2 // ========================================================================
3 // Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd.
4 // ------------------------------------------------------------------------
5 // All rights reserved. This program and the accompanying materials
6 // are made available under the terms of the Eclipse Public License v1.0
7 // and Apache License v2.0 which accompanies this distribution.
9 // The Eclipse Public License is available at
10 // http://www.eclipse.org/legal/epl-v10.html
12 // The Apache License v2.0 is available at
13 // http://www.opensource.org/licenses/apache2.0.php
15 // You may elect to redistribute this code under either of these licenses.
16 // ========================================================================
20 package org.eclipse.jetty.security.authentication;
22 import java.io.IOException;
23 import java.io.ObjectInputStream;
24 import java.io.Serializable;
26 import javax.servlet.http.HttpSession;
27 import javax.servlet.http.HttpSessionActivationListener;
28 import javax.servlet.http.HttpSessionBindingEvent;
29 import javax.servlet.http.HttpSessionBindingListener;
30 import javax.servlet.http.HttpSessionEvent;
32 import org.eclipse.jetty.security.AbstractUserAuthentication;
33 import org.eclipse.jetty.security.LoginService;
34 import org.eclipse.jetty.security.SecurityHandler;
35 import org.eclipse.jetty.server.UserIdentity;
36 import org.eclipse.jetty.server.session.AbstractSession;
37 import org.eclipse.jetty.util.log.Log;
38 import org.eclipse.jetty.util.log.Logger;
40 public class SessionAuthentication extends AbstractUserAuthentication implements Serializable, HttpSessionActivationListener, HttpSessionBindingListener
42 private static final Logger LOG = Log.getLogger(SessionAuthentication.class);
44 private static final long serialVersionUID = -4643200685888258706L;
48 public final static String __J_AUTHENTICATED="org.eclipse.jetty.security.UserIdentity";
50 private final String _name;
51 private final Object _credentials;
52 private transient HttpSession _session;
54 public SessionAuthentication(String method, UserIdentity userIdentity, Object credentials)
56 super(method, userIdentity);
57 _name=userIdentity.getUserPrincipal().getName();
58 _credentials=credentials;
62 private void readObject(ObjectInputStream stream)
63 throws IOException, ClassNotFoundException
65 stream.defaultReadObject();
67 SecurityHandler security=SecurityHandler.getCurrentSecurityHandler();
69 throw new IllegalStateException("!SecurityHandler");
70 LoginService login_service=security.getLoginService();
71 if (login_service==null)
72 throw new IllegalStateException("!LoginService");
74 _userIdentity=login_service.login(_name,_credentials);
75 LOG.debug("Deserialized and relogged in {}",this);
80 if (_session!=null && _session.getAttribute(__J_AUTHENTICATED)!=null)
81 _session.removeAttribute(__J_AUTHENTICATED);
86 private void doLogout()
88 SecurityHandler security=SecurityHandler.getCurrentSecurityHandler();
90 security.logout(this);
92 _session.removeAttribute(AbstractSession.SESSION_KNOWN_ONLY_TO_AUTHENTICATED);
96 public String toString()
98 return String.format("%s@%x{%s,%s}",this.getClass().getSimpleName(),hashCode(),_session==null?"-":_session.getId(),_userIdentity);
102 public void sessionWillPassivate(HttpSessionEvent se)
108 public void sessionDidActivate(HttpSessionEvent se)
112 _session=se.getSession();
117 public void valueBound(HttpSessionBindingEvent event)
121 _session=event.getSession();
126 public void valueUnbound(HttpSessionBindingEvent event)