Metacat

/**

 *  '$RCSfile$'

 *    Purpose: A Class that tracks sessions for MetaCatServlet users.

 *  Copyright: 2000 Regents of the University of California and the

 *             National Center for Ecological Analysis and Synthesis

 *    Authors: Matt Jones

 *    Release: @release@

 *

 *   '$Author: sgarg $'

 *     '$Date: 2005-10-10 11:06:55 -0700 (Mon, 10 Oct 2005) $'

 * '$Revision: 2663 $'

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License as published by

 * the Free Software Foundation; either version 2 of the License, or

 * (at your option) any later version.

 *

 * This program is distributed in the hope that it will be useful,

 * but WITHOUT ANY WARRANTY; without even the implied warranty of

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 * GNU General Public License for more details.

 *

 * You should have received a copy of the GNU General Public License

 * along with this program; if not, write to the Free Software

 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

 */

package edu.ucsb.nceas.metacat;

import java.net.ConnectException;

import javax.servlet.http.HttpSession;

import javax.servlet.http.HttpServletRequest;

import org.apache.log4j.Logger;

/**

 * A Class that implements session tracking for MetaCatServlet users.

 * User's login data are stored in the session object.

 * User authentication is done through a dynamically determined AuthInterface.

 */

public class AuthSession {

  private String authClass = null;

  private HttpSession session = null;

  private AuthInterface authService = null;

  private String statusMessage = null;

  private static Logger logMetacat = Logger.getLogger(AuthSession.class);

  /**

   * Construct an AuthSession

   */

  public AuthSession() throws Exception {

    // Determine our session authentication method and

    // create an instance of the auth class

    MetaCatUtil util = new MetaCatUtil();

    this.authClass = util.getOption("authclass");

    this.authService = (AuthInterface)createObject(authClass);

  }

  /**

   * Get the new session

   */

  public HttpSession getSessions()

  {

    return this.session;

  }

  /**

   * determine if the credentials for this session are valid by

   * authenticating them using the authService configured for this session.

   *

   * @param request the request made from the client

   * @param username the username entered when login

   * @param password the password entered when login

   */

  public boolean authenticate(HttpServletRequest request,

                              String username, String password)  {

    String message = null;

    try {

      if ( authService.authenticate(username, password) ) {

        // getGroups returns groupname along with their description.

        // hence groups[] is generated from groupsWithDescription[][]

        String[][] groupsWithDescription =

            authService.getGroups(username,password,username);

        String groups[] = new String[groupsWithDescription.length];

        for(int i=0; i<groupsWithDescription.length; i++){

          groups[i] = groupsWithDescription[i][0];

        }

        if(groups == null)

        {

          groups = new String[0];

        }

        this.session = createSession(request, username, password, groups);

        String sessionId = session.getId();

        message = "Authentication successful for user: " + username;

        this.statusMessage = formatOutput("login", message, sessionId);

        return true;

      } else {

        message = "Authentication failed for user: " + username;

        this.statusMessage = formatOutput("unauth_login", message);

        return false;

      }

    } catch ( ConnectException ce ) {

      message = "Connection to the authentication service failed in " +

                "AuthSession.authenticate: " + ce.getMessage();

    } catch ( IllegalStateException ise ) {

      message = ise.getMessage();

    }

    this.statusMessage = formatOutput("error_login", message);

    return false;

  }

  /** Get new HttpSession and store username & password in it */

  private HttpSession createSession(HttpServletRequest request,

                                 String username, String password,

                                 String[] groups)

                      throws IllegalStateException {

    // get the current session object, create one if necessary

    HttpSession session = request.getSession(true);

    // if it is still in use invalidate and get a new one

    if ( !session.isNew() ) {

      logMetacat.info("in session is not new");

      logMetacat.info("the old session id is : " +

                                session.getId());

      logMetacat.info("the old session username : " +

                                session.getAttribute("username"));

      session.invalidate();

      logMetacat.info("in session is not new");

      session = request.getSession(true);

    }

    // store the username, password, and groupname (the first only)

    // in the session obj for use on subsequent calls to Metacat servlet

    session.setMaxInactiveInterval(-1);

    session.setAttribute("username", username);

    session.setAttribute("password", password);

    if ( groups.length > 0 ) {

      session.setAttribute("groupnames", groups);

    }

     logMetacat.info("the new session id is : " +

                                session.getId());

     logMetacat.info("the new session username : " +

                                session.getAttribute("username"));

    return session;

  }

  /**

   * Get the message associated with authenticating this session. The

   * message is formatted in XML.

   */

  public String getMessage()

  {

    return this.statusMessage;

  }

  /**

   * Get all groups and users from authentication scheme.

   * The output is formatted in XML.

   * @param user the user which requests the information

   * @param password the user's password

   */

  public String getPrincipals(String user, String password)

                throws ConnectException

  {

    return authService.getPrincipals(user, password);

  }

  /*

   * format the output in xml for processing from client applications

   *

   * @param tag the root element tag for the message (error or success)

   * @param message the message content of the root element

   */

  private String formatOutput(String tag, String message)

  {

      return formatOutput(tag, message, null);

  }

  /*

   * format the output in xml for processing from client applications

   *

   * @param tag the root element tag for the message (error or success)

   * @param message the message content of the root element

   * @param sessionId the session identifier for a successful login

   */

  private String formatOutput(String tag, String message, String sessionId)

  {

    StringBuffer out = new StringBuffer();

    out.append("<?xml version=\"1.0\"?>\n");

    out.append("<" + tag + ">");

    out.append("\n  <message>" + message + "</message>\n");

    if (sessionId != null) {

        out.append("\n  <sessionId>" + sessionId + "</sessionId>\n");

    }

    out.append("</" + tag + ">");

    return out.toString();

  }

  /**

   * Instantiate a class using the name of the class at runtime

   *

   * @param className the fully qualified name of the class to instantiate

   */

  private static Object createObject(String className) throws Exception {

    Object object = null;

    try {

      Class classDefinition = Class.forName(className);

      object = classDefinition.newInstance();

    } catch (InstantiationException e) {

      throw e;

    } catch (IllegalAccessException e) {

      throw e;

    } catch (ClassNotFoundException e) {

      throw e;

    }

    return object;

  }

}