001: /*
002: * Copyright (c) 2001 - 2005 ivata limited.
003: * All rights reserved.
004: * -----------------------------------------------------------------------------
005: * ivata groupware may be redistributed under the GNU General Public
006: * License as published by the Free Software Foundation;
007: * version 2 of the License.
008: *
009: * These programs are free software; you can redistribute them and/or
010: * modify them under the terms of the GNU General Public License
011: * as published by the Free Software Foundation; version 2 of the License.
012: *
013: * These programs are distributed in the hope that they will be useful,
014: * but WITHOUT ANY WARRANTY; without even the implied warranty of
015: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
016: *
017: * See the GNU General Public License in the file LICENSE.txt for more
018: * details.
019: *
020: * If you would like a copy of the GNU General Public License write to
021: *
022: * Free Software Foundation, Inc.
023: * 59 Temple Place - Suite 330
024: * Boston, MA 02111-1307, USA.
025: *
026: *
027: * To arrange commercial support and licensing, contact ivata at
028: * http://www.ivata.com/contact.jsp
029: * -----------------------------------------------------------------------------
030: * $Log: GuestMaskAuthenticator.java,v $
031: * Revision 1.3 2005/10/02 14:08:57 colinmacleod
032: * Added/improved log4j logging.
033: *
034: * Revision 1.2 2005/09/29 14:17:03 colinmacleod
035: * Split UserGroupDO off from GroupDO.
036: * Moved UserGroupDO, Right classes to security subproject (from
037: * addressbook).
038: * Centralized user right handling into Rights and RightsImpl.
039: *
040: * Revision 1.1 2005/09/14 15:41:26 colinmacleod
041: * First version.
042: * Added for ivata cms.
043: *
044: */
045: package com.ivata.groupware.mask.struts;
046:
047: import org.apache.log4j.Logger;
048:
049: import java.util.Properties;
050:
051: import javax.servlet.ServletContext;
052: import javax.servlet.http.HttpServletRequest;
053: import javax.servlet.http.HttpSession;
054:
055: import org.picocontainer.PicoContainer;
056:
057: import com.ivata.groupware.admin.security.Security;
058: import com.ivata.groupware.admin.security.server.SecuritySession;
059: import com.ivata.groupware.container.PicoContainerFactory;
060: import com.ivata.groupware.container.persistence.hibernate.HibernateSetupConstants;
061: import com.ivata.mask.util.SystemException;
062: import com.ivata.mask.web.browser.Browser;
063: import com.ivata.mask.web.struts.MaskAuthenticator;
064: import com.ivata.mask.web.tag.theme.ThemeConstants;
065:
066: /**
067: * This authenticator allows guest access to all pages. It automatically
068: * creates a guest security session if there is none.
069: *
070: * @since ivata groupware 1.0 (02-Sep-2005)
071: * @author Colin MacLeod <colin.macleod@ivata.com>
072: * @version $Revision: 1.3 $
073: */
074: public class GuestMaskAuthenticator implements MaskAuthenticator {
075: /**
076: * Logger for this class.
077: */
078: private static final Logger logger = Logger
079: .getLogger(GuestMaskAuthenticator.class);
080:
081: /**
082: * Current security implementation. Used to create
083: * default security sessions.
084: */
085: private Security security;
086: /**
087: * Default site database name (take from settings).
088: */
089: private String siteDefaultDB;
090: /**
091: * Default site theme (taken from settings).
092: */
093: private String siteTheme;
094:
095: /**
096: * Constructor.
097: *
098: * @param securityParam Current security implementation. Used to create
099: * default security sessions.
100: * @param siteThemeParam Default site theme (taken from settings).
101: * @param siteDefaultDB Default site database name (take from settings).
102: */
103: public GuestMaskAuthenticator(final Security securityParam,
104: final String siteThemeParam, final String siteDefaultDBParam) {
105: this .security = securityParam;
106: this .siteTheme = siteThemeParam;
107: this .siteDefaultDB = siteDefaultDBParam;
108: }
109:
110: /**
111: * Allows guest access to all pages. It automatically
112: * creates a guest security session if there is none.
113: *
114: * @param requestParam Request we are currently processing.
115: * @param sessionParam HTTP Session for current user.
116: * @param servletContext Current context of the servlet or servlet page.
117: * @param loginParam indicates whether or not we are logging in. Never used
118: * by this authenticator.
119: * @return this authenticator always returns <code>null</code>.
120: */
121: public String authenticate(final HttpSession sessionParam,
122: final HttpServletRequest requestParam,
123: final ServletContext servletContextParam,
124: final boolean loginParam) throws SystemException {
125: if (logger.isDebugEnabled()) {
126: logger.debug("authenticate(HttpSession sessionParam = "
127: + sessionParam
128: + ", HttpServletRequest requestParam = "
129: + requestParam
130: + ", ServletContext servletContextParam = "
131: + servletContextParam + ", boolean loginParam = "
132: + loginParam + ") - start");
133: }
134:
135: SecuritySession securitySession = (SecuritySession) sessionParam
136: .getAttribute("securitySession");
137:
138: // if there is no security session, create a guest session
139: if (securitySession == null) {
140: securitySession = loginGuest(sessionParam, requestParam);
141: sessionParam.setAttribute("securitySession",
142: securitySession);
143: setDefaultSessionAttributes(sessionParam, requestParam);
144: }
145:
146: //TODO: this is copied from LoginAction - should be consolidated
147: // if the URL is still set to the default database (in memory), check
148: // the user has confirmed this should be so and forward to the setup
149: // page, if not
150: PicoContainerFactory factory = PicoContainerFactory
151: .getInstance();
152: assert (factory != null);
153: PicoContainer container = factory.getGlobalContainer();
154: assert (container != null);
155: Properties hibernateProperties = (Properties) container
156: .getComponentInstance("hibernateProperties");
157: assert (hibernateProperties != null);
158: Boolean setupConfirmed = (Boolean) servletContextParam
159: .getAttribute(HibernateSetupConstants.CONFIRM_ATTRIBUTE);
160: String uRL = hibernateProperties
161: .getProperty(HibernateSetupConstants.HIBERNATE_PROPERTY_DATABASE_URL);
162: assert (uRL != null);
163: String autoDB = HibernateSetupConstants.AUTOMATIC_DATABASE_MEMORY_URL
164: + siteDefaultDB;
165: if (autoDB.equals(uRL) && !Boolean.TRUE.equals(setupConfirmed)) {
166: if (logger.isDebugEnabled()) {
167: logger
168: .debug("authenticate(HttpSession, HttpServletRequest, ServletContext, boolean) - end - return value = setupAction");
169: }
170: return "setupAction";
171: }
172:
173: if (logger.isDebugEnabled()) {
174: logger
175: .debug("authenticate(HttpSession, HttpServletRequest, ServletContext, boolean) - end - return value = "
176: + null);
177: }
178: return null;
179: }
180:
181: /**
182: * This method actually logs in the guest user. Desinged for overriding.
183: *
184: * @param requestParam Request we are currently processing.
185: * @param sessionParam HTTP Session for current user.
186: * @return guest security session.
187: */
188: protected SecuritySession loginGuest(
189: final HttpSession sessionParam,
190: final HttpServletRequest requestParam)
191: throws SystemException {
192: if (logger.isDebugEnabled()) {
193: logger.debug("loginGuest(HttpSession sessionParam = "
194: + sessionParam
195: + ", HttpServletRequest requestParam = "
196: + requestParam + ") - start");
197: }
198:
199: // TODO: there's some cut/paste going on here - this needs to be
200: // consolidated with LoginGuestAction (could probably replace it)
201: SecuritySession returnSecuritySession = security.loginGuest();
202: if (logger.isDebugEnabled()) {
203: logger
204: .debug("loginGuest(HttpSession, HttpServletRequest) - end - return value = "
205: + returnSecuritySession);
206: }
207: return returnSecuritySession;
208: }
209:
210: /**
211: * This method sets a default browser and theme. Designed for overriding.
212: *
213: * @param requestParam Request we are currently processing.
214: * @param sessionParam HTTP Session for current user.
215: * @return guest security session.
216: */
217: protected void setDefaultSessionAttributes(
218: final HttpSession sessionParam,
219: final HttpServletRequest requestParam) {
220: if (logger.isDebugEnabled()) {
221: logger
222: .debug("setDefaultSessionAttributes(HttpSession sessionParam = "
223: + sessionParam
224: + ", HttpServletRequest requestParam = "
225: + requestParam + ") - start");
226: }
227:
228: // for now, create a browser with no javascript support
229: Browser browser = new Browser(requestParam
230: .getHeader("User-Agent"), null);
231: sessionParam.setAttribute("browser", browser);
232: // use the site default theme
233: sessionParam.setAttribute(ThemeConstants.ATTRIBUTE_THEME_NAME,
234: siteTheme);
235:
236: if (logger.isDebugEnabled()) {
237: logger
238: .debug("setDefaultSessionAttributes(HttpSession, HttpServletRequest) - end");
239: }
240: }
241:
242: }
|