Java tutorial
/* * Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. The ASF licenses this file to You * under the Apache License, Version 2.0 (the "License"); you may not * use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. For additional information regarding * copyright in this work, please see the NOTICE file in the top level * directory of this distribution. */ package org.apache.roller.weblogger.ui.core; import java.io.Serializable; import java.security.Principal; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; import javax.servlet.http.HttpSessionActivationListener; import javax.servlet.http.HttpSessionEvent; import javax.servlet.http.HttpSessionListener; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.roller.weblogger.WebloggerException; import org.apache.roller.weblogger.config.WebloggerConfig; import org.apache.roller.weblogger.business.WebloggerFactory; import org.apache.roller.weblogger.business.UserManager; import org.apache.roller.weblogger.pojos.User; import org.apache.roller.weblogger.pojos.UserAttribute; import org.apache.roller.weblogger.ui.core.security.AutoProvision; /** * Roller session handles session startup and shutdown. * * @web.listener */ public class RollerSession implements HttpSessionListener, HttpSessionActivationListener, Serializable { static final long serialVersionUID = 5890132909166913727L; // the id of the user represented by this session private String userName = null; private static Log log = LogFactory.getLog(RollerSession.class); public static final String ROLLER_SESSION = "org.apache.roller.weblogger.rollersession"; public static final String ERROR_MESSAGE = "rollererror_message"; public static final String STATUS_MESSAGE = "rollerstatus_message"; /** * Get RollerSession from request (and add user if not already present). */ public static RollerSession getRollerSession(HttpServletRequest request) { RollerSession rollerSession = null; HttpSession session = request.getSession(false); if (session != null) { rollerSession = (RollerSession) session.getAttribute(ROLLER_SESSION); if (rollerSession == null) { // HttpSession with no RollerSession? // Must be a session that was de-serialized from a previous run. rollerSession = new RollerSession(); session.setAttribute(ROLLER_SESSION, rollerSession); } Principal principal = request.getUserPrincipal(); // If we've got a principal but no user object, then attempt to get // user object from user manager but *only* do this if we have been // bootstrapped because under an SSO scenario we may have a // principal even before we have been bootstrapped. if (rollerSession.getAuthenticatedUser() == null && principal != null && WebloggerFactory.isBootstrapped()) { try { UserManager umgr = WebloggerFactory.getWeblogger().getUserManager(); User user = umgr.getUserByUserName(principal.getName()); // check for OpenID username (in the form of a URL) if (user == null && principal.getName() != null && principal.getName().startsWith("http://")) { String openidurl = principal.getName(); if (openidurl.endsWith("/")) { openidurl = openidurl.substring(0, openidurl.length() - 1); } user = umgr.getUserByAttribute(UserAttribute.Attributes.OPENID_URL.toString(), openidurl); } // try one time to auto-provision, only happens if user==null // which means installation has SSO-enabled in security.xml if (user == null && WebloggerConfig.getBooleanProperty("users.sso.autoProvision.enabled")) { // provisioning enabled, get provisioner and execute AutoProvision provisioner = RollerContext.getAutoProvision(); if (provisioner != null) { boolean userProvisioned = provisioner.execute(request); if (userProvisioned) { // try lookup again real quick user = umgr.getUserByUserName(principal.getName()); } } } // only set authenticated user if user is enabled if (user != null && user.getEnabled().booleanValue()) { rollerSession.setAuthenticatedUser(user); } } catch (WebloggerException e) { log.error("ERROR: getting user object", e); } } } return rollerSession; } /** Create session's Roller instance */ public void sessionCreated(HttpSessionEvent se) { RollerSession rollerSession = new RollerSession(); se.getSession().setAttribute(ROLLER_SESSION, rollerSession); } public void sessionDestroyed(HttpSessionEvent se) { clearSession(se); } /** Init session as if it was new */ public void sessionDidActivate(HttpSessionEvent se) { } /** * Purge session before passivation. Because Roller currently does not * support session recovery, failover, migration, or whatever you want * to call it when sessions are saved and then restored at some later * point in time. */ public void sessionWillPassivate(HttpSessionEvent se) { clearSession(se); } /** * Authenticated user associated with this session. */ public User getAuthenticatedUser() { User authenticUser = null; if (userName != null) { try { UserManager mgr = WebloggerFactory.getWeblogger().getUserManager(); authenticUser = mgr.getUserByUserName(userName); } catch (WebloggerException ex) { log.warn("Error looking up authenticated user " + userName, ex); } } return authenticUser; } /** * Authenticated user associated with this session. */ public void setAuthenticatedUser(User authenticatedUser) { this.userName = authenticatedUser.getUserName(); } private void clearSession(HttpSessionEvent se) { HttpSession session = se.getSession(); try { session.removeAttribute(ROLLER_SESSION); } catch (Throwable e) { if (log.isDebugEnabled()) { // ignore purge exceptions log.debug("EXCEPTION PURGING session attributes", e); } } } }