Revision 509
Added by bojilova over 23 years ago
AuthSession.java | ||
---|---|---|
25 | 25 |
public class AuthSession { |
26 | 26 |
|
27 | 27 |
private String authClass = null; |
28 |
|
|
29 | 28 |
private HttpSession session = null; |
30 | 29 |
private AuthInterface authService = null; |
31 |
private boolean isAuthenticated = false; |
|
32 | 30 |
private String statusMessage = null; |
33 | 31 |
|
34 | 32 |
/** |
35 | 33 |
* Construct an AuthSession |
36 |
* |
|
37 |
* @param request the request made from the client |
|
38 |
* @param username the username entered when login |
|
39 |
* @param password the password entered when login |
|
40 | 34 |
*/ |
41 |
public AuthSession(HttpServletRequest request, |
|
42 |
String username, String password) |
|
43 |
throws IllegalStateException { |
|
35 |
public AuthSession() throws Exception { |
|
44 | 36 |
|
45 |
// Initialize attributes |
|
46 |
isAuthenticated = false; |
|
47 |
|
|
48 | 37 |
// Determine our session authentication method and |
49 | 38 |
// create an instance of the auth class |
50 | 39 |
MetaCatUtil util = new MetaCatUtil(); |
51 | 40 |
authClass = util.getOption("authclass"); |
52 | 41 |
authService = (AuthInterface)createObject(authClass); |
53 |
|
|
54 |
// get the current session object, create one if necessary |
|
55 |
session = request.getSession(true); |
|
56 |
|
|
57 |
// if it is still in use invalidate and get a new one |
|
58 |
if ( !session.isNew() ) { |
|
59 |
session.invalidate(); |
|
60 |
session = request.getSession(true); |
|
61 |
} |
|
62 |
// store username & password in the session for later use, especially by |
|
63 |
// the authenticate() method |
|
64 |
session.setMaxInactiveInterval(-1); |
|
65 |
session.setAttribute("username", username); |
|
66 |
session.setAttribute("password", password); |
|
67 |
session.setAttribute("isAuthenticated", new Boolean(isAuthenticated)); |
|
42 |
|
|
68 | 43 |
} |
69 | 44 |
|
70 | 45 |
/** |
71 | 46 |
* determine if the credentials for this session are valid by |
72 | 47 |
* authenticating them using the authService configured for this session. |
73 |
* Data for authenticating is derived from the attributes stored in |
|
74 |
* the session object. |
|
48 |
* |
|
49 |
* @param request the request made from the client |
|
50 |
* @param username the username entered when login |
|
51 |
* @param password the password entered when login |
|
75 | 52 |
*/ |
76 |
public boolean authenticate() |
|
77 |
{ |
|
78 |
String out = null; |
|
79 |
String username = (String)session.getAttribute("username"); |
|
80 |
String password = (String)session.getAttribute("password"); |
|
53 |
public boolean authenticate(HttpServletRequest request, |
|
54 |
String username, String password) { |
|
55 |
|
|
56 |
String message = null; |
|
81 | 57 |
|
82 | 58 |
try { |
83 | 59 |
if ( authService.authenticate(username, password) ) { |
84 |
this.isAuthenticated = true; |
|
85 |
this.session.setAttribute("isAuthenticated", |
|
86 |
new Boolean(isAuthenticated)); |
|
87 |
String message = "User Authentication successful"; |
|
60 |
this.session = getSession(request, username, password); |
|
61 |
message = "User Authentication successful"; |
|
88 | 62 |
this.statusMessage = formatOutput("success", message); |
63 |
return true; |
|
89 | 64 |
} else { |
90 |
String message = "Authentication failed for user: " + username; |
|
91 |
invalidate(message); |
|
65 |
message = "Authentication failed for user: " + username; |
|
92 | 66 |
} |
93 | 67 |
} catch ( ConnectException ce ) { |
94 |
String message = "Connection to the authentication service failed. "
|
|
68 |
message = "Connection to the authentication service failed. " |
|
95 | 69 |
+ ce.getMessage(); |
96 |
invalidate(message); |
|
70 |
} catch ( IllegalStateException ise ) { |
|
71 |
message = ise.getMessage(); |
|
97 | 72 |
} |
98 |
return this.isAuthenticated; |
|
73 |
|
|
74 |
this.statusMessage = formatOutput("error", message); |
|
75 |
return false; |
|
99 | 76 |
} |
100 | 77 |
|
78 |
/** Get new HttpSession and store username & password in it */ |
|
79 |
private HttpSession getSession(HttpServletRequest request, |
|
80 |
String username, String password) |
|
81 |
throws IllegalStateException { |
|
82 |
|
|
83 |
// get the current session object, create one if necessary |
|
84 |
HttpSession session = request.getSession(true); |
|
85 |
|
|
86 |
// if it is still in use invalidate and get a new one |
|
87 |
if ( !session.isNew() ) { |
|
88 |
session.invalidate(); |
|
89 |
session = request.getSession(true); |
|
90 |
} |
|
91 |
// store username & password in the session for later use, especially by |
|
92 |
// the authenticate() method |
|
93 |
session.setMaxInactiveInterval(-1); |
|
94 |
session.setAttribute("username", username); |
|
95 |
session.setAttribute("password", password); |
|
96 |
|
|
97 |
return session; |
|
98 |
} |
|
99 |
|
|
101 | 100 |
/** |
102 | 101 |
* Get the message associated with authenticating this session. The |
103 | 102 |
* message is formatted in XML. |
... | ... | |
107 | 106 |
return this.statusMessage; |
108 | 107 |
} |
109 | 108 |
|
109 |
/* NOT NEEDED |
|
110 | 110 |
/** |
111 | 111 |
* Determine if the session has been successfully authenticated |
112 | 112 |
* @returns boolean true if authentication was successful, false otherwise |
113 | 113 |
*/ |
114 |
/* |
|
114 | 115 |
public boolean isAuthenticated() |
115 | 116 |
{ |
116 | 117 |
return this.isAuthenticated; |
117 | 118 |
} |
119 |
*/ |
|
118 | 120 |
|
121 |
/* NOT NEEDED |
|
119 | 122 |
/** |
120 | 123 |
* Invalidate this HTTPSession object. |
121 | 124 |
* All objects stored in the session are unbound. |
122 | 125 |
*/ |
126 |
/* |
|
123 | 127 |
private void invalidate(String message) |
124 | 128 |
{ |
125 | 129 |
this.isAuthenticated = false; |
... | ... | |
128 | 132 |
this.session.setAttribute("statusMessage", this.statusMessage); |
129 | 133 |
this.session.invalidate(); |
130 | 134 |
} |
131 |
|
|
135 |
*/ |
|
132 | 136 |
/* |
133 | 137 |
* format the output in xml for processing from client applications |
134 | 138 |
* |
... | ... | |
158 | 162 |
* |
159 | 163 |
* @param className the fully qualified name of the class to instantiate |
160 | 164 |
*/ |
161 |
private static Object createObject(String className) |
|
162 |
{ |
|
165 |
private static Object createObject(String className) throws Exception {
|
|
166 |
|
|
163 | 167 |
Object object = null; |
164 | 168 |
try { |
165 | 169 |
Class classDefinition = Class.forName(className); |
166 | 170 |
object = classDefinition.newInstance(); |
167 | 171 |
} catch (InstantiationException e) { |
168 |
System.out.println(e);
|
|
172 |
throw e;
|
|
169 | 173 |
} catch (IllegalAccessException e) { |
170 |
System.out.println(e);
|
|
174 |
throw e;
|
|
171 | 175 |
} catch (ClassNotFoundException e) { |
172 |
System.out.println(e);
|
|
176 |
throw e;
|
|
173 | 177 |
} |
174 | 178 |
return object; |
175 | 179 |
} |
Also available in: Unified diff
AuthMcat
- new class for authentication through MCA; implements AuthInterface
AuthSession
- assigning HttpSession obj only after successful athentication;
- cleared isAuthenticated field - not needed
- cleared invalidate() method - not needed
AuthInterface
- added input parameters: user and password for getGroups() and getUsers() interfaces
needed for making connection to the auth server
MetaCatServlet
- changed the values of action paramet to "login" and "logout"
- added handleLogoutAction() method