Exemplo n.º 1
0
  public void logout() throws SecurityServiceException {
    HttpGraniteContext context = (HttpGraniteContext) GraniteManager.getCurrentInstance();

    Session session = getSession(context.getRequest(), false);
    if (session != null && session.getPrincipal() != null) {
      session.setAuthType(null);
      session.setPrincipal(null);
      session.removeNote(Constants.SESS_USERNAME_NOTE);
      session.removeNote(Constants.SESS_PASSWORD_NOTE);
      session.expire();
    }
  }
  /**
   * Reinstantiates a serialized session from the data passed in. This will first call
   * createSession() so that we get a fresh instance with all the managers set and all the transient
   * fields validated. Then it calls Session.readObjectData(byte[]) to deserialize the object
   *
   * @param data - a byte array containing session data
   * @return a valid Session object, null if an error occurs
   */
  protected Session readSession(byte[] data, String sessionId) {
    try {
      ReplicationStream session_in = getReplicationStream(data);

      Session session = sessionId != null ? this.findSession(sessionId) : null;
      boolean isNew = (session == null);
      // clear the old values from the existing session
      if (session != null) {
        ReplicatedSession rs = (ReplicatedSession) session;
        rs.expire(false); // cleans up the previous values, since we are not doing removes
        session = null;
      } // end if

      if (session == null) {
        session = createSession(null, false, false);
        sessions.remove(session.getIdInternal());
      }

      boolean hasPrincipal = session_in.readBoolean();
      SerializablePrincipal p = null;
      if (hasPrincipal) p = (SerializablePrincipal) session_in.readObject();
      ((ReplicatedSession) session).readObjectData(session_in);
      if (hasPrincipal) session.setPrincipal(p.getPrincipal(getContainer().getRealm()));
      ((ReplicatedSession) session).setId(sessionId, isNew);
      ReplicatedSession rsession = (ReplicatedSession) session;
      rsession.setAccessCount(1);
      session.setManager(this);
      session.setValid(true);
      rsession.setLastAccessedTime(System.currentTimeMillis());
      rsession.setThisAccessedTime(System.currentTimeMillis());
      ((ReplicatedSession) session).setAccessCount(0);
      session.setNew(false);
      if (log.isTraceEnabled())
        log.trace(
            "Session loaded id="
                + sessionId
                + " actualId="
                + session.getId()
                + " exists="
                + this.sessions.containsKey(sessionId)
                + " valid="
                + rsession.isValid());
      return session;

    } catch (Exception x) {
      log.error("Failed to deserialize the session!", x);
    }
    return null;
  }
  /**
   * Register an authenticated Principal and authentication type in our request, in the current
   * session (if there is one), and with our SingleSignOn valve, if there is one. Set the
   * appropriate cookie to be returned.
   *
   * @param request The servlet request we are processing
   * @param response The servlet response we are generating
   * @param principal The authenticated Principal to be registered
   * @param authType The authentication type to be registered
   * @param username Username used to authenticate (if any)
   * @param password Password used to authenticate (if any)
   */
  protected void register(
      HttpRequest request,
      HttpResponse response,
      Principal principal,
      String authType,
      String username,
      String password) {

    if (debug >= 1) log("Authenticated '" + principal.getName() + "' with type '" + authType + "'");

    // Cache the authentication information in our request
    request.setAuthType(authType);
    request.setUserPrincipal(principal);

    // Cache the authentication information in our session, if any
    if (cache) {
      Session session = getSession(request, false);
      if (session != null) {
        session.setAuthType(authType);
        session.setPrincipal(principal);
        if (username != null) session.setNote(Constants.SESS_USERNAME_NOTE, username);
        else session.removeNote(Constants.SESS_USERNAME_NOTE);
        if (password != null) session.setNote(Constants.SESS_PASSWORD_NOTE, password);
        else session.removeNote(Constants.SESS_PASSWORD_NOTE);
      }
    }

    // Construct a cookie to be returned to the client
    if (sso == null) return;
    HttpServletRequest hreq = (HttpServletRequest) request.getRequest();
    HttpServletResponse hres = (HttpServletResponse) response.getResponse();
    String value = generateSessionId();
    Cookie cookie = new Cookie(Constants.SINGLE_SIGN_ON_COOKIE, value);
    cookie.setMaxAge(-1);
    cookie.setPath("/");
    hres.addCookie(cookie);

    // Register this principal with our SSO valve
    sso.register(value, principal, authType, username, password);
    request.setNote(Constants.REQ_SSOID_NOTE, value);
  }
Exemplo n.º 4
0
  public void login(Object credentials) throws SecurityServiceException {
    String[] decoded = decodeBase64Credentials(credentials);

    HttpGraniteContext context = (HttpGraniteContext) GraniteManager.getCurrentInstance();
    HttpServletRequest httpRequest = context.getRequest();
    Realm realm = getRealm(httpRequest);

    Principal principal = realm.authenticate(decoded[0], decoded[1]);
    if (principal == null)
      throw SecurityServiceException.newInvalidCredentialsException("Wrong username or password");

    Request request = getRequest(httpRequest);
    request.setAuthType(AUTH_TYPE);
    request.setUserPrincipal(principal);

    Session session = request.getSessionInternal();
    session.setAuthType(AUTH_TYPE);
    session.setPrincipal(principal);
    session.setNote(Constants.SESS_USERNAME_NOTE, decoded[0]);
    session.setNote(Constants.SESS_PASSWORD_NOTE, decoded[1]);
  }