KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > apache > roller > ui > core > RollerSession


1 /*
2 * Licensed to the Apache Software Foundation (ASF) under one or more
3 * contributor license agreements. The ASF licenses this file to You
4 * under the Apache License, Version 2.0 (the "License"); you may not
5 * use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License. For additional information regarding
15 * copyright in this work, please see the NOTICE file in the top level
16 * directory of this distribution.
17 */
18 package org.apache.roller.ui.core;
19
20 import java.io.Serializable JavaDoc;
21 import java.security.Principal JavaDoc;
22
23 import javax.servlet.http.HttpServletRequest JavaDoc;
24 import javax.servlet.http.HttpSession JavaDoc;
25 import javax.servlet.http.HttpSessionActivationListener JavaDoc;
26 import javax.servlet.http.HttpSessionEvent JavaDoc;
27 import javax.servlet.http.HttpSessionListener JavaDoc;
28
29 import org.apache.commons.collections.ArrayStack;
30 import org.apache.commons.logging.Log;
31 import org.apache.commons.logging.LogFactory;
32 import org.apache.roller.RollerException;
33 import org.apache.roller.config.RollerConfig;
34 import org.apache.roller.model.RollerFactory;
35 import org.apache.roller.model.UserManager;
36 import org.apache.roller.pojos.PermissionsData;
37 import org.apache.roller.pojos.UserData;
38 import org.apache.roller.pojos.WebsiteData;
39 import org.apache.roller.ui.core.security.AutoProvision;
40
41
42 //////////////////////////////////////////////////////////////////////////////
43 /**
44  * Roller session handles session startup and shutdown.
45  * @web.listener
46  */
47 public class RollerSession
48     implements HttpSessionListener JavaDoc, HttpSessionActivationListener JavaDoc, Serializable JavaDoc
49 {
50     static final long serialVersionUID = 5890132909166913727L;
51
52     private UserData authenticatedUser = null;
53     
54     private static Log mLogger =
55         LogFactory.getFactory().getInstance(RollerSession.class);
56
57     public static final String JavaDoc ROLLER_SESSION = "org.apache.roller.rollersession";
58     public static final String JavaDoc ERROR_MESSAGE = "rollererror_message";
59     public static final String JavaDoc STATUS_MESSAGE = "rollerstatus_message";
60
61     //---------------------------------------------------------------- Construction
62 /**
63      * Get RollerSession from request (and add user if not already present).
64      */
65     public static RollerSession getRollerSession(HttpServletRequest JavaDoc request)
66     {
67         RollerSession rollerSession = null;
68         HttpSession JavaDoc session = request.getSession(false);
69         if (session != null)
70         {
71             rollerSession = (RollerSession)session.getAttribute(ROLLER_SESSION);
72             if (rollerSession == null)
73             {
74                 // HttpSession with no RollerSession?
75 // Must be a session that was de-serialized from a previous run.
76 rollerSession = new RollerSession();
77                 session.setAttribute(ROLLER_SESSION, rollerSession);
78             }
79             Principal JavaDoc principal = request.getUserPrincipal();
80             if (rollerSession.getAuthenticatedUser() == null && principal != null)
81             {
82                 try
83                 {
84                     UserManager umgr = RollerFactory.getRoller().getUserManager();
85                     UserData user = umgr.getUserByUserName(principal.getName());
86
87                     // try one time to auto-provision, only happens if user==null
88 // which means installation has SSO-enabled in security.xml
89 if(user == null && RollerConfig.getBooleanProperty("users.sso.autoProvision.enabled")) {
90                        // provisioning enabled, get provisioner and execute
91 AutoProvision provisioner = RollerContext.getAutoProvision();
92                        if(provisioner != null)
93                        {
94                            boolean userProvisioned = provisioner.execute();
95                            if(userProvisioned)
96                            {
97                                // try lookup again real quick
98 user = umgr.getUserByUserName(principal.getName());
99                            }
100                        }
101                      }
102                     // only set authenticated user if user is enabled
103 if(user != null && user.getEnabled().booleanValue())
104                     {
105                         rollerSession.setAuthenticatedUser(user);
106                     }
107                 }
108                 catch (RollerException e)
109                 {
110                     mLogger.error("ERROR: getting user object",e);
111                 }
112             }
113         }
114         return rollerSession;
115     }
116
117     //-------------------------------------------------------------- Session events
118
119     /** Create session's Roller instance */
120     public void sessionCreated(HttpSessionEvent JavaDoc se)
121     {
122         RollerSession rollerSession = new RollerSession();
123         se.getSession().setAttribute(ROLLER_SESSION, rollerSession);
124         RollerContext rctx = RollerContext.getRollerContext();
125         rctx.sessionCreated(se);
126     }
127
128     public void sessionDestroyed(HttpSessionEvent JavaDoc se)
129     {
130         RollerContext rctx = RollerContext.getRollerContext();
131         rctx.sessionDestroyed(se);
132         clearSession(se);
133     }
134
135     /** Init session as if it was new */
136     public void sessionDidActivate(HttpSessionEvent JavaDoc se)
137     {
138     }
139
140     /** Purge session before passivation. Because Roller currently does not
141      * support session recovery, failover, migration, or whatever you want
142      * to call it when sessions are saved and then restored at some later
143      * point in time.
144      */
145    public void sessionWillPassivate(HttpSessionEvent JavaDoc se)
146    {
147        clearSession(se);
148    }
149
150     //-------------------------------------------------------- Authentication, etc.
151
152     /**
153      * Authenticated user associated with this session.
154      */
155     public UserData getAuthenticatedUser()
156     {
157         return authenticatedUser;
158     }
159     
160     /**
161      * Authenticated user associated with this session.
162      */
163     public void setAuthenticatedUser(UserData authenticatedUser)
164     {
165         this.authenticatedUser = authenticatedUser;
166     }
167     
168     /**
169      * Does our authenticated user have the global admin role?
170      */
171     public boolean isGlobalAdminUser() throws RollerException
172     {
173         UserData user = getAuthenticatedUser();
174         if (user != null && user.hasRole("admin")
175             && user.getEnabled().booleanValue()) return true;
176         return false;
177     }
178
179     /**
180      * Is session's authenticated user authorized to work in current website?
181      */
182     public boolean isUserAuthorized(WebsiteData website)
183         throws RollerException
184     {
185         UserData user = getAuthenticatedUser();
186         if (user != null && user.getEnabled().booleanValue())
187             return hasPermissions(website, PermissionsData.LIMITED);
188         return false;
189     }
190     
191     /**
192      * Is session's authenticated user authorized to post in current weblog?
193      */
194     public boolean isUserAuthorizedToAuthor(WebsiteData website)
195         throws RollerException
196     {
197         UserData user = getAuthenticatedUser();
198         if (user != null && user.getEnabled().booleanValue())
199             return hasPermissions(website, PermissionsData.AUTHOR);
200         return false;
201     }
202     
203     /**
204      * Is session's authenticated user authorized to admin current weblog?
205      */
206     public boolean isUserAuthorizedToAdmin(WebsiteData website)
207         throws RollerException
208     {
209         UserData user = getAuthenticatedUser();
210         if (user != null && user.getEnabled().booleanValue())
211             return hasPermissions(website, PermissionsData.ADMIN);
212         return false;
213     }
214     
215     private boolean hasPermissions(WebsiteData website, short mask)
216     {
217         UserData user = getAuthenticatedUser();
218         if (website != null && user != null)
219         {
220             return website.hasUserPermissions(user, mask);
221         }
222         return false;
223     }
224
225     //--------------------------------------------------------------------- Innards
226
227     private void clearSession(HttpSessionEvent JavaDoc se)
228     {
229         HttpSession JavaDoc session = se.getSession();
230         try
231         {
232             session.removeAttribute(ROLLER_SESSION);
233         }
234         catch (Throwable JavaDoc e)
235         {
236             if (mLogger.isDebugEnabled())
237             {
238                 // ignore purge exceptions
239 mLogger.debug("EXCEPTION PURGING session attributes",e);
240             }
241         }
242     }
243 }
244
245
Popular Tags