/src/edu/ucsb/nceas/metacat/AuthSession.java - Annotate - Metacat - Ecoinformatics Redmine

metacat/src/edu/ucsb/nceas/metacat/AuthSession.java @ 709

-            bojilova
+/**
  *  '$RCSfile$'
  *    Purpose: A Class that tracks sessions for MetaCatServlet users.
  *  Copyright: 2000 Regents of the University of California and the
  *             National Center for Ecological Analysis and Synthesis
  *    Authors: Matt Jones
  *    Release: @release@
+ *
  *   '$Author$'
  *     '$Date$'
  * '$Revision$'
             jones
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
  * the Free Software Foundation; either version 2 of the License, or
  * (at your option) any later version.
+ *
  * This program is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
+ *
  * You should have received a copy of the GNU General Public License
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-            bojilova
+ */
 package edu.ucsb.nceas.metacat;
 import java.net.ConnectException;
 import javax.servlet.http.HttpSession;
 import javax.servlet.http.HttpServletRequest;
 /**
  * A Class that implements session tracking for MetaCatServlet users.
  * User's login data are stored in the session object.
  * User authentication is done through a dynamically determined AuthInterface.
  */
 public class AuthSession {
   private String authClass = null;
   private HttpSession session = null;
   private AuthInterface authService = null;
   private String statusMessage = null;
   /**
    * Construct an AuthSession
    */
-            bojilova
+  public AuthSession() throws Exception {
             bojilova
     // Determine our session authentication method and
     // create an instance of the auth class
     MetaCatUtil util = new MetaCatUtil();
     authClass = util.getOption("authclass");
     authService = (AuthInterface)createObject(authClass);
             bojilova
             bojilova
   /**
    * determine if the credentials for this session are valid by
    * authenticating them using the authService configured for this session.
             bojilova
    * @param request the request made from the client
    * @param username the username entered when login
    * @param password the password entered when login
-            bojilova
+   */
-            bojilova
+  public boolean authenticate(HttpServletRequest request,
                         String username, String password)  {
     String message = null;
             bojilova
     try {
       if ( authService.authenticate(username, password) ) {
-            bojilova
+        this.session = getSession(request, username, password);
-            bojilova
+        message = "Authentication successful for user: " + username;
         this.statusMessage = formatOutput("login", message);
-            bojilova
+        return true;
-            bojilova
+      } else {
-            bojilova
+        message = "Authentication failed for user: " + username;
-            bojilova
+        this.statusMessage = formatOutput("unauth_login", message);
         return false;
             bojilova
     } catch ( ConnectException ce ) {
-            berkley
+      message = "Connection to the authentication service failed in " +
                 "AuthSession.authenticate: " + ce.getMessage();
-            bojilova
+    } catch ( IllegalStateException ise ) {
       message = ise.getMessage();
             bojilova
             bojilova
-            bojilova
+    this.statusMessage = formatOutput("error_login", message);
-            bojilova
+    return false;
             bojilova
-            bojilova
+  /** Get new HttpSession and store username & password in it */
   private HttpSession getSession(HttpServletRequest request,
                             String username, String password)
                                 throws IllegalStateException {
     // get the current session object, create one if necessary
     HttpSession session = request.getSession(true);
     // if it is still in use invalidate and get a new one
     if ( !session.isNew() ) {
       session.invalidate();
       session = request.getSession(true);
+    }
     // store username & password in the session for later use, especially by
     // the authenticate() method
     session.setMaxInactiveInterval(-1);
     session.setAttribute("username", username);
     session.setAttribute("password", password);
     return session;
+  }
-            bojilova
+  /**
    * Get the message associated with authenticating this session. The
    * message is formatted in XML.
    */
   public String getMessage()
+  {
     return this.statusMessage;
+  }
-            bojilova
+/* NOT NEEDED
-            bojilova
+  /**
    * Determine if the session has been successfully authenticated
    * @returns boolean true if authentication was successful, false otherwise
    */
-            bojilova
+/*
-            bojilova
+  public boolean isAuthenticated()
+  {
     return this.isAuthenticated;
+  }
-            bojilova
+*/
             bojilova
-            bojilova
+/* NOT NEEDED
-            bojilova
+  /**
    * Invalidate this HTTPSession object.
    * All objects stored in the session are unbound.
    */
-            bojilova
+/*
-            bojilova
+  private void invalidate(String message)
+  {
     this.isAuthenticated = false;
     this.session.setAttribute("isAuthenticated", new Boolean(isAuthenticated));
     this.statusMessage = formatOutput("error", message);
     this.session.setAttribute("statusMessage", this.statusMessage);
     this.session.invalidate();
+  }
-            bojilova
+*/
-            bojilova
+  /*
    * format the output in xml for processing from client applications
+   *
    * @param tag the root element tag for the message (error or success)
    * @param message the message content of the root element
    */
   private String formatOutput(String tag, String message) {
     StringBuffer out = new StringBuffer();
     out.append("<?xml version=\"1.0\"?>\n");
     out.append("<" + tag + ">");
-            bojilova
+    out.append("\n  <message>" + message + "</message>\n");
-            bojilova
+    out.append("</" + tag + ">");
     return out.toString();
+  }
   /**
    * Instantiate a class using the name of the class at runtime
+   *
    * @param className the fully qualified name of the class to instantiate
    */
-            bojilova
+  private static Object createObject(String className) throws Exception {
-            bojilova
+    Object object = null;
     try {
       Class classDefinition = Class.forName(className);
       object = classDefinition.newInstance();
     } catch (InstantiationException e) {
-            bojilova
+      throw e;
-            bojilova
+    } catch (IllegalAccessException e) {
-            bojilova
+      throw e;
-            bojilova
+    } catch (ClassNotFoundException e) {
-            bojilova
+      throw e;
             bojilova
     return object;
+  }
+}

Project

General

Profile

Metacat