Project

General

Profile

1 503 bojilova
/**
2
 *  '$RCSfile$'
3
 *    Purpose: A Class that tracks sessions for MetaCatServlet users.
4
 *  Copyright: 2000 Regents of the University of California and the
5
 *             National Center for Ecological Analysis and Synthesis
6
 *    Authors: Matt Jones
7
 *    Release: @release@
8
 *
9
 *   '$Author$'
10
 *     '$Date$'
11
 * '$Revision$'
12
 */
13
14
package edu.ucsb.nceas.metacat;
15
16
import java.net.ConnectException;
17
import javax.servlet.http.HttpSession;
18
import javax.servlet.http.HttpServletRequest;
19
20
/**
21
 * A Class that implements session tracking for MetaCatServlet users.
22
 * User's login data are stored in the session object.
23
 * User authentication is done through a dynamically determined AuthInterface.
24
 */
25
public class AuthSession {
26
27
  private String authClass = null;
28
  private HttpSession session = null;
29
  private AuthInterface authService = null;
30
  private String statusMessage = null;
31
32
  /**
33
   * Construct an AuthSession
34
   */
35 509 bojilova
  public AuthSession() throws Exception {
36 503 bojilova
37
    // Determine our session authentication method and
38
    // create an instance of the auth class
39
    MetaCatUtil util = new MetaCatUtil();
40
    authClass = util.getOption("authclass");
41
    authService = (AuthInterface)createObject(authClass);
42 509 bojilova
43 503 bojilova
  }
44
45
  /**
46
   * determine if the credentials for this session are valid by
47
   * authenticating them using the authService configured for this session.
48 509 bojilova
   *
49
   * @param request the request made from the client
50
   * @param username the username entered when login
51
   * @param password the password entered when login
52 503 bojilova
   */
53 509 bojilova
  public boolean authenticate(HttpServletRequest request,
54
                        String username, String password)  {
55
56
    String message = null;
57 503 bojilova
58
    try {
59
      if ( authService.authenticate(username, password) ) {
60 509 bojilova
        this.session = getSession(request, username, password);
61 510 bojilova
        message = "Authentication successful for user: " + username;
62
        this.statusMessage = formatOutput("login", message);
63 509 bojilova
        return true;
64 503 bojilova
      } else {
65 509 bojilova
        message = "Authentication failed for user: " + username;
66 510 bojilova
        this.statusMessage = formatOutput("unauth_login", message);
67
        return false;
68 503 bojilova
      }
69
    } catch ( ConnectException ce ) {
70 509 bojilova
      message = "Connection to the authentication service failed. "
71 503 bojilova
                       + ce.getMessage();
72 509 bojilova
    } catch ( IllegalStateException ise ) {
73
      message = ise.getMessage();
74 503 bojilova
    }
75 509 bojilova
76 510 bojilova
    this.statusMessage = formatOutput("error_login", message);
77 509 bojilova
    return false;
78 503 bojilova
  }
79
80 509 bojilova
  /** Get new HttpSession and store username & password in it */
81
  private HttpSession getSession(HttpServletRequest request,
82
                            String username, String password)
83
                                throws IllegalStateException {
84
85
    // get the current session object, create one if necessary
86
    HttpSession session = request.getSession(true);
87
88
    // if it is still in use invalidate and get a new one
89
    if ( !session.isNew() ) {
90
      session.invalidate();
91
      session = request.getSession(true);
92
    }
93
    // store username & password in the session for later use, especially by
94
    // the authenticate() method
95
    session.setMaxInactiveInterval(-1);
96
    session.setAttribute("username", username);
97
    session.setAttribute("password", password);
98
99
    return session;
100
  }
101
102 503 bojilova
  /**
103
   * Get the message associated with authenticating this session. The
104
   * message is formatted in XML.
105
   */
106
  public String getMessage()
107
  {
108
    return this.statusMessage;
109
  }
110
111 509 bojilova
/* NOT NEEDED
112 503 bojilova
  /**
113
   * Determine if the session has been successfully authenticated
114
   * @returns boolean true if authentication was successful, false otherwise
115
   */
116 509 bojilova
/*
117 503 bojilova
  public boolean isAuthenticated()
118
  {
119
    return this.isAuthenticated;
120
  }
121 509 bojilova
*/
122 503 bojilova
123 509 bojilova
/* NOT NEEDED
124 503 bojilova
  /**
125
   * Invalidate this HTTPSession object.
126
   * All objects stored in the session are unbound.
127
   */
128 509 bojilova
/*
129 503 bojilova
  private void invalidate(String message)
130
  {
131
    this.isAuthenticated = false;
132
    this.session.setAttribute("isAuthenticated", new Boolean(isAuthenticated));
133
    this.statusMessage = formatOutput("error", message);
134
    this.session.setAttribute("statusMessage", this.statusMessage);
135
    this.session.invalidate();
136
  }
137 509 bojilova
*/
138 503 bojilova
  /*
139
   * format the output in xml for processing from client applications
140
   *
141
   * @param tag the root element tag for the message (error or success)
142
   * @param message the message content of the root element
143
   */
144
  private String formatOutput(String tag, String message) {
145
146
    StringBuffer out = new StringBuffer();
147
148
    out.append("<?xml version=\"1.0\"?>\n");
149
    out.append("<" + tag + ">");
150 510 bojilova
    out.append("\n  <message>" + message + "</message>\n");
151 503 bojilova
    out.append("</" + tag + ">");
152
153
    return out.toString();
154
  }
155
156
  /**
157
   * Instantiate a class using the name of the class at runtime
158
   *
159
   * @param className the fully qualified name of the class to instantiate
160
   */
161 509 bojilova
  private static Object createObject(String className) throws Exception {
162
163 503 bojilova
    Object object = null;
164
    try {
165
      Class classDefinition = Class.forName(className);
166
      object = classDefinition.newInstance();
167
    } catch (InstantiationException e) {
168 509 bojilova
      throw e;
169 503 bojilova
    } catch (IllegalAccessException e) {
170 509 bojilova
      throw e;
171 503 bojilova
    } catch (ClassNotFoundException e) {
172 509 bojilova
      throw e;
173 503 bojilova
    }
174
    return object;
175
  }
176
}