public void logout() throws SecurityServiceException {
HttpGraniteContext context = (HttpGraniteContext) GraniteManager.getCurrentInstance();
Session session = getSession(context.getRequest(), false);
if (session != null && session.getPrincipal() != null) {
session.setAuthType(null);
session.setPrincipal(null);
session.removeNote(Constants.SESS_USERNAME_NOTE);
session.removeNote(Constants.SESS_PASSWORD_NOTE);
session.expire();
}
}
/**
* Reinstantiates a serialized session from the data passed in. This will first call
* createSession() so that we get a fresh instance with all the managers set and all the transient
* fields validated. Then it calls Session.readObjectData(byte[]) to deserialize the object
*
* @param data - a byte array containing session data
* @return a valid Session object, null if an error occurs
*/
protected Session readSession(byte[] data, String sessionId) {
try {
ReplicationStream session_in = getReplicationStream(data);
Session session = sessionId != null ? this.findSession(sessionId) : null;
boolean isNew = (session == null);
// clear the old values from the existing session
if (session != null) {
ReplicatedSession rs = (ReplicatedSession) session;
rs.expire(false); // cleans up the previous values, since we are not doing removes
session = null;
} // end if
if (session == null) {
session = createSession(null, false, false);
sessions.remove(session.getIdInternal());
}
boolean hasPrincipal = session_in.readBoolean();
SerializablePrincipal p = null;
if (hasPrincipal) p = (SerializablePrincipal) session_in.readObject();
((ReplicatedSession) session).readObjectData(session_in);
if (hasPrincipal) session.setPrincipal(p.getPrincipal(getContainer().getRealm()));
((ReplicatedSession) session).setId(sessionId, isNew);
ReplicatedSession rsession = (ReplicatedSession) session;
rsession.setAccessCount(1);
session.setManager(this);
session.setValid(true);
rsession.setLastAccessedTime(System.currentTimeMillis());
rsession.setThisAccessedTime(System.currentTimeMillis());
((ReplicatedSession) session).setAccessCount(0);
session.setNew(false);
if (log.isTraceEnabled())
log.trace(
"Session loaded id="
+ sessionId
+ " actualId="
+ session.getId()
+ " exists="
+ this.sessions.containsKey(sessionId)
+ " valid="
+ rsession.isValid());
return session;
} catch (Exception x) {
log.error("Failed to deserialize the session!", x);
}
return null;
}
/**
* Register an authenticated Principal and authentication type in our request, in the current
* session (if there is one), and with our SingleSignOn valve, if there is one. Set the
* appropriate cookie to be returned.
*
* @param request The servlet request we are processing
* @param response The servlet response we are generating
* @param principal The authenticated Principal to be registered
* @param authType The authentication type to be registered
* @param username Username used to authenticate (if any)
* @param password Password used to authenticate (if any)
*/
protected void register(
HttpRequest request,
HttpResponse response,
Principal principal,
String authType,
String username,
String password) {
if (debug >= 1) log("Authenticated '" + principal.getName() + "' with type '" + authType + "'");
// Cache the authentication information in our request
request.setAuthType(authType);
request.setUserPrincipal(principal);
// Cache the authentication information in our session, if any
if (cache) {
Session session = getSession(request, false);
if (session != null) {
session.setAuthType(authType);
session.setPrincipal(principal);
if (username != null) session.setNote(Constants.SESS_USERNAME_NOTE, username);
else session.removeNote(Constants.SESS_USERNAME_NOTE);
if (password != null) session.setNote(Constants.SESS_PASSWORD_NOTE, password);
else session.removeNote(Constants.SESS_PASSWORD_NOTE);
}
}
// Construct a cookie to be returned to the client
if (sso == null) return;
HttpServletRequest hreq = (HttpServletRequest) request.getRequest();
HttpServletResponse hres = (HttpServletResponse) response.getResponse();
String value = generateSessionId();
Cookie cookie = new Cookie(Constants.SINGLE_SIGN_ON_COOKIE, value);
cookie.setMaxAge(-1);
cookie.setPath("/");
hres.addCookie(cookie);
// Register this principal with our SSO valve
sso.register(value, principal, authType, username, password);
request.setNote(Constants.REQ_SSOID_NOTE, value);
}
public void login(Object credentials) throws SecurityServiceException {
String[] decoded = decodeBase64Credentials(credentials);
HttpGraniteContext context = (HttpGraniteContext) GraniteManager.getCurrentInstance();
HttpServletRequest httpRequest = context.getRequest();
Realm realm = getRealm(httpRequest);
Principal principal = realm.authenticate(decoded[0], decoded[1]);
if (principal == null)
throw SecurityServiceException.newInvalidCredentialsException("Wrong username or password");
Request request = getRequest(httpRequest);
request.setAuthType(AUTH_TYPE);
request.setUserPrincipal(principal);
Session session = request.getSessionInternal();
session.setAuthType(AUTH_TYPE);
session.setPrincipal(principal);
session.setNote(Constants.SESS_USERNAME_NOTE, decoded[0]);
session.setNote(Constants.SESS_PASSWORD_NOTE, decoded[1]);
}
