001: package com.technoetic.xplanner.security;
002:
003: import com.technoetic.xplanner.XPlannerProperties;
004: import com.technoetic.xplanner.domain.Role;
005: import com.technoetic.xplanner.security.module.LoginModuleLoader;
006:
007: import java.security.Principal;
008: import java.util.ArrayList;
009: import java.util.Iterator;
010: import javax.security.auth.Subject;
011: import javax.servlet.http.HttpServletRequest;
012: import javax.servlet.jsp.PageContext;
013:
014: public class SecurityHelper {
015: public static final String SECURITY_SUBJECT_KEY = "SECURITY_SUBJECT";
016: private static final String SAVED_URL_KEY = "SAVED_URL";
017:
018: public static boolean isUserAuthenticated(HttpServletRequest request) {
019: return getSubject(request) != null;
020: }
021:
022: public static int getRemoteUserId(HttpServletRequest request)
023: throws AuthenticationException {
024: return ((PersonPrincipal) getUserPrincipal(request))
025: .getPerson().getId();
026: }
027:
028: public static int getRemoteUserId(PageContext context)
029: throws AuthenticationException {
030: return getRemoteUserId((HttpServletRequest) context
031: .getRequest());
032: }
033:
034: public static boolean isUserInRole(HttpServletRequest request,
035: String roleName) {
036: Subject subject = getSubject(request);
037: if (subject != null) {
038: Iterator roles = subject.getPrincipals(Role.class)
039: .iterator();
040: while (roles.hasNext()) {
041: Role role = (Role) roles.next();
042: if (role.getName().equals(roleName)) {
043: return true;
044: }
045: }
046: }
047: return false;
048: }
049:
050: public static void setSubject(HttpServletRequest request,
051: Subject subject) {
052: request.getSession(true).setAttribute(SECURITY_SUBJECT_KEY,
053: subject);
054: }
055:
056: public static Subject getSubject(HttpServletRequest request) {
057: return (Subject) request.getSession().getAttribute(
058: SECURITY_SUBJECT_KEY);
059: }
060:
061: public static Subject getSubject(PageContext context) {
062: return getSubject((HttpServletRequest) context.getRequest());
063: }
064:
065: public static Principal getUserPrincipal(Subject subject)
066: throws AuthenticationException {
067: if (subject != null) {
068: Iterator people = subject.getPrincipals(
069: PersonPrincipal.class).iterator();
070: if (people.hasNext()) {
071: return (PersonPrincipal) people.next();
072: }
073: }
074: throw new AuthenticationException(
075: "no user principal in session");
076: }
077:
078: public static void saveUrl(HttpServletRequest request) {
079: request.getSession().setAttribute(
080: SAVED_URL_KEY,
081: request.getRequestURL().toString() + "?"
082: + request.getQueryString());
083: }
084:
085: public static String getSavedUrl(HttpServletRequest request) {
086: return (String) request.getSession()
087: .getAttribute(SAVED_URL_KEY);
088: }
089:
090: public static Principal getUserPrincipal(HttpServletRequest request)
091: throws AuthenticationException {
092: return getUserPrincipal(getSubject(request));
093: }
094:
095: public static Subject addRolesToSubject(Subject subject,
096: ArrayList roles) {
097: // This approach is required because some servlet ISP's set up
098: // security so that Subject cannot be modified even if it is not
099: // in read-only mode.
100: java.util.HashSet principals = new java.util.HashSet();
101: principals.addAll(subject.getPrincipals());
102: principals.addAll(roles);
103: subject = new Subject(true, principals, subject
104: .getPublicCredentials(), subject
105: .getPrivateCredentials());
106: return subject;
107: }
108:
109: //FIXME: Is it right that the authentication be case sensitive if at least one module is?
110: public static boolean isAuthenticationCaseSensitive() {
111: XPlannerProperties properties = new XPlannerProperties();
112: Iterator propertiesIterator = properties.getPropertyNames();
113: while (propertiesIterator.hasNext()) {
114: String property = (String) propertiesIterator.next();
115: if (property != null
116: && property
117: .startsWith(LoginModuleLoader.LOGIN_MODULE_PROPERTY_PREFIX
118: + "[")
119: && property
120: .endsWith("].option.userIdCaseSensitive")) {
121: if (new Boolean(properties.getProperty(property).trim())
122: .booleanValue()) {
123: return true;
124: }
125: }
126: }
127: return false;
128: }
129:
130: }
|