/src/edu/ucsb/nceas/metacat/AuthSession.java - Annotate - Metacat - Ecoinformatics Redmine

metacat/src/edu/ucsb/nceas/metacat/AuthSession.java @ 764

-            bojilova
+/**
  *  '$RCSfile$'
  *    Purpose: A Class that tracks sessions for MetaCatServlet users.
  *  Copyright: 2000 Regents of the University of California and the
  *             National Center for Ecological Analysis and Synthesis
  *    Authors: Matt Jones
  *    Release: @release@
+ *
  *   '$Author$'
  *     '$Date$'
  * '$Revision$'
             jones
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
  * the Free Software Foundation; either version 2 of the License, or
  * (at your option) any later version.
+ *
  * This program is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
+ *
  * You should have received a copy of the GNU General Public License
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-            bojilova
+ */
 package edu.ucsb.nceas.metacat;
 import java.net.ConnectException;
 import javax.servlet.http.HttpSession;
 import javax.servlet.http.HttpServletRequest;
 /**
  * A Class that implements session tracking for MetaCatServlet users.
  * User's login data are stored in the session object.
  * User authentication is done through a dynamically determined AuthInterface.
  */
 public class AuthSession {
   private String authClass = null;
   private HttpSession session = null;
   private AuthInterface authService = null;
   private String statusMessage = null;
   /**
    * Construct an AuthSession
    */
-            bojilova
+  public AuthSession() throws Exception {
             bojilova
     // Determine our session authentication method and
     // create an instance of the auth class
     MetaCatUtil util = new MetaCatUtil();
-            bojilova
+    this.authClass = util.getOption("authclass");
     this.authService = (AuthInterface)createObject(authClass);
             bojilova
             bojilova
   /**
    * determine if the credentials for this session are valid by
    * authenticating them using the authService configured for this session.
             bojilova
    * @param request the request made from the client
    * @param username the username entered when login
    * @param password the password entered when login
-            bojilova
+   */
-            bojilova
+  public boolean authenticate(HttpServletRequest request,
-            bojilova
+                              String username, String password)  {
             bojilova
     String message = null;
             bojilova
     try {
       if ( authService.authenticate(username, password) ) {
-            bojilova
+        String[] groups = authService.getGroups(username,password,username);
         this.session = getSession(request, username, password, groups);
-            bojilova
+        message = "Authentication successful for user: " + username;
         this.statusMessage = formatOutput("login", message);
-            bojilova
+        return true;
-            bojilova
+      } else {
-            bojilova
+        message = "Authentication failed for user: " + username;
-            bojilova
+        this.statusMessage = formatOutput("unauth_login", message);
         return false;
             bojilova
     } catch ( ConnectException ce ) {
-            berkley
+      message = "Connection to the authentication service failed in " +
                 "AuthSession.authenticate: " + ce.getMessage();
-            bojilova
+    } catch ( IllegalStateException ise ) {
       message = ise.getMessage();
             bojilova
             bojilova
-            bojilova
+    this.statusMessage = formatOutput("error_login", message);
-            bojilova
+    return false;
             bojilova
-            bojilova
+  /** Get new HttpSession and store username & password in it */
   private HttpSession getSession(HttpServletRequest request,
-            bojilova
+                                 String username, String password,
                                  String[] groups)
                       throws IllegalStateException {
             bojilova
     // get the current session object, create one if necessary
     HttpSession session = request.getSession(true);
     // if it is still in use invalidate and get a new one
     if ( !session.isNew() ) {
       session.invalidate();
       session = request.getSession(true);
+    }
-            bojilova
+    // store the username, password, and groupname (the first only)
     // in the session obj for use on subsequent calls to Metacat servlet
-            bojilova
+    session.setMaxInactiveInterval(-1);
     session.setAttribute("username", username);
     session.setAttribute("password", password);
-            bojilova
+    if ( groups.length > 0 ) {
       session.setAttribute("groupname", groups[0]);
+    }
             bojilova
     return session;
+  }
-            bojilova
+  /**
    * Get the message associated with authenticating this session. The
    * message is formatted in XML.
    */
   public String getMessage()
+  {
     return this.statusMessage;
+  }
   /**
-            bojilova
+   * Get all groups and users from authentication scheme.
-            bojilova
+   * The output is formatted in XML.
-            bojilova
+   * @param user the user which requests the information
    * @param password the user's password
-            bojilova
+   */
-            bojilova
+  public String getPrincipals(String user, String password)
                 throws ConnectException
             bojilova
-            bojilova
+    return authService.getPrincipals(user, password);
             bojilova
   /*
    * format the output in xml for processing from client applications
+   *
    * @param tag the root element tag for the message (error or success)
    * @param message the message content of the root element
    */
   private String formatOutput(String tag, String message) {
     StringBuffer out = new StringBuffer();
     out.append("<?xml version=\"1.0\"?>\n");
     out.append("<" + tag + ">");
-            bojilova
+    out.append("\n  <message>" + message + "</message>\n");
-            bojilova
+    out.append("</" + tag + ">");
     return out.toString();
+  }
   /**
    * Instantiate a class using the name of the class at runtime
+   *
    * @param className the fully qualified name of the class to instantiate
    */
-            bojilova
+  private static Object createObject(String className) throws Exception {
-            bojilova
+    Object object = null;
     try {
       Class classDefinition = Class.forName(className);
       object = classDefinition.newInstance();
     } catch (InstantiationException e) {
-            bojilova
+      throw e;
-            bojilova
+    } catch (IllegalAccessException e) {
-            bojilova
+      throw e;
-            bojilova
+    } catch (ClassNotFoundException e) {
-            bojilova
+      throw e;
             bojilova
     return object;
+  }
+}

Project

General

Profile

Metacat