Revision 725
Added by bojilova about 23 years ago
| AuthSession.java | ||
|---|---|---|
| 65 | 65 |
* @param password the password entered when login |
| 66 | 66 |
*/ |
| 67 | 67 |
public boolean authenticate(HttpServletRequest request, |
| 68 |
String username, String password) {
|
|
| 68 |
String username, String password) {
|
|
| 69 | 69 |
|
| 70 | 70 |
String message = null; |
| 71 | 71 |
|
| 72 | 72 |
try {
|
| 73 | 73 |
if ( authService.authenticate(username, password) ) {
|
| 74 |
this.session = getSession(request, username, password); |
|
| 74 |
String[] groups = authService.getGroups(username,password,username); |
|
| 75 |
this.session = getSession(request, username, password, groups); |
|
| 75 | 76 |
message = "Authentication successful for user: " + username; |
| 76 | 77 |
this.statusMessage = formatOutput("login", message);
|
| 77 | 78 |
return true; |
| ... | ... | |
| 93 | 94 |
|
| 94 | 95 |
/** Get new HttpSession and store username & password in it */ |
| 95 | 96 |
private HttpSession getSession(HttpServletRequest request, |
| 96 |
String username, String password) |
|
| 97 |
throws IllegalStateException {
|
|
| 97 |
String username, String password, |
|
| 98 |
String[] groups) |
|
| 99 |
throws IllegalStateException {
|
|
| 98 | 100 |
|
| 99 | 101 |
// get the current session object, create one if necessary |
| 100 | 102 |
HttpSession session = request.getSession(true); |
| ... | ... | |
| 104 | 106 |
session.invalidate(); |
| 105 | 107 |
session = request.getSession(true); |
| 106 | 108 |
} |
| 107 |
// store username & password in the session for later use, especially by
|
|
| 108 |
// the authenticate() method
|
|
| 109 |
// store the username, password, and groupname (the first only)
|
|
| 110 |
// in the session obj for use on subsequent calls to Metacat servlet
|
|
| 109 | 111 |
session.setMaxInactiveInterval(-1); |
| 110 | 112 |
session.setAttribute("username", username);
|
| 111 | 113 |
session.setAttribute("password", password);
|
| 114 |
if ( groups.length > 0 ) {
|
|
| 115 |
session.setAttribute("groupname", groups[0]);
|
|
| 116 |
} |
|
| 112 | 117 |
|
| 113 | 118 |
return session; |
| 114 | 119 |
} |
| ... | ... | |
| 122 | 127 |
return this.statusMessage; |
| 123 | 128 |
} |
| 124 | 129 |
|
| 125 |
/* NOT NEEDED |
|
| 126 | 130 |
/** |
| 127 |
* Determine if the session has been successfully authenticated
|
|
| 128 |
* @returns boolean true if authentication was successful, false otherwise
|
|
| 131 |
* Get list of all groups and users from authentication scheme.
|
|
| 132 |
* The output is formatted in XML.
|
|
| 129 | 133 |
*/ |
| 130 |
/*
|
|
| 131 |
public boolean isAuthenticated()
|
|
| 134 |
public String getPrincipals(String user, String password)
|
|
| 135 |
throws ConnectException
|
|
| 132 | 136 |
{
|
| 133 |
return this.isAuthenticated; |
|
| 137 |
StringBuffer out = new StringBuffer(); |
|
| 138 |
String[] groups = authService.getGroups(user, password); |
|
| 139 |
|
|
| 140 |
out.append("<?xml version=\"1.0\"?>\n");
|
|
| 141 |
out.append("<principals>\n");
|
|
| 142 |
|
|
| 143 |
// for the groups and users that belong to them |
|
| 144 |
if ( groups.length > 0 ) {
|
|
| 145 |
for (int i=0; i < groups.length; i++ ) {
|
|
| 146 |
out.append(" <group>\n");
|
|
| 147 |
out.append(" <groupname>" + groups[i] + "<groupname>\n");
|
|
| 148 |
String[] usersForGroup = authService.getUsers(user,password,groups[i]); |
|
| 149 |
for (int j=0; j <= usersForGroup.length; j++ ) {
|
|
| 150 |
out.append(" <user>\n");
|
|
| 151 |
out.append(" <username>" + usersForGroup[j] + "<username>\n");
|
|
| 152 |
out.append(" </user>\n");
|
|
| 153 |
} |
|
| 154 |
out.append("</group>\n");
|
|
| 155 |
} |
|
| 156 |
// for the users only when there are no any groups defined |
|
| 157 |
} else {
|
|
| 158 |
String[] users = authService.getUsers(user, password); |
|
| 159 |
for (int j=0; j < users.length; j++ ) {
|
|
| 160 |
out.append(" <user>\n");
|
|
| 161 |
out.append(" <username>" + users[j] + "<username>\n");
|
|
| 162 |
out.append(" </user>\n");
|
|
| 163 |
} |
|
| 164 |
} |
|
| 165 |
|
|
| 166 |
out.append("</principals>");
|
|
| 167 |
return out.toString(); |
|
| 134 | 168 |
} |
| 135 |
*/ |
|
| 136 | 169 |
|
| 137 |
/* NOT NEEDED |
|
| 138 |
/** |
|
| 139 |
* Invalidate this HTTPSession object. |
|
| 140 |
* All objects stored in the session are unbound. |
|
| 141 |
*/ |
|
| 142 |
/* |
|
| 143 |
private void invalidate(String message) |
|
| 144 |
{
|
|
| 145 |
this.isAuthenticated = false; |
|
| 146 |
this.session.setAttribute("isAuthenticated", new Boolean(isAuthenticated));
|
|
| 147 |
this.statusMessage = formatOutput("error", message);
|
|
| 148 |
this.session.setAttribute("statusMessage", this.statusMessage);
|
|
| 149 |
this.session.invalidate(); |
|
| 150 |
} |
|
| 151 |
*/ |
|
| 152 | 170 |
/* |
| 153 | 171 |
* format the output in xml for processing from client applications |
| 154 | 172 |
* |
Also available in: Unified diff
Included back getting the list of users and groups stored in auth scheme
through new action="getprincipals". No extra parameters are needed.
Any logged in users are able to get this information