This project has retired. For details please refer to its
Attic page.
HttpAuthenticator xref
1 package org.apache.archiva.redback.integration.filter.authentication;
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22 import org.apache.archiva.redback.authentication.AuthenticationException;
23 import org.apache.archiva.redback.policy.MustChangePasswordException;
24 import org.apache.archiva.redback.users.User;
25 import org.apache.archiva.redback.users.UserManagerException;
26 import org.apache.archiva.redback.users.UserNotFoundException;
27 import org.apache.archiva.redback.authentication.AuthenticationDataSource;
28 import org.apache.archiva.redback.authentication.AuthenticationResult;
29 import org.apache.archiva.redback.policy.AccountLockedException;
30 import org.apache.archiva.redback.system.SecuritySession;
31 import org.apache.archiva.redback.system.SecuritySystem;
32 import org.apache.archiva.redback.system.SecuritySystemConstants;
33 import org.apache.commons.lang.StringUtils;
34 import org.slf4j.Logger;
35 import org.slf4j.LoggerFactory;
36
37 import javax.inject.Inject;
38 import javax.servlet.http.HttpServletRequest;
39 import javax.servlet.http.HttpServletResponse;
40 import javax.servlet.http.HttpSession;
41 import java.io.IOException;
42
43
44
45
46
47
48 public abstract class HttpAuthenticator
49 {
50 protected Logger log = LoggerFactory.getLogger( getClass() );
51
52 @Inject
53 protected SecuritySystem securitySystem;
54
55
56
57
58
59
60
61 public AuthenticationResult authenticate( AuthenticationDataSource ds, HttpSession httpSession )
62 throws AuthenticationException, AccountLockedException, MustChangePasswordException
63 {
64 try
65 {
66 SecuritySession securitySession = securitySystem.authenticate( ds );
67
68 setSecuritySession( securitySession, httpSession );
69
70 return securitySession.getAuthenticationResult().user( securitySession.getUser() );
71 }
72 catch ( AuthenticationException e )
73 {
74 String msg = "Unable to authenticate user: " + ds;
75 log.info( msg, e );
76 throw new HttpAuthenticationException( msg, e );
77 }
78 catch ( UserNotFoundException e )
79 {
80 log.info( "Login attempt against unknown user: {}", ds );
81 throw new HttpAuthenticationException( "User name or password invalid." );
82 }
83 catch ( UserManagerException e )
84 {
85 log.info( "UserManagerException: {}", e.getMessage() );
86 throw new HttpAuthenticationException( e.getMessage(), e );
87 }
88 }
89
90
91
92
93
94
95
96
97 public void authenticate( HttpServletRequest request, HttpServletResponse response )
98 throws AuthenticationException
99 {
100 try
101 {
102 AuthenticationResult result = getAuthenticationResult( request, response );
103
104 if ( ( result == null ) || ( !result.isAuthenticated() ) )
105 {
106 throw new HttpAuthenticationException( "You are not authenticated." );
107 }
108 }
109 catch ( AccountLockedException e )
110 {
111 throw new HttpAuthenticationException( "Your account is locked.", e );
112 }
113 catch ( MustChangePasswordException e )
114 {
115 throw new HttpAuthenticationException( "You must change your password.", e );
116 }
117
118 }
119
120
121
122
123
124
125
126
127
128
129 public abstract void challenge( HttpServletRequest request, HttpServletResponse response, String realmName,
130 AuthenticationException exception )
131 throws IOException;
132
133
134
135
136
137
138
139
140
141
142
143 public abstract AuthenticationResult getAuthenticationResult( HttpServletRequest request,
144 HttpServletResponse response )
145 throws AuthenticationException, AccountLockedException, MustChangePasswordException;
146
147
148 public User getSessionUser( HttpSession httpSession )
149 {
150 return (User) httpSession.getAttribute( SecuritySession.USERKEY );
151 }
152
153 public boolean isAlreadyAuthenticated( HttpSession httpSession )
154 {
155 User user = getSessionUser( httpSession );
156
157 return ( ( user != null ) && !user.isLocked() && !user.isPasswordChangeRequired() );
158 }
159
160 public SecuritySession getSecuritySession( HttpSession httpSession )
161 {
162 SecuritySession securitySession = (SecuritySession) httpSession.getAttribute( SecuritySession.SESSION_KEY );
163 if ( securitySession != null )
164 {
165 return securitySession;
166 }
167 return (SecuritySession) httpSession.getAttribute( SecuritySystemConstants.SECURITY_SESSION_KEY );
168
169 }
170
171
172 public void setSecuritySession( SecuritySession session, HttpSession httpSession )
173 {
174 httpSession.setAttribute( SecuritySession.SESSION_KEY, session );
175 httpSession.setAttribute( SecuritySession.USERKEY, session.getUser() );
176 }
177
178 public void setSessionUser( User user, HttpSession httpSession )
179 {
180 httpSession.setAttribute( SecuritySession.SESSION_KEY, null );
181 httpSession.setAttribute( SecuritySession.USERKEY, user );
182 }
183
184
185 }