KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > jboss > web > tomcat > security > GenericHeaderAuthenticator


1 /*
2  * JBoss, the OpenSource J2EE webOS
3  *
4  * Distributable under LGPL license.
5  * See terms of license at gnu.org.
6  */

7 package org.jboss.web.tomcat.security;
8
9 import java.io.IOException JavaDoc;
10 import java.security.Principal JavaDoc;
11 import java.util.StringTokenizer JavaDoc;
12
13 import javax.management.JMException JavaDoc;
14 import javax.management.ObjectName JavaDoc;
15 import javax.servlet.http.Cookie JavaDoc;
16
17 import org.apache.catalina.Realm;
18 import org.apache.catalina.Session;
19 import org.apache.catalina.authenticator.Constants;
20 import org.apache.catalina.connector.Request;
21 import org.apache.catalina.connector.Response;
22 import org.apache.catalina.deploy.LoginConfig;
23 import org.jboss.logging.Logger;
24
25 /**
26  * JBAS-2283: Provide custom header based authentication support
27  *
28  * Header Authenticator that deals with userid from the request header
29  * Requires two attributes configured on the Tomcat Service - one for
30  * the http header denoting the authenticated identity and the other
31  * is the SESSION cookie
32  *
33  * @author <a HREF="mailto:Anil.Saldhana@jboss.org">Anil Saldhana</a>
34  * @version $Revision$
35  * @since Sep 11, 2006
36  */

37 public class GenericHeaderAuthenticator extends ExtendedFormAuthenticator
38 {
39    protected static Logger log = Logger.getLogger(GenericHeaderAuthenticator.class);
40    protected boolean trace = log.isTraceEnabled();
41
42    public GenericHeaderAuthenticator()
43    {
44       super();
45    }
46    
47    public boolean authenticate(Request request,
48          Response response, LoginConfig config)
49    throws IOException JavaDoc
50    {
51       log.trace("Authenticating user");
52
53       Principal JavaDoc principal = request.getUserPrincipal();
54       if (principal != null)
55       {
56          if (trace)
57             log.trace("Already authenticated '" + principal.getName() + "'");
58          return true;
59       }
60
61       Realm realm = context.getRealm();
62       Session session = request.getSessionInternal(true);
63
64       String JavaDoc username = getUserId(request);
65       String JavaDoc password = getSessionCookie(request);
66
67       //Check if there is sso id as well as sessionkey
68
if(username == null || password == null )
69       {
70          log.trace("Username is null or password(sessionkey) is null:fallback to form auth");
71          return super.authenticate(request, response, config);
72       }
73       principal = realm.authenticate(username,password);
74
75       if (principal == null)
76       {
77          forwardToErrorPage(request, response, config);
78          return false;
79       }
80
81       session.setNote(Constants.SESS_USERNAME_NOTE, username);
82       session.setNote(Constants.SESS_PASSWORD_NOTE, password);
83       request.setUserPrincipal(principal);
84
85       register(request, response, principal, Constants.FORM_METHOD, username, password);
86       return true;
87    }
88    
89    /**
90     * Get the username from the request header
91     * @param request
92     * @return
93     */

94    protected String JavaDoc getUserId(Request request)
95    {
96       String JavaDoc ssoid = null;
97       //We can have a comma-separated ids
98
String JavaDoc ids = "";
99       try
100       {
101          ids = this.getIdentityHeaderId();
102       }
103       catch (JMException JavaDoc e)
104       {
105          if(trace)
106             log.trace("getUserId exception", e);
107       }
108       StringTokenizer JavaDoc st = new StringTokenizer JavaDoc(ids,",");
109       while(st.hasMoreTokens())
110       {
111          ssoid = request.getHeader(st.nextToken());
112          if(ssoid != null)
113             break;
114       }
115       if(trace)
116          log.trace("SSOID-" + ssoid);
117       return ssoid;
118    }
119    
120    /**
121     * Obtain the session cookie from the request
122     * @param request
123     * @return
124     */

125    protected String JavaDoc getSessionCookie(Request request)
126    {
127       Cookie JavaDoc[] cookies = request.getCookies();
128       log.trace("Cookies:"+cookies);
129       int numCookies = cookies != null ? cookies.length : 0;
130       
131       //We can have comma-separated ids
132
String JavaDoc ids = "";
133       try
134       {
135          ids = this.getSessionCookieId();
136          log.trace("Session Cookie Ids="+ids);
137       }
138       catch (JMException JavaDoc e)
139       {
140          if(trace)
141             log.trace("checkSessionCookie exception", e);
142       }
143       StringTokenizer JavaDoc st = new StringTokenizer JavaDoc(ids,",");
144       while(st.hasMoreTokens())
145       {
146          String JavaDoc cookieToken = st.nextToken();
147          String JavaDoc val = getCookieValue(cookies, numCookies, cookieToken);
148          if(val != null)
149             return val;
150       }
151       if(trace)
152         log.trace("Session Cookie not found");
153       return null;
154    }
155    
156    /**
157     * Get the configured header identity id
158     * in the tomcat service
159     * @return
160     * @throws JMException
161     */

162    protected String JavaDoc getIdentityHeaderId() throws JMException JavaDoc
163    {
164       return (String JavaDoc)mserver.getAttribute(new ObjectName JavaDoc("jboss.web:service=WebServer"),
165                        "HttpHeaderForSSOAuth");
166    }
167    
168    /**
169     * Get the configured session cookie id in the tomcat service
170     * @return
171     * @throws JMException
172     */

173    protected String JavaDoc getSessionCookieId() throws JMException JavaDoc
174    {
175       return (String JavaDoc)mserver.getAttribute(new ObjectName JavaDoc("jboss.web:service=WebServer"),
176                        "SessionCookieForSSOAuth");
177    }
178    
179    /**
180     * Get the value of a cookie if the name matches the token
181     * @param cookies array of cookies
182     * @param numCookies number of cookies in the array
183     * @param token Key
184     * @return value of cookie
185     */

186    protected String JavaDoc getCookieValue(Cookie JavaDoc[] cookies, int numCookies,
187          String JavaDoc token)
188    {
189       for(int i = 0; i < numCookies; i++)
190       {
191          Cookie JavaDoc cookie = cookies[i];
192          log.trace("Matching cookieToken:"+token+" with cookie name="
193                + cookie.getName());
194          if(token.equals(cookie.getName()))
195          {
196             if(trace)
197                log.trace("Cookie-" + token + " value=" + cookie.getValue());
198             return cookie.getValue();
199          }
200       }
201       return null;
202    }
203 }
204
Popular Tags