X-Git-Url: https://code.wpia.club/?p=gigi.git;a=blobdiff_plain;f=lib%2Fjetty%2Forg%2Feclipse%2Fjetty%2Fsecurity%2Fauthentication%2FLoginAuthenticator.java;fp=lib%2Fjetty%2Forg%2Feclipse%2Fjetty%2Fsecurity%2Fauthentication%2FLoginAuthenticator.java;h=9a1940d8f7831091bd1e72e89c6862b0b46d4d11;hp=0000000000000000000000000000000000000000;hb=73ef54a38e3930a1a789cdc6b5fa23cdd4c9d086;hpb=515007c7c1351045420669d65b59c08fa46850f2 diff --git a/lib/jetty/org/eclipse/jetty/security/authentication/LoginAuthenticator.java b/lib/jetty/org/eclipse/jetty/security/authentication/LoginAuthenticator.java new file mode 100644 index 00000000..9a1940d8 --- /dev/null +++ b/lib/jetty/org/eclipse/jetty/security/authentication/LoginAuthenticator.java @@ -0,0 +1,133 @@ +// +// ======================================================================== +// Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd. +// ------------------------------------------------------------------------ +// All rights reserved. This program and the accompanying materials +// are made available under the terms of the Eclipse Public License v1.0 +// and Apache License v2.0 which accompanies this distribution. +// +// The Eclipse Public License is available at +// http://www.eclipse.org/legal/epl-v10.html +// +// The Apache License v2.0 is available at +// http://www.opensource.org/licenses/apache2.0.php +// +// You may elect to redistribute this code under either of these licenses. +// ======================================================================== +// + +package org.eclipse.jetty.security.authentication; + +import javax.servlet.ServletRequest; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import org.eclipse.jetty.security.Authenticator; +import org.eclipse.jetty.security.IdentityService; +import org.eclipse.jetty.security.LoginService; +import org.eclipse.jetty.server.Request; +import org.eclipse.jetty.server.Response; +import org.eclipse.jetty.server.UserIdentity; +import org.eclipse.jetty.server.session.AbstractSession; +import org.eclipse.jetty.util.log.Log; +import org.eclipse.jetty.util.log.Logger; + +public abstract class LoginAuthenticator implements Authenticator +{ + private static final Logger LOG = Log.getLogger(LoginAuthenticator.class); + + protected LoginService _loginService; + protected IdentityService _identityService; + private boolean _renewSession; + + + /* ------------------------------------------------------------ */ + protected LoginAuthenticator() + { + } + + /* ------------------------------------------------------------ */ + @Override + public void prepareRequest(ServletRequest request) + { + //empty implementation as the default + } + + + /* ------------------------------------------------------------ */ + public UserIdentity login(String username, Object password, ServletRequest request) + { + UserIdentity user = _loginService.login(username,password); + if (user!=null) + { + renewSession((HttpServletRequest)request, (request instanceof Request? ((Request)request).getResponse() : null)); + return user; + } + return null; + } + + /* ------------------------------------------------------------ */ + @Override + public void setConfiguration(AuthConfiguration configuration) + { + _loginService=configuration.getLoginService(); + if (_loginService==null) + throw new IllegalStateException("No LoginService for "+this+" in "+configuration); + _identityService=configuration.getIdentityService(); + if (_identityService==null) + throw new IllegalStateException("No IdentityService for "+this+" in "+configuration); + _renewSession=configuration.isSessionRenewedOnAuthentication(); + } + + + /* ------------------------------------------------------------ */ + public LoginService getLoginService() + { + return _loginService; + } + + + /* ------------------------------------------------------------ */ + /** Change the session id. + * The session is changed to a new instance with a new ID if and only if: + * @param request + * @param response + * @return The new session. + */ + protected HttpSession renewSession(HttpServletRequest request, HttpServletResponse response) + { + HttpSession httpSession = request.getSession(false); + + if (_renewSession && httpSession!=null) + { + synchronized (httpSession) + { + //if we should renew sessions, and there is an existing session that may have been seen by non-authenticated users + //(indicated by SESSION_SECURED not being set on the session) then we should change id + if (httpSession.getAttribute(AbstractSession.SESSION_KNOWN_ONLY_TO_AUTHENTICATED)!=Boolean.TRUE) + { + if (httpSession instanceof AbstractSession) + { + AbstractSession abstractSession = (AbstractSession)httpSession; + String oldId = abstractSession.getId(); + abstractSession.renewId(request); + abstractSession.setAttribute(AbstractSession.SESSION_KNOWN_ONLY_TO_AUTHENTICATED, Boolean.TRUE); + if (abstractSession.isIdChanged() && response != null && (response instanceof Response)) + ((Response)response).addCookie(abstractSession.getSessionManager().getSessionCookie(abstractSession, request.getContextPath(), request.isSecure())); + LOG.debug("renew {}->{}",oldId,abstractSession.getId()); + } + else + LOG.warn("Unable to renew session "+httpSession); + + return httpSession; + } + } + } + return httpSession; + } +}