KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > riotfamily > riot > security > session > LoginManager


1 /* ***** BEGIN LICENSE BLOCK *****
2  * Version: MPL 1.1
3  * The contents of this file are subject to the Mozilla Public License Version
4  * 1.1 (the "License"); you may not use this file except in compliance with
5  * the License. You may obtain a copy of the License at
6  * http://www.mozilla.org/MPL/
7  *
8  * Software distributed under the License is distributed on an "AS IS" basis,
9  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
10  * for the specific language governing rights and limitations under the
11  * License.
12  *
13  * The Original Code is Riot.
14  *
15  * The Initial Developer of the Original Code is
16  * Neteye GmbH.
17  * Portions created by the Initial Developer are Copyright (C) 2006
18  * the Initial Developer. All Rights Reserved.
19  *
20  * Contributor(s):
21  * Felix Gnass [fgnass at neteye dot de]
22  *
23  * ***** END LICENSE BLOCK ***** */

24 package org.riotfamily.riot.security.session;
25
26 import javax.servlet.ServletContext JavaDoc;
27 import javax.servlet.http.HttpServletRequest JavaDoc;
28 import javax.servlet.http.HttpServletResponse JavaDoc;
29
30 import org.riotfamily.riot.security.auth.AuthenticationService;
31 import org.riotfamily.riot.security.auth.RiotUser;
32 import org.springframework.web.context.ServletContextAware;
33
34 public class LoginManager implements ServletContextAware {
35
36     private static final String JavaDoc CONTEXT_KEY = LoginManager.class.getName();
37         
38     private AuthenticationService authenticationService;
39
40     private SessionMetaDataStore metaDataStore;
41     
42     
43     public LoginManager(AuthenticationService authenticationService) {
44         this.authenticationService = authenticationService;
45     }
46     
47     public void setMetaDataStore(SessionMetaDataStore metaDataStore) {
48         this.metaDataStore = metaDataStore;
49     }
50
51     public void setServletContext(ServletContext JavaDoc servletContext) {
52         servletContext.setAttribute(CONTEXT_KEY, this);
53     }
54     
55     public static LoginManager getInstance(ServletContext JavaDoc servletContext) {
56         return (LoginManager) servletContext.getAttribute(CONTEXT_KEY);
57     }
58     
59     /**
60      * Tries to authenticate the user with the given credentials. If the
61      * authentication succeeds the RiotUser object is stored in the
62      * HTTP session.
63      */

64     public boolean login(HttpServletRequest JavaDoc request, String JavaDoc userName,
65             String JavaDoc password) {
66         
67         RiotUser user = authenticationService.authenticate(userName, password);
68         if (user != null) {
69             storeUserInSession(userName, user, request);
70             return true;
71         }
72         return false;
73     }
74     
75     /**
76      * Performs a logout. This is done by removing the {@link UserHolder}
77      * object from the session.
78      */

79     public static void logout(HttpServletRequest JavaDoc request,
80             HttpServletResponse JavaDoc response) {
81         
82         UserHolder.removeFromSession(request);
83     }
84     
85     /**
86      * Retrieves the {@link SessionMetaData} for the given user from the
87      * {@link SessionMetaDataStore}. If no store is configured or no persistent
88      * data is found, a new instance is created.
89      */

90     private SessionMetaData getOrCreateMetaData(String JavaDoc userName, RiotUser user,
91             HttpServletRequest JavaDoc request) {
92         
93         SessionMetaData metaData = null;
94         if (metaDataStore != null) {
95             metaData = metaDataStore.loadSessionMetaData(user);
96         }
97         if (metaData == null) {
98             metaData = new SessionMetaData(user.getUserId());
99         }
100         metaData.sessionStarted(userName, request.getRemoteHost());
101         return metaData;
102     }
103     
104     /**
105      * Stores the given SessionData in the {@link SessionMetaDataStore}.
106      */

107     void storeSessionMetaData(SessionMetaData sessionData) {
108         if (metaDataStore != null) {
109             metaDataStore.storeSessionMetaData(sessionData);
110         }
111     }
112     
113     /**
114      * Stores the given user in the HTTP session. Actually a {@link UserHolder}
115      * object is used, that holds both, the RiotUser and the SessionData.
116      */

117     private void storeUserInSession(String JavaDoc userName, RiotUser user,
118             HttpServletRequest JavaDoc request) {
119         
120         SessionMetaData sessionData = getOrCreateMetaData(userName, user, request);
121         UserHolder holder = new UserHolder(user, sessionData);
122         holder.storeInSession(request.getSession());
123     }
124
125     /**
126      * Returns the user associated with the given request.
127      */

128     static RiotUser getUser(HttpServletRequest JavaDoc request) {
129         UserHolder holder = UserHolder.getInstance(request);
130         return holder != null ? holder.getUser() : null;
131     }
132
133     /**
134      * Returns the SessionData for the given request.
135      */

136     public static SessionMetaData getSessionMetaData(HttpServletRequest JavaDoc request) {
137         UserHolder holder = UserHolder.getInstance(request);
138         return holder != null ? holder.getSessionMetaData() : null;
139     }
140     
141 }
142
Popular Tags