Revision 4080
Added by daigle almost 16 years ago
| AuthSession.java | ||
|---|---|---|
| 32 | 32 |
|
| 33 | 33 |
import org.apache.log4j.Logger; |
| 34 | 34 |
|
| 35 |
import edu.ucsb.nceas.metacat.service.PropertyService; |
|
| 36 |
import edu.ucsb.nceas.metacat.util.LDAPUtil; |
|
| 37 |
import edu.ucsb.nceas.metacat.util.UtilException; |
|
| 38 |
|
|
| 35 | 39 |
/** |
| 36 | 40 |
* A Class that implements session tracking for MetaCatServlet users. |
| 37 | 41 |
* User's login data are stored in the session object. |
| ... | ... | |
| 39 | 43 |
*/ |
| 40 | 44 |
public class AuthSession {
|
| 41 | 45 |
|
| 42 |
private String authClass = null;
|
|
| 43 |
private HttpSession session = null;
|
|
| 44 |
private AuthInterface authService = null;
|
|
| 45 |
private String statusMessage = null;
|
|
| 46 |
private static Logger logMetacat = Logger.getLogger(AuthSession.class);
|
|
| 46 |
private String authClass = null;
|
|
| 47 |
private HttpSession session = null;
|
|
| 48 |
private AuthInterface authService = null;
|
|
| 49 |
private String statusMessage = null;
|
|
| 50 |
private static Logger logMetacat = Logger.getLogger(AuthSession.class);
|
|
| 47 | 51 |
|
| 48 |
/** |
|
| 49 |
* Construct an AuthSession |
|
| 50 |
*/ |
|
| 51 |
public AuthSession() throws Exception {
|
|
| 52 |
// Determine our session authentication method and |
|
| 53 |
// create an instance of the auth class |
|
| 54 |
MetaCatUtil util = new MetaCatUtil(); |
|
| 55 |
this.authClass = util.getOption("authclass");
|
|
| 56 |
this.authService = (AuthInterface)createObject(authClass); |
|
| 57 |
} |
|
| 52 |
/** |
|
| 53 |
* Construct an AuthSession |
|
| 54 |
*/ |
|
| 55 |
public AuthSession() throws Exception {
|
|
| 56 |
// Determine our session authentication method and |
|
| 57 |
// create an instance of the auth class |
|
| 58 |
this.authClass = PropertyService.getProperty("auth.class");
|
|
| 59 |
this.authService = (AuthInterface) createObject(authClass); |
|
| 60 |
} |
|
| 58 | 61 |
|
| 59 |
/** |
|
| 60 |
* Get the new session |
|
| 61 |
*/ |
|
| 62 |
public HttpSession getSessions() |
|
| 63 |
{
|
|
| 64 |
return this.session; |
|
| 65 |
} |
|
| 62 |
/** |
|
| 63 |
* Get the new session |
|
| 64 |
*/ |
|
| 65 |
public HttpSession getSessions() {
|
|
| 66 |
return this.session; |
|
| 67 |
} |
|
| 66 | 68 |
|
| 67 |
/**
|
|
| 68 |
* determine if the credentials for this session are valid by
|
|
| 69 |
* authenticating them using the authService configured for this session.
|
|
| 70 |
*
|
|
| 71 |
* @param request the request made from the client
|
|
| 72 |
* @param username the username entered when login
|
|
| 73 |
* @param password the password entered when login
|
|
| 74 |
*/
|
|
| 75 |
public boolean authenticate(HttpServletRequest request,
|
|
| 76 |
String username, String password) {
|
|
| 77 |
String message = null;
|
|
| 78 |
try {
|
|
| 79 |
if ( authService.authenticate(username, password) ) {
|
|
| 69 |
/**
|
|
| 70 |
* determine if the credentials for this session are valid by
|
|
| 71 |
* authenticating them using the authService configured for this session.
|
|
| 72 |
*
|
|
| 73 |
* @param request the request made from the client
|
|
| 74 |
* @param username the username entered when login
|
|
| 75 |
* @param password the password entered when login
|
|
| 76 |
*/
|
|
| 77 |
public boolean authenticate(HttpServletRequest request, String username,
|
|
| 78 |
String password) {
|
|
| 79 |
String message = null;
|
|
| 80 |
try {
|
|
| 81 |
if (authService.authenticate(username, password)) {
|
|
| 80 | 82 |
|
| 81 |
// getGroups returns groupname along with their description. |
|
| 82 |
// hence groups[] is generated from groupsWithDescription[][] |
|
| 83 |
String[][] groupsWithDescription = |
|
| 84 |
authService.getGroups(username,password,username); |
|
| 85 |
String groups[] = new String[groupsWithDescription.length]; |
|
| 86 |
|
|
| 87 |
for(int i=0; i<groupsWithDescription.length; i++){
|
|
| 88 |
groups[i] = groupsWithDescription[i][0]; |
|
| 89 |
} |
|
| 83 |
// getGroups returns groupname along with their description. |
|
| 84 |
// hence groups[] is generated from groupsWithDescription[][] |
|
| 85 |
String[][] groupsWithDescription = authService.getGroups(username, |
|
| 86 |
password, username); |
|
| 87 |
String groups[] = new String[groupsWithDescription.length]; |
|
| 90 | 88 |
|
| 91 |
if(groups == null) |
|
| 92 |
{
|
|
| 93 |
groups = new String[0]; |
|
| 94 |
} |
|
| 95 |
|
|
| 96 |
String[] userInfo = |
|
| 97 |
authService.getUserInfo(username,password); |
|
| 98 |
|
|
| 99 |
|
|
| 100 |
this.session = createSession(request, username, password, groups, userInfo); |
|
| 101 |
String sessionId = session.getId(); |
|
| 102 |
message = "Authentication successful for user: " + username; |
|
| 103 |
this.statusMessage = formatOutput("login", message, sessionId, username, groups, userInfo);
|
|
| 104 |
return true; |
|
| 105 |
} else {
|
|
| 106 |
message = "Authentication failed for user: " + username; |
|
| 107 |
this.statusMessage = formatOutput("unauth_login", message);
|
|
| 108 |
return false; |
|
| 109 |
} |
|
| 110 |
} catch ( ConnectException ce ) {
|
|
| 111 |
message = "Connection to the authentication service failed in " + |
|
| 112 |
"AuthSession.authenticate: " + ce.getMessage(); |
|
| 113 |
} catch ( IllegalStateException ise ) {
|
|
| 114 |
message = ise.getMessage(); |
|
| 115 |
} |
|
| 89 |
for (int i = 0; i < groupsWithDescription.length; i++) {
|
|
| 90 |
groups[i] = groupsWithDescription[i][0]; |
|
| 91 |
} |
|
| 116 | 92 |
|
| 117 |
this.statusMessage = formatOutput("error_login", message);
|
|
| 118 |
return false;
|
|
| 119 |
}
|
|
| 93 |
if (groups == null) {
|
|
| 94 |
groups = new String[0];
|
|
| 95 |
}
|
|
| 120 | 96 |
|
| 121 |
/** Get new HttpSession and store username & password in it */ |
|
| 122 |
private HttpSession createSession(HttpServletRequest request, |
|
| 123 |
String username, String password, |
|
| 124 |
String[] groups, String[] userInfo) |
|
| 125 |
throws IllegalStateException {
|
|
| 97 |
String[] userInfo = authService.getUserInfo(username, password); |
|
| 126 | 98 |
|
| 127 |
// get the current session object, create one if necessary |
|
| 128 |
HttpSession session = request.getSession(true); |
|
| 99 |
this.session = createSession(request, username, password, groups, |
|
| 100 |
userInfo); |
|
| 101 |
String sessionId = session.getId(); |
|
| 102 |
message = "Authentication successful for user: " + username; |
|
| 103 |
this.statusMessage = formatOutput("login", message, sessionId, username,
|
|
| 104 |
groups, userInfo); |
|
| 105 |
return true; |
|
| 106 |
} else {
|
|
| 107 |
message = "Authentication failed for user: " + username; |
|
| 108 |
this.statusMessage = formatOutput("unauth_login", message);
|
|
| 109 |
return false; |
|
| 110 |
} |
|
| 111 |
} catch (ConnectException ce) {
|
|
| 112 |
message = "Connection to the authentication service failed in " |
|
| 113 |
+ "AuthSession.authenticate: " + ce.getMessage(); |
|
| 114 |
} catch (IllegalStateException ise) {
|
|
| 115 |
message = ise.getMessage(); |
|
| 116 |
} |
|
| 129 | 117 |
|
| 130 |
// if it is still in use invalidate and get a new one |
|
| 131 |
if ( !session.isNew() ) {
|
|
| 132 |
logMetacat.info("in session is not new");
|
|
| 133 |
logMetacat.info("the old session id is : " +
|
|
| 134 |
session.getId()); |
|
| 135 |
logMetacat.info("the old session username : " +
|
|
| 136 |
session.getAttribute("username"));
|
|
| 137 |
session.invalidate(); |
|
| 138 |
logMetacat.info("in session is not new");
|
|
| 139 |
session = request.getSession(true); |
|
| 140 |
} |
|
| 141 |
// store the username, password, and groupname (the first only) |
|
| 142 |
// in the session obj for use on subsequent calls to Metacat servlet |
|
| 143 |
session.setMaxInactiveInterval(-1); |
|
| 144 |
session.setAttribute("username", username);
|
|
| 145 |
session.setAttribute("password", password);
|
|
| 146 |
|
|
| 147 |
if ( userInfo!=null & userInfo.length == 3 ) {
|
|
| 148 |
session.setAttribute("name", userInfo[0]);
|
|
| 149 |
session.setAttribute("organization", userInfo[1]);
|
|
| 150 |
session.setAttribute("email", userInfo[2]);
|
|
| 151 |
} |
|
| 152 |
|
|
| 153 |
if ( groups.length > 0 ) {
|
|
| 154 |
session.setAttribute("groupnames", groups);
|
|
| 155 |
} |
|
| 156 |
logMetacat.info("the new session id is : " +
|
|
| 157 |
session.getId()); |
|
| 158 |
logMetacat.info("the new session username : " +
|
|
| 159 |
session.getAttribute("username"));
|
|
| 160 |
return session; |
|
| 161 |
} |
|
| 118 |
this.statusMessage = formatOutput("error_login", message);
|
|
| 119 |
return false; |
|
| 120 |
} |
|
| 162 | 121 |
|
| 163 |
/** |
|
| 164 |
* Get the message associated with authenticating this session. The |
|
| 165 |
* message is formatted in XML. |
|
| 166 |
*/ |
|
| 167 |
public String getMessage() |
|
| 168 |
{
|
|
| 169 |
return this.statusMessage; |
|
| 170 |
} |
|
| 122 |
/** Get new HttpSession and store username & password in it */ |
|
| 123 |
private HttpSession createSession(HttpServletRequest request, String username, |
|
| 124 |
String password, String[] groups, String[] userInfo) |
|
| 125 |
throws IllegalStateException {
|
|
| 171 | 126 |
|
| 172 |
/** |
|
| 173 |
* Get all groups and users from authentication scheme. |
|
| 174 |
* The output is formatted in XML. |
|
| 175 |
* @param user the user which requests the information |
|
| 176 |
* @param password the user's password |
|
| 177 |
*/ |
|
| 178 |
public String getPrincipals(String user, String password) |
|
| 179 |
throws ConnectException |
|
| 180 |
{
|
|
| 181 |
return authService.getPrincipals(user, password); |
|
| 182 |
} |
|
| 127 |
// get the current session object, create one if necessary |
|
| 128 |
HttpSession session = request.getSession(true); |
|
| 183 | 129 |
|
| 184 |
/* |
|
| 185 |
* format the output in xml for processing from client applications |
|
| 186 |
* |
|
| 187 |
* @param tag the root element tag for the message (error or success) |
|
| 188 |
* @param message the message content of the root element |
|
| 189 |
*/ |
|
| 190 |
private String formatOutput(String tag, String message) |
|
| 191 |
{
|
|
| 192 |
return formatOutput(tag, message, null, null, null, null); |
|
| 193 |
} |
|
| 130 |
// if it is still in use invalidate and get a new one |
|
| 131 |
if (!session.isNew()) {
|
|
| 132 |
logMetacat.info("in session is not new");
|
|
| 133 |
logMetacat.info("the old session id is : " + session.getId());
|
|
| 134 |
logMetacat.info("the old session username : "
|
|
| 135 |
+ session.getAttribute("username"));
|
|
| 136 |
session.invalidate(); |
|
| 137 |
logMetacat.info("in session is not new");
|
|
| 138 |
session = request.getSession(true); |
|
| 139 |
} |
|
| 140 |
// store the username, password, and groupname (the first only) |
|
| 141 |
// in the session obj for use on subsequent calls to Metacat servlet |
|
| 142 |
session.setMaxInactiveInterval(-1); |
|
| 143 |
session.setAttribute("username", username);
|
|
| 144 |
session.setAttribute("password", password);
|
|
| 194 | 145 |
|
| 195 |
/* |
|
| 196 |
* format the output in xml for processing from client applications |
|
| 197 |
* |
|
| 198 |
* @param tag the root element tag for the message (error or success) |
|
| 199 |
* @param message the message content of the root element |
|
| 200 |
* @param sessionId the session identifier for a successful login |
|
| 201 |
*/ |
|
| 202 |
private String formatOutput(String tag, String message, |
|
| 203 |
String sessionId, String username, String[] groups, |
|
| 204 |
String userInfo[]) |
|
| 205 |
{
|
|
| 206 |
StringBuffer out = new StringBuffer(); |
|
| 146 |
if (userInfo != null & userInfo.length == 3) {
|
|
| 147 |
session.setAttribute("name", userInfo[0]);
|
|
| 148 |
session.setAttribute("organization", userInfo[1]);
|
|
| 149 |
session.setAttribute("email", userInfo[2]);
|
|
| 150 |
} |
|
| 207 | 151 |
|
| 208 |
out.append("<?xml version=\"1.0\"?>\n");
|
|
| 209 |
out.append("<" + tag + ">");
|
|
| 210 |
out.append("\n <message>" + message + "</message>\n");
|
|
| 211 |
if (sessionId != null) {
|
|
| 212 |
out.append("\n <sessionId>" + sessionId + "</sessionId>\n");
|
|
| 213 |
|
|
| 214 |
if(userInfo != null && userInfo[0]!=null){
|
|
| 215 |
out.append("\n<name>\n");
|
|
| 216 |
out.append(userInfo[0]); |
|
| 217 |
out.append("\n</name>\n");
|
|
| 218 |
} |
|
| 219 |
|
|
| 220 |
// insert <isAdministrator> tag if the user is an administrator |
|
| 221 |
if(MetaCatUtil.isAdministrator(username,groups)){
|
|
| 222 |
out.append("\n <isAdministrator></isAdministrator>\n");
|
|
| 223 |
} |
|
| 224 |
|
|
| 225 |
// insert <isModerator> tag if the user is a Moderator |
|
| 226 |
if(MetaCatUtil.isModerator(username,groups)){
|
|
| 227 |
out.append("\n <isModerator></isModerator>\n");
|
|
| 228 |
} |
|
| 229 |
} |
|
| 230 |
out.append("</" + tag + ">");
|
|
| 152 |
if (groups.length > 0) {
|
|
| 153 |
session.setAttribute("groupnames", groups);
|
|
| 154 |
} |
|
| 155 |
logMetacat.info("the new session id is : " + session.getId());
|
|
| 156 |
logMetacat.info("the new session username : " + session.getAttribute("username"));
|
|
| 157 |
return session; |
|
| 158 |
} |
|
| 231 | 159 |
|
| 232 |
return out.toString(); |
|
| 233 |
} |
|
| 160 |
/** |
|
| 161 |
* Get the message associated with authenticating this session. The |
|
| 162 |
* message is formatted in XML. |
|
| 163 |
*/ |
|
| 164 |
public String getMessage() {
|
|
| 165 |
return this.statusMessage; |
|
| 166 |
} |
|
| 234 | 167 |
|
| 235 |
/** |
|
| 236 |
* Instantiate a class using the name of the class at runtime |
|
| 237 |
* |
|
| 238 |
* @param className the fully qualified name of the class to instantiate |
|
| 239 |
*/ |
|
| 240 |
private static Object createObject(String className) throws Exception {
|
|
| 168 |
/** |
|
| 169 |
* Get all groups and users from authentication scheme. |
|
| 170 |
* The output is formatted in XML. |
|
| 171 |
* @param user the user which requests the information |
|
| 172 |
* @param password the user's password |
|
| 173 |
*/ |
|
| 174 |
public String getPrincipals(String user, String password) throws ConnectException {
|
|
| 175 |
return authService.getPrincipals(user, password); |
|
| 176 |
} |
|
| 241 | 177 |
|
| 242 |
Object object = null; |
|
| 243 |
try {
|
|
| 244 |
Class classDefinition = Class.forName(className); |
|
| 245 |
object = classDefinition.newInstance(); |
|
| 246 |
} catch (InstantiationException e) {
|
|
| 247 |
throw e; |
|
| 248 |
} catch (IllegalAccessException e) {
|
|
| 249 |
throw e; |
|
| 250 |
} catch (ClassNotFoundException e) {
|
|
| 251 |
throw e; |
|
| 252 |
} |
|
| 253 |
return object; |
|
| 254 |
} |
|
| 178 |
/* |
|
| 179 |
* format the output in xml for processing from client applications |
|
| 180 |
* |
|
| 181 |
* @param tag the root element tag for the message (error or success) |
|
| 182 |
* @param message the message content of the root element |
|
| 183 |
*/ |
|
| 184 |
private String formatOutput(String tag, String message) {
|
|
| 185 |
return formatOutput(tag, message, null, null, null, null); |
|
| 186 |
} |
|
| 187 |
|
|
| 188 |
/* |
|
| 189 |
* format the output in xml for processing from client applications |
|
| 190 |
* |
|
| 191 |
* @param tag the root element tag for the message (error or success) |
|
| 192 |
* @param message the message content of the root element |
|
| 193 |
* @param sessionId the session identifier for a successful login |
|
| 194 |
*/ |
|
| 195 |
private String formatOutput(String tag, String message, String sessionId, |
|
| 196 |
String username, String[] groups, String userInfo[]) {
|
|
| 197 |
StringBuffer out = new StringBuffer(); |
|
| 198 |
|
|
| 199 |
out.append("<?xml version=\"1.0\"?>\n");
|
|
| 200 |
out.append("<" + tag + ">");
|
|
| 201 |
out.append("\n <message>" + message + "</message>\n");
|
|
| 202 |
if (sessionId != null) {
|
|
| 203 |
out.append("\n <sessionId>" + sessionId + "</sessionId>\n");
|
|
| 204 |
|
|
| 205 |
if (userInfo != null && userInfo[0] != null) {
|
|
| 206 |
out.append("\n<name>\n");
|
|
| 207 |
out.append(userInfo[0]); |
|
| 208 |
out.append("\n</name>\n");
|
|
| 209 |
} |
|
| 210 |
|
|
| 211 |
try {
|
|
| 212 |
// insert <isAdministrator> tag if the user is an administrator |
|
| 213 |
if (LDAPUtil.isAdministrator(username, groups)) {
|
|
| 214 |
out.append("\n <isAdministrator></isAdministrator>\n");
|
|
| 215 |
} |
|
| 216 |
} catch (UtilException ue) {
|
|
| 217 |
logMetacat.error("Could not determine if user is administrator. "
|
|
| 218 |
+ "Omitting from xml output: " + ue.getMessage()); |
|
| 219 |
} |
|
| 220 |
|
|
| 221 |
// insert <isModerator> tag if the user is a Moderator |
|
| 222 |
if (LDAPUtil.isModerator(username, groups)) {
|
|
| 223 |
out.append("\n <isModerator></isModerator>\n");
|
|
| 224 |
} |
|
| 225 |
} |
|
| 226 |
out.append("</" + tag + ">");
|
|
| 227 |
|
|
| 228 |
return out.toString(); |
|
| 229 |
} |
|
| 230 |
|
|
| 231 |
/** |
|
| 232 |
* Instantiate a class using the name of the class at runtime |
|
| 233 |
* |
|
| 234 |
* @param className the fully qualified name of the class to instantiate |
|
| 235 |
*/ |
|
| 236 |
private static Object createObject(String className) throws Exception {
|
|
| 237 |
|
|
| 238 |
Object object = null; |
|
| 239 |
try {
|
|
| 240 |
Class classDefinition = Class.forName(className); |
|
| 241 |
object = classDefinition.newInstance(); |
|
| 242 |
} catch (InstantiationException e) {
|
|
| 243 |
throw e; |
|
| 244 |
} catch (IllegalAccessException e) {
|
|
| 245 |
throw e; |
|
| 246 |
} catch (ClassNotFoundException e) {
|
|
| 247 |
throw e; |
|
| 248 |
} |
|
| 249 |
return object; |
|
| 250 |
} |
|
| 251 |
|
|
| 252 |
/** |
|
| 253 |
* Instantiate a class using the name of the class at runtime |
|
| 254 |
* |
|
| 255 |
* @param className the fully qualified name of the class to instantiate |
|
| 256 |
*/ |
|
| 257 |
private static Object createObject(String className, String orgName) throws Exception {
|
|
| 258 |
|
|
| 259 |
Object object = null; |
|
| 260 |
try {
|
|
| 261 |
Class classDefinition = Class.forName(className); |
|
| 262 |
object = classDefinition.newInstance(); |
|
| 263 |
} catch (InstantiationException e) {
|
|
| 264 |
throw e; |
|
| 265 |
} catch (IllegalAccessException e) {
|
|
| 266 |
throw e; |
|
| 267 |
} catch (ClassNotFoundException e) {
|
|
| 268 |
throw e; |
|
| 269 |
} |
|
| 270 |
return object; |
|
| 271 |
} |
|
| 255 | 272 |
} |
Also available in: Unified diff
Merge 1.9 changes into Head