001: /*
002: * Licensed to the Apache Software Foundation (ASF) under one or more
003: * contributor license agreements. The ASF licenses this file to You
004: * under the Apache License, Version 2.0 (the "License"); you may not
005: * use this file except in compliance with the License.
006: * You may obtain a copy of the License at
007: *
008: * http://www.apache.org/licenses/LICENSE-2.0
009: *
010: * Unless required by applicable law or agreed to in writing, software
011: * distributed under the License is distributed on an "AS IS" BASIS,
012: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013: * See the License for the specific language governing permissions and
014: * limitations under the License. For additional information regarding
015: * copyright in this work, please see the NOTICE file in the top level
016: * directory of this distribution.
017: */
018: package org.apache.roller.ui.core;
019:
020: import java.io.Serializable;
021: import java.security.Principal;
022:
023: import javax.servlet.http.HttpServletRequest;
024: import javax.servlet.http.HttpSession;
025: import javax.servlet.http.HttpSessionActivationListener;
026: import javax.servlet.http.HttpSessionEvent;
027: import javax.servlet.http.HttpSessionListener;
028:
029: import org.apache.commons.collections.ArrayStack;
030: import org.apache.commons.logging.Log;
031: import org.apache.commons.logging.LogFactory;
032: import org.apache.roller.RollerException;
033: import org.apache.roller.config.RollerConfig;
034: import org.apache.roller.business.RollerFactory;
035: import org.apache.roller.business.UserManager;
036: import org.apache.roller.pojos.PermissionsData;
037: import org.apache.roller.pojos.UserData;
038: import org.apache.roller.pojos.WebsiteData;
039: import org.apache.roller.ui.core.security.AutoProvision;
040:
041: //////////////////////////////////////////////////////////////////////////////
042: /**
043: * Roller session handles session startup and shutdown.
044: * @web.listener
045: */
046: public class RollerSession implements HttpSessionListener,
047: HttpSessionActivationListener, Serializable {
048: static final long serialVersionUID = 5890132909166913727L;
049:
050: private UserData authenticatedUser = null;
051:
052: private static Log mLogger = LogFactory.getFactory().getInstance(
053: RollerSession.class);
054:
055: public static final String ROLLER_SESSION = "org.apache.roller.rollersession";
056: public static final String ERROR_MESSAGE = "rollererror_message";
057: public static final String STATUS_MESSAGE = "rollerstatus_message";
058:
059: //---------------------------------------------------------------- Construction
060: /**
061: * Get RollerSession from request (and add user if not already present).
062: */
063: public static RollerSession getRollerSession(
064: HttpServletRequest request) {
065: RollerSession rollerSession = null;
066: HttpSession session = request.getSession(false);
067: if (session != null) {
068: rollerSession = (RollerSession) session
069: .getAttribute(ROLLER_SESSION);
070: if (rollerSession == null) {
071: // HttpSession with no RollerSession?
072: // Must be a session that was de-serialized from a previous run.
073: rollerSession = new RollerSession();
074: session.setAttribute(ROLLER_SESSION, rollerSession);
075: }
076: Principal principal = request.getUserPrincipal();
077: if (rollerSession.getAuthenticatedUser() == null
078: && principal != null) {
079: try {
080: UserManager umgr = RollerFactory.getRoller()
081: .getUserManager();
082: UserData user = umgr.getUserByUserName(principal
083: .getName());
084:
085: // try one time to auto-provision, only happens if user==null
086: // which means installation has SSO-enabled in security.xml
087: if (user == null
088: && RollerConfig
089: .getBooleanProperty("users.sso.autoProvision.enabled")) {
090: // provisioning enabled, get provisioner and execute
091: AutoProvision provisioner = RollerContext
092: .getAutoProvision();
093: if (provisioner != null) {
094: boolean userProvisioned = provisioner
095: .execute();
096: if (userProvisioned) {
097: // try lookup again real quick
098: user = umgr.getUserByUserName(principal
099: .getName());
100: }
101: }
102: }
103: // only set authenticated user if user is enabled
104: if (user != null
105: && user.getEnabled().booleanValue()) {
106: rollerSession.setAuthenticatedUser(user);
107: }
108: } catch (RollerException e) {
109: mLogger.error("ERROR: getting user object", e);
110: }
111: }
112: }
113: return rollerSession;
114: }
115:
116: //-------------------------------------------------------------- Session events
117:
118: /** Create session's Roller instance */
119: public void sessionCreated(HttpSessionEvent se) {
120: RollerSession rollerSession = new RollerSession();
121: se.getSession().setAttribute(ROLLER_SESSION, rollerSession);
122: RollerContext rctx = RollerContext.getRollerContext();
123: rctx.sessionCreated(se);
124: }
125:
126: public void sessionDestroyed(HttpSessionEvent se) {
127: RollerContext rctx = RollerContext.getRollerContext();
128: rctx.sessionDestroyed(se);
129: clearSession(se);
130: }
131:
132: /** Init session as if it was new */
133: public void sessionDidActivate(HttpSessionEvent se) {
134: }
135:
136: /** Purge session before passivation. Because Roller currently does not
137: * support session recovery, failover, migration, or whatever you want
138: * to call it when sessions are saved and then restored at some later
139: * point in time.
140: */
141: public void sessionWillPassivate(HttpSessionEvent se) {
142: clearSession(se);
143: }
144:
145: //-------------------------------------------------------- Authentication, etc.
146:
147: /**
148: * Authenticated user associated with this session.
149: */
150: public UserData getAuthenticatedUser() {
151: return authenticatedUser;
152: }
153:
154: /**
155: * Authenticated user associated with this session.
156: */
157: public void setAuthenticatedUser(UserData authenticatedUser) {
158: this .authenticatedUser = authenticatedUser;
159: }
160:
161: /**
162: * Does our authenticated user have the global admin role?
163: */
164: public boolean isGlobalAdminUser() throws RollerException {
165: UserData user = getAuthenticatedUser();
166: if (user != null && user.hasRole("admin")
167: && user.getEnabled().booleanValue())
168: return true;
169: return false;
170: }
171:
172: /**
173: * Is session's authenticated user authorized to work in current website?
174: */
175: public boolean isUserAuthorized(WebsiteData website)
176: throws RollerException {
177: UserData user = getAuthenticatedUser();
178: if (user != null && user.getEnabled().booleanValue())
179: return hasPermissions(website, PermissionsData.LIMITED);
180: return false;
181: }
182:
183: /**
184: * Is session's authenticated user authorized to post in current weblog?
185: */
186: public boolean isUserAuthorizedToAuthor(WebsiteData website)
187: throws RollerException {
188: UserData user = getAuthenticatedUser();
189: if (user != null && user.getEnabled().booleanValue())
190: return hasPermissions(website, PermissionsData.AUTHOR);
191: return false;
192: }
193:
194: /**
195: * Is session's authenticated user authorized to admin current weblog?
196: */
197: public boolean isUserAuthorizedToAdmin(WebsiteData website)
198: throws RollerException {
199: UserData user = getAuthenticatedUser();
200: if (user != null && user.getEnabled().booleanValue())
201: return hasPermissions(website, PermissionsData.ADMIN);
202: return false;
203: }
204:
205: private boolean hasPermissions(WebsiteData website, short mask) {
206: UserData user = getAuthenticatedUser();
207: if (website != null && user != null) {
208: return website.hasUserPermissions(user, mask);
209: }
210: return false;
211: }
212:
213: //--------------------------------------------------------------------- Innards
214:
215: private void clearSession(HttpSessionEvent se) {
216: HttpSession session = se.getSession();
217: try {
218: session.removeAttribute(ROLLER_SESSION);
219: } catch (Throwable e) {
220: if (mLogger.isDebugEnabled()) {
221: // ignore purge exceptions
222: mLogger
223: .debug("EXCEPTION PURGING session attributes",
224: e);
225: }
226: }
227: }
228: }
|