Revision 509
Added by bojilova over 23 years ago
| AuthSession.java | ||
|---|---|---|
| 25 | 25 |
public class AuthSession {
|
| 26 | 26 |
|
| 27 | 27 |
private String authClass = null; |
| 28 |
|
|
| 29 | 28 |
private HttpSession session = null; |
| 30 | 29 |
private AuthInterface authService = null; |
| 31 |
private boolean isAuthenticated = false; |
|
| 32 | 30 |
private String statusMessage = null; |
| 33 | 31 |
|
| 34 | 32 |
/** |
| 35 | 33 |
* Construct an AuthSession |
| 36 |
* |
|
| 37 |
* @param request the request made from the client |
|
| 38 |
* @param username the username entered when login |
|
| 39 |
* @param password the password entered when login |
|
| 40 | 34 |
*/ |
| 41 |
public AuthSession(HttpServletRequest request, |
|
| 42 |
String username, String password) |
|
| 43 |
throws IllegalStateException {
|
|
| 35 |
public AuthSession() throws Exception {
|
|
| 44 | 36 |
|
| 45 |
// Initialize attributes |
|
| 46 |
isAuthenticated = false; |
|
| 47 |
|
|
| 48 | 37 |
// Determine our session authentication method and |
| 49 | 38 |
// create an instance of the auth class |
| 50 | 39 |
MetaCatUtil util = new MetaCatUtil(); |
| 51 | 40 |
authClass = util.getOption("authclass");
|
| 52 | 41 |
authService = (AuthInterface)createObject(authClass); |
| 53 |
|
|
| 54 |
// get the current session object, create one if necessary |
|
| 55 |
session = request.getSession(true); |
|
| 56 |
|
|
| 57 |
// if it is still in use invalidate and get a new one |
|
| 58 |
if ( !session.isNew() ) {
|
|
| 59 |
session.invalidate(); |
|
| 60 |
session = request.getSession(true); |
|
| 61 |
} |
|
| 62 |
// store username & password in the session for later use, especially by |
|
| 63 |
// the authenticate() method |
|
| 64 |
session.setMaxInactiveInterval(-1); |
|
| 65 |
session.setAttribute("username", username);
|
|
| 66 |
session.setAttribute("password", password);
|
|
| 67 |
session.setAttribute("isAuthenticated", new Boolean(isAuthenticated));
|
|
| 42 |
|
|
| 68 | 43 |
} |
| 69 | 44 |
|
| 70 | 45 |
/** |
| 71 | 46 |
* determine if the credentials for this session are valid by |
| 72 | 47 |
* authenticating them using the authService configured for this session. |
| 73 |
* Data for authenticating is derived from the attributes stored in |
|
| 74 |
* the session object. |
|
| 48 |
* |
|
| 49 |
* @param request the request made from the client |
|
| 50 |
* @param username the username entered when login |
|
| 51 |
* @param password the password entered when login |
|
| 75 | 52 |
*/ |
| 76 |
public boolean authenticate() |
|
| 77 |
{
|
|
| 78 |
String out = null; |
|
| 79 |
String username = (String)session.getAttribute("username");
|
|
| 80 |
String password = (String)session.getAttribute("password");
|
|
| 53 |
public boolean authenticate(HttpServletRequest request, |
|
| 54 |
String username, String password) {
|
|
| 55 |
|
|
| 56 |
String message = null; |
|
| 81 | 57 |
|
| 82 | 58 |
try {
|
| 83 | 59 |
if ( authService.authenticate(username, password) ) {
|
| 84 |
this.isAuthenticated = true; |
|
| 85 |
this.session.setAttribute("isAuthenticated",
|
|
| 86 |
new Boolean(isAuthenticated)); |
|
| 87 |
String message = "User Authentication successful"; |
|
| 60 |
this.session = getSession(request, username, password); |
|
| 61 |
message = "User Authentication successful"; |
|
| 88 | 62 |
this.statusMessage = formatOutput("success", message);
|
| 63 |
return true; |
|
| 89 | 64 |
} else {
|
| 90 |
String message = "Authentication failed for user: " + username; |
|
| 91 |
invalidate(message); |
|
| 65 |
message = "Authentication failed for user: " + username; |
|
| 92 | 66 |
} |
| 93 | 67 |
} catch ( ConnectException ce ) {
|
| 94 |
String message = "Connection to the authentication service failed. "
|
|
| 68 |
message = "Connection to the authentication service failed. " |
|
| 95 | 69 |
+ ce.getMessage(); |
| 96 |
invalidate(message); |
|
| 70 |
} catch ( IllegalStateException ise ) {
|
|
| 71 |
message = ise.getMessage(); |
|
| 97 | 72 |
} |
| 98 |
return this.isAuthenticated; |
|
| 73 |
|
|
| 74 |
this.statusMessage = formatOutput("error", message);
|
|
| 75 |
return false; |
|
| 99 | 76 |
} |
| 100 | 77 |
|
| 78 |
/** Get new HttpSession and store username & password in it */ |
|
| 79 |
private HttpSession getSession(HttpServletRequest request, |
|
| 80 |
String username, String password) |
|
| 81 |
throws IllegalStateException {
|
|
| 82 |
|
|
| 83 |
// get the current session object, create one if necessary |
|
| 84 |
HttpSession session = request.getSession(true); |
|
| 85 |
|
|
| 86 |
// if it is still in use invalidate and get a new one |
|
| 87 |
if ( !session.isNew() ) {
|
|
| 88 |
session.invalidate(); |
|
| 89 |
session = request.getSession(true); |
|
| 90 |
} |
|
| 91 |
// store username & password in the session for later use, especially by |
|
| 92 |
// the authenticate() method |
|
| 93 |
session.setMaxInactiveInterval(-1); |
|
| 94 |
session.setAttribute("username", username);
|
|
| 95 |
session.setAttribute("password", password);
|
|
| 96 |
|
|
| 97 |
return session; |
|
| 98 |
} |
|
| 99 |
|
|
| 101 | 100 |
/** |
| 102 | 101 |
* Get the message associated with authenticating this session. The |
| 103 | 102 |
* message is formatted in XML. |
| ... | ... | |
| 107 | 106 |
return this.statusMessage; |
| 108 | 107 |
} |
| 109 | 108 |
|
| 109 |
/* NOT NEEDED |
|
| 110 | 110 |
/** |
| 111 | 111 |
* Determine if the session has been successfully authenticated |
| 112 | 112 |
* @returns boolean true if authentication was successful, false otherwise |
| 113 | 113 |
*/ |
| 114 |
/* |
|
| 114 | 115 |
public boolean isAuthenticated() |
| 115 | 116 |
{
|
| 116 | 117 |
return this.isAuthenticated; |
| 117 | 118 |
} |
| 119 |
*/ |
|
| 118 | 120 |
|
| 121 |
/* NOT NEEDED |
|
| 119 | 122 |
/** |
| 120 | 123 |
* Invalidate this HTTPSession object. |
| 121 | 124 |
* All objects stored in the session are unbound. |
| 122 | 125 |
*/ |
| 126 |
/* |
|
| 123 | 127 |
private void invalidate(String message) |
| 124 | 128 |
{
|
| 125 | 129 |
this.isAuthenticated = false; |
| ... | ... | |
| 128 | 132 |
this.session.setAttribute("statusMessage", this.statusMessage);
|
| 129 | 133 |
this.session.invalidate(); |
| 130 | 134 |
} |
| 131 |
|
|
| 135 |
*/ |
|
| 132 | 136 |
/* |
| 133 | 137 |
* format the output in xml for processing from client applications |
| 134 | 138 |
* |
| ... | ... | |
| 158 | 162 |
* |
| 159 | 163 |
* @param className the fully qualified name of the class to instantiate |
| 160 | 164 |
*/ |
| 161 |
private static Object createObject(String className) |
|
| 162 |
{
|
|
| 165 |
private static Object createObject(String className) throws Exception {
|
|
| 166 |
|
|
| 163 | 167 |
Object object = null; |
| 164 | 168 |
try {
|
| 165 | 169 |
Class classDefinition = Class.forName(className); |
| 166 | 170 |
object = classDefinition.newInstance(); |
| 167 | 171 |
} catch (InstantiationException e) {
|
| 168 |
System.out.println(e);
|
|
| 172 |
throw e;
|
|
| 169 | 173 |
} catch (IllegalAccessException e) {
|
| 170 |
System.out.println(e);
|
|
| 174 |
throw e;
|
|
| 171 | 175 |
} catch (ClassNotFoundException e) {
|
| 172 |
System.out.println(e);
|
|
| 176 |
throw e;
|
|
| 173 | 177 |
} |
| 174 | 178 |
return object; |
| 175 | 179 |
} |
Also available in: Unified diff
AuthMcat
- new class for authentication through MCA; implements AuthInterface
AuthSession
- assigning HttpSession obj only after successful athentication;
- cleared isAuthenticated field - not needed
- cleared invalidate() method - not needed
AuthInterface
- added input parameters: user and password for getGroups() and getUsers() interfaces
needed for making connection to the auth server
MetaCatServlet
- changed the values of action paramet to "login" and "logout"
- added handleLogoutAction() method