Coverage Report

Coverage Report - org.kuali.rice.kim.client.acegi.KualiDistributedSessionFilter

Classes in this File

Line Coverage

Branch Coverage

Complexity

KualiDistributedSessionFilter

0/39

0/20

3.6

 /*
  * Copyright 2007-2008 The Kuali Foundation
  *
  * Licensed under the Educational Community License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  * http://www.opensource.org/licenses/ecl2.php
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.kuali.rice.kim.client.acegi;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.acegisecurity.Authentication;
 import org.acegisecurity.AuthenticationException;
 import org.acegisecurity.GrantedAuthority;
 import org.acegisecurity.context.SecurityContextHolder;
 import org.acegisecurity.ui.cas.CasProcessingFilter;
 import org.kuali.rice.kim.sesn.DistributedSession;
 
 /**
  * This class is the main integration point for implementing the 
  * distributed session in ACEGI. 
  * 
  * TODO: Need to add check for missing DST (update 
  * {@link org.kuali.rice.kim.sesn.DistributedSession})  
  * 
  * @author Kuali Rice Team (rice.collab@kuali.org)
  * @see org.acegisecurity.ui.cas.CasProcessingFilter#attemptAuthentication
  */
 public class KualiDistributedSessionFilter extends CasProcessingFilter {
     
     private DistributedSession distributedSession;
     
     //~ Methods ========================================================================================================
 
     /**
      * This overridden method gets called if requiresAuthentication is true.  
      * If Session is Invalid, throw a {@link KualiDistribtedSessionExpiredException}.  
      * The session is determined invalid if the authentication is of type 
      * {@link KualiDistribtedSessionExpiredAuthentication}.  Otherwise it 
      * would have to verify if the DST is valid twice. 
      *
      * @return the authentication result of the super method
      * @see org.acegisecurity.ui.cas.CasProcessingFilter#attemptAuthentication(javax.servlet.http.HttpServletRequest)
      */
     public Authentication attemptAuthentication(final HttpServletRequest request)
         throws AuthenticationException { 
         Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
         
         if (authentication instanceof KualiDistributedSessionExpiredAuthentication) {
             logger.debug("Authentication is dead in attemptAuthentication, setting authentication to null and throwing KualiDistributedSessionExpiredException");
             SecurityContextHolder.getContext().setAuthentication(null);
 
             throw new KualiDistributedSessionExpiredException("Session Expired");
         }
        
         return super.attemptAuthentication(request);
     }
     
     /**
      * This overridden method checks if the DST is valid.  If it's not, the 
      * authentication is set to a new, non-authenticated, 
      * {@link KualiDistributedSessionExpiredAuthentication} which is the 
      * indication for {@link attemptAuthentication} that the session has 
      * expired 
      * 
      * @return true if DST is inValid or if super method returns true
      * @see org.acegisecurity.ui.AbstractProcessingFilter#requiresAuthentication(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
      */
     protected boolean requiresAuthentication(HttpServletRequest request, HttpServletResponse response) {
         boolean bSesnValid = this.isSesnValid();
         
         if (!bSesnValid) {
             if (this.getDST() != null) {
                 logger.debug("session invalid, setting dead authentication, and pushing through to attemptAuthentication");
                 SecurityContextHolder.getContext().setAuthentication(new KualiDistributedSessionExpiredAuthentication());
                 return true;
             }
         }
         
         return super.requiresAuthentication(request, response);
     }
     
    
     /**
      * This method determines if the stored Distributed Session Ticket is
      * valid.
      * 
      * @return true if valid, false if not
      */
     private boolean isSesnValid() {
         String sDST = this.getDST();
         
         if (sDST != null) {
             if (distributedSession.isSesnValid(sDST)) {
                 logger.debug("Session Valid");
                 distributedSession.touchSesn(sDST);
                 return true;
             } else {
                 distributedSession.clearSesn(sDST);
             }
         }
         logger.debug("Session Not Valid");
         
         return false;
     }
     
     /**
      * This method retrieves the Distributed Session Ticket
      * 
      * @return the Distributed Session Ticket if valid or null
      */
     private String getDST() {
         Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
         String sDST = null;
         
         if (authentication != null) {
             GrantedAuthority[] authorities = authentication.getAuthorities();
             if (logger.isDebugEnabled()) {
                 logger.debug("Granted Authority Count:" + authorities.length);
             }
             
             for (int i = 0; i < authorities.length; i++) {
                 if (logger.isDebugEnabled()) {
                     logger.debug("Authority:" + authorities[i]);
                 }
                 if (authorities[i].toString().startsWith(DistributedSession.getPrefix())) {
                     sDST = authorities[0].toString();
                 }
             }
         }
         else {
             logger.debug("Authentication is NULL");            
         }
         
         return sDST;
     }
 
     /**
      * @param distributedSession the distributedSession to set
      */
     public void setDistributedSession(DistributedSession distributedSession) {
         this.distributedSession = distributedSession;
     }
 
 }

1		/*
2		* Copyright 2007-2008 The Kuali Foundation
3		*
4		* Licensed under the Educational Community License, Version 2.0 (the "License");
5		* you may not use this file except in compliance with the License.
6		* You may obtain a copy of the License at
7		*
8		* http://www.opensource.org/licenses/ecl2.php
9		*
10		* Unless required by applicable law or agreed to in writing, software
11		* distributed under the License is distributed on an "AS IS" BASIS,
12		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13		* See the License for the specific language governing permissions and
14		* limitations under the License.
15		*/
16		package org.kuali.rice.kim.client.acegi;
17
18		import javax.servlet.http.HttpServletRequest;
19		import javax.servlet.http.HttpServletResponse;
20
21		import org.acegisecurity.Authentication;
22		import org.acegisecurity.AuthenticationException;
23		import org.acegisecurity.GrantedAuthority;
24		import org.acegisecurity.context.SecurityContextHolder;
25		import org.acegisecurity.ui.cas.CasProcessingFilter;
26		import org.kuali.rice.kim.sesn.DistributedSession;
27
28		/**
29		* This class is the main integration point for implementing the
30		* distributed session in ACEGI.
31		*
32		* TODO: Need to add check for missing DST (update
33		* {@link org.kuali.rice.kim.sesn.DistributedSession})
34		*
35		* @author Kuali Rice Team (rice.collab@kuali.org)
36		* @see org.acegisecurity.ui.cas.CasProcessingFilter#attemptAuthentication
37		*/
38	0	public class KualiDistributedSessionFilter extends CasProcessingFilter {
39
40		private DistributedSession distributedSession;
41
42		//~ Methods ========================================================================================================
43
44		/**
45		* This overridden method gets called if requiresAuthentication is true.
46		* If Session is Invalid, throw a {@link KualiDistribtedSessionExpiredException}.
47		* The session is determined invalid if the authentication is of type
48		* {@link KualiDistribtedSessionExpiredAuthentication}. Otherwise it
49		* would have to verify if the DST is valid twice.
50		*
51		* @return the authentication result of the super method
52		* @see org.acegisecurity.ui.cas.CasProcessingFilter#attemptAuthentication(javax.servlet.http.HttpServletRequest)
53		*/
54		public Authentication attemptAuthentication(final HttpServletRequest request)
55		throws AuthenticationException {
56	0	Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
57
58	0	if (authentication instanceof KualiDistributedSessionExpiredAuthentication) {
59	0	logger.debug("Authentication is dead in attemptAuthentication, setting authentication to null and throwing KualiDistributedSessionExpiredException");
60	0	SecurityContextHolder.getContext().setAuthentication(null);
61
62	0	throw new KualiDistributedSessionExpiredException("Session Expired");
63		}
64
65	0	return super.attemptAuthentication(request);
66		}
67
68		/**
69		* This overridden method checks if the DST is valid. If it's not, the
70		* authentication is set to a new, non-authenticated,
71		* {@link KualiDistributedSessionExpiredAuthentication} which is the
72		* indication for {@link attemptAuthentication} that the session has
73		* expired
74		*
75		* @return true if DST is inValid or if super method returns true
76		* @see org.acegisecurity.ui.AbstractProcessingFilter#requiresAuthentication(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
77		*/
78		protected boolean requiresAuthentication(HttpServletRequest request, HttpServletResponse response) {
79	0	boolean bSesnValid = this.isSesnValid();
80
81	0	if (!bSesnValid) {
82	0	if (this.getDST() != null) {
83	0	logger.debug("session invalid, setting dead authentication, and pushing through to attemptAuthentication");
84	0	SecurityContextHolder.getContext().setAuthentication(new KualiDistributedSessionExpiredAuthentication());
85	0	return true;
86		}
87		}
88
89	0	return super.requiresAuthentication(request, response);
90		}
91
92
93		/**
94		* This method determines if the stored Distributed Session Ticket is
95		* valid.
96		*
97		* @return true if valid, false if not
98		*/
99		private boolean isSesnValid() {
100	0	String sDST = this.getDST();
101
102	0	if (sDST != null) {
103	0	if (distributedSession.isSesnValid(sDST)) {
104	0	logger.debug("Session Valid");
105	0	distributedSession.touchSesn(sDST);
106	0	return true;
107		} else {
108	0	distributedSession.clearSesn(sDST);
109		}
110		}
111	0	logger.debug("Session Not Valid");
112
113	0	return false;
114		}
115
116		/**
117		* This method retrieves the Distributed Session Ticket
118		*
119		* @return the Distributed Session Ticket if valid or null
120		*/
121		private String getDST() {
122	0	Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
123	0	String sDST = null;
124
125	0	if (authentication != null) {
126	0	GrantedAuthority[] authorities = authentication.getAuthorities();
127	0	if (logger.isDebugEnabled()) {
128	0	logger.debug("Granted Authority Count:" + authorities.length);
129		}
130
131	0	for (int i = 0; i < authorities.length; i++) {
132	0	if (logger.isDebugEnabled()) {
133	0	logger.debug("Authority:" + authorities[i]);
134		}
135	0	if (authorities[i].toString().startsWith(DistributedSession.getPrefix())) {
136	0	sDST = authorities[0].toString();
137		}
138		}
139	0	}
140		else {
141	0	logger.debug("Authentication is NULL");
142		}
143
144	0	return sDST;
145		}
146
147		/**
148		* @param distributedSession the distributedSession to set
149		*/
150		public void setDistributedSession(DistributedSession distributedSession) {
151	0	this.distributedSession = distributedSession;
152	0	}
153
154		}