Source code

001/**
002 *   GRANITE DATA SERVICES
003 *   Copyright (C) 2006-2013 GRANITE DATA SERVICES S.A.S.
004 *
005 *   This file is part of the Granite Data Services Platform.
006 *
007 *   Granite Data Services is free software; you can redistribute it and/or
008 *   modify it under the terms of the GNU Lesser General Public
009 *   License as published by the Free Software Foundation; either
010 *   version 2.1 of the License, or (at your option) any later version.
011 *
012 *   Granite Data Services is distributed in the hope that it will be useful,
013 *   but WITHOUT ANY WARRANTY; without even the implied warranty of
014 *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
015 *   General Public License for more details.
016 *
017 *   You should have received a copy of the GNU Lesser General Public
018 *   License along with this library; if not, write to the Free Software
019 *   Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
020 *   USA, or see <http://www.gnu.org/licenses/>.
021 */
022package org.granite.messaging.service.security;
023
024import java.lang.reflect.InvocationTargetException;
025import java.security.Principal;
026import java.util.Map;
027
028import javax.security.auth.login.LoginException;
029import javax.servlet.http.HttpServletRequest;
030import javax.servlet.http.HttpServletResponse;
031import javax.servlet.http.HttpSession;
032
033import org.granite.context.GraniteContext;
034import org.granite.messaging.webapp.HttpGraniteContext;
035
036import weblogic.servlet.security.ServletAuthentication;
037
038/**
039 * @author Franck WOLFF
040 */
041public class WebLogicSecurityService extends AbstractSecurityService {
042
043    public WebLogicSecurityService() {
044    }
045
046    public void configure(Map<String, String> params) {
047    }
048
049    public void login(Object credentials, String charset) throws SecurityServiceException {
050        String[] decoded = decodeBase64Credentials(credentials, charset);
051
052        HttpGraniteContext context = (HttpGraniteContext)GraniteContext.getCurrentInstance();
053        HttpServletRequest httpRequest = context.getRequest();
054        HttpServletResponse httpResponse = context.getResponse();
055
056        int result = ServletAuthentication.FAILED_AUTHENTICATION;
057        try {
058                result = ServletAuthentication.login(decoded[0], decoded[1], httpRequest, httpResponse);
059        }
060        catch (LoginException e) {
061        }
062        if (result != ServletAuthentication.AUTHENTICATED)
063                throw SecurityServiceException.newInvalidCredentialsException("Wrong username or password");
064        
065        // Make sure we have a valid HTTP session.
066        httpRequest.getSession(true);
067        
068        endLogin(credentials, charset);
069    }
070
071    public Object authorize(AbstractSecurityContext context) throws Exception {
072
073        startAuthorization(context);
074
075        if (context.getDestination().isSecured()) {
076            HttpGraniteContext graniteContext = (HttpGraniteContext)GraniteContext.getCurrentInstance();
077            HttpServletRequest httpRequest = graniteContext.getRequest();
078
079            Principal principal = httpRequest.getUserPrincipal();
080            if (principal == null && tryRelogin())
081                principal = httpRequest.getUserPrincipal();
082            
083            if (principal == null) {
084                if (httpRequest.getRequestedSessionId() != null) {
085                    HttpSession httpSession = httpRequest.getSession(false);
086                    if (httpSession == null || httpRequest.getRequestedSessionId().equals(httpSession.getId()))
087                        throw SecurityServiceException.newSessionExpiredException("Session expired");
088                }
089                throw SecurityServiceException.newNotLoggedInException("User not logged in");
090            }
091            
092            boolean accessDenied = true;
093            for (String role : context.getDestination().getRoles()) {
094                if (httpRequest.isUserInRole(role)) {
095                    accessDenied = false;
096                    break;
097                }
098            }
099            if (accessDenied)
100                throw SecurityServiceException.newAccessDeniedException("User not in required role");
101        }
102
103        try {
104            return endAuthorization(context);
105        } catch (InvocationTargetException e) {
106            for (Throwable t = e; t != null; t = t.getCause()) {
107                // Don't create a dependency to javax.ejb in SecurityService...
108                if (t instanceof SecurityException ||
109                    "javax.ejb.EJBAccessException".equals(t.getClass().getName()))
110                    throw SecurityServiceException.newAccessDeniedException(t.getMessage());
111            }
112            throw e;
113        }
114    }
115
116    public void logout() throws SecurityServiceException {
117        HttpGraniteContext graniteContext = (HttpGraniteContext)GraniteContext.getCurrentInstance();
118        HttpServletRequest httpRequest = graniteContext.getRequest();
119
120        endLogout();
121        
122        // Make sure we invalidate current HTTP session.
123        if (httpRequest.getSession(false) != null)
124                httpRequest.getSession().invalidate();
125
126        ServletAuthentication.logout(httpRequest);
127    }
128}