public void valueUnbound(HttpSessionBindingEvent event) {
if (log.isDebugEnabled()) log.debug("Logout " + _jUserName);
if (_realm instanceof SSORealm) ((SSORealm) _realm).clearSingleSignOn(_jUserName);
if (_realm != null && _userPrincipal != null) _realm.logout(_userPrincipal);
}
void authenticate(UserRealm realm, String user, String password, HttpRequest request) {
_jUserName = user;
_jPassword = password;
_userPrincipal = realm.authenticate(user, password, request);
if (_userPrincipal != null) _realm = realm;
}
void authenticate(UserRealm realm, HttpRequest request) {
_userPrincipal = realm.authenticate(_jUserName, _jPassword, request);
if (_userPrincipal != null) _realm = realm;
}
/**
* Perform form authentication. Called from SecurityHandler.
*
* @return UserPrincipal if authenticated else null.
*/
public Principal authenticate(
UserRealm realm, String pathInContext, HttpRequest httpRequest, HttpResponse httpResponse)
throws IOException {
HttpServletRequest request = (ServletHttpRequest) httpRequest.getWrapper();
HttpServletResponse response =
httpResponse == null ? null : (HttpServletResponse) httpResponse.getWrapper();
// Handle paths
String uri = pathInContext;
// Setup session
HttpSession session = request.getSession(response != null);
if (session == null) return null;
// Handle a request for authentication.
if (uri.substring(uri.lastIndexOf("/") + 1).startsWith(__J_SECURITY_CHECK)) {
// Check the session object for login info.
FormCredential form_cred = new FormCredential();
form_cred.authenticate(
realm,
request.getParameter(__J_USERNAME),
request.getParameter(__J_PASSWORD),
httpRequest);
String nuri = (String) session.getAttribute(__J_URI);
if (nuri == null || nuri.length() == 0) {
nuri = request.getContextPath();
if (nuri.length() == 0) nuri = "/";
}
if (form_cred._userPrincipal != null) {
// Authenticated OK
if (log.isDebugEnabled()) log.debug("Form authentication OK for " + form_cred._jUserName);
session.removeAttribute(__J_URI); // Remove popped return URI.
httpRequest.setAuthType(SecurityConstraint.__FORM_AUTH);
httpRequest.setAuthUser(form_cred._jUserName);
httpRequest.setUserPrincipal(form_cred._userPrincipal);
session.setAttribute(__J_AUTHENTICATED, form_cred);
// Sign-on to SSO mechanism
if (realm instanceof SSORealm) {
((SSORealm) realm)
.setSingleSignOn(
httpRequest,
httpResponse,
form_cred._userPrincipal,
new Password(form_cred._jPassword));
}
// Redirect to original request
if (response != null) {
response.setContentLength(0);
response.sendRedirect(response.encodeRedirectURL(nuri));
}
} else if (response != null) {
if (log.isDebugEnabled())
log.debug("Form authentication FAILED for " + form_cred._jUserName);
if (_formErrorPage != null) {
response.setContentLength(0);
response.sendRedirect(
response.encodeRedirectURL(URI.addPaths(request.getContextPath(), _formErrorPage)));
} else {
response.sendError(HttpResponse.__403_Forbidden);
}
}
// Security check is always false, only true after final redirection.
return null;
}
// Check if the session is already authenticated.
FormCredential form_cred = (FormCredential) session.getAttribute(__J_AUTHENTICATED);
if (form_cred != null) {
// We have a form credential. Has it been distributed?
if (form_cred._userPrincipal == null) {
// This form_cred appears to have been distributed. Need to reauth
form_cred.authenticate(realm, httpRequest);
// Sign-on to SSO mechanism
if (form_cred._userPrincipal != null && realm instanceof SSORealm) {
((SSORealm) realm)
.setSingleSignOn(
httpRequest,
httpResponse,
form_cred._userPrincipal,
new Password(form_cred._jPassword));
}
} else if (!realm.reauthenticate(form_cred._userPrincipal))
// Else check that it is still authenticated.
form_cred._userPrincipal = null;
// If this credential is still authenticated
if (form_cred._userPrincipal != null) {
if (log.isDebugEnabled())
log.debug("FORM Authenticated for " + form_cred._userPrincipal.getName());
httpRequest.setAuthType(SecurityConstraint.__FORM_AUTH);
httpRequest.setAuthUser(form_cred._userPrincipal.getName());
httpRequest.setUserPrincipal(form_cred._userPrincipal);
return form_cred._userPrincipal;
} else session.setAttribute(__J_AUTHENTICATED, null);
} else if (realm instanceof SSORealm) {
// Try a single sign on.
Credential cred = ((SSORealm) realm).getSingleSignOn(httpRequest, httpResponse);
if (httpRequest.hasUserPrincipal()) {
form_cred = new FormCredential();
form_cred._userPrincipal = request.getUserPrincipal();
form_cred._jUserName = form_cred._userPrincipal.getName();
if (cred != null) form_cred._jPassword = cred.toString();
if (log.isDebugEnabled()) log.debug("SSO for " + form_cred._userPrincipal);
httpRequest.setAuthType(SecurityConstraint.__FORM_AUTH);
session.setAttribute(__J_AUTHENTICATED, form_cred);
return form_cred._userPrincipal;
}
}
// Don't authenticate authform or errorpage
if (isLoginOrErrorPage(pathInContext)) return SecurityConstraint.__NOBODY;
// redirect to login page
if (response != null) {
if (httpRequest.getQuery() != null) uri += "?" + httpRequest.getQuery();
session.setAttribute(
__J_URI,
request.getScheme()
+ "://"
+ request.getServerName()
+ ":"
+ request.getServerPort()
+ URI.addPaths(request.getContextPath(), uri));
response.setContentLength(0);
response.sendRedirect(
response.encodeRedirectURL(URI.addPaths(request.getContextPath(), _formLoginPage)));
}
return null;
}