Metacat

/**

 *  '$RCSfile$'

 *    Purpose: A Class that tracks sessions for MetaCatServlet users.

 *  Copyright: 2000 Regents of the University of California and the

 *             National Center for Ecological Analysis and Synthesis

 *    Authors: Matt Jones

 *    Release: @release@

 *

 *   '$Author: bojilova $'

 *     '$Date: 2000-10-31 15:26:43 -0800 (Tue, 31 Oct 2000) $'

 * '$Revision: 509 $'

 */

package edu.ucsb.nceas.metacat;

import java.net.ConnectException;

import javax.servlet.http.HttpSession;

import javax.servlet.http.HttpServletRequest;

/**

 * A Class that implements session tracking for MetaCatServlet users.

 * User's login data are stored in the session object.

 * User authentication is done through a dynamically determined AuthInterface.

 */

public class AuthSession {

  private String authClass = null;

  private HttpSession session = null;

  private AuthInterface authService = null;

  private String statusMessage = null;

  /** 

   * Construct an AuthSession

   */

  public AuthSession() throws Exception {

    // Determine our session authentication method and

    // create an instance of the auth class

    MetaCatUtil util = new MetaCatUtil();

    authClass = util.getOption("authclass");

    authService = (AuthInterface)createObject(authClass);

  }

  /** 

   * determine if the credentials for this session are valid by 

   * authenticating them using the authService configured for this session.

   *

   * @param request the request made from the client

   * @param username the username entered when login

   * @param password the password entered when login

   */

  public boolean authenticate(HttpServletRequest request, 

                        String username, String password)  {

    String message = null;

    try { 

      if ( authService.authenticate(username, password) ) {

        this.session = getSession(request, username, password);

        message = "User Authentication successful";

        this.statusMessage = formatOutput("success", message);

        return true;

      } else {  

        message = "Authentication failed for user: " + username;

      }    

    } catch ( ConnectException ce ) {

      message = "Connection to the authentication service failed. " 

                       + ce.getMessage();

    } catch ( IllegalStateException ise ) {

      message = ise.getMessage();

    }

    this.statusMessage = formatOutput("error", message);

    return false;

  }

  /** Get new HttpSession and store username & password in it */

  private HttpSession getSession(HttpServletRequest request, 

                            String username, String password)  

                                throws IllegalStateException {

    // get the current session object, create one if necessary

    HttpSession session = request.getSession(true);

    // if it is still in use invalidate and get a new one

    if ( !session.isNew() ) {

      session.invalidate();

      session = request.getSession(true);

    }

    // store username & password in the session for later use, especially by

    // the authenticate() method

    session.setMaxInactiveInterval(-1);

    session.setAttribute("username", username);

    session.setAttribute("password", password);

    return session;

  }

  /**

   * Get the message associated with authenticating this session. The

   * message is formatted in XML.

   */

  public String getMessage() 

  {

    return this.statusMessage;

  }

/* NOT NEEDED

  /**

   * Determine if the session has been successfully authenticated

   * @returns boolean true if authentication was successful, false otherwise

   */

/*

  public boolean isAuthenticated() 

  {

    return this.isAuthenticated;

  }

*/

/* NOT NEEDED

  /**

   * Invalidate this HTTPSession object. 

   * All objects stored in the session are unbound.

   */

/*

  private void invalidate(String message)

  {

    this.isAuthenticated = false;

    this.session.setAttribute("isAuthenticated", new Boolean(isAuthenticated));

    this.statusMessage = formatOutput("error", message);

    this.session.setAttribute("statusMessage", this.statusMessage);

    this.session.invalidate();

  }    

*/

  /* 

   * format the output in xml for processing from client applications

   *

   * @param tag the root element tag for the message (error or success)

   * @param message the message content of the root element

   */

  private String formatOutput(String tag, String message) {

    StringBuffer out = new StringBuffer();

    out.append("<?xml version=\"1.0\"?>\n");

    out.append("<" + tag + ">");

    if ( tag.equals("error") ) {

      out.append(message);

    } else {

      out.append("\n  <message>" + message + "</message>\n");

      String username = (String)this.session.getAttribute("username");

      out.append("  <username>" + username + "</username>\n");

    }  

    out.append("</" + tag + ">");

    return out.toString();

  }

  /**

   * Instantiate a class using the name of the class at runtime

   *

   * @param className the fully qualified name of the class to instantiate

   */

  private static Object createObject(String className) throws Exception {

    Object object = null;

    try {

      Class classDefinition = Class.forName(className);

      object = classDefinition.newInstance();

    } catch (InstantiationException e) {

      throw e;

    } catch (IllegalAccessException e) {

      throw e;

    } catch (ClassNotFoundException e) {

      throw e;

    }

    return object;

  }

}