예제 #1
0
  public void logout() throws SecurityServiceException {
    HttpGraniteContext context = (HttpGraniteContext) GraniteManager.getCurrentInstance();

    Session session = getSession(context.getRequest(), false);
    if (session != null && session.getPrincipal() != null) {
      session.setAuthType(null);
      session.setPrincipal(null);
      session.removeNote(Constants.SESS_USERNAME_NOTE);
      session.removeNote(Constants.SESS_PASSWORD_NOTE);
      session.expire();
    }
  }
예제 #2
0
  public Object authorize(AbstractSecurityContext context) throws Exception {

    startAuthorization(context);

    HttpGraniteContext graniteContext = (HttpGraniteContext) GraniteManager.getCurrentInstance();
    HttpServletRequest httpRequest = graniteContext.getRequest();
    Request request = getRequest(httpRequest);
    Session session = request.getSessionInternal();
    request.setAuthType(session.getAuthType());
    request.setUserPrincipal(session.getPrincipal());

    if (context.getDestination().isSecured()) {
      Principal principal = getPrincipal(httpRequest);
      if (principal == null) {
        if (httpRequest.getRequestedSessionId() != null) {
          HttpSession httpSession = httpRequest.getSession(false);
          if (httpSession == null
              || httpRequest.getRequestedSessionId().equals(httpSession.getId()))
            throw SecurityServiceException.newSessionExpiredException("Session expired");
        }
        throw SecurityServiceException.newNotLoggedInException("User not logged in");
      }

      Realm realm = getRealm(httpRequest);
      boolean accessDenied = true;
      for (String role : context.getDestination().getRoles()) {
        if (realm.hasRole(principal, role)) {
          accessDenied = false;
          break;
        }
      }
      if (accessDenied)
        throw SecurityServiceException.newAccessDeniedException("User not in required role");
    }

    try {
      return endAuthorization(context);
    } catch (InvocationTargetException e) {
      for (Throwable t = e; t != null; t = t.getCause()) {
        // Don't create a dependency to javax.ejb in SecurityService...
        if (t instanceof SecurityException
            || "javax.ejb.EJBAccessException".equals(t.getClass().getName()))
          throw SecurityServiceException.newAccessDeniedException(t.getMessage());
      }
      throw e;
    }
  }
예제 #3
0
  public void login(Object credentials) throws SecurityServiceException {
    String[] decoded = decodeBase64Credentials(credentials);

    HttpGraniteContext context = (HttpGraniteContext) GraniteManager.getCurrentInstance();
    HttpServletRequest httpRequest = context.getRequest();
    Realm realm = getRealm(httpRequest);

    Principal principal = realm.authenticate(decoded[0], decoded[1]);
    if (principal == null)
      throw SecurityServiceException.newInvalidCredentialsException("Wrong username or password");

    Request request = getRequest(httpRequest);
    request.setAuthType(AUTH_TYPE);
    request.setUserPrincipal(principal);

    Session session = request.getSessionInternal();
    session.setAuthType(AUTH_TYPE);
    session.setPrincipal(principal);
    session.setNote(Constants.SESS_USERNAME_NOTE, decoded[0]);
    session.setNote(Constants.SESS_PASSWORD_NOTE, decoded[1]);
  }