%line | %branch | |||||||||
---|---|---|---|---|---|---|---|---|---|---|
org.apache.jetspeed.security.impl.SecurityValveImpl |
|
|
1 | /* |
|
2 | * Licensed to the Apache Software Foundation (ASF) under one or more |
|
3 | * contributor license agreements. See the NOTICE file distributed with |
|
4 | * this work for additional information regarding copyright ownership. |
|
5 | * The ASF licenses this file to You under the Apache License, Version 2.0 |
|
6 | * (the "License"); you may not use this file except in compliance with |
|
7 | * the License. You may obtain a copy of the License at |
|
8 | * |
|
9 | * http://www.apache.org/licenses/LICENSE-2.0 |
|
10 | * |
|
11 | * Unless required by applicable law or agreed to in writing, software |
|
12 | * distributed under the License is distributed on an "AS IS" BASIS, |
|
13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|
14 | * See the License for the specific language governing permissions and |
|
15 | * limitations under the License. |
|
16 | */ |
|
17 | package org.apache.jetspeed.security.impl; |
|
18 | ||
19 | import java.security.Principal; |
|
20 | import java.util.HashSet; |
|
21 | import java.util.Set; |
|
22 | ||
23 | import javax.security.auth.Subject; |
|
24 | ||
25 | import org.apache.jetspeed.administration.PortalAuthenticationConfiguration; |
|
26 | import org.apache.jetspeed.pipeline.valve.SecurityValve; |
|
27 | import org.apache.jetspeed.profiler.Profiler; |
|
28 | import org.apache.jetspeed.request.RequestContext; |
|
29 | import org.apache.jetspeed.security.SecurityException; |
|
30 | import org.apache.jetspeed.security.SecurityHelper; |
|
31 | import org.apache.jetspeed.security.User; |
|
32 | import org.apache.jetspeed.security.UserManager; |
|
33 | import org.apache.jetspeed.security.UserPrincipal; |
|
34 | import org.apache.jetspeed.statistics.PortalStatistics; |
|
35 | ||
36 | /** |
|
37 | * SecurityValve |
|
38 | * |
|
39 | * @author <a href="mailto:taylor@apache.org">David Sean Taylor </a> |
|
40 | * @author <a href="mailto:rwatler@finali.com">Randy Walter </a> |
|
41 | * @author <a href="mailto:weaver@apache.org">Scott T. Weaver</a> |
|
42 | * @version $Id: SecurityValveImpl.java 544250 2007-06-04 20:30:43Z taylor $ |
|
43 | */ |
|
44 | public class SecurityValveImpl extends AbstractSecurityValve implements SecurityValve |
|
45 | { |
|
46 | private UserManager userMgr; |
|
47 | private PortalStatistics statistics; |
|
48 | ||
49 | public SecurityValveImpl(Profiler profiler, UserManager userMgr, PortalStatistics statistics, |
|
50 | PortalAuthenticationConfiguration authenticationConfiguration) |
|
51 | 0 | { |
52 | 0 | this.userMgr = userMgr; |
53 | 0 | this.statistics = statistics; |
54 | 0 | this.authenticationConfiguration = authenticationConfiguration; |
55 | 0 | } |
56 | ||
57 | public SecurityValveImpl( Profiler profiler, UserManager userMgr, PortalStatistics statistics ) |
|
58 | 0 | { |
59 | 0 | this.userMgr = userMgr; |
60 | 0 | this.statistics = statistics; |
61 | 0 | } |
62 | ||
63 | public SecurityValveImpl(Profiler profiler, UserManager userMgr) |
|
64 | 0 | { |
65 | 0 | this.userMgr = userMgr; |
66 | 0 | this.statistics = null; |
67 | 0 | } |
68 | ||
69 | public String toString() |
|
70 | { |
|
71 | 0 | return "SecurityValve"; |
72 | } |
|
73 | ||
74 | /** |
|
75 | * |
|
76 | * <p> |
|
77 | * getSubject |
|
78 | * </p> |
|
79 | * Check for previously established session subject and |
|
80 | * invalidate if subject and current user principals do |
|
81 | * not match |
|
82 | * @param request |
|
83 | * @return |
|
84 | * @throws Exception |
|
85 | */ |
|
86 | protected final Subject getSubject(RequestContext request) throws Exception |
|
87 | { |
|
88 | 0 | Principal userPrincipal = getUserPrincipal(request); |
89 | ||
90 | 0 | Subject subject = getSubjectFromSession(request); |
91 | 0 | if (subject != null) |
92 | { |
|
93 | 0 | Principal subjectUserPrincipal = SecurityHelper.getPrincipal(subject, UserPrincipal.class); |
94 | 0 | if ((subjectUserPrincipal == null) || !subjectUserPrincipal.getName().equals(getUserPrincipal(request).getName())) |
95 | { |
|
96 | 0 | subject = null; |
97 | } |
|
98 | } |
|
99 | ||
100 | // create new session subject for user principal if required |
|
101 | 0 | if (subject == null) |
102 | { |
|
103 | // attempt to get complete subject for user principal |
|
104 | // from user manager |
|
105 | try |
|
106 | { |
|
107 | 0 | User user = userMgr.getUser(userPrincipal.getName()); |
108 | 0 | if ( user != null ) |
109 | { |
|
110 | 0 | subject = user.getSubject(); |
111 | } |
|
112 | } |
|
113 | 0 | catch (SecurityException sex) |
114 | { |
|
115 | 0 | subject = null; |
116 | 0 | } |
117 | ||
118 | // if subject not available, generate default subject using |
|
119 | // request or default profiler anonymous user principal |
|
120 | 0 | if (subject == null) |
121 | { |
|
122 | 0 | Set principals = new HashSet(); |
123 | 0 | principals.add(userPrincipal); |
124 | 0 | subject = new Subject(true, principals, class="keyword">new HashSet(), class="keyword">new HashSet()); |
125 | } |
|
126 | ||
127 | // create a new statistics *user* session |
|
128 | 0 | if (statistics != null) |
129 | { |
|
130 | 0 | statistics.logUserLogin(request, 0); |
131 | } |
|
132 | // put IP address in session for logout |
|
133 | 0 | request.setSessionAttribute(IP_ADDRESS, request.getRequest().getRemoteAddr()); |
134 | } |
|
135 | 0 | return subject; |
136 | } |
|
137 | ||
138 | /** |
|
139 | * |
|
140 | * <p> |
|
141 | * getUserPrincipal |
|
142 | * </p> |
|
143 | * Aaccess request user principal if defined or default |
|
144 | * to profiler anonymous user |
|
145 | * @param request |
|
146 | * @return |
|
147 | */ |
|
148 | protected Principal getUserPrincipal(RequestContext request) throws Exception |
|
149 | { |
|
150 | 0 | Principal userPrincipal = request.getRequest().getUserPrincipal(); |
151 | 0 | if (userPrincipal == null) |
152 | { |
|
153 | 0 | userPrincipal = new UserPrincipalImpl(userMgr.getAnonymousUser()); |
154 | } |
|
155 | 0 | return userPrincipal; |
156 | } |
|
157 | ||
158 | } |
This report is generated by jcoverage, Maven and Maven JCoverage Plugin. |