistration) throws LoginException { 94 HttpSession session = request.getSession(); 95 96 String applicationName = (String )session.getServletContext().getAttribute(CoreConstants.APPLICATION_NAME); 97 String scheme = (String )session.getServletContext().getAttribute(HttpConstants.AUTH_SCHEME); 98 HttpCallbackHandler cbh = new HttpCallbackHandler(request,response,scheme); 99 cbh.setAfterRegistration(afterRegistration); 100 authenticationUtils.login(applicationName, cbh,request.getLocale()); 101 102 } 103 104 105 106 110 public Subject getSubject(){ 111 return authenticationUtils.getSubject(); 112 } 113 114 115 116 121 public static HttpAuthenticationUtils getHttpAuthenticationUtils(HttpServletRequest req,boolean local){ 122 HttpSession session = req.getSession(true); 123 HttpAuthenticationUtils httpAuthenticationUtils = (HttpAuthenticationUtils) session.getAttribute(HttpConstants.AUTHN_UTILS); 124 125 if(httpAuthenticationUtils!= null && httpAuthenticationUtils.getSubject()==null){ 127 logger.debug(" subject into HttpAuthenticationUtils is null "); 128 httpAuthenticationUtils.logout(); 129 session.removeAttribute(HttpConstants.AUTHN_UTILS); 130 httpAuthenticationUtils = null; 131 } 132 133 if(httpAuthenticationUtils==null){ 134 Configuration configuration = (Configuration )req.getSession().getServletContext().getAttribute(HttpConstants.JGUARD_CONFIGURATION); 135 if(local){ 136 httpAuthenticationUtils = new HttpAuthenticationUtils(configuration); 137 }else{ 138 httpAuthenticationUtils = new HttpAuthenticationUtils(); 139 } 140 session.setAttribute(HttpConstants.AUTHN_UTILS,httpAuthenticationUtils); 141 } 142 return httpAuthenticationUtils; 143 } 144 145 155 public static boolean authenticate(HttpServletRequest req, HttpServletResponse res,boolean afterRegistration,boolean local) throws IOException { 156 157 HttpAuthenticationUtils auth = getHttpAuthenticationUtils(req,local); 158 HttpSession session = req.getSession(true); 159 boolean authenticationSucceed = true; 160 try { 161 auth.useLoginContext(req, res,afterRegistration); 162 } catch (LoginException e) { 163 authenticationSucceed = false; 164 String messageError = null; 165 messageError = e.getLocalizedMessage(); 166 167 session.setAttribute(HttpConstants.LOGIN_EXCEPTION_MESSAGE,messageError); 169 session.setAttribute(HttpConstants.LOGIN_EXCEPTION_CLASS,e.getClass()); 170 } 171 172 return authenticationSucceed; 173 } 174 175 176 177 181 public void sessionWillPassivate(HttpSessionEvent sessionEvent) { 182 if(authenticationUtils!=null){ 183 authenticationUtils.logout(); 184 } 185 HttpAuthenticationUtils authUtils = (HttpAuthenticationUtils)sessionEvent.getSession().getAttribute(HttpConstants.AUTHN_UTILS); 186 if(authUtils!=null){ 187 authUtils.logout(); 188 } 189 sessionEvent.getSession().removeAttribute(HttpConstants.AUTHN_UTILS); 190 } 191 192 193 197 public void sessionDidActivate(HttpSessionEvent sessionEvent) { 198 199 200 } 201 202 203 public void valueBound(HttpSessionBindingEvent bindingEvent) { 204 if(HttpConstants.AUTHN_UTILS.equals(bindingEvent.getName())){ 205 Collection users = (Collection )bindingEvent.getSession().getServletContext().getAttribute(HttpConstants.USERS_IN_SESSION); 206 users.add(this); 207 } 208 209 } 210 211 212 213 public void valueUnbound(HttpSessionBindingEvent bindingEvent) { 214 if(HttpConstants.AUTHN_UTILS.equals(bindingEvent.getName())){ 215 Collection users = (Collection )bindingEvent.getSession().getServletContext().getAttribute(HttpConstants.USERS_IN_SESSION); 216 if(users!=null && users.contains(this)){ 217 users.remove(this); 218 } 219 } 220 } 221 222 223 224 public void logout() { 225 authenticationUtils.logout(); 226 } 227 228 public AuthenticationUtils getAuthenticationUtils() { 229 return authenticationUtils; 230 } 231 232 237 public static Subject getSubject(HttpSession session){ 238 HttpAuthenticationUtils authutils = (HttpAuthenticationUtils)session.getAttribute(HttpConstants.AUTHN_UTILS); 239 if(authutils!=null){ 240 return authutils.getSubject(); 241 } 242 return null; 243 } 244 245 246 } | Popular Tags |