PageflowValve


1   /*
2    * Copyright 2004 The Apache Software Foundation.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    * 
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    * 
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   *
16   * $Header:$
17   */
18  package org.apache.beehive.netui.tomcat;
19  
20  import org.apache.catalina.*;
21  import org.apache.catalina.deploy.SecurityConstraint;
22  import org.apache.catalina.authenticator.BasicAuthenticator;
23  import org.apache.catalina.authenticator.Constants;
24  
25  import javax.servlet.ServletException  ;
26  import javax.servlet.http.HttpServletRequest  ;
27  import javax.servlet.http.HttpSession  ;
28  import javax.security.auth.login.LoginException  ;
29  import javax.security.auth.login.FailedLoginException  ;
30  import java.io.IOException  ;
31  import java.security.Principal  ;
32  
33  /**
34   * Tomcat valve implementation to give the netui pageflow infrastructure access to tomcat
35   * internal functionality. When this valve is configured in a context, an instance of
36   * org.apache.beehive.netui.tomcat.PageflowHelper will be placed in the session, which can
37   * be used by the TomcatServletContainerAdapter implementation of org.apache.beehive.netui.pageflow.ServletAdapter.
38   */
39  public class PageflowValve extends BasicAuthenticator
40  {
41      public void invoke(Request   request, Response response, ValveContext valveContext)
42              throws IOException  , ServletException  
43      {
44          // If this is not an HTTP request and response, just pass them on
45          if (!(request instanceof HttpRequest) ||
46              !(response instanceof HttpResponse)) {
47              valveContext.invokeNext(request, response);
48              return;
49          }
50  
51          // NOTE: this code copied from org.apache.catalina.authenticator.AuthenticatorBase.invoke()
52          // Have we got a cached authenticated Principal to put in the request?
53          if (cache) {
54              Principal   principal =
55                  ((HttpServletRequest  ) request.getRequest()).getUserPrincipal();
56              if (principal == null) {
57                  Session   session = getSession((HttpRequest)request);
58                  if (session != null) {
59                      principal = session.getPrincipal();
60                      if (principal != null) {
61                          if (debug >= 1)
62                              log("We have cached auth type " +
63                                  session.getAuthType() +
64                                  " for principal " +
65                                  session.getPrincipal());
66                          ((HttpRequest)request).setAuthType(session.getAuthType());
67                          ((HttpRequest)request).setUserPrincipal(principal);
68                      }
69                  }
70              }
71          }
72  
73          // initialize pageflow helper
74          HttpServletRequest   hreq =
75              (HttpServletRequest  ) request.getRequest();
76          PageflowHelper helper = new PageflowHelperImpl();
77          ((PageflowHelperImpl)helper).initRequest( (HttpRequest)request, (HttpResponse)response, this );
78          hreq.setAttribute( PageflowHelper.PAGEFLOW_HELPER_KEY, helper );
79  
80          valveContext.invokeNext(request, response);
81      }
82  
83      void login( String   username, String   password, HttpRequest request, HttpResponse response )
84          throws LoginException  
85      {
86          // Note: if the login is not successful, we don't reset the current principal (if there is one).
87          Principal   principal = context.getRealm().authenticate(username, password);
88          if (principal != null)
89          {
90              register(request, response, principal, Constants.BASIC_METHOD,
91                       username, password);
92              return;
93          }
94  
95          throw new FailedLoginException  ( "Page Flow login failed: " + username ); // TODO: I18N
96      }
97  
98      void logout( boolean invalidateSessions, HttpRequest request, HttpResponse response )
99      {
100         if ( invalidateSessions )
101         {
102             // invalidate the session - this will also nuke the request, so save the pageflow helper
103             // and put it back when we're done
104             HttpServletRequest   hreq =
105                 (HttpServletRequest  ) request.getRequest();
106             PageflowHelper pfh = (PageflowHelper)hreq.getAttribute( PageflowHelper.PAGEFLOW_HELPER_KEY );
107             HttpSession   session = hreq.getSession(false);
108             if ( session != null )
109                 session.invalidate();
110             if ( pfh != null )
111                 hreq.setAttribute( PageflowHelper.PAGEFLOW_HELPER_KEY, pfh );
112         }
113         register( request, response, null, null, null, null );
114     }
115 
116     /**
117      * Causes the server to do a security check for the given URI.  If required, it does a redirect to
118      * change the scheme (http/https).
119      *
120      * @param request
121      * @param response
122      * @param constraint The SecurityConstraint to check against
123      * @return <code>true</code> if a redirect occurred.
124      */
125     public boolean checkSecurity( HttpRequest request, HttpResponse response, SecurityConstraint constraint )
126         throws IOException  
127     {
128         // The tomcat version of this returns false if the user was redirected, so we want the opposite of that.
129         return ! authenticate( request, response, null );
130     }
131 
132 
133     Context getContext()
134     {
135         return context;
136     }
137 }
138
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags