Metacat

/**

 *  '$RCSfile$'

 *    Purpose: A Class that tracks sessions for MetaCatServlet users.

 *  Copyright: 2000 Regents of the University of California and the

 *             National Center for Ecological Analysis and Synthesis

 *    Authors: Matt Jones

 *    Release: @release@

 *

 *   '$Author: bojilova $'

 *     '$Date: 2000-10-24 13:03:07 -0700 (Tue, 24 Oct 2000) $'

 * '$Revision: 503 $'

 */

package edu.ucsb.nceas.metacat;

import java.net.ConnectException;

import javax.servlet.http.HttpSession;

import javax.servlet.http.HttpServletRequest;

/**

 * A Class that implements session tracking for MetaCatServlet users.

 * User's login data are stored in the session object.

 * User authentication is done through a dynamically determined AuthInterface.

 */

public class AuthSession {

  private String authClass = null;

  private HttpSession session = null;

  private AuthInterface authService = null;

  private boolean isAuthenticated = false;

  private String statusMessage = null;

  /** 

   * Construct an AuthSession

   *

   * @param request the request made from the client

   * @param username the username entered when login

   * @param password the password entered when login

   */

  public AuthSession(HttpServletRequest request, 

                     String username, String password)

                     throws IllegalStateException {

    // Initialize attributes

    isAuthenticated = false;

    // Determine our session authentication method and

    // create an instance of the auth class

    MetaCatUtil util = new MetaCatUtil();

    authClass = util.getOption("authclass");

    authService = (AuthInterface)createObject(authClass);

    // get the current session object, create one if necessary

    session = request.getSession(true);

    // if it is still in use invalidate and get a new one

    if ( !session.isNew() ) {

      session.invalidate();

      session = request.getSession(true);

    }

    // store username & password in the session for later use, especially by

    // the authenticate() method

    session.setMaxInactiveInterval(-1);

    session.setAttribute("username", username);

    session.setAttribute("password", password);

    session.setAttribute("isAuthenticated", new Boolean(isAuthenticated));

  }

  /** 

   * determine if the credentials for this session are valid by 

   * authenticating them using the authService configured for this session.

   * Data for authenticating is derived from the attributes stored in 

   * the session object.

   */

  public boolean authenticate()

  {

    String out = null; 

    String username = (String)session.getAttribute("username");

    String password = (String)session.getAttribute("password");

    try { 

      if ( authService.authenticate(username, password) ) {

        this.isAuthenticated = true;

        this.session.setAttribute("isAuthenticated", 

                                  new Boolean(isAuthenticated));

        String message = "User Authentication successful";

        this.statusMessage = formatOutput("success", message);

      } else {  

        String message = "Authentication failed for user: " + username;

        invalidate(message);            

      }    

    } catch ( ConnectException ce ) {

      String message = "Connection to the authentication service failed. " 

                       + ce.getMessage();

      invalidate(message);            

    }

    return this.isAuthenticated;

  }

  /**

   * Get the message associated with authenticating this session. The

   * message is formatted in XML.

   */

  public String getMessage() 

  {

    return this.statusMessage;

  }

  /**

   * Determine if the session has been successfully authenticated

   * @returns boolean true if authentication was successful, false otherwise

   */

  public boolean isAuthenticated() 

  {

    return this.isAuthenticated;

  }

  /**

   * Invalidate this HTTPSession object. 

   * All objects stored in the session are unbound.

   */

  private void invalidate(String message)

  {

    this.isAuthenticated = false;

    this.session.setAttribute("isAuthenticated", new Boolean(isAuthenticated));

    this.statusMessage = formatOutput("error", message);

    this.session.setAttribute("statusMessage", this.statusMessage);

    this.session.invalidate();

  }    

  /* 

   * format the output in xml for processing from client applications

   *

   * @param tag the root element tag for the message (error or success)

   * @param message the message content of the root element

   */

  private String formatOutput(String tag, String message) {

    StringBuffer out = new StringBuffer();

    out.append("<?xml version=\"1.0\"?>\n");

    out.append("<" + tag + ">");

    if ( tag.equals("error") ) {

      out.append(message);

    } else {

      out.append("\n  <message>" + message + "</message>\n");

      String username = (String)this.session.getAttribute("username");

      out.append("  <username>" + username + "</username>\n");

    }  

    out.append("</" + tag + ">");

    return out.toString();

  }

  /**

   * Instantiate a class using the name of the class at runtime

   *

   * @param className the fully qualified name of the class to instantiate

   */

  private static Object createObject(String className) 

  {

    Object object = null;

    try {

      Class classDefinition = Class.forName(className);

      object = classDefinition.newInstance();

    } catch (InstantiationException e) {

      System.out.println(e);

    } catch (IllegalAccessException e) {

      System.out.println(e);

    } catch (ClassNotFoundException e) {

      System.out.println(e);

    }

    return object;

  }

}