org.apereo.portal.security.provider.RemoteUserPersonManager.java Source code

Java tutorial

Introduction

Here is the source code for org.apereo.portal.security.provider.RemoteUserPersonManager.java

Source

/**
 * Licensed to Apereo under one or more contributor license
 * agreements. See the NOTICE file distributed with this work
 * for additional information regarding copyright ownership.
 * Apereo licenses this file to you under the Apache License,
 * Version 2.0 (the "License"); you may not use this file
 * except in compliance with the License.  You may obtain a
 * copy of the License at the following location:
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied.  See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */
package org.apereo.portal.security.provider;

import java.util.Enumeration;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apereo.portal.security.IPerson;
import org.apereo.portal.security.ISecurityContext;
import org.apereo.portal.security.PersonFactory;
import org.apereo.portal.security.PortalSecurityException;

/**
 * When retrieving a new person, the value of the <code>REMOTEUSER</code> environment variable
 * is passed to the security context.  If it is set then the server has authenticated
 * the user and the username may be used for login.
 *
 * @author Pete Boysen (pboysen@iastate.edu)
 * @version $Revision$
 */
public class RemoteUserPersonManager extends AbstractPersonManager {

    private static final Log log = LogFactory.getLog(RemoteUserPersonManager.class);

    /**
     *  Description of the Field
     */
    public final static String REMOTE_USER = "remote_user";

    /**
     * Retrieve an IPerson object for the incoming request
     *
     * @param request
     * @return IPerson object for the incoming request
     * @exception PortalSecurityException Description of the Exception
     */
    public IPerson getPerson(HttpServletRequest request) throws PortalSecurityException {
        // Return the person object if it exists in the user's session
        final HttpSession session = request.getSession(false);
        IPerson person = null;
        if (session != null) {

            person = (IPerson) session.getAttribute(PERSON_SESSION_KEY);
            if (person != null) {
                return person;
            }
        }

        try {
            // Create a new instance of a person
            person = createGuestPerson(request);

            // If the user has authenticated with the server which has implemented web authentication,
            // the REMOTE_USER environment variable will be set.         
            String remoteUser = request.getRemoteUser();

            // We don't want to ignore the security contexts which are already configured in security.properties, so we
            // retrieve the existing security contexts.  If one of the existing security contexts is a RemoteUserSecurityContext,
            // we set the REMOTE_USER field of the existing RemoteUserSecurityContext context.
            //
            // If a RemoteUserSecurityContext does not already exist, we create one and populate the REMOTE_USER field.

            ISecurityContext context = null;
            Enumeration subContexts = null;
            boolean remoteUserSecurityContextExists = false;

            // Retrieve existing security contexts.
            context = person.getSecurityContext();
            if (context != null)
                subContexts = context.getSubContexts();

            if (subContexts != null) {
                while (subContexts.hasMoreElements()) {
                    ISecurityContext ctx = (ISecurityContext) subContexts.nextElement();
                    // Check to see if a RemoteUserSecurityContext already exists, and set the REMOTE_USER
                    if (ctx instanceof RemoteUserSecurityContext) {
                        RemoteUserSecurityContext remoteuserctx = (RemoteUserSecurityContext) ctx;
                        remoteuserctx.setRemoteUser(remoteUser);
                        remoteUserSecurityContextExists = true;
                    }
                }
            }

            // If a RemoteUserSecurityContext doesn't alreay exist, create one.  
            // This preserves the default behavior of this class.
            if (!remoteUserSecurityContextExists) {
                RemoteUserSecurityContext remoteuserctx = new RemoteUserSecurityContext(remoteUser);
                person.setSecurityContext(remoteuserctx);
            }
        } catch (Exception e) {
            // Log the exception
            log.error("Exception creating person for request " + request, e);
        }
        if (session != null) {
            // Add this person object to the user's session
            session.setAttribute(PERSON_SESSION_KEY, person);
        }
        // Return the new person object
        return (person);
    }
}