/src/edu/ucsb/nceas/metacat/AuthSession.java - Annotate - Metacat - Ecoinformatics Redmine

metacat/src/edu/ucsb/nceas/metacat/AuthSession.java @ 2203

-            bojilova
+/**
  *  '$RCSfile$'
  *    Purpose: A Class that tracks sessions for MetaCatServlet users.
  *  Copyright: 2000 Regents of the University of California and the
  *             National Center for Ecological Analysis and Synthesis
  *    Authors: Matt Jones
  *    Release: @release@
+ *
  *   '$Author$'
  *     '$Date$'
  * '$Revision$'
             jones
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
  * the Free Software Foundation; either version 2 of the License, or
  * (at your option) any later version.
+ *
  * This program is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
+ *
  * You should have received a copy of the GNU General Public License
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-            bojilova
+ */
 package edu.ucsb.nceas.metacat;
 import java.net.ConnectException;
 import javax.servlet.http.HttpSession;
 import javax.servlet.http.HttpServletRequest;
 /**
  * A Class that implements session tracking for MetaCatServlet users.
  * User's login data are stored in the session object.
  * User authentication is done through a dynamically determined AuthInterface.
  */
 public class AuthSession {
   private String authClass = null;
   private HttpSession session = null;
   private AuthInterface authService = null;
   private String statusMessage = null;
             sgarg
   /**
-            bojilova
+   * Construct an AuthSession
    */
-            bojilova
+  public AuthSession() throws Exception {
-            bojilova
+    // Determine our session authentication method and
     // create an instance of the auth class
     MetaCatUtil util = new MetaCatUtil();
-            bojilova
+    this.authClass = util.getOption("authclass");
     this.authService = (AuthInterface)createObject(authClass);
             bojilova
             sgarg
-            tao
+  /**
    * Get the new session
    */
   public HttpSession getSessions()
+  {
     return this.session;
+  }
             bojilova
-            sgarg
+  /**
    * determine if the credentials for this session are valid by
-            bojilova
+   * authenticating them using the authService configured for this session.
             bojilova
    * @param request the request made from the client
    * @param username the username entered when login
    * @param password the password entered when login
-            bojilova
+   */
-            sgarg
+  public boolean authenticate(HttpServletRequest request,
                               String username, String password)  {
-            bojilova
+    String message = null;
-            sgarg
+    try {
-            bojilova
+      if ( authService.authenticate(username, password) ) {
             sgarg
         // getGroups returns groupname along with their description.
         // hence groups[] is generated from groupsWithDescription[][]
         String[][] groupsWithDescription =
             authService.getGroups(username,password,username);
         String groups[] = new String[groupsWithDescription.length];
         for(int i=0; i<groupsWithDescription.length; i++){
           groups[i] = groupsWithDescription[i][0];
+        }
-            berkley
+        if(groups == null)
+        {
           groups = new String[0];
+        }
-            tao
+        this.session = createSession(request, username, password, groups);
-            jones
+        String sessionId = session.getId();
-            bojilova
+        message = "Authentication successful for user: " + username;
-            jones
+        this.statusMessage = formatOutput("login", message, sessionId);
-            bojilova
+        return true;
-            sgarg
+      } else {
-            bojilova
+        message = "Authentication failed for user: " + username;
-            bojilova
+        this.statusMessage = formatOutput("unauth_login", message);
         return false;
             sgarg
-            bojilova
+    } catch ( ConnectException ce ) {
-            berkley
+      message = "Connection to the authentication service failed in " +
                 "AuthSession.authenticate: " + ce.getMessage();
-            bojilova
+    } catch ( IllegalStateException ise ) {
       message = ise.getMessage();
             bojilova
             sgarg
-            bojilova
+    this.statusMessage = formatOutput("error_login", message);
-            bojilova
+    return false;
             bojilova
-            bojilova
+  /** Get new HttpSession and store username & password in it */
-            sgarg
+  private HttpSession createSession(HttpServletRequest request,
-            bojilova
+                                 String username, String password,
-            sgarg
+                                 String[] groups)
-            bojilova
+                      throws IllegalStateException {
             bojilova
     // get the current session object, create one if necessary
     HttpSession session = request.getSession(true);
     // if it is still in use invalidate and get a new one
     if ( !session.isNew() ) {
-            tao
+      MetaCatUtil.debugMessage("in session is not new", 40);
       MetaCatUtil.debugMessage("the old session id is : " +
                                 session.getId(), 30);
       MetaCatUtil.debugMessage("the old session username : " +
                                 session.getAttribute("username"), 30);
-            bojilova
+      session.invalidate();
-            tao
+      MetaCatUtil.debugMessage("in session is not new", 40);
-            bojilova
+      session = request.getSession(true);
+    }
-            bojilova
+    // store the username, password, and groupname (the first only)
     // in the session obj for use on subsequent calls to Metacat servlet
-            bojilova
+    session.setMaxInactiveInterval(-1);
     session.setAttribute("username", username);
     session.setAttribute("password", password);
-            bojilova
+    if ( groups.length > 0 ) {
-            bojilova
+      session.setAttribute("groupnames", groups);
             bojilova
-            tao
+     MetaCatUtil.debugMessage("the new session id is : " +
                                 session.getId(), 30);
      MetaCatUtil.debugMessage("the new session username : " +
                                 session.getAttribute("username"), 30);
-            bojilova
+    return session;
+  }
-            bojilova
+  /**
    * Get the message associated with authenticating this session. The
    * message is formatted in XML.
    */
-            sgarg
+  public String getMessage()
             bojilova
     return this.statusMessage;
+  }
   /**
-            bojilova
+   * Get all groups and users from authentication scheme.
-            bojilova
+   * The output is formatted in XML.
-            bojilova
+   * @param user the user which requests the information
    * @param password the user's password
-            bojilova
+   */
-            bojilova
+  public String getPrincipals(String user, String password)
                 throws ConnectException
             bojilova
-            bojilova
+    return authService.getPrincipals(user, password);
             bojilova
-            sgarg
+  /*
-            bojilova
+   * format the output in xml for processing from client applications
+   *
    * @param tag the root element tag for the message (error or success)
    * @param message the message content of the root element
    */
-            sgarg
+  private String formatOutput(String tag, String message)
             jones
       return formatOutput(tag, message, null);
+  }
-            sgarg
+  /*
-            jones
+   * format the output in xml for processing from client applications
+   *
    * @param tag the root element tag for the message (error or success)
    * @param message the message content of the root element
    * @param sessionId the session identifier for a successful login
    */
-            sgarg
+  private String formatOutput(String tag, String message, String sessionId)
             jones
-            bojilova
+    StringBuffer out = new StringBuffer();
             sgarg
-            bojilova
+    out.append("<?xml version=\"1.0\"?>\n");
     out.append("<" + tag + ">");
-            bojilova
+    out.append("\n  <message>" + message + "</message>\n");
-            jones
+    if (sessionId != null) {
-            jones
+        out.append("\n  <sessionId>" + sessionId + "</sessionId>\n");
             jones
-            bojilova
+    out.append("</" + tag + ">");
             sgarg
-            bojilova
+    return out.toString();
+  }
   /**
    * Instantiate a class using the name of the class at runtime
+   *
    * @param className the fully qualified name of the class to instantiate
    */
-            bojilova
+  private static Object createObject(String className) throws Exception {
             sgarg
-            bojilova
+    Object object = null;
     try {
       Class classDefinition = Class.forName(className);
       object = classDefinition.newInstance();
     } catch (InstantiationException e) {
-            bojilova
+      throw e;
-            bojilova
+    } catch (IllegalAccessException e) {
-            bojilova
+      throw e;
-            bojilova
+    } catch (ClassNotFoundException e) {
-            bojilova
+      throw e;
             bojilova
     return object;
+  }
+}

Project

General

Profile

Metacat