Source Code Cross Referenced for RemoteUserPersonManager.java in  » Portal » uPortal_rel-2-6-1-GA » org » jasig » portal » security » provider » Java Source Code / Java DocumentationJava Source Code and Java Documentation

001:        /* Copyright 2001 The JA-SIG Collaborative.  All rights reserved.
002:         *  See license distributed with this file and
003:         *  available online at http://www.uportal.org/license.html
004:         */
005:
006:        package org.jasig.portal.security.provider;
007:
008:        import java.util.Enumeration;
009:
010:        import javax.servlet.http.HttpServletRequest;
011:
012:        import org.apache.commons.logging.Log;
013:        import org.apache.commons.logging.LogFactory;
014:        import org.jasig.portal.security.IPerson;
015:        import org.jasig.portal.security.IPersonManager;
016:        import org.jasig.portal.security.ISecurityContext;
017:        import org.jasig.portal.security.PersonFactory;
018:        import org.jasig.portal.security.PortalSecurityException;
019:
020:        /**
021:         * When retrieving a new person, the value of the <code>REMOTEUSER</code> environment variable
022:         * is passed to the security context.  If it is set then the server has authenticated
023:         * the user and the username may be used for login.
024:         *
025:         * @author Pete Boysen (pboysen@iastate.edu)
026:         * @version $Revision: 36399 $
027:         */
028:        public class RemoteUserPersonManager implements  IPersonManager {
029:
030:            private static final Log log = LogFactory
031:                    .getLog(RemoteUserPersonManager.class);
032:
033:            /**
034:             *  Description of the Field
035:             */
036:            public final static String REMOTE_USER = "remote_user";
037:
038:            /**
039:             * Retrieve an IPerson object for the incoming request
040:             *
041:             * @param request
042:             * @return IPerson object for the incoming request
043:             * @exception PortalSecurityException Description of the Exception
044:             */
045:            public IPerson getPerson(HttpServletRequest request)
046:                    throws PortalSecurityException {
047:                // Return the person object if it exists in the user's session
048:                IPerson person = (IPerson) request.getSession(false)
049:                        .getAttribute(PERSON_SESSION_KEY);
050:                if (person != null)
051:                    return person;
052:                try {
053:                    // Create a new instance of a person
054:                    person = PersonFactory.createGuestPerson();
055:
056:                    // If the user has authenticated with the server which has implemented web authentication,
057:                    // the REMOTE_USER environment variable will be set.			
058:                    String remoteUser = request.getRemoteUser();
059:
060:                    // We don't want to ignore the security contexts which are already configured in security.properties, so we
061:                    // retrieve the existing security contexts.  If one of the existing security contexts is a RemoteUserSecurityContext,
062:                    // we set the REMOTE_USER field of the existing RemoteUserSecurityContext context.
063:                    //
064:                    // If a RemoteUserSecurityContext does not already exist, we create one and populate the REMOTE_USER field.
065:
066:                    ISecurityContext context = null;
067:                    Enumeration subContexts = null;
068:                    boolean remoteUserSecurityContextExists = false;
069:
070:                    // Retrieve existing security contexts.
071:                    context = person.getSecurityContext();
072:                    if (context != null)
073:                        subContexts = context.getSubContexts();
074:
075:                    if (subContexts != null) {
076:                        while (subContexts.hasMoreElements()) {
077:                            ISecurityContext ctx = (ISecurityContext) subContexts
078:                                    .nextElement();
079:                            // Check to see if a RemoteUserSecurityContext already exists, and set the REMOTE_USER
080:                            if (ctx instanceof  RemoteUserSecurityContext) {
081:                                RemoteUserSecurityContext remoteuserctx = (RemoteUserSecurityContext) ctx;
082:                                remoteuserctx.setRemoteUser(remoteUser);
083:                                remoteUserSecurityContextExists = true;
084:                            }
085:                        }
086:                    }
087:
088:                    // If a RemoteUserSecurityContext doesn't alreay exist, create one.  
089:                    // This preserves the default behavior of this class.
090:                    if (!remoteUserSecurityContextExists) {
091:                        RemoteUserSecurityContext remoteuserctx = new RemoteUserSecurityContext(
092:                                remoteUser);
093:                        person.setSecurityContext(remoteuserctx);
094:                    }
095:                } catch (Exception e) {
096:                    // Log the exception
097:                    log.error("Exception creating person for request "
098:                            + request, e);
099:                }
100:                // Add this person object to the user's session
101:                request.getSession(false).setAttribute(PERSON_SESSION_KEY,
102:                        person);
103:                // Return the new person object
104:                return (person);
105:            }
106:        }