Java tutorial
/* * Copyright 2012 OSBI Ltd * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.saiku.plugin; import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.UUID; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; import org.saiku.service.ISessionService; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.security.Authentication; import org.springframework.security.AuthenticationManager; import org.springframework.security.BadCredentialsException; import org.springframework.security.GrantedAuthority; import org.springframework.security.context.SecurityContextHolder; import org.springframework.security.providers.UsernamePasswordAuthenticationToken; import org.springframework.security.ui.WebAuthenticationDetails; import org.springframework.security.userdetails.User; public class PentahoSessionService implements ISessionService { private static final Logger log = LoggerFactory.getLogger(PentahoSessionService.class); private AuthenticationManager authenticationManager; Map<Object, Map<String, Object>> sessionHolder = new HashMap<Object, Map<String, Object>>(); /* (non-Javadoc) * @see org.saiku.web.service.ISessionService#setAuthenticationManager(org.springframework.security.authentication.AuthenticationManager) */ public void setAuthenticationManager(AuthenticationManager auth) { this.authenticationManager = auth; } /* (non-Javadoc) * @see org.saiku.web.service.ISessionService#login(javax.servlet.http.HttpServletRequest, java.lang.String, java.lang.String) */ public Map<String, Object> login(HttpServletRequest req, String username, String password) { if (authenticationManager != null) { authenticate(req, username, password); } if (SecurityContextHolder.getContext() != null && SecurityContextHolder.getContext().getAuthentication() != null) { Object p = SecurityContextHolder.getContext().getAuthentication().getPrincipal(); populateSession(p, username, password); return sessionHolder.get(p); } return new HashMap<String, Object>(); } private void populateSession(Object key) { if (!sessionHolder.containsKey(key)) { sessionHolder.put(key, new HashMap<String, Object>()); } sessionHolder.get(key).put("sessionid", UUID.randomUUID().toString()); List<String> roles = new ArrayList<String>(); for (GrantedAuthority ga : SecurityContextHolder.getContext().getAuthentication().getAuthorities()) { roles.add(ga.getAuthority()); } sessionHolder.get(key).put("roles", roles); String username; if (key instanceof User) { User u = (User) key; username = u.getUsername(); } else { username = "existinguser"; } sessionHolder.get(key).put("username", username); } private void populateSession(Object key, String username, String password) { populateSession(key); sessionHolder.get(key).put("username", username); sessionHolder.get(key).put("password", password); } /* (non-Javadoc) * @see org.saiku.web.service.ISessionService#logout(javax.servlet.http.HttpServletRequest) */ public void logout(HttpServletRequest req) { if (SecurityContextHolder.getContext() != null && SecurityContextHolder.getContext().getAuthentication() != null) { Object p = SecurityContextHolder.getContext().getAuthentication().getPrincipal(); if (sessionHolder.containsKey(p)) { sessionHolder.remove(p); } } SecurityContextHolder.clearContext(); HttpSession session = req.getSession(true); session.invalidate(); } /* (non-Javadoc) * @see org.saiku.web.service.ISessionService#authenticate(javax.servlet.http.HttpServletRequest, java.lang.String, java.lang.String) */ public void authenticate(HttpServletRequest req, String username, String password) { try { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, password); token.setDetails(new WebAuthenticationDetails(req)); Authentication authentication = this.authenticationManager.authenticate(token); log.debug("Logging in with [{}]", authentication.getPrincipal()); SecurityContextHolder.getContext().setAuthentication(authentication); } catch (BadCredentialsException bd) { throw new RuntimeException("Authentication failed for: " + username, bd); } } /* (non-Javadoc) * @see org.saiku.web.service.ISessionService#getSession(javax.servlet.http.HttpServletRequest) */ public Map<String, Object> getSession() { if (SecurityContextHolder.getContext() != null && SecurityContextHolder.getContext().getAuthentication() != null) { Object p = SecurityContextHolder.getContext().getAuthentication().getPrincipal(); if (!sessionHolder.containsKey(p)) { populateSession(p); } Map<String, Object> r = new HashMap<String, Object>(); r.putAll(sessionHolder.get(p)); if (r.containsKey("password")) { r.remove("password"); } return r; } return new HashMap<String, Object>(); } public Map<String, Object> getAllSessionObjects() { if (SecurityContextHolder.getContext() != null && SecurityContextHolder.getContext().getAuthentication() != null) { Object p = SecurityContextHolder.getContext().getAuthentication().getPrincipal(); if (!sessionHolder.containsKey(p)) { populateSession(p); } Map<String, Object> r = new HashMap<String, Object>(); r.putAll(sessionHolder.get(p)); if (r.containsKey("password")) { r.remove("password"); } return r; } return new HashMap<String, Object>(); } }