001    /**
002     *   GRANITE DATA SERVICES
003     *   Copyright (C) 2006-2013 GRANITE DATA SERVICES S.A.S.
004     *
005     *   This file is part of the Granite Data Services Platform.
006     *
007     *   Granite Data Services is free software; you can redistribute it and/or
008     *   modify it under the terms of the GNU Lesser General Public
009     *   License as published by the Free Software Foundation; either
010     *   version 2.1 of the License, or (at your option) any later version.
011     *
012     *   Granite Data Services is distributed in the hope that it will be useful,
013     *   but WITHOUT ANY WARRANTY; without even the implied warranty of
014     *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
015     *   General Public License for more details.
016     *
017     *   You should have received a copy of the GNU Lesser General Public
018     *   License along with this library; if not, write to the Free Software
019     *   Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
020     *   USA, or see <http://www.gnu.org/licenses/>.
021     */
022    package org.granite.messaging.service.security;
023    
024    import java.lang.reflect.InvocationTargetException;
025    import java.security.Principal;
026    import java.util.Map;
027    
028    import javax.security.auth.login.LoginException;
029    import javax.servlet.http.HttpServletRequest;
030    import javax.servlet.http.HttpServletResponse;
031    import javax.servlet.http.HttpSession;
032    
033    import org.granite.context.GraniteContext;
034    import org.granite.messaging.webapp.HttpGraniteContext;
035    
036    import weblogic.servlet.security.ServletAuthentication;
037    
038    /**
039     * @author Franck WOLFF
040     */
041    public class WebLogicSecurityService extends AbstractSecurityService {
042    
043        public WebLogicSecurityService() {
044        }
045    
046        public void configure(Map<String, String> params) {
047        }
048    
049        public void login(Object credentials, String charset) throws SecurityServiceException {
050            String[] decoded = decodeBase64Credentials(credentials, charset);
051    
052            HttpGraniteContext context = (HttpGraniteContext)GraniteContext.getCurrentInstance();
053            HttpServletRequest httpRequest = context.getRequest();
054            HttpServletResponse httpResponse = context.getResponse();
055    
056            int result = ServletAuthentication.FAILED_AUTHENTICATION;
057            try {
058                    result = ServletAuthentication.login(decoded[0], decoded[1], httpRequest, httpResponse);
059            }
060            catch (LoginException e) {
061            }
062            if (result != ServletAuthentication.AUTHENTICATED)
063                    throw SecurityServiceException.newInvalidCredentialsException("Wrong username or password");
064            
065            // Make sure we have a valid HTTP session.
066            httpRequest.getSession(true);
067            
068            endLogin(credentials, charset);
069        }
070    
071        public Object authorize(AbstractSecurityContext context) throws Exception {
072    
073            startAuthorization(context);
074    
075            if (context.getDestination().isSecured()) {
076                HttpGraniteContext graniteContext = (HttpGraniteContext)GraniteContext.getCurrentInstance();
077                HttpServletRequest httpRequest = graniteContext.getRequest();
078    
079                Principal principal = httpRequest.getUserPrincipal();
080                if (principal == null && tryRelogin())
081                    principal = httpRequest.getUserPrincipal();
082                
083                if (principal == null) {
084                    if (httpRequest.getRequestedSessionId() != null) {
085                        HttpSession httpSession = httpRequest.getSession(false);
086                        if (httpSession == null || httpRequest.getRequestedSessionId().equals(httpSession.getId()))
087                            throw SecurityServiceException.newSessionExpiredException("Session expired");
088                    }
089                    throw SecurityServiceException.newNotLoggedInException("User not logged in");
090                }
091                
092                boolean accessDenied = true;
093                for (String role : context.getDestination().getRoles()) {
094                    if (httpRequest.isUserInRole(role)) {
095                        accessDenied = false;
096                        break;
097                    }
098                }
099                if (accessDenied)
100                    throw SecurityServiceException.newAccessDeniedException("User not in required role");
101            }
102    
103            try {
104                return endAuthorization(context);
105            } catch (InvocationTargetException e) {
106                for (Throwable t = e; t != null; t = t.getCause()) {
107                    // Don't create a dependency to javax.ejb in SecurityService...
108                    if (t instanceof SecurityException ||
109                        "javax.ejb.EJBAccessException".equals(t.getClass().getName()))
110                        throw SecurityServiceException.newAccessDeniedException(t.getMessage());
111                }
112                throw e;
113            }
114        }
115    
116        public void logout() throws SecurityServiceException {
117            HttpGraniteContext graniteContext = (HttpGraniteContext)GraniteContext.getCurrentInstance();
118            HttpServletRequest httpRequest = graniteContext.getRequest();
119    
120            endLogout();
121            
122            // Make sure we invalidate current HTTP session.
123            if (httpRequest.getSession(false) != null)
124                    httpRequest.getSession().invalidate();
125    
126            ServletAuthentication.logout(httpRequest);
127        }
128    }