Revision 725
Added by bojilova about 23 years ago
AuthSession.java | ||
---|---|---|
65 | 65 |
* @param password the password entered when login |
66 | 66 |
*/ |
67 | 67 |
public boolean authenticate(HttpServletRequest request, |
68 |
String username, String password) { |
|
68 |
String username, String password) {
|
|
69 | 69 |
|
70 | 70 |
String message = null; |
71 | 71 |
|
72 | 72 |
try { |
73 | 73 |
if ( authService.authenticate(username, password) ) { |
74 |
this.session = getSession(request, username, password); |
|
74 |
String[] groups = authService.getGroups(username,password,username); |
|
75 |
this.session = getSession(request, username, password, groups); |
|
75 | 76 |
message = "Authentication successful for user: " + username; |
76 | 77 |
this.statusMessage = formatOutput("login", message); |
77 | 78 |
return true; |
... | ... | |
93 | 94 |
|
94 | 95 |
/** Get new HttpSession and store username & password in it */ |
95 | 96 |
private HttpSession getSession(HttpServletRequest request, |
96 |
String username, String password) |
|
97 |
throws IllegalStateException { |
|
97 |
String username, String password, |
|
98 |
String[] groups) |
|
99 |
throws IllegalStateException { |
|
98 | 100 |
|
99 | 101 |
// get the current session object, create one if necessary |
100 | 102 |
HttpSession session = request.getSession(true); |
... | ... | |
104 | 106 |
session.invalidate(); |
105 | 107 |
session = request.getSession(true); |
106 | 108 |
} |
107 |
// store username & password in the session for later use, especially by
|
|
108 |
// the authenticate() method
|
|
109 |
// store the username, password, and groupname (the first only)
|
|
110 |
// in the session obj for use on subsequent calls to Metacat servlet
|
|
109 | 111 |
session.setMaxInactiveInterval(-1); |
110 | 112 |
session.setAttribute("username", username); |
111 | 113 |
session.setAttribute("password", password); |
114 |
if ( groups.length > 0 ) { |
|
115 |
session.setAttribute("groupname", groups[0]); |
|
116 |
} |
|
112 | 117 |
|
113 | 118 |
return session; |
114 | 119 |
} |
... | ... | |
122 | 127 |
return this.statusMessage; |
123 | 128 |
} |
124 | 129 |
|
125 |
/* NOT NEEDED |
|
126 | 130 |
/** |
127 |
* Determine if the session has been successfully authenticated
|
|
128 |
* @returns boolean true if authentication was successful, false otherwise
|
|
131 |
* Get list of all groups and users from authentication scheme.
|
|
132 |
* The output is formatted in XML.
|
|
129 | 133 |
*/ |
130 |
/*
|
|
131 |
public boolean isAuthenticated()
|
|
134 |
public String getPrincipals(String user, String password)
|
|
135 |
throws ConnectException
|
|
132 | 136 |
{ |
133 |
return this.isAuthenticated; |
|
137 |
StringBuffer out = new StringBuffer(); |
|
138 |
String[] groups = authService.getGroups(user, password); |
|
139 |
|
|
140 |
out.append("<?xml version=\"1.0\"?>\n"); |
|
141 |
out.append("<principals>\n"); |
|
142 |
|
|
143 |
// for the groups and users that belong to them |
|
144 |
if ( groups.length > 0 ) { |
|
145 |
for (int i=0; i < groups.length; i++ ) { |
|
146 |
out.append(" <group>\n"); |
|
147 |
out.append(" <groupname>" + groups[i] + "<groupname>\n"); |
|
148 |
String[] usersForGroup = authService.getUsers(user,password,groups[i]); |
|
149 |
for (int j=0; j <= usersForGroup.length; j++ ) { |
|
150 |
out.append(" <user>\n"); |
|
151 |
out.append(" <username>" + usersForGroup[j] + "<username>\n"); |
|
152 |
out.append(" </user>\n"); |
|
153 |
} |
|
154 |
out.append("</group>\n"); |
|
155 |
} |
|
156 |
// for the users only when there are no any groups defined |
|
157 |
} else { |
|
158 |
String[] users = authService.getUsers(user, password); |
|
159 |
for (int j=0; j < users.length; j++ ) { |
|
160 |
out.append(" <user>\n"); |
|
161 |
out.append(" <username>" + users[j] + "<username>\n"); |
|
162 |
out.append(" </user>\n"); |
|
163 |
} |
|
164 |
} |
|
165 |
|
|
166 |
out.append("</principals>"); |
|
167 |
return out.toString(); |
|
134 | 168 |
} |
135 |
*/ |
|
136 | 169 |
|
137 |
/* NOT NEEDED |
|
138 |
/** |
|
139 |
* Invalidate this HTTPSession object. |
|
140 |
* All objects stored in the session are unbound. |
|
141 |
*/ |
|
142 |
/* |
|
143 |
private void invalidate(String message) |
|
144 |
{ |
|
145 |
this.isAuthenticated = false; |
|
146 |
this.session.setAttribute("isAuthenticated", new Boolean(isAuthenticated)); |
|
147 |
this.statusMessage = formatOutput("error", message); |
|
148 |
this.session.setAttribute("statusMessage", this.statusMessage); |
|
149 |
this.session.invalidate(); |
|
150 |
} |
|
151 |
*/ |
|
152 | 170 |
/* |
153 | 171 |
* format the output in xml for processing from client applications |
154 | 172 |
* |
Also available in: Unified diff
Included back getting the list of users and groups stored in auth scheme
through new action="getprincipals". No extra parameters are needed.
Any logged in users are able to get this information