1 package org.restafarian.core.security;
2
3 import javax.servlet.ServletContext;
4 import javax.servlet.http.Cookie;
5 import javax.servlet.http.HttpServletRequest;
6 import javax.servlet.http.HttpServletResponse;
7
8 import org.apache.commons.betwixt.io.BeanReader;
9 import org.apache.commons.configuration.Configuration;
10 import org.apache.commons.httpclient.HttpClient;
11 import org.apache.commons.httpclient.cookie.CookiePolicy;
12 import org.apache.commons.httpclient.methods.GetMethod;
13 import org.apache.commons.lang.StringUtils;
14 import org.apache.commons.logging.Log;
15 import org.apache.commons.logging.LogFactory;
16 import org.restafarian.core.beans.Person;
17
18 /***
19 * <p>This module finds and returns the currently authenticated user
20 * using a remote WhoAmI service.</p>
21 */
22 public class ServiceBasedUserManager implements UserManager {
23 private Log log = LogFactory.getLog(getClass());
24 private String serviceURL = null;
25
26 /***
27 * <p>Initializes the module using the configuration.</p>
28 *
29 * @param context the <code>ServletContext</code> object
30 * @param config the <code>Configuration</code> object
31 */
32 public void init(ServletContext context, Configuration config) {
33 log.info("Initializing the ServiceBasedUserManager.");
34 serviceURL = config.getString("userManagerServiceURL");
35 log.info("Configured service URL: " + serviceURL);
36 }
37
38 /***
39 * <p>Returns the currently authenticated user, or null, if there is
40 * no user currently authenticated.</p>
41 *
42 * @param req the <code>HttpServletRequest</code> object
43 * @return the currently authenticated user
44 */
45 public Person getAuthenticatedUser(HttpServletRequest req) {
46 Person user = null;
47
48 if (StringUtils.isNotEmpty(serviceURL)) {
49 HttpClient client = new HttpClient();
50 GetMethod get = new GetMethod(serviceURL);
51 Cookie[] cookies = req.getCookies();
52 if (cookies != null && cookies.length > 0) {
53 get.getParams().setCookiePolicy(CookiePolicy.RFC_2109);
54 for (int x=0; x<cookies.length; x++) {
55 if (!"JSESSIONID".equalsIgnoreCase(cookies[x].getName())) {
56 get.setRequestHeader("Cookie", cookies[x].getName() + "=" + cookies[x].getValue());
57 }
58 }
59 }
60 try {
61 int statusCode = client.executeMethod(get);
62 if (statusCode == 200) {
63 user = createUserFromXML(get.getResponseBodyAsString());
64 } else {
65 log.error("Invalid HTTP status returned while attempting to access URL \"" + serviceURL + "\": " + statusCode);
66 }
67 } catch (Exception e) {
68 log.error("Exception occurred while attempting to access URL \"" + serviceURL + "\": " + e, e);
69 }
70 }
71
72 return user;
73 }
74
75 /***
76 * <p>Sets the currently authenticated user.</p>
77 *
78 * @param req the <code>HttpServletRequest</code> object
79 * @param res the <code>HttpServletResponse</code> object
80 * @param user the currently authenticated user
81 */
82 public void setAuthenticatedUser(HttpServletRequest req, HttpServletResponse res, Person user) {
83
84 }
85
86 /***
87 * <p>Creates a Person object from the XML representation.</p>
88 *
89 * @param xml the XML representation of the person
90 * @return the <code>Person</code> object
91 */
92 private Person createUserFromXML(String xml) {
93 Person user = null;
94
95 BeanReader beanReader = new BeanReader();
96 beanReader.getXMLIntrospector().getConfiguration().setAttributesForPrimitives(false);
97 beanReader.getBindingConfiguration().setMapIDs(false);
98 try {
99 beanReader.registerBeanClass("user", Person.class);
100 user = (Person) beanReader.parse(xml);
101 } catch (Exception e) {
102 log.error("Exception occurred while attemption to parse user XML:\n" + xml + "\n\nException: " + e, e);
103 }
104
105 return user;
106 }
107 }