001: //$HeadURL: https://svn.wald.intevation.org/svn/deegree/base/trunk/src/org/deegree/ogcwebservices/wass/common/GetSessionPasswordHandler.java $
002: /*---------------- FILE HEADER ------------------------------------------
003:
004: This file is part of deegree.
005: Copyright (C) 2001-2008 by:
006: EXSE, Department of Geography, University of Bonn
007: http://www.giub.uni-bonn.de/deegree/
008: lat/lon GmbH
009: http://www.lat-lon.de
010:
011: This library is free software; you can redistribute it and/or
012: modify it under the terms of the GNU Lesser General Public
013: License as published by the Free Software Foundation; either
014: version 2.1 of the License, or (at your option) any later version.
015:
016: This library is distributed in the hope that it will be useful,
017: but WITHOUT ANY WARRANTY; without even the implied warranty of
018: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
019: Lesser General Public License for more details.
020:
021: You should have received a copy of the GNU Lesser General Public
022: License along with this library; if not, write to the Free Software
023: Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
024:
025: Contact:
026:
027: Andreas Poth
028: lat/lon GmbH
029: Aennchenstr. 19
030: 53115 Bonn
031: Germany
032: E-Mail: poth@lat-lon.de
033:
034: Prof. Dr. Klaus Greve
035: Department of Geography
036: University of Bonn
037: Meckenheimer Allee 166
038: 53115 Bonn
039: Germany
040: E-Mail: greve@giub.uni-bonn.de
041:
042:
043: ---------------------------------------------------------------------------*/
044: package org.deegree.ogcwebservices.wass.common;
045:
046: import org.deegree.security.GeneralSecurityException;
047: import org.deegree.security.drm.SecurityAccessManager;
048: import org.deegree.security.drm.model.User;
049: import org.deegree.security.session.MemoryBasedSessionManager;
050: import org.deegree.security.session.Session;
051: import org.deegree.security.session.SessionStatusException;
052:
053: /**
054: * GetSession handler that handles the password method.
055: *
056: * @author <a href="mailto:schmitz@lat-lon.de">Andreas Schmitz</a>
057: * @author last edited by: $Author: aschmitz $
058: *
059: * @version 2.0, $Revision: 10503 $, $Date: 2008-03-06 08:42:41 -0800 (Thu, 06 Mar 2008) $
060: *
061: * @since 2.0
062: */
063:
064: public class GetSessionPasswordHandler implements GetSessionHandler {
065:
066: private final SecurityAccessManager manager;
067:
068: private final MemoryBasedSessionManager sessionManager;
069:
070: private int sessionLifetime = 0;
071:
072: /**
073: * Creates new instance using a wass SecurityAccessManager instance to create and instantiate
074: * the deegree SecurityAccessManager.
075: *
076: * @param securityManager
077: * @param sessionLifetime
078: * @throws GeneralSecurityException
079: */
080: public GetSessionPasswordHandler(
081: WASSSecurityManager securityManager, int sessionLifetime)
082: throws GeneralSecurityException {
083: manager = securityManager.getSecurityAccessManager();
084: sessionManager = MemoryBasedSessionManager.getInstance();
085: this .sessionLifetime = sessionLifetime;
086: }
087:
088: /**
089: * Handles only requests with password authentication method.
090: *
091: * @return a string with a session ID or null, if the method of the request is not password
092: * @see org.deegree.ogcwebservices.wass.common.GetSessionHandler#handleRequest(org.deegree.ogcwebservices.wass.common.GetSession)
093: */
094: public String handleRequest(GetSession request)
095: throws SessionStatusException, GeneralSecurityException {
096:
097: AuthenticationData authData = request.getAuthenticationData();
098: String res = null;
099: // password authentication used?
100: if (authData.usesPasswordAuthentication()) {
101:
102: // use manager to authenticate the user with the password
103: String user = authData.getUsername();
104: String pass = authData.getPassword();
105: User usr = manager.getUserByName(user);
106:
107: usr.authenticate(pass);
108:
109: // create session
110: Session session = MemoryBasedSessionManager.createSession(
111: authData.getUsername(), sessionLifetime);
112: sessionManager.addSession(session);
113: res = session.getSessionID().getId();
114: }
115:
116: return res;
117: }
118:
119: }
|